Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report P9vxkMpyQ5

Overview

General Information

Sample Name:P9vxkMpyQ5 (renamed file extension from none to exe)
Analysis ID:483682
MD5:4c658db84a58ce7ec0c2f2eb9f14c97c
SHA1:ce119bdee8f67e1aef1e45da57c0bf2e858d3826
SHA256:3bee3f04f56446103684fc76026cfaa5ab39cf206489b2e7c9142ead5a68c738
Tags:32exetrojan
Infos:

Most interesting Screenshot:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Sigma detected: NanoCore
Detected Nanocore Rat
Multi AV Scanner detection for dropped file
Yara detected Nanocore RAT
Protects its processes via BreakOnTermination flag
Machine Learning detection for sample
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Stores files to the Windows start menu directory
HTTP GET or POST without a user agent
Uses insecure TLS / SSL version for HTTPS connection
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Installs a raw input device (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
Drops PE files
Detected TCP or UDP traffic on non-standard ports
Binary contains a suspicious time stamp
Creates a start menu entry (Start Menu\Programs\Startup)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • P9vxkMpyQ5.exe (PID: 2916 cmdline: 'C:\Users\user\Desktop\P9vxkMpyQ5.exe' MD5: 4C658DB84A58CE7EC0C2F2EB9F14C97C)
    • sys30.exe (PID: 6140 cmdline: 'C:\Users\user\AppData\Local\sys4h57g\sys30.exe' MD5: 4C658DB84A58CE7EC0C2F2EB9F14C97C)
  • sys30.exe (PID: 6692 cmdline: 'C:\Users\user\AppData\Local\sys4h57g\sys30.exe' MD5: 4C658DB84A58CE7EC0C2F2EB9F14C97C)
    • sys30.exe (PID: 7148 cmdline: C:\Users\user\AppData\Local\sys4h57g\sys30.exe MD5: 4C658DB84A58CE7EC0C2F2EB9F14C97C)
      • sys30.exe (PID: 4768 cmdline: 'C:\Users\user\AppData\Local\sys4h57g\sys30.exe' MD5: 4C658DB84A58CE7EC0C2F2EB9F14C97C)
    • sys30s.exe (PID: 776 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
      • sys30s.exe (PID: 5544 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
    • sys30s.exe (PID: 6980 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
      • sys30s.exe (PID: 1676 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
    • sys30s.exe (PID: 2968 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
      • sys30s.exe (PID: 2272 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
    • sys30s.exe (PID: 5840 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
      • sys30s.exe (PID: 6324 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
    • sys30s.exe (PID: 7024 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
      • sys30s.exe (PID: 5788 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
    • sys30s.exe (PID: 4232 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
      • sys30s.exe (PID: 5932 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
    • sys30s.exe (PID: 3448 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
      • sys30s.exe (PID: 7072 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
    • sys30.exe (PID: 5872 cmdline: C:\Users\user\AppData\Local\sys4h57g\sys30.exe MD5: 4C658DB84A58CE7EC0C2F2EB9F14C97C)
    • sys30s.exe (PID: 5244 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
      • sys30s.exe (PID: 6572 cmdline: 'C:\Users\user\AppData\Local\Temp\sys30s.exe' MD5: 0E362E7005823D0BEC3719B902ED6D62)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.641645564.0000000003816000.00000004.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0x10cfd:$x1: NanoCore.ClientPluginHost
  • 0x10d3a:$x2: IClientNetworkHost
  • 0x1486d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000005.00000002.641645564.0000000003816000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    00000005.00000002.641645564.0000000003816000.00000004.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0x10a65:$a: NanoCore
    • 0x10a75:$a: NanoCore
    • 0x10ca9:$a: NanoCore
    • 0x10cbd:$a: NanoCore
    • 0x10cfd:$a: NanoCore
    • 0x10ac4:$b: ClientPlugin
    • 0x10cc6:$b: ClientPlugin
    • 0x10d06:$b: ClientPlugin
    • 0x10beb:$c: ProjectData
    • 0x115f2:$d: DESCrypto
    • 0x18fbe:$e: KeepAlive
    • 0x16fac:$g: LogClientMessage
    • 0x131a7:$i: get_Connected
    • 0x11928:$j: #=q
    • 0x11958:$j: #=q
    • 0x11974:$j: #=q
    • 0x119a4:$j: #=q
    • 0x119c0:$j: #=q
    • 0x119dc:$j: #=q
    • 0x11a0c:$j: #=q
    • 0x11a28:$j: #=q
    0000000C.00000002.548017544.0000000007160000.00000004.00020000.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0x16e3:$x1: NanoCore.ClientPluginHost
    • 0x171c:$x2: IClientNetworkHost
    0000000C.00000002.548017544.0000000007160000.00000004.00020000.sdmpNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
    • 0x16e3:$x2: NanoCore.ClientPluginHost
    • 0x1800:$s4: PipeCreated
    • 0x16fd:$s5: IClientLoggingHost
    Click to see the 89 entries

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    12.2.sys30.exe.7180000.28.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0x2205:$x1: NanoCore.ClientPluginHost
    • 0x223e:$x2: IClientNetworkHost
    12.2.sys30.exe.7180000.28.raw.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
    • 0x2205:$x2: NanoCore.ClientPluginHost
    • 0x2320:$s4: PipeCreated
    • 0x221f:$s5: IClientLoggingHost
    12.2.sys30.exe.4286c30.18.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0xd9ad:$x1: NanoCore.ClientPluginHost
    • 0xd9da:$x2: IClientNetworkHost
    12.2.sys30.exe.4286c30.18.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
    • 0xd9ad:$x2: NanoCore.ClientPluginHost
    • 0xea88:$s4: PipeCreated
    • 0xd9c7:$s5: IClientLoggingHost
    12.2.sys30.exe.4286c30.18.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      Click to see the 156 entries

      Sigma Overview

      AV Detection:

      barindex
      Sigma detected: NanoCoreShow sources
      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\sys4h57g\sys30.exe, ProcessId: 7148, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

      E-Banking Fraud:

      barindex
      Sigma detected: NanoCoreShow sources
      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\sys4h57g\sys30.exe, ProcessId: 7148, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

      Stealing of Sensitive Information:

      barindex
      Sigma detected: NanoCoreShow sources
      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\sys4h57g\sys30.exe, ProcessId: 7148, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

      Remote Access Functionality:

      barindex
      Sigma detected: NanoCoreShow sources
      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\sys4h57g\sys30.exe, ProcessId: 7148, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

      Jbx Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Multi AV Scanner detection for submitted fileShow sources
      Source: P9vxkMpyQ5.exeVirustotal: Detection: 40%Perma Link
      Source: P9vxkMpyQ5.exeReversingLabs: Detection: 28%
      Multi AV Scanner detection for dropped fileShow sources
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeMetadefender: Detection: 13%Perma Link
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeReversingLabs: Detection: 28%
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 12.2.sys30.exe.4286c30.18.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.37c6b50.4.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3ee4e70.9.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.379eb30.5.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3e1e5cf.7.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.6020000.22.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3f1fb20.11.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3ee4e70.9.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.3589510.3.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3ee9499.8.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.6024629.23.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.379eb30.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.3816b70.6.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3e281d4.6.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.6020000.22.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.3816b70.6.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.37c6b50.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3f24149.13.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3f1fb20.11.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3e19930.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.4286c30.18.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.4281dfa.17.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3f1acea.12.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.428b259.19.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 00000005.00000002.641645564.0000000003816000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.640487654.0000000003585000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000025.00000002.608692638.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000025.00000002.639663165.0000000006630000.00000004.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000025.00000002.629201133.00000000032C1000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.544723026.0000000006020000.00000004.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.534671438.0000000004281000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.641200263.0000000003749000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.532584351.0000000003EE0000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000025.00000002.634362728.00000000042FB000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000025.00000002.634805063.00000000043D1000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.526766087.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.532722174.0000000003F1A000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.532165573.0000000003E11000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: sys30.exe PID: 6692, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: sys30.exe PID: 7148, type: MEMORYSTR
      Machine Learning detection for sampleShow sources
      Source: P9vxkMpyQ5.exeJoe Sandbox ML: detected
      Machine Learning detection for dropped fileShow sources
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeJoe Sandbox ML: detected
      Source: 12.2.sys30.exe.6020000.22.unpackAvira: Label: TR/NanoCore.fadte
      Source: 12.2.sys30.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
      Source: P9vxkMpyQ5.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
      Source: unknownHTTPS traffic detected: 172.217.168.36:443 -> 192.168.2.6:49738 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 172.217.168.36:443 -> 192.168.2.6:49740 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 172.217.168.36:443 -> 192.168.2.6:49744 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 172.217.168.36:443 -> 192.168.2.6:49825 version: TLS 1.0
      Source: P9vxkMpyQ5.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
      Source: Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\MyNanoCore RemoteScripting\MyClientPlugin\obj\Debug\MyClientPluginNew.pdb source: sys30.exe, 0000000C.00000002.548094902.0000000007170000.00000004.00020000.sdmp
      Source: Binary string: C:\Users\Liam\Downloads\NanoCoreSwiss\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: sys30.exe, 0000000C.00000002.534671438.0000000004281000.00000004.00000001.sdmp
      Source: Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\NanoCoreStressTester\NanoCoreStressTester\obj\Debug\NanoCoreStressTester.pdb source: sys30.exe, 0000000C.00000002.534671438.0000000004281000.00000004.00000001.sdmp
      Source: Binary string: G:\Users\Andy\Documents\Visual Studio 2013\Projects\NanocoreBasicPlugin\NanoCoreBase\obj\Debug\NanoCoreBase.pdb source: sys30.exe, 0000000C.00000002.548017544.0000000007160000.00000004.00020000.sdmp
      Source: Binary string: P:\Visual Studio Projects\Projects 15\NanoNana\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: sys30.exe, 0000000C.00000002.548309098.00000000071A0000.00000004.00020000.sdmp
      Source: Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\FileBrowserPlugin\FileBrowserClient\obj\Debug\FileBrowserClient.pdb source: sys30.exe, 0000000C.00000002.534671438.0000000004281000.00000004.00000001.sdmp
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeCode function: 4x nop then jmp 06C81FE9h
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeCode function: 4x nop then jmp 06C81FE9h
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
      Source: unknownHTTPS traffic detected: 172.217.168.36:443 -> 192.168.2.6:49738 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 172.217.168.36:443 -> 192.168.2.6:49740 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 172.217.168.36:443 -> 192.168.2.6:49744 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 172.217.168.36:443 -> 192.168.2.6:49825 version: TLS 1.0
      Source: global trafficTCP traffic: 192.168.2.6:49747 -> 194.5.98.103:5230
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: P9vxkMpyQ5.exe, 00000001.00000002.407297301.000000000174C000.00000004.00000020.sdmp, sys30.exe, 00000005.00000003.479502467.0000000000929000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
      Source: sys30.exe, 00000008.00000002.413491013.000000000351E000.00000004.00000001.sdmpString found in binary or memory: http://dual-a-0001.dc-msedge.net
      Source: sys30.exe, 0000000C.00000002.548309098.00000000071A0000.00000004.00020000.sdmpString found in binary or memory: http://google.com
      Source: P9vxkMpyQ5.exe, 00000001.00000003.351893896.0000000006FF8000.00000004.00000001.sdmp, P9vxkMpyQ5.exe, 00000001.00000002.413146230.0000000006FF8000.00000004.00000001.sdmpString found in binary or memory: http://ns.ado/1
      Source: sys30.exe, 00000005.00000003.395504969.0000000006328000.00000004.00000001.sdmpString found in binary or memory: http://ns.ado/16
      Source: P9vxkMpyQ5.exe, 00000001.00000003.351893896.0000000006FF8000.00000004.00000001.sdmp, P9vxkMpyQ5.exe, 00000001.00000002.413146230.0000000006FF8000.00000004.00000001.sdmpString found in binary or memory: http://ns.adobe.c/g
      Source: sys30.exe, 00000005.00000003.395504969.0000000006328000.00000004.00000001.sdmpString found in binary or memory: http://ns.adobe.c/g6
      Source: P9vxkMpyQ5.exe, 00000001.00000003.351893896.0000000006FF8000.00000004.00000001.sdmp, P9vxkMpyQ5.exe, 00000001.00000003.405974425.0000000007000000.00000004.00000001.sdmpString found in binary or memory: http://ns.adobe.cobj
      Source: sys30.exe, 00000005.00000003.395504969.0000000006328000.00000004.00000001.sdmpString found in binary or memory: http://ns.adobe.cobj6
      Source: P9vxkMpyQ5.exe, 00000001.00000003.349091096.0000000006FF8000.00000004.00000001.sdmp, sys30.exe, 00000005.00000003.395303439.0000000006328000.00000004.00000001.sdmpString found in binary or memory: http://ns.d
      Source: P9vxkMpyQ5.exe, 00000001.00000002.408255230.0000000003271000.00000004.00000001.sdmp, sys30.exe, 00000005.00000002.629037969.0000000002581000.00000004.00000001.sdmp, sys30.exe, 00000008.00000002.412451482.00000000033D1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: sys30.exe, sys30.exe, 0000000C.00000002.526867376.0000000000A12000.00000002.00020000.sdmpString found in binary or memory: http://tempuri.org/PendingProList.xsd
      Source: sys30.exe, sys30.exe, 0000000C.00000002.526867376.0000000000A12000.00000002.00020000.sdmpString found in binary or memory: http://tempuri.org/ProductDataSet.xsd
      Source: sys30.exeString found in binary or memory: http://tempuri.org/ProductDataSet1.xsd
      Source: P9vxkMpyQ5.exe, 00000001.00000003.401694206.00000000070F0000.00000004.00000001.sdmp, sys30.exe, 00000005.00000002.608813497.00000000001B2000.00000002.00020000.sdmp, sys30.exe, 00000008.00000000.401417758.0000000000F02000.00000002.00020000.sdmp, sys30.exe, 0000000C.00000002.526867376.0000000000A12000.00000002.00020000.sdmpString found in binary or memory: http://tempuri.org/ProductDataSet1.xsd#CustomerDataTableuThe
      Source: sys30.exeString found in binary or memory: http://tempuri.org/login2DataSet.xsd
      Source: sys30.exe, 00000008.00000002.413325034.00000000034EA000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com
      Source: P9vxkMpyQ5.exe, 00000001.00000002.408255230.0000000003271000.00000004.00000001.sdmp, sys30.exe, 00000005.00000002.629037969.0000000002581000.00000004.00000001.sdmp, sys30.exe, 00000008.00000002.412451482.00000000033D1000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com
      Source: sys30.exe, sys30.exe, 0000000C.00000002.526867376.0000000000A12000.00000002.00020000.sdmpString found in binary or memory: https://www.google.com/
      Source: sys30.exe, 00000008.00000002.412451482.00000000033D1000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com4
      Source: unknownDNS traffic detected: queries for: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
      Source: P9vxkMpyQ5.exe, 00000001.00000002.407010488.00000000016C0000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
      Source: sys30.exe, 0000000C.00000002.544723026.0000000006020000.00000004.00020000.sdmpBinary or memory string: RegisterRawInputDevices

      E-Banking Fraud:

      barindex
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 12.2.sys30.exe.4286c30.18.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.37c6b50.4.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3ee4e70.9.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.379eb30.5.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3e1e5cf.7.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.6020000.22.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3f1fb20.11.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3ee4e70.9.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.3589510.3.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3ee9499.8.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.6024629.23.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.379eb30.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.3816b70.6.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3e281d4.6.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.6020000.22.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.3816b70.6.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.37c6b50.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3f24149.13.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3f1fb20.11.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3e19930.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.4286c30.18.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.4281dfa.17.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3f1acea.12.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.428b259.19.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 00000005.00000002.641645564.0000000003816000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.640487654.0000000003585000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000025.00000002.608692638.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000025.00000002.639663165.0000000006630000.00000004.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000025.00000002.629201133.00000000032C1000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.544723026.0000000006020000.00000004.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.534671438.0000000004281000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.641200263.0000000003749000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.532584351.0000000003EE0000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000025.00000002.634362728.00000000042FB000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000025.00000002.634805063.00000000043D1000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.526766087.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.532722174.0000000003F1A000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.532165573.0000000003E11000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: sys30.exe PID: 6692, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: sys30.exe PID: 7148, type: MEMORYSTR

      Operating System Destruction:

      barindex
      Protects its processes via BreakOnTermination flagShow sources
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: 00 00 00 00

      System Summary:

      barindex
      Malicious sample detected (through community Yara rule)Show sources
      Source: 12.2.sys30.exe.7180000.28.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.4286c30.18.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.7180000.28.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.40f5b61.14.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.71e0000.33.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.71c0000.32.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 5.2.sys30.exe.37c6b50.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 5.2.sys30.exe.37c6b50.4.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 12.2.sys30.exe.71b0000.31.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.3ee4e70.9.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 5.2.sys30.exe.379eb30.5.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 5.2.sys30.exe.379eb30.5.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 12.2.sys30.exe.71f0000.36.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.3e1e5cf.7.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.3e1e5cf.7.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 12.2.sys30.exe.7120000.25.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.71e0000.33.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.6020000.22.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.3f1fb20.11.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.3efd69c.10.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.7230000.37.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.3efd69c.10.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.4101d95.15.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.3ee4e70.9.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 5.2.sys30.exe.3589510.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 5.2.sys30.exe.3589510.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 12.2.sys30.exe.3ee9499.8.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.71c0000.32.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.71f4c9f.35.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.6024629.23.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 5.2.sys30.exe.379eb30.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 5.2.sys30.exe.379eb30.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 12.2.sys30.exe.7190000.29.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.3e19930.5.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.7170000.27.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.5460000.20.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.7230000.37.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.7160000.26.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.2ecbecc.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.71a0000.30.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.71fe8a4.34.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 5.2.sys30.exe.3816b70.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 5.2.sys30.exe.3816b70.6.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 12.2.sys30.exe.71a0000.30.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.7120000.25.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.71f0000.36.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.7110000.24.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.7170000.27.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.3e281d4.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.3e281d4.6.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 12.2.sys30.exe.2ed8148.2.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.7110000.24.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.71b0000.31.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.6020000.22.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 5.2.sys30.exe.3816b70.6.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 5.2.sys30.exe.3816b70.6.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 5.2.sys30.exe.37c6b50.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 5.2.sys30.exe.37c6b50.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 12.2.sys30.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 12.2.sys30.exe.3f24149.13.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.3f24149.13.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 12.2.sys30.exe.3f1fb20.11.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.3f1fb20.11.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 12.2.sys30.exe.3e19930.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.3e19930.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 12.2.sys30.exe.2e6c840.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.2e6c840.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 12.2.sys30.exe.4101d95.15.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 12.2.sys30.exe.4286c30.18.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 12.2.sys30.exe.4281dfa.17.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 12.2.sys30.exe.2ecbecc.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.2ecbecc.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 12.2.sys30.exe.2ed8148.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.2ed8148.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 12.2.sys30.exe.41163c2.16.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 12.2.sys30.exe.3f1acea.12.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 12.2.sys30.exe.3f1acea.12.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 12.2.sys30.exe.40f5b61.14.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 12.2.sys30.exe.428b259.19.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 00000005.00000002.641645564.0000000003816000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000005.00000002.641645564.0000000003816000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 0000000C.00000002.548017544.0000000007160000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000025.00000002.640663976.0000000006CB0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000005.00000002.640487654.0000000003585000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000005.00000002.640487654.0000000003585000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 00000025.00000002.608692638.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000025.00000002.608692638.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 00000025.00000002.641315287.0000000007660000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 0000000C.00000002.548309098.00000000071A0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000025.00000002.639663165.0000000006630000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 0000000C.00000002.547346562.0000000007110000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 0000000C.00000002.547488782.0000000007120000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000025.00000002.629201133.00000000032C1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 00000025.00000002.640939884.0000000006E70000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 0000000C.00000002.544723026.0000000006020000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 0000000C.00000002.548094902.0000000007170000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 0000000C.00000002.548637500.00000000071E0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000025.00000002.641048922.0000000006EC0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 0000000C.00000002.548181314.0000000007180000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000025.00000002.640696543.0000000006CC0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 0000000C.00000002.534671438.0000000004281000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 0000000C.00000002.529719326.0000000002E65000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 00000025.00000002.640917684.0000000006E60000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 0000000C.00000002.548362586.00000000071B0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 0000000C.00000002.542686341.0000000005460000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000005.00000002.641200263.0000000003749000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000005.00000002.641200263.0000000003749000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 0000000C.00000002.548245058.0000000007190000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000025.00000002.640628725.0000000006C90000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000025.00000002.640837802.0000000006E40000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000025.00000002.640779779.0000000006CF0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 0000000C.00000002.532584351.0000000003EE0000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 00000025.00000002.634805063.00000000043D1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 0000000C.00000002.526766087.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 0000000C.00000002.526766087.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 0000000C.00000002.548976373.0000000007230000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000025.00000002.640886858.0000000006E50000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000025.00000002.638459371.0000000005C10000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000025.00000002.640758288.0000000006CE0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 0000000C.00000002.533192933.0000000004046000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 0000000C.00000002.548704836.00000000071F0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 0000000C.00000002.532722174.0000000003F1A000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 00000025.00000002.639773222.0000000006660000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 0000000C.00000002.548409517.00000000071C0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 0000000C.00000002.532165573.0000000003E11000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: Process Memory Space: sys30.exe PID: 6692, type: MEMORYSTRMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: Process Memory Space: sys30.exe PID: 6692, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: Process Memory Space: sys30.exe PID: 7148, type: MEMORYSTRMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: Process Memory Space: sys30.exe PID: 7148, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: P9vxkMpyQ5.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
      Source: 12.2.sys30.exe.7180000.28.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.7180000.28.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.4286c30.18.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.4286c30.18.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.7180000.28.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.7180000.28.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.40f5b61.14.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.40f5b61.14.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.71e0000.33.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.71e0000.33.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.71c0000.32.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.71c0000.32.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 5.2.sys30.exe.37c6b50.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 5.2.sys30.exe.37c6b50.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 5.2.sys30.exe.37c6b50.4.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 12.2.sys30.exe.71b0000.31.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.71b0000.31.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.3ee4e70.9.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.3ee4e70.9.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 5.2.sys30.exe.379eb30.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 5.2.sys30.exe.379eb30.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 5.2.sys30.exe.379eb30.5.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 12.2.sys30.exe.71f0000.36.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.71f0000.36.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.3e1e5cf.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.3e1e5cf.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.3e1e5cf.7.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 12.2.sys30.exe.7120000.25.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.7120000.25.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.71e0000.33.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.71e0000.33.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.6020000.22.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.6020000.22.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.3f1fb20.11.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.3f1fb20.11.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.3efd69c.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.3efd69c.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.7230000.37.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.7230000.37.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.3efd69c.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.3efd69c.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.4101d95.15.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.4101d95.15.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.3ee4e70.9.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.3ee4e70.9.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 5.2.sys30.exe.3589510.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 5.2.sys30.exe.3589510.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 5.2.sys30.exe.3589510.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 12.2.sys30.exe.3ee9499.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.3ee9499.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.71c0000.32.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.71c0000.32.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.71f4c9f.35.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.71f4c9f.35.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.6024629.23.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.6024629.23.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 5.2.sys30.exe.379eb30.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 5.2.sys30.exe.379eb30.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 5.2.sys30.exe.379eb30.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 12.2.sys30.exe.7190000.29.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.7190000.29.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.3e19930.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.3e19930.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.7170000.27.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.7170000.27.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.5460000.20.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.5460000.20.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.7230000.37.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.7230000.37.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.7160000.26.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.7160000.26.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.2ecbecc.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.2ecbecc.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.71a0000.30.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.71a0000.30.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.71fe8a4.34.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.71fe8a4.34.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 5.2.sys30.exe.3816b70.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 5.2.sys30.exe.3816b70.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 5.2.sys30.exe.3816b70.6.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 12.2.sys30.exe.71a0000.30.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.71a0000.30.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.7120000.25.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.7120000.25.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.71f0000.36.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.71f0000.36.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.7110000.24.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.7110000.24.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.7170000.27.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.7170000.27.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.3e281d4.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.3e281d4.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.3e281d4.6.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 12.2.sys30.exe.2ed8148.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.2ed8148.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.7110000.24.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.7110000.24.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.71b0000.31.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.71b0000.31.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.6020000.22.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.6020000.22.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 5.2.sys30.exe.3816b70.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 5.2.sys30.exe.3816b70.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 5.2.sys30.exe.3816b70.6.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 5.2.sys30.exe.37c6b50.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 5.2.sys30.exe.37c6b50.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 5.2.sys30.exe.37c6b50.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 12.2.sys30.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 12.2.sys30.exe.3f24149.13.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.3f24149.13.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.3f24149.13.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 12.2.sys30.exe.3f1fb20.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.3f1fb20.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.3f1fb20.11.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 12.2.sys30.exe.3e19930.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.3e19930.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.3e19930.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 12.2.sys30.exe.2e6c840.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.2e6c840.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 12.2.sys30.exe.4101d95.15.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 12.2.sys30.exe.4286c30.18.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 12.2.sys30.exe.4281dfa.17.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 12.2.sys30.exe.2ecbecc.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.2ecbecc.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.2ecbecc.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 12.2.sys30.exe.2ed8148.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.2ed8148.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.2ed8148.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 12.2.sys30.exe.41163c2.16.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 12.2.sys30.exe.3f1acea.12.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 12.2.sys30.exe.3f1acea.12.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 12.2.sys30.exe.3f1acea.12.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 12.2.sys30.exe.40f5b61.14.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 12.2.sys30.exe.428b259.19.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 00000005.00000002.641645564.0000000003816000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000005.00000002.641645564.0000000003816000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 0000000C.00000002.548017544.0000000007160000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 0000000C.00000002.548017544.0000000007160000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 00000025.00000002.640663976.0000000006CB0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000025.00000002.640663976.0000000006CB0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 00000005.00000002.640487654.0000000003585000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000005.00000002.640487654.0000000003585000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 00000025.00000002.608692638.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000025.00000002.608692638.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 00000025.00000002.641315287.0000000007660000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000025.00000002.641315287.0000000007660000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0000000C.00000002.548309098.00000000071A0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 0000000C.00000002.548309098.00000000071A0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 00000025.00000002.639663165.0000000006630000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000025.00000002.639663165.0000000006630000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0000000C.00000002.547346562.0000000007110000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 0000000C.00000002.547346562.0000000007110000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0000000C.00000002.547488782.0000000007120000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 0000000C.00000002.547488782.0000000007120000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 00000025.00000002.629201133.00000000032C1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 00000025.00000002.640939884.0000000006E70000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000025.00000002.640939884.0000000006E70000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0000000C.00000002.544723026.0000000006020000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 0000000C.00000002.544723026.0000000006020000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0000000C.00000002.548094902.0000000007170000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 0000000C.00000002.548094902.0000000007170000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0000000C.00000002.548637500.00000000071E0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 0000000C.00000002.548637500.00000000071E0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 00000025.00000002.641048922.0000000006EC0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000025.00000002.641048922.0000000006EC0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0000000C.00000002.548181314.0000000007180000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 0000000C.00000002.548181314.0000000007180000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 00000025.00000002.640696543.0000000006CC0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000025.00000002.640696543.0000000006CC0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0000000C.00000002.534671438.0000000004281000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 0000000C.00000002.529719326.0000000002E65000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 00000025.00000002.640917684.0000000006E60000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000025.00000002.640917684.0000000006E60000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0000000C.00000002.548362586.00000000071B0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 0000000C.00000002.548362586.00000000071B0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0000000C.00000002.542686341.0000000005460000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 0000000C.00000002.542686341.0000000005460000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 00000005.00000002.641200263.0000000003749000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000005.00000002.641200263.0000000003749000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 0000000C.00000002.548245058.0000000007190000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 0000000C.00000002.548245058.0000000007190000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 00000025.00000002.640628725.0000000006C90000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000025.00000002.640628725.0000000006C90000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 00000025.00000002.640837802.0000000006E40000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000025.00000002.640837802.0000000006E40000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 00000025.00000002.640779779.0000000006CF0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000025.00000002.640779779.0000000006CF0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0000000C.00000002.532584351.0000000003EE0000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 00000025.00000002.634805063.00000000043D1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 0000000C.00000002.526766087.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 0000000C.00000002.526766087.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 0000000C.00000002.548976373.0000000007230000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 0000000C.00000002.548976373.0000000007230000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 00000025.00000002.640886858.0000000006E50000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000025.00000002.640886858.0000000006E50000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 00000025.00000002.638459371.0000000005C10000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000025.00000002.638459371.0000000005C10000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 00000025.00000002.640758288.0000000006CE0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000025.00000002.640758288.0000000006CE0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0000000C.00000002.533192933.0000000004046000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 0000000C.00000002.548704836.00000000071F0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 0000000C.00000002.548704836.00000000071F0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0000000C.00000002.532722174.0000000003F1A000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 00000025.00000002.639773222.0000000006660000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000025.00000002.639773222.0000000006660000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0000000C.00000002.548409517.00000000071C0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 0000000C.00000002.548409517.00000000071C0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0000000C.00000002.532165573.0000000003E11000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: Process Memory Space: sys30.exe PID: 6692, type: MEMORYSTRMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: Process Memory Space: sys30.exe PID: 6692, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: Process Memory Space: sys30.exe PID: 7148, type: MEMORYSTRMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: Process Memory Space: sys30.exe PID: 7148, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeCode function: 1_2_030C6EE0
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeCode function: 1_2_030C7581
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeCode function: 1_2_030CF850
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeCode function: 1_2_030CDC48
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeCode function: 1_2_06C81770
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeCode function: 1_2_06C80040
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeCode function: 1_2_06C83680
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeCode function: 1_2_06C8367B
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeCode function: 1_2_06C8B408
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeCode function: 1_2_06C8B407
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeCode function: 1_2_00EDBB49
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 5_2_00C26EE0
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 5_2_001BBB49
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 8_2_031B6EE0
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 8_2_031BF850
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 8_2_031BDC48
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 8_2_06E00040
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 8_2_06E00007
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 8_2_00F0BB49
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 12_2_0127E471
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 12_2_0127E480
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 12_2_0127BBD4
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 12_2_0532F5F8
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 12_2_05329788
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 12_2_0532A5D0
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 12_2_0532A610
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 12_2_00A1BB49
      Source: P9vxkMpyQ5.exe, 00000001.00000003.401694206.00000000070F0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamexxxxxf28.exeL vs P9vxkMpyQ5.exe
      Source: P9vxkMpyQ5.exe, 00000001.00000002.410453727.0000000004275000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSHCore1.dll0 vs P9vxkMpyQ5.exe
      Source: P9vxkMpyQ5.exeVirustotal: Detection: 40%
      Source: P9vxkMpyQ5.exeReversingLabs: Detection: 28%
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeFile read: C:\Users\user\Desktop\P9vxkMpyQ5.exeJump to behavior
      Source: P9vxkMpyQ5.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
      Source: unknownProcess created: C:\Users\user\Desktop\P9vxkMpyQ5.exe 'C:\Users\user\Desktop\P9vxkMpyQ5.exe'
      Source: unknownProcess created: C:\Users\user\AppData\Local\sys4h57g\sys30.exe 'C:\Users\user\AppData\Local\sys4h57g\sys30.exe'
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess created: C:\Users\user\AppData\Local\sys4h57g\sys30.exe 'C:\Users\user\AppData\Local\sys4h57g\sys30.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\sys4h57g\sys30.exe C:\Users\user\AppData\Local\sys4h57g\sys30.exe
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\sys4h57g\sys30.exe 'C:\Users\user\AppData\Local\sys4h57g\sys30.exe'
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\sys4h57g\sys30.exe C:\Users\user\AppData\Local\sys4h57g\sys30.exe
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess created: C:\Users\user\AppData\Local\sys4h57g\sys30.exe 'C:\Users\user\AppData\Local\sys4h57g\sys30.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\sys4h57g\sys30.exe C:\Users\user\AppData\Local\sys4h57g\sys30.exe
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\sys4h57g\sys30.exe C:\Users\user\AppData\Local\sys4h57g\sys30.exe
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: unknown unknown
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\sys4h57g\sys30.exe 'C:\Users\user\AppData\Local\sys4h57g\sys30.exe'
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sys30.lnkJump to behavior
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeFile created: C:\Users\user\AppData\Local\Temp\sys30s.txtJump to behavior
      Source: classification engineClassification label: mal100.troj.evad.winEXE@40/21@13/2
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{6618c428-0583-4059-a498-a8ec319ccd46}
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
      Source: P9vxkMpyQ5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
      Source: P9vxkMpyQ5.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
      Source: Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\MyNanoCore RemoteScripting\MyClientPlugin\obj\Debug\MyClientPluginNew.pdb source: sys30.exe, 0000000C.00000002.548094902.0000000007170000.00000004.00020000.sdmp
      Source: Binary string: C:\Users\Liam\Downloads\NanoCoreSwiss\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: sys30.exe, 0000000C.00000002.534671438.0000000004281000.00000004.00000001.sdmp
      Source: Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\NanoCoreStressTester\NanoCoreStressTester\obj\Debug\NanoCoreStressTester.pdb source: sys30.exe, 0000000C.00000002.534671438.0000000004281000.00000004.00000001.sdmp
      Source: Binary string: G:\Users\Andy\Documents\Visual Studio 2013\Projects\NanocoreBasicPlugin\NanoCoreBase\obj\Debug\NanoCoreBase.pdb source: sys30.exe, 0000000C.00000002.548017544.0000000007160000.00000004.00020000.sdmp
      Source: Binary string: P:\Visual Studio Projects\Projects 15\NanoNana\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: sys30.exe, 0000000C.00000002.548309098.00000000071A0000.00000004.00020000.sdmp
      Source: Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\FileBrowserPlugin\FileBrowserClient\obj\Debug\FileBrowserClient.pdb source: sys30.exe, 0000000C.00000002.534671438.0000000004281000.00000004.00000001.sdmp

      Data Obfuscation:

      barindex
      .NET source code contains potential unpackerShow sources
      Source: P9vxkMpyQ5.exe, Qm29/Lz41.cs.Net Code: j6X System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
      Source: sys30.exe.1.dr, Qm29/Lz41.cs.Net Code: j6X System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
      Source: 1.2.P9vxkMpyQ5.exe.ed0000.0.unpack, Qm29/Lz41.cs.Net Code: j6X System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
      Source: 1.0.P9vxkMpyQ5.exe.ed0000.0.unpack, Qm29/Lz41.cs.Net Code: j6X System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeCode function: 1_2_00EDCE66 push 00000000h; iretd
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeCode function: 1_2_00EDB27A push 00000000h; iretd
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeCode function: 1_2_06C86E20 pushfd ; retf
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeCode function: 1_2_06C8C5CB push es; iretd
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeCode function: 1_2_06C8C2BE pushfd ; iretd
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeCode function: 1_2_06C813E1 pushfd ; retf
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 5_2_001BB27A push 00000000h; iretd
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 5_2_001BCE66 push 00000000h; iretd
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 8_2_00F0B27A push 00000000h; iretd
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 8_2_00F0CE66 push 00000000h; iretd
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 12_2_00A1CE66 push 00000000h; iretd
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 12_2_00A1B27A push 00000000h; iretd
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 12_2_0532B5E0 push eax; retf
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 12_2_053269FB push esp; retf
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeCode function: 12_2_053269F8 pushad ; retf
      Source: sys30s.exe.5.drStatic PE information: 0xC7142059 [Sun Nov 3 05:36:25 2075 UTC]
      Source: P9vxkMpyQ5.exe, Ed06/Qd84.csHigh entropy of concatenated method names: '.ctor', 'Kj0m', 'Re73', 't5L2', 'Lq73', 'Hb8r', 'Kz64', 'p8QT', 'q4D3', 'Bn3f'
      Source: sys30.exe.1.dr, Ed06/Qd84.csHigh entropy of concatenated method names: '.ctor', 'Kj0m', 'Re73', 't5L2', 'Lq73', 'Hb8r', 'Kz64', 'p8QT', 'q4D3', 'Bn3f'
      Source: 1.2.P9vxkMpyQ5.exe.ed0000.0.unpack, Ed06/Qd84.csHigh entropy of concatenated method names: '.ctor', 'Kj0m', 'Re73', 't5L2', 'Lq73', 'Hb8r', 'Kz64', 'p8QT', 'q4D3', 'Bn3f'
      Source: 1.0.P9vxkMpyQ5.exe.ed0000.0.unpack, Ed06/Qd84.csHigh entropy of concatenated method names: '.ctor', 'Kj0m', 'Re73', 't5L2', 'Lq73', 'Hb8r', 'Kz64', 'p8QT', 'q4D3', 'Bn3f'
      Source: sys30s.exe.5.dr, Astronotplart/My/tT7bk4FnxbYaKqMtWjIqvyKWh4J9tkfAvLZ8e5Y4BU.csHigh entropy of concatenated method names: 'nn9DM7TZkpnl4dSPqnpPS2oW', 'LztRLhG61h4KFshxtO7P7', 'G4vjdlUHNvtWZenTXSNdtGwCIYmCoKE77', '5fQycwGNtn0lBuMB2jteITZhMQF3wG', 'ZJSZEAUpgBzwUgSXvnbC6lEhXmP5VpN2nCiGvnzMTR'
      Source: sys30s.exe.5.dr, Astronotplart/My/nVdeDLHvVsfVxwgFzORDky8W3f9u4lGmiaWnSDb.csHigh entropy of concatenated method names: '.cctor', 'ipfF6OV8JHE8Qin24Sz2H', 'GBAU51HdoykwtyLJ8j', 'A6Cmw4VPbNKHMkR6BnXqjGTCsaLYYK', 'ZhXAveIVREq8oAgNFODqxTnhx35', 'TL13XiWxESQiImm09SkPUl2iIyfqvqfNa1eW0WN', 'hXlgWtIDkKwHkCLRcj1P0yvWMryPDm997zSDv', 'crnIowWf8YVTDoRdGn'
      Source: sys30s.exe.5.dr, Astronotplart/gabKErPURPS76kDKjrme.csHigh entropy of concatenated method names: '.ctor', 'EmwYECB1wGyvIA2snT', 'zQyq6GQCkVXH2m9ORWKDS7znEfc2l', 'X3TE6RCIZMD7ECwwVoqD8j43J8u', 'SwV7wVQkM24hXoCSpr83uLH4TEFtSUXME6LQS7', 'gIglw7CqsSJGzE2AtTN3JYbIYwYS1QQ7ADpw', 'aciMX0Q3f70STq8WXW'
      Source: sys30s.exe.5.dr, Astronotplart/My/Resources/cZsjfbJLI2Nt8If5QOa3YzSXxDXbcmzUTY.csHigh entropy of concatenated method names: '7tuLHfXnvgcErulp', 'vFPZGqKub8S44KK9njyrAe1CN2qDJ3IQa7tiGW3Oebu', 'p0Rr9tY6YlifmwQtRmfPXGEDX', 'IPf8zIYNrroPiylxpRDezmMidW58Fr8mLO'
      Source: sys30s.exe.5.dr, Astronotplart/rtGPmvPIdl5IaacYtOxDvUDj4cyvAKDSBQSIKnjuJ.csHigh entropy of concatenated method names: '.ctor', 'lXIhNy5k2zuUtWijXRf3Smh', 'K04wNKQqGraj7cH31jV3', 'XjtDF35KWLF6l1is3R1Q6HxEJwEr3PbjtGbh2HVd2', 'lvOSFdRQCCluXgGa7jGQkU1jNoXRaK5EpfPYnW', 'gZQk7h6spRLFg3NwAmoe'
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeFile created: C:\Users\user\AppData\Local\sys4h57g\sys30.exeJump to dropped file
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeFile created: C:\Users\user\AppData\Local\Temp\sys30s.exeJump to dropped file
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sys30.lnkJump to behavior
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sys30.lnkJump to behavior

      Hooking and other Techniques for Hiding and Protection:

      barindex
      Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeFile opened: C:\Users\user\Desktop\P9vxkMpyQ5.exe\:Zone.Identifier read attributes | delete
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeFile opened: C:\Users\user\AppData\Local\sys4h57g\sys30.exe\:Zone.Identifier read attributes | delete
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeFile opened: C:\Users\user\AppData\Local\sys4h57g\sys30.exe:Zone.Identifier read attributes | delete
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exe TID: 6516Thread sleep time: -2767011611056431s >= -30000s
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exe TID: 5988Thread sleep count: 33 > 30
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exe TID: 5988Thread sleep count: 131 > 30
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exe TID: 644Thread sleep time: -30000s >= -30000s
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exe TID: 6432Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exe TID: 4148Thread sleep time: -23980767295822402s >= -30000s
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exe TID: 660Thread sleep count: 3375 > 30
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exe TID: 660Thread sleep count: 5723 > 30
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exe TID: 7160Thread sleep count: 55 > 30
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exe TID: 7160Thread sleep time: -55000s >= -30000s
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exe TID: 6836Thread sleep time: -30000s >= -30000s
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exe TID: 6848Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exe TID: 1624Thread sleep time: -13835058055282155s >= -30000s
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exe TID: 5936Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exe TID: 1080Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exe TID: 4804Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exe TID: 3496Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exe TID: 4832Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeWindow / User API: threadDelayed 3375
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeWindow / User API: threadDelayed 5723
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeWindow / User API: threadDelayed 4369
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeWindow / User API: threadDelayed 5018
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess information queried: ProcessInformation
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeThread delayed: delay time: 922337203685477
      Source: sys30s.exe, 00000019.00000002.501077193.00000000013F8000.00000004.00000020.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\f%
      Source: sys30.exe, 0000000C.00000002.546231642.0000000006A40000.00000004.00000001.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\DosDevices\D:
      Source: sys30.exe, 00000005.00000002.616179162.000000000090A000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll[
      Source: P9vxkMpyQ5.exe, 00000001.00000002.411696868.0000000006970000.00000004.00000001.sdmpBinary or memory string: ECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\DosDevices\D:
      Source: sys30.exe, 00000005.00000002.642483268.0000000005C70000.00000004.00000001.sdmpBinary or memory string: d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
      Source: sys30s.exe, 0000001B.00000002.515711034.0000000000CAA000.00000004.00000020.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}x
      Source: sys30s.exe, 00000016.00000002.482713872.0000000000F10000.00000004.00000020.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}|
      Source: sys30s.exe, 0000001B.00000002.515711034.0000000000CAA000.00000004.00000020.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
      Source: sys30s.exe, 00000019.00000002.501077193.00000000013F8000.00000004.00000020.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
      Source: P9vxkMpyQ5.exe, 00000001.00000002.407150236.00000000016FE000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess token adjusted: Debug
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess token adjusted: Debug
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess token adjusted: Debug
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess token adjusted: Debug
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess token adjusted: Debug
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess token adjusted: Debug
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess token adjusted: Debug
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeMemory allocated: page read and write | page guard

      HIPS / PFW / Operating System Protection Evasion:

      barindex
      Injects a PE file into a foreign processesShow sources
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeMemory written: C:\Users\user\AppData\Local\sys4h57g\sys30.exe base: 400000 value starts with: 4D5A
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeMemory written: C:\Users\user\AppData\Local\sys4h57g\sys30.exe base: 400000 value starts with: 4D5A
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeProcess created: C:\Users\user\AppData\Local\sys4h57g\sys30.exe 'C:\Users\user\AppData\Local\sys4h57g\sys30.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\sys4h57g\sys30.exe C:\Users\user\AppData\Local\sys4h57g\sys30.exe
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\sys4h57g\sys30.exe C:\Users\user\AppData\Local\sys4h57g\sys30.exe
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: unknown unknown
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeProcess created: C:\Users\user\AppData\Local\sys4h57g\sys30.exe 'C:\Users\user\AppData\Local\sys4h57g\sys30.exe'
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeProcess created: C:\Users\user\AppData\Local\Temp\sys30s.exe 'C:\Users\user\AppData\Local\Temp\sys30s.exe'
      Source: sys30.exe, 0000000C.00000002.530001680.0000000002F74000.00000004.00000001.sdmpBinary or memory string: Program Manager
      Source: sys30.exe, 00000005.00000002.626323975.0000000000FF0000.00000002.00020000.sdmp, sys30s.exe, 0000000F.00000002.616545639.0000000001C90000.00000002.00020000.sdmp, sys30s.exe, 00000013.00000002.616278097.00000000019A0000.00000002.00020000.sdmp, sys30s.exe, 00000017.00000002.618465344.0000000001B80000.00000002.00020000.sdmp, sys30s.exe, 0000001A.00000002.616458175.0000000000EB0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
      Source: sys30.exe, 00000005.00000002.626323975.0000000000FF0000.00000002.00020000.sdmp, sys30s.exe, 0000000F.00000002.616545639.0000000001C90000.00000002.00020000.sdmp, sys30s.exe, 00000013.00000002.616278097.00000000019A0000.00000002.00020000.sdmp, sys30s.exe, 00000017.00000002.618465344.0000000001B80000.00000002.00020000.sdmp, sys30s.exe, 0000001A.00000002.616458175.0000000000EB0000.00000002.00020000.sdmpBinary or memory string: Progman
      Source: sys30.exe, 00000005.00000002.626323975.0000000000FF0000.00000002.00020000.sdmp, sys30s.exe, 0000000F.00000002.616545639.0000000001C90000.00000002.00020000.sdmp, sys30s.exe, 00000013.00000002.616278097.00000000019A0000.00000002.00020000.sdmp, sys30s.exe, 00000017.00000002.618465344.0000000001B80000.00000002.00020000.sdmp, sys30s.exe, 0000001A.00000002.616458175.0000000000EB0000.00000002.00020000.sdmpBinary or memory string: &Program Manager
      Source: sys30.exe, 00000005.00000002.626323975.0000000000FF0000.00000002.00020000.sdmp, sys30s.exe, 0000000F.00000002.616545639.0000000001C90000.00000002.00020000.sdmp, sys30s.exe, 00000013.00000002.616278097.00000000019A0000.00000002.00020000.sdmp, sys30s.exe, 00000017.00000002.618465344.0000000001B80000.00000002.00020000.sdmp, sys30s.exe, 0000001A.00000002.616458175.0000000000EB0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
      Source: sys30.exe, 0000000C.00000002.530807793.0000000003110000.00000004.00000001.sdmpBinary or memory string: Program Manager|$D
      Source: sys30.exe, 0000000C.00000002.545728511.0000000006A0E000.00000004.00000001.sdmpBinary or memory string: Program Manager x
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeQueries volume information: C:\Users\user\Desktop\P9vxkMpyQ5.exe VolumeInformation
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeQueries volume information: C:\Users\user\AppData\Local\sys4h57g\sys30.exe VolumeInformation
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeQueries volume information: C:\Users\user\AppData\Local\sys4h57g\sys30.exe VolumeInformation
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeQueries volume information: C:\Users\user\AppData\Local\sys4h57g\sys30.exe VolumeInformation
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\sys4h57g\sys30.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sys30s.exe VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\sys30s.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
      Source: C:\Users\user\Desktop\P9vxkMpyQ5.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

      Stealing of Sensitive Information:

      barindex
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 12.2.sys30.exe.4286c30.18.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.37c6b50.4.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3ee4e70.9.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.379eb30.5.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3e1e5cf.7.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.6020000.22.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3f1fb20.11.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3ee4e70.9.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.3589510.3.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3ee9499.8.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.6024629.23.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.379eb30.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.3816b70.6.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3e281d4.6.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.6020000.22.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.3816b70.6.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.37c6b50.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3f24149.13.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3f1fb20.11.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3e19930.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.4286c30.18.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.4281dfa.17.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3f1acea.12.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.428b259.19.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 00000005.00000002.641645564.0000000003816000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.640487654.0000000003585000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000025.00000002.608692638.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000025.00000002.639663165.0000000006630000.00000004.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000025.00000002.629201133.00000000032C1000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.544723026.0000000006020000.00000004.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.534671438.0000000004281000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.641200263.0000000003749000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.532584351.0000000003EE0000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000025.00000002.634362728.00000000042FB000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000025.00000002.634805063.00000000043D1000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.526766087.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.532722174.0000000003F1A000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.532165573.0000000003E11000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: sys30.exe PID: 6692, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: sys30.exe PID: 7148, type: MEMORYSTR

      Remote Access Functionality:

      barindex
      Detected Nanocore RatShow sources
      Source: sys30.exe, 00000005.00000002.641645564.0000000003816000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
      Source: sys30.exe, 0000000C.00000002.548017544.0000000007160000.00000004.00020000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
      Source: sys30.exe, 0000000C.00000002.548017544.0000000007160000.00000004.00020000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreBase.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreBaseClientPluginCommandHandlerResourcesNanoCoreBase.My.ResourcesMySettingsMySettingsPropertyCommandsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketHandleCommandHandleCommandOpenWebsiteHandleCommandMessageBoxSwapMouseButtonfSwapuser32.dllHandleCommandMouseSwapHandleCommandMouseUnswapmciSendStringlpszCommandlpszReturnStringcchReturnLengthhwndCallbackwinmm.dllmciSendStringAHandleCommandCDTrayHandleCommandCDTrayCloseSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__OpenWebsiteMessageBoxCDTrayCDTrayCloseMouseSwapMouseUnswapSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeSendToServerParamArrayAttributeStringProcessStartSystem.Windows.FormsDialogResultShowConversionsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedNanoCoreBase.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoCoreBase.dll+set CDAudio door open/set CDAudio door closed-NanoCoreBase.Resources3
      Source: sys30.exe, 0000000C.00000002.534671438.0000000004281000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
      Source: sys30.exe, 0000000C.00000002.534671438.0000000004281000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationFileBrowserClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainFileBrowserClientClientPluginCommandHandlersResourcesFileBrowserClient.My.ResourcesMySettingsMySettingsPropertyFunctionsCommandTypesMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostCurrentDirectoryInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHost_networkHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleCreateDirectoryremoteDirHandleDeleteFileremoteFileisDirectoryHandleOpenFileHandleReceiveFilelocalFileHandleRenameFilenewFileNameHandleSetCurrentDirectorypathHandleDeleteHandleDownloadHandleDrivesHandleFilesHandleGetCurrentDirectoryHandleMachineNameHandleOpenHandleSetCurrentDirectoryPacketHandleUploadHandleRenameHandleCreateSendCurrentDirectorySendDrivesSendFileSendFilesSendMachineNameSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsSystem.Collections.GenericList`1RemoteFilesRemoteFoldersRemoteDrivesEnumerateRemoteFilesEnumerateRemoteDrivesLogMessagemessageEnumvalue__MachineNameDrivesFilesGetCurrentDirectorySetCurrentDirectoryDownloadUploadOpenDeleteCreateDirectoryRenameSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeEnvironmentSpecialFolderGetFolderPathStringFormatSystem.IODirectoryDirectoryInfoProjectDataExceptionSetProjectErrorClearProjectErrorFileLogClientExceptionProcessStartConvertFromBase64StringWriteAllBytesMoveSendToServerConversionsToBooleanInt32NewLateBindingLateIndexGetEnumeratorEmptyGetEnumeratorget_CurrentTrimConcatMoveNextIDisposableDisposeReadAllBytesToBase64StringIsNullOrEmptyget_MachineNameToUpperget_UserNameReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedFileInfoFileSystemInfoget_FullNameContainsGetDirectoriesget_NameAddGetF
      Source: sys30.exe, 0000000C.00000002.534671438.0000000004281000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationMyClientPlugin.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainMyClientPluginClientPluginMiscCommandHandlerCommandTypeMiscCommandMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleMiscCommandHandleMiscCommandMessageInterpretRecievedcommandtodoloopkeysEnumvalue__MessageStringExceptionMicrosoft.VisualBasic.CompilerServicesOperatorsCompareStringServerComputerMicrosoft.VisualBasic.MyServicesRegistryProxyget_RegistryMicrosoft.Win32RegistryKeyget_LocalMachineConcatInt32SetValueProjectDataSetProjectErrorClearProjectErrorget_LengthStandardModuleAttributeSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeMyClientPlugin.dll'DisableWebcamLights
      Source: sys30.exe, 0000000C.00000002.534671438.0000000004281000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreStressTester.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreStressTesterClientPluginHTTPFloodSlowLorisSYNFloodTCPNanoCoreStressTester.FloodUDPSendSynCommandHandlerResourcesNanoCoreStressTester.My.ResourcesMySettingsMySettingsPropertyCommandsMethodsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostIClientDataHostDataHostClientGUIDSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHost_DataHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketStartHostToAttackArrayUploadDataSiteUserAgentRefererValuesGeneratecodelengthSystem.ThreadingThreadThreadsPortToAttackTimeToAttackThreadstoUseThreadsEndedattacksAttackRunningFloodnewHostnewPortnewTimenewThreadslolStopSlowlorisStressThreadStart_floodingJob_floodingThreadSystem.NetIPEndPoint_ipEo_synClassHostIsEnabledPortSuperSynSocketsStartSuperSynStopSuperSynSystem.Net.SocketsSocketClientIPPacketsPacketSizeMaxPacketsStopFloodmPacketspSize_sockipEosuperSynSockets__1IAsyncResultOnConnectarSendFloodingstopHTTPBytesSentSYNConnectionsHTTPDataSentMethodTargetAddressTargetStatusupdateBytesnewSYNFloodHandleDDOSCommandHandleStopCommandSystem.TimersElapsedEventArgsbytesTimerElapsedsourceeHandleHTTPCommandHandleSlowlorisCommandHandleTCPCommandHandleUDPCommandHandleSYNCommandSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__sendStressCommandupdateStatusColumnstopStressCommandHTTPSlowlorisSYNSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeExceptionSendToServerProjectDataSetProjectErrorClearProjectErrorTimerNanoCoreIClientNameObjectCollectionget_VariablesGetValueset_Intervalset_EnabledElapsedEventHandleradd_ElapsedParamArrayAttributeRandomGuidStringIsNullOrEmptyArgumentNullExceptionArgumentOutOfRangeExce
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 12.2.sys30.exe.4286c30.18.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.37c6b50.4.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3ee4e70.9.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.379eb30.5.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3e1e5cf.7.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.6020000.22.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3f1fb20.11.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3ee4e70.9.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.3589510.3.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3ee9499.8.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.6024629.23.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.379eb30.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.3816b70.6.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3e281d4.6.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.6020000.22.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.3816b70.6.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.sys30.exe.37c6b50.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3f24149.13.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3f1fb20.11.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3e19930.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.4286c30.18.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.4281dfa.17.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.3f1acea.12.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 12.2.sys30.exe.428b259.19.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 00000005.00000002.641645564.0000000003816000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.640487654.0000000003585000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000025.00000002.608692638.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000025.00000002.639663165.0000000006630000.00000004.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000025.00000002.629201133.00000000032C1000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.544723026.0000000006020000.00000004.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.534671438.0000000004281000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.641200263.0000000003749000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.532584351.0000000003EE0000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000025.00000002.634362728.00000000042FB000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000025.00000002.634805063.00000000043D1000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.526766087.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.532722174.0000000003F1A000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.532165573.0000000003E11000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: sys30.exe PID: 6692, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: sys30.exe PID: 7148, type: MEMORYSTR

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsWindows Management InstrumentationStartup Items1Startup Items1Disable or Modify Tools1Input Capture21File and Directory Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobRegistry Run Keys / Startup Folder2Process Injection112Obfuscated Files or Information2LSASS MemorySystem Information Discovery12Remote Desktop ProtocolInput Capture21Exfiltration Over BluetoothEncrypted Channel11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Registry Run Keys / Startup Folder2Software Packing11Security Account ManagerQuery Registry1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Timestomp1NTDSSecurity Software Discovery11Distributed Component Object ModelInput CaptureScheduled TransferRemote Access Software1SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading1LSA SecretsProcess Discovery2SSHKeyloggingData Transfer Size LimitsNon-Application Layer Protocol2Manipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion21Cached Domain CredentialsVirtualization/Sandbox Evasion21VNCGUI Input CaptureExfiltration Over C2 ChannelApplication Layer Protocol3Jamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection112DCSyncApplication Window Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobHidden Files and Directories1Proc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 483682 Sample: P9vxkMpyQ5 Startdate: 15/09/2021 Architecture: WINDOWS Score: 100 46 www.google.com 2->46 48 e-businessloader.mywire.org 2->48 62 Malicious sample detected (through community Yara rule) 2->62 64 Multi AV Scanner detection for submitted file 2->64 66 Sigma detected: NanoCore 2->66 68 4 other signatures 2->68 8 sys30.exe 14 5 2->8         started        13 P9vxkMpyQ5.exe 15 8 2->13         started        signatures3 process4 dnsIp5 38 C:\Users\user\AppData\Local\Temp\sys30s.exe, PE32 8->38 dropped 70 Multi AV Scanner detection for dropped file 8->70 72 Machine Learning detection for dropped file 8->72 74 Hides that the sample has been downloaded from the Internet (zone.identifier) 8->74 76 Injects a PE file into a foreign processes 8->76 15 sys30.exe 12 8->15         started        20 sys30s.exe 8->20         started        22 sys30s.exe 8->22         started        26 3 other processes 8->26 50 www.google.com 172.217.168.36, 443, 49738, 49740 GOOGLEUS United States 13->50 40 C:\Users\user\AppData\Local\...\sys30.exe, PE32 13->40 dropped 42 C:\Users\user\...\sys30.exe:Zone.Identifier, ASCII 13->42 dropped 44 C:\Users\user\AppData\...\P9vxkMpyQ5.exe.log, ASCII 13->44 dropped 24 sys30.exe 3 13->24         started        file6 signatures7 process8 dnsIp9 52 e-businessloader.mywire.org 194.5.98.103, 49747, 49752, 49778 DANILENKODE Netherlands 15->52 36 C:\Users\user\AppData\Roaming\...\run.dat, Unknown 15->36 dropped 56 Protects its processes via BreakOnTermination flag 15->56 58 Hides that the sample has been downloaded from the Internet (zone.identifier) 15->58 60 Multi AV Scanner detection for dropped file 20->60 28 sys30s.exe 20->28         started        30 sys30s.exe 22->30         started        54 www.google.com 24->54 32 sys30s.exe 26->32         started        34 sys30s.exe 26->34         started        file10 signatures11 process12

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      P9vxkMpyQ5.exe40%VirustotalBrowse
      P9vxkMpyQ5.exe29%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
      P9vxkMpyQ5.exe100%Joe Sandbox ML

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\sys4h57g\sys30.exe100%Joe Sandbox ML
      C:\Users\user\AppData\Local\Temp\sys30s.exe14%MetadefenderBrowse
      C:\Users\user\AppData\Local\Temp\sys30s.exe11%ReversingLabsWin32.Trojan.Generic
      C:\Users\user\AppData\Local\sys4h57g\sys30.exe29%ReversingLabsByteCode-MSIL.Trojan.AgentTesla

      Unpacked PE Files

      SourceDetectionScannerLabelLinkDownload
      12.2.sys30.exe.6020000.22.unpack100%AviraTR/NanoCore.fadteDownload File
      12.2.sys30.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://tempuri.org/ProductDataSet1.xsd#CustomerDataTableuThe0%Avira URL Cloudsafe
      http://tempuri.org/login2DataSet.xsd0%Avira URL Cloudsafe
      https://www.google.com40%Avira URL Cloudsafe
      http://ns.adobe.cobj0%URL Reputationsafe
      http://tempuri.org/ProductDataSet.xsd0%Avira URL Cloudsafe
      http://ns.adobe.c/g60%Avira URL Cloudsafe
      http://ns.d0%URL Reputationsafe
      http://tempuri.org/PendingProList.xsd0%Avira URL Cloudsafe
      http://ns.adobe.c/g0%URL Reputationsafe
      http://tempuri.org/ProductDataSet1.xsd0%Avira URL Cloudsafe
      http://ns.ado/10%URL Reputationsafe
      http://ns.ado/160%Avira URL Cloudsafe
      http://ns.adobe.cobj60%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      www.google.com
      		172.217.168.36
      		truefalse
        		high
        e-businessloader.mywire.org
        		194.5.98.103
        		truefalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://www.google.com/false
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://www.google.comP9vxkMpyQ5.exe, 00000001.00000002.408255230.0000000003271000.00000004.00000001.sdmp, sys30.exe, 00000005.00000002.629037969.0000000002581000.00000004.00000001.sdmp, sys30.exe, 00000008.00000002.412451482.00000000033D1000.00000004.00000001.sdmpfalse
              		high
              http://tempuri.org/ProductDataSet1.xsd#CustomerDataTableuTheP9vxkMpyQ5.exe, 00000001.00000003.401694206.00000000070F0000.00000004.00000001.sdmp, sys30.exe, 00000005.00000002.608813497.00000000001B2000.00000002.00020000.sdmp, sys30.exe, 00000008.00000000.401417758.0000000000F02000.00000002.00020000.sdmp, sys30.exe, 0000000C.00000002.526867376.0000000000A12000.00000002.00020000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://tempuri.org/login2DataSet.xsdsys30.exefalse
              • Avira URL Cloud: safe
              		unknown
              https://www.google.com4sys30.exe, 00000008.00000002.412451482.00000000033D1000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://ns.adobe.cobjP9vxkMpyQ5.exe, 00000001.00000003.351893896.0000000006FF8000.00000004.00000001.sdmp, P9vxkMpyQ5.exe, 00000001.00000003.405974425.0000000007000000.00000004.00000001.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://tempuri.org/ProductDataSet.xsdsys30.exe, sys30.exe, 0000000C.00000002.526867376.0000000000A12000.00000002.00020000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://ns.adobe.c/g6sys30.exe, 00000005.00000003.395504969.0000000006328000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://ns.dP9vxkMpyQ5.exe, 00000001.00000003.349091096.0000000006FF8000.00000004.00000001.sdmp, sys30.exe, 00000005.00000003.395303439.0000000006328000.00000004.00000001.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.google.comsys30.exe, 00000008.00000002.413325034.00000000034EA000.00000004.00000001.sdmpfalse
                		high
                http://tempuri.org/PendingProList.xsdsys30.exe, sys30.exe, 0000000C.00000002.526867376.0000000000A12000.00000002.00020000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://ns.adobe.c/gP9vxkMpyQ5.exe, 00000001.00000003.351893896.0000000006FF8000.00000004.00000001.sdmp, P9vxkMpyQ5.exe, 00000001.00000002.413146230.0000000006FF8000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://google.comsys30.exe, 0000000C.00000002.548309098.00000000071A0000.00000004.00020000.sdmpfalse
                  		high
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameP9vxkMpyQ5.exe, 00000001.00000002.408255230.0000000003271000.00000004.00000001.sdmp, sys30.exe, 00000005.00000002.629037969.0000000002581000.00000004.00000001.sdmp, sys30.exe, 00000008.00000002.412451482.00000000033D1000.00000004.00000001.sdmpfalse
                    		high
                    http://tempuri.org/ProductDataSet1.xsdsys30.exefalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://ns.ado/1P9vxkMpyQ5.exe, 00000001.00000003.351893896.0000000006FF8000.00000004.00000001.sdmp, P9vxkMpyQ5.exe, 00000001.00000002.413146230.0000000006FF8000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://ns.ado/16sys30.exe, 00000005.00000003.395504969.0000000006328000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://ns.adobe.cobj6sys30.exe, 00000005.00000003.395504969.0000000006328000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown

                    Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public

                    IPDomainCountryFlagASNASN NameMalicious
                    172.217.168.36
                    		www.google.comUnited States
                    		15169GOOGLEUSfalse
                    194.5.98.103
                    		e-businessloader.mywire.orgNetherlands
                    		208476DANILENKODEfalse

                    General Information

                    Joe Sandbox Version:33.0.0 White Diamond
                    Analysis ID:483682
                    Start date:15.09.2021
                    Start time:11:31:20
                    Joe Sandbox Product:CloudBasic
                    Overall analysis duration:0h 14m 8s
                    Hypervisor based Inspection enabled:false
                    Report type:light
                    Sample file name:P9vxkMpyQ5 (renamed file extension from none to exe)
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                    Number of analysed new started processes analysed:41
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • HDC enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Detection:MAL
                    Classification:mal100.troj.evad.winEXE@40/21@13/2
                    EGA Information:Failed
                    HDC Information:Failed
                    HCA Information:
                    • Successful, ratio: 98%
                    • Number of executed functions: 0
                    • Number of non-executed functions: 0
                    Cookbook Comments:
                    • Adjust boot time
                    • Enable AMSI
                    Warnings:
                    Show All
                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                    • TCP Packets have been reduced to 100
                    • Excluded IPs from analysis (whitelisted): 131.253.33.200, 13.107.22.200, 204.79.197.200, 13.107.21.200, 20.50.102.62, 13.107.4.50, 20.54.110.249, 40.112.88.60, 23.216.77.209, 23.216.77.208, 23.35.236.56, 20.82.210.154
                    • Excluded domains from analysis (whitelisted): iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, b1ns.c-0001.c-msedge.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, www-bing-com.dual-a-0001.a-msedge.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, b1ns.au-msedge.net, www.bing.com, fs.microsoft.com, dual-a-0001.a-msedge.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, c-0001.c-msedge.net, e1723.g.akamaiedge.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, dual-a-0001.dc-msedge.net, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                    • Not all processes where analyzed, report is missing behavior information
                    • Report creation exceeded maximum time and may have missing behavior and disassembly information.
                    • Report creation exceeded maximum time and may have missing disassembly code information.
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    11:32:30AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sys30.lnk
                    11:32:48API Interceptor1x Sleep call for process: P9vxkMpyQ5.exe modified
                    11:32:50API Interceptor485x Sleep call for process: sys30.exe modified

                    Joe Sandbox View / Context

                    IPs

                    No context

                    Domains

                    No context

                    ASN

                    No context

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\P9vxkMpyQ5.exe.log
                    Process:C:\Users\user\Desktop\P9vxkMpyQ5.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:modified
                    Size (bytes):1316
                    Entropy (8bit):5.343667025898124
                    Encrypted:false
                    SSDEEP:24:MLUE4K5E4Ks2E1qE4x84qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7csXE4D8Q:MIHK5HKXE1qHxviYHKhQnoPtHoxHhAHe
                    MD5:379135DE3C31F3A766187BD9B6C730C9
                    SHA1:BEFFE8BDE231861A3FD901A12F51523399B9A5E7
                    SHA-256:BDE88F5C7F95E26FFC5EBE86C38AE61E78E0A5AA932A83DE00F2A46DB24DD22D
                    SHA-512:2897AAB0225823AC258D5D5E52B43140F2B47603689C968243F515B516A2712CAC69A0D7317C53575CF725D7EBDC85C93637F57E626778117364D5666C9FB993
                    Malicious:true
                    Reputation:unknown
                    Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a
                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\sys30.exe.log
                    Process:C:\Users\user\AppData\Local\sys4h57g\sys30.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):1316
                    Entropy (8bit):5.343667025898124
                    Encrypted:false
                    SSDEEP:24:MLUE4K5E4Ks2E1qE4x84qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7csXE4D8Q:MIHK5HKXE1qHxviYHKhQnoPtHoxHhAHe
                    MD5:379135DE3C31F3A766187BD9B6C730C9
                    SHA1:BEFFE8BDE231861A3FD901A12F51523399B9A5E7
                    SHA-256:BDE88F5C7F95E26FFC5EBE86C38AE61E78E0A5AA932A83DE00F2A46DB24DD22D
                    SHA-512:2897AAB0225823AC258D5D5E52B43140F2B47603689C968243F515B516A2712CAC69A0D7317C53575CF725D7EBDC85C93637F57E626778117364D5666C9FB993
                    Malicious:false
                    Reputation:unknown
                    Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a
                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\sys30s.exe.log
                    Process:C:\Users\user\AppData\Local\Temp\sys30s.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):1362
                    Entropy (8bit):5.343186145897752
                    Encrypted:false
                    SSDEEP:24:ML9E4Ks2eE4O1lEE4UVwPKDE4KhK3VZ9pKhuE4IWUAE4KI6no84j:MxHKXeHKlEHU0YHKhQnouHIW7HKjovj
                    MD5:1249251E90A1C28AB8F7235F30056DEB
                    SHA1:166BA6B64E9B0D9BA7B856334F7D7EC027030BA1
                    SHA-256:B5D65BF3581136CD5368BC47FA3972E06F526EED407BC6571D11D9CD4B5C4D83
                    SHA-512:FD880C5B12B22241F67139ABD09B99ACE7A4DD24635FC6B340A3E7C463E2AEF3FA68EF647352132934BC1F8CA134F46064049449ACB67954BEDDEA9AA9670885
                    Malicious:false
                    Reputation:unknown
                    Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Wi
                    C:\Users\user\AppData\Local\Temp\sys30s.exe
                    Process:C:\Users\user\AppData\Local\sys4h57g\sys30.exe
                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Category:dropped
                    Size (bytes):78336
                    Entropy (8bit):4.369296705546591
                    Encrypted:false
                    SSDEEP:768:jlU4+MS3Fu0thSOV4GM0SuHk9Oh/1TRIWUk7NlfaNV9KQLxXXSv:l6o03IGMLuHk+Ck5lfaNP7xSv
                    MD5:0E362E7005823D0BEC3719B902ED6D62
                    SHA1:590D860B909804349E0CDC2F1662B37BD62F7463
                    SHA-256:2D0DC6216F613AC7551A7E70A798C22AEE8EB9819428B1357E2B8C73BEF905AD
                    SHA-512:518991B68496B3F8545E418CF9B345E0791E09CC20D177B8AA47E0ABA447AA55383C64F5BDACA39F2B061A5D08C16F2AD484AF8A9F238CA23AB081618FBA3AD3
                    Malicious:true
                    Antivirus:
                    • Antivirus: Metadefender, Detection: 14%, Browse
                    • Antivirus: ReversingLabs, Detection: 11%
                    Reputation:unknown
                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y ................P..&...........D... ........@.. ....................................`..................................D..W....`..............................hD............................................... ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc...............0..............@..B.................D......H.......l....%......)....................................................0..6.......(8...t....&.(8...t....&......(8...t...................8;....8%.....(8...t....&.(8...t............:.....(8...t....:.....(8...t....:....(8...t....................................\:@....(8...t....&.)...&8.....(8...t....&(8...t....&.....:.......8x........:L...88....(8...t....&(8...t....&(8...t....&(8...t.....................:....8!.....(8...t....&......(8...t....&.....(8...t....:8.....(8...t....&.
                    C:\Users\user\AppData\Local\Temp\sys30s.txt
                    Process:C:\Users\user\AppData\Local\Temp\sys30s.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):64
                    Entropy (8bit):4.737593945008262
                    Encrypted:false
                    SSDEEP:3:uVNN+E2J5WcKHpWVkgwn:uVNN723WcKHpT
                    MD5:909EDEE55200CEC6208991E1F0286AFF
                    SHA1:88C5C9E75204F47953C0A6ACCE158934ED9AC469
                    SHA-256:7C62A339B17C7D8E9C956416F0ED0E84C13A2A851F7DC3D64ED8959BB06359FD
                    SHA-512:09510248BA8A9261CA125D9861ABBE0E05DB31A677DCFF518A45DBC361D33D46894E88857E4916B88C49E0E07A2EB2C65584D9A4394FFFF34B9107D5A327DE04
                    Malicious:false
                    Reputation:unknown
                    Preview: 6692..C:\Users\user\AppData\Local\sys4h57g\sys30.exe..7024..
                    C:\Users\user\AppData\Local\sys4h57g\sys30.exe
                    Process:C:\Users\user\Desktop\P9vxkMpyQ5.exe
                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Category:dropped
                    Size (bytes):667136
                    Entropy (8bit):6.722731568770937
                    Encrypted:false
                    SSDEEP:6144:4kS8lJbCW4cCUDgd35ZFj6uf3wwoBd78yRp+7tjbSaFSZYFFhJk5XkbQEPr3jbDM:J9bB41pZFmw3wwo733gtSsSZCfOkm3l
                    MD5:4C658DB84A58CE7EC0C2F2EB9F14C97C
                    SHA1:CE119BDEE8F67E1AEF1E45DA57C0BF2E858D3826
                    SHA-256:3BEE3F04F56446103684FC76026CFAA5AB39CF206489B2E7C9142EAD5A68C738
                    SHA-512:08F212F8745A077BC3F0F839A1D7BC008D87D65072D3A2B91C8EE7764C00F25D594D0972CB32EA26931FE3FE9BA205814A45C5B83BA661972A84D54824569B5A
                    Malicious:true
                    Antivirus:
                    • Antivirus: Joe Sandbox ML, Detection: 100%
                    • Antivirus: ReversingLabs, Detection: 29%
                    Reputation:unknown
                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....`...................$...........C... ........@.. ....................................`..................................C..K....`............................................................................... ............... ..H............text....#... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................C......H............V......G....y...k........................................... .........%.d...(.....e... .........%.f...(.....g...*..(....*&..(.....*.s.........s.........s.........s.........s.........*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0.................,.........o....+....9....~.........,2~.........(....o......,.r...p......(....s....z..+..s..........~.........(.....o......(..
                    C:\Users\user\AppData\Local\sys4h57g\sys30.exe:Zone.Identifier
                    Process:C:\Users\user\Desktop\P9vxkMpyQ5.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):26
                    Entropy (8bit):3.95006375643621
                    Encrypted:false
                    SSDEEP:3:ggPYV:rPYV
                    MD5:187F488E27DB4AF347237FE461A079AD
                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                    Malicious:true
                    Reputation:unknown
                    Preview: [ZoneTransfer]....ZoneId=0
                    C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\Exceptions\1.2.2.0\da0a22967d69764878492dcdfafebb2b.dat
                    Process:C:\Users\user\AppData\Local\sys4h57g\sys30.exe
                    File Type:Unknown
                    Category:dropped
                    Size (bytes):784
                    Entropy (8bit):7.74262010466454
                    Encrypted:false
                    SSDEEP:24:soqelz7a03pJSLbIM8dqxoSIEcCqewO/d7zAeixv:Nqel60j6IMboSDcBe9xMpv
                    MD5:B9263FB7877BA057862BFB1E7A4C3037
                    SHA1:73F3A9E9641403FA3733F99525E12A7D06106034
                    SHA-256:C85D449728519CD1A01AF0704154DBFE531B71C6A7EEB5A06EAE14E5ECE31D7A
                    SHA-512:132B6A6A0B8359EAC74373A8B6535FA065034FD53D11A69255F4BCF52E73465C9E9B406354B7B6DBE8EAA4693665B17D51D2959E1DE631ED731DD52AC59C66D4
                    Malicious:false
                    Reputation:unknown
                    Preview: .....Q.....b.R,.....o.....{.H`.yks~..}...<..6t.../X.t.)@7.wTs..Z....;.._IS9........'...)[....;..3...K...X.n.2.M5<'../.Q....v\.=yx....Oc..F....e..+&.F}^..}X..N.?..B2..B..;o.g.wo.m....*....4..Y...."...1i.v.H..l..y.O..~..F..Q..@..+...h..Z.au..o.[.s!]....?.."|..js!..^6.lD.i.o..!=.^x....d.......oa.Y.J..v.aXc.7N.......[nM.S.....i.y..!...E.M....'`."x..9..h7.j}m..n$.Lp.;D......=y.l. ..W..-.....b...\.dG...W.......S9.,.s.'E..`.B...v.b..7....uw).`..4..S...lF2..um..0...|....../C...}.......Kr..N.o'N.lG.1.@...1AQ2.......^.Y..6;.3.e.....]...{....a3m.9.....P.8..x...H.zo..wvh...b.......Z...v.&y*..G...d..g..2c.W...M,.D.E}.........vx.....]Y.i.e[.....'...$... .....0.Q_..l...*..U.....C.gvE.m..rH.<...+...J+z...l...7...=rF.....|. .3.....r..C.....
                    C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
                    Process:C:\Users\user\AppData\Local\sys4h57g\sys30.exe
                    File Type:Unknown
                    Category:dropped
                    Size (bytes):1392
                    Entropy (8bit):7.024371743172393
                    Encrypted:false
                    SSDEEP:24:IQnybgCUtvd7xCFhwUuQnybgCUtvd7xCFhwUuQnybgCUtvd7xCFhwUuQnybgCUt4:Ik/lCrwfk/lCrwfk/lCrwfk/lCrwfk/f
                    MD5:E78C6686C5A1A9CB0724F84DEA9A75F0
                    SHA1:80E61D5BDC7AF293362024781DA66BEA9D370FF9
                    SHA-256:FBE0B513511C00AC3B7169E1BCFB675CFD708B249365D724269C23FAC1184967
                    SHA-512:FF3835238CAEA26D8800B56901AB962ACD2FA390F955C4A8A15B5817AAB7642D105538CF63938D218567501477FB4B23C2834F22CBC8BA0002C7BCACB2875637
                    Malicious:false
                    Reputation:unknown
                    Preview: Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.
                    C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
                    Process:C:\Users\user\AppData\Local\sys4h57g\sys30.exe
                    File Type:Unknown
                    Category:dropped
                    Size (bytes):8
                    Entropy (8bit):3.0
                    Encrypted:false
                    SSDEEP:3:T+tn:m
                    MD5:DEA0D42BDC92E12BF326AB41A58C8A30
                    SHA1:D6ABBE9B687760ADD640742C3ABE709FFBC9CB55
                    SHA-256:04092E66F7465F356175FF5410128740A40738D7782FC720A5F56E93F064D0A7
                    SHA-512:7D3433D5EFAC18D25DB35A6F2551ED3837C3FEA505969E96DA780AC132458351A325C55C35EEAD68DD3F7CAE7EE03F89A2C7A892A6282FCDAC8636FBC40409EA
                    Malicious:true
                    Reputation:unknown
                    Preview: TY.@wx.H
                    C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat
                    Process:C:\Users\user\AppData\Local\sys4h57g\sys30.exe
                    File Type:Unknown
                    Category:dropped
                    Size (bytes):327432
                    Entropy (8bit):7.99938831605763
                    Encrypted:true
                    SSDEEP:6144:oX44S90aTiB66x3Pl6nGV4bfD6wXPIZ9iBj0UeprGm2d7Tm:LkjYGsfGUc9iB4UeprKdnm
                    MD5:7E8F4A764B981D5B82D1CC49D341E9C6
                    SHA1:D9F0685A028FB219E1A6286AEFB7D6FCFC778B85
                    SHA-256:0BD3AAC12623520C4E2031C8B96B4A154702F36F97F643158E91E987D317B480
                    SHA-512:880E46504FCFB4B15B86B9D8087BA88E6C4950E433616EBB637799F42B081ABF6F07508943ECB1F786B2A89E751F5AE62D750BDCFFDDF535D600CF66EC44E926
                    Malicious:false
                    Reputation:unknown
                    Preview: pT..!..W..G.J..a.).@.i..wpK.so@...5.=.^..Q.oy.=e@9.B...F..09u"3.. 0t..RDn_4d.....E...i......~...|..fX_...Xf.p^......>a..$...e.6:7d.(a.A...=.)*.....{B.[...y%.*..i.Q.<..xt.X..H.. ..HF7g...I.*3.{.n....L.y;i..s-....(5i...........J.5b7}..fK..HV..,...0.... ....n.w6PMl.......v."".v.......#..X.a....../...cC...i..l{>5n.._+.e.d'...}...[..../...D.t..GVp.zz......(...o......b...+`J.{....hS1G.^*I..v&.jm.#u..1..Mg!.E..U.T.....6.2>...6.l.K.w"o..E..."K%{....z.7....<...,....]t.:.....[.Z.u...3X8.QI..j_.&..N..q.e.2...6.R.~..9.Bq..A.v.6.G..#y.....O....Z)G...w..E..k(....+..O..........Vg.2xC......O...jc.....z..~.P...q../.-.'.h.._.cj.=..B.x.Q9.pu.|i4...i...;O...n.?.,. ....v?.5}.OY@.dG|<.._[.69@.2..m..I..oP=...xrK.?............b..5....i&...l.c\b}..Q..O+.V.mJ.....pz....>F.......H...6$...d...|m...N..1.R..B.i..........$....$........CY}..$....r.....H...8...li.....7 P......?h....R.iF..6...q(.@LI.s..+K.....?m..H....*. l..&<}....`|.B....3.....I..o...u1..8i=.z.W..7
                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sys30.lnk
                    Process:C:\Users\user\Desktop\P9vxkMpyQ5.exe
                    File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                    Category:dropped
                    Size (bytes):1032
                    Entropy (8bit):3.059601778422776
                    Encrypted:false
                    SSDEEP:12:8wl0CsX2lw/tz+7ReCHmx1S1/XT5E5Q1/XTrg/+CNJkKAb4t2Y+xIBjK:8JTaRBYSx5Pxr4PHAJ7aB
                    MD5:236C66A843735F9783F67ADFC0B2044E
                    SHA1:5F03A434AE2CAAB035E7B08E955D738DB9FB5CC6
                    SHA-256:CB61C4C0E1DD8073A7996186DA74A71BA48113E73DB393136EB3212323486171
                    SHA-512:DA5502AADF145954351F1AB04C9BE7F9746EB7BACE6ED4D418E31C0FE1F11B17D52EBB65CBBB25AE8F68F990C36ED8CB145C810E98B4007C02D340F2DD0EA8FE
                    Malicious:false
                    Reputation:unknown
                    Preview: L..................F........................................................5....P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....Z.1...........user..B............................................e.n.g.i.n.e.e.r.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....P.1...........Local.<............................................L.o.c.a.l.....Z.1...........sys4h57g..B............................................s.y.s.4.h.5.7.g.....\.2...........sys30.exe.D............................................s.y.s.3.0...e.x.e.......*.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.s.y.s.4.h.5.7.g.\.s.y.s.3.0...e.x.e.2.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.s.y.s.4.h.5.7.g.\.s.y.s.3.0...e.x.e.........(.................l^".`G...3..qs................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.8.5.3.3.2.1.9.3.5.-.2.1.2.5.5.6.3.2.0.9.-.4.0.5.3.0.6.2.

                    Static File Info

                    General

                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Entropy (8bit):6.722731568770937
                    TrID:
                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    • Win32 Executable (generic) a (10002005/4) 49.78%
                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                    • Generic Win/DOS Executable (2004/3) 0.01%
                    • DOS Executable Generic (2002/1) 0.01%
                    File name:P9vxkMpyQ5.exe
                    File size:667136
                    MD5:4c658db84a58ce7ec0c2f2eb9f14c97c
                    SHA1:ce119bdee8f67e1aef1e45da57c0bf2e858d3826
                    SHA256:3bee3f04f56446103684fc76026cfaa5ab39cf206489b2e7c9142ead5a68c738
                    SHA512:08f212f8745a077bc3f0f839a1d7bc008d87d65072d3a2b91c8ee7764c00f25d594d0972cb32ea26931fe3fe9ba205814a45c5b83ba661972a84d54824569b5a
                    SSDEEP:6144:4kS8lJbCW4cCUDgd35ZFj6uf3wwoBd78yRp+7tjbSaFSZYFFhJk5XkbQEPr3jbDM:J9bB41pZFmw3wwo733gtSsSZCfOkm3l
                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....`...................$...........C... ........@.. ....................................`................................

                    File Icon

                    Icon Hash:00828e8e8686b000

                    Static PE Info

                    General

                    Entrypoint:0x4a43ce
                    Entrypoint Section:.text
                    Digitally signed:false
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                    DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
                    Time Stamp:0x187F6090 [Sun Jan 9 22:56:16 1983 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:v4.0.30319
                    OS Version Major:4
                    OS Version Minor:0
                    File Version Major:4
                    File Version Minor:0
                    Subsystem Version Major:4
                    Subsystem Version Minor:0
                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                    Entrypoint Preview

                    Instruction
                    jmp dword ptr [00402000h]
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al

                    Data Directories

                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0xa43800x4b.text
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xa60000x404.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xa80000xc.reloc
                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                    Sections

                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    .text0x20000xa23d40xa2400False0.602844520416data6.73544634641IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    .rsrc0xa60000x4040x600False0.290364583333data2.55910484904IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .reloc0xa80000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                    Resources

                    NameRVASizeTypeLanguageCountry
                    RT_VERSION0xa60580x3acdata

                    Imports

                    DLLImport
                    mscoree.dll_CorExeMain

                    Version Infos

                    DescriptionData
                    Translation0x0000 0x04b0
                    LegalCopyrightCopyright 2017 F8F5E<E6:8F4HI?4D<53B4IA
                    Assembly Version1.0.0.0
                    InternalNamexxxxxf28.exe
                    FileVersion9.13.18.23
                    CompanyNameF8F5E<E6:8F4HI?4D<53B4IA
                    Comments:7;CD66;4FAE4G6
                    ProductName5H5C?<3C8576G==?72D<J
                    ProductVersion9.13.18.23
                    FileDescription5H5C?<3C8576G==?72D<J
                    OriginalFilenamexxxxxf28.exe

                    Network Behavior

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Sep 15, 2021 11:32:19.615015984 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:19.615066051 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:19.615165949 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:19.648245096 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:19.648271084 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:19.742259979 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:19.742835999 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:19.744968891 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:19.744988918 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:19.745538950 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:19.797224998 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:20.047177076 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:20.091146946 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.284034014 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.286483049 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.288299084 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:20.289216995 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.289823055 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.289869070 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.289921045 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:20.289927006 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.289942026 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.289984941 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.290079117 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:20.290096998 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:20.290107012 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.290148973 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.290186882 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.290198088 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:20.290210962 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.290271044 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:20.290280104 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.290333986 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:20.309962988 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.315049887 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.315223932 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:20.315247059 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.318989992 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.319003105 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.319044113 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.319139004 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:20.319159985 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.319224119 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:20.320266962 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.320369959 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:20.320385933 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.326153040 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.326203108 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.326241016 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.326272964 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:20.326294899 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.326334953 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:20.327240944 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.327399015 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:20.327414036 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.329219103 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.329371929 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:20.329387903 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.334800005 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.334862947 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.334952116 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.334989071 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:20.335014105 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.335027933 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:20.338320971 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.338378906 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.338409901 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:20.338433027 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.338489056 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:20.539819956 CEST44349738172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:20.539901018 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:27.626707077 CEST49738443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:41.196291924 CEST49740443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:41.196347952 CEST44349740172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:41.196465015 CEST49740443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:41.233022928 CEST49740443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:41.233061075 CEST44349740172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:41.310605049 CEST44349740172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:41.310749054 CEST49740443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:41.313329935 CEST49740443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:41.313355923 CEST44349740172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:41.313978910 CEST44349740172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:41.360450983 CEST49740443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:41.700062037 CEST49740443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:41.747139931 CEST44349740172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:41.898684978 CEST44349740172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:41.898739100 CEST44349740172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:41.898771048 CEST44349740172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:41.898803949 CEST44349740172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:41.898828030 CEST44349740172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:41.898909092 CEST49740443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:41.898938894 CEST44349740172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:41.898987055 CEST49740443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:41.899013996 CEST49740443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:41.900203943 CEST44349740172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:41.901530981 CEST44349740172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:41.901566029 CEST44349740172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:41.901668072 CEST49740443192.168.2.6172.217.168.36
                    Sep 15, 2021 11:32:41.901690960 CEST44349740172.217.168.36192.168.2.6
                    Sep 15, 2021 11:32:41.901748896 CEST49740443192.168.2.6172.217.168.36

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Sep 15, 2021 11:32:19.570002079 CEST5507453192.168.2.68.8.8.8
                    Sep 15, 2021 11:32:19.597857952 CEST53550748.8.8.8192.168.2.6
                    Sep 15, 2021 11:32:20.293005943 CEST5451353192.168.2.68.8.8.8
                    Sep 15, 2021 11:32:20.336555004 CEST53545138.8.8.8192.168.2.6
                    Sep 15, 2021 11:32:20.346120119 CEST6204453192.168.2.68.8.8.8
                    Sep 15, 2021 11:32:20.375405073 CEST53620448.8.8.8192.168.2.6
                    Sep 15, 2021 11:32:41.153145075 CEST6379153192.168.2.68.8.8.8
                    Sep 15, 2021 11:32:41.178901911 CEST53637918.8.8.8192.168.2.6
                    Sep 15, 2021 11:32:41.910304070 CEST6426753192.168.2.68.8.8.8
                    Sep 15, 2021 11:32:41.935755014 CEST53642678.8.8.8192.168.2.6
                    Sep 15, 2021 11:32:41.945384979 CEST4944853192.168.2.68.8.8.8
                    Sep 15, 2021 11:32:41.972951889 CEST53494488.8.8.8192.168.2.6
                    Sep 15, 2021 11:32:43.345882893 CEST6034253192.168.2.68.8.8.8
                    Sep 15, 2021 11:32:43.379511118 CEST53603428.8.8.8192.168.2.6
                    Sep 15, 2021 11:32:47.875559092 CEST6134653192.168.2.68.8.8.8
                    Sep 15, 2021 11:32:47.904624939 CEST53613468.8.8.8192.168.2.6
                    Sep 15, 2021 11:32:48.625919104 CEST5177453192.168.2.68.8.8.8
                    Sep 15, 2021 11:32:48.664681911 CEST53517748.8.8.8192.168.2.6
                    Sep 15, 2021 11:32:48.693506956 CEST5602353192.168.2.68.8.8.8
                    Sep 15, 2021 11:32:48.728643894 CEST53560238.8.8.8192.168.2.6
                    Sep 15, 2021 11:33:03.483357906 CEST5838453192.168.2.68.8.8.8
                    Sep 15, 2021 11:33:03.523608923 CEST53583848.8.8.8192.168.2.6
                    Sep 15, 2021 11:33:04.766388893 CEST6026153192.168.2.68.8.8.8
                    Sep 15, 2021 11:33:04.952572107 CEST53602618.8.8.8192.168.2.6
                    Sep 15, 2021 11:33:09.522342920 CEST5606153192.168.2.68.8.8.8
                    Sep 15, 2021 11:33:09.549130917 CEST53560618.8.8.8192.168.2.6
                    Sep 15, 2021 11:33:10.130590916 CEST5833653192.168.2.68.8.8.8
                    Sep 15, 2021 11:33:10.161338091 CEST53583368.8.8.8192.168.2.6
                    Sep 15, 2021 11:33:10.951142073 CEST5378153192.168.2.68.8.8.8
                    Sep 15, 2021 11:33:10.988817930 CEST5406453192.168.2.68.8.8.8
                    Sep 15, 2021 11:33:11.018100977 CEST53540648.8.8.8192.168.2.6
                    Sep 15, 2021 11:33:11.131176949 CEST53537818.8.8.8192.168.2.6
                    Sep 15, 2021 11:33:11.367871046 CEST5281153192.168.2.68.8.8.8
                    Sep 15, 2021 11:33:11.408467054 CEST53528118.8.8.8192.168.2.6
                    Sep 15, 2021 11:33:12.028956890 CEST5529953192.168.2.68.8.8.8
                    Sep 15, 2021 11:33:12.056014061 CEST53552998.8.8.8192.168.2.6
                    Sep 15, 2021 11:33:13.989772081 CEST6374553192.168.2.68.8.8.8
                    Sep 15, 2021 11:33:14.016331911 CEST53637458.8.8.8192.168.2.6
                    Sep 15, 2021 11:33:14.828340054 CEST5005553192.168.2.68.8.8.8
                    Sep 15, 2021 11:33:14.857778072 CEST53500558.8.8.8192.168.2.6
                    Sep 15, 2021 11:33:15.444241047 CEST6137453192.168.2.68.8.8.8
                    Sep 15, 2021 11:33:15.469214916 CEST53613748.8.8.8192.168.2.6
                    Sep 15, 2021 11:33:16.773431063 CEST5033953192.168.2.68.8.8.8
                    Sep 15, 2021 11:33:16.812664986 CEST53503398.8.8.8192.168.2.6
                    Sep 15, 2021 11:33:17.644721031 CEST6330753192.168.2.68.8.8.8
                    Sep 15, 2021 11:33:17.840219975 CEST53633078.8.8.8192.168.2.6
                    Sep 15, 2021 11:33:18.218417883 CEST4969453192.168.2.68.8.8.8
                    Sep 15, 2021 11:33:18.245883942 CEST53496948.8.8.8192.168.2.6
                    Sep 15, 2021 11:33:18.898623943 CEST5498253192.168.2.68.8.8.8
                    Sep 15, 2021 11:33:18.925970078 CEST53549828.8.8.8192.168.2.6
                    Sep 15, 2021 11:33:21.376899004 CEST5001053192.168.2.68.8.8.8
                    Sep 15, 2021 11:33:21.414860010 CEST53500108.8.8.8192.168.2.6
                    Sep 15, 2021 11:33:22.908669949 CEST6371853192.168.2.68.8.8.8
                    Sep 15, 2021 11:33:22.936415911 CEST53637188.8.8.8192.168.2.6
                    Sep 15, 2021 11:33:28.654567003 CEST6211653192.168.2.68.8.8.8
                    Sep 15, 2021 11:33:28.692516088 CEST53621168.8.8.8192.168.2.6
                    Sep 15, 2021 11:33:33.709258080 CEST6381653192.168.2.68.8.8.8
                    Sep 15, 2021 11:33:33.892616034 CEST53638168.8.8.8192.168.2.6
                    Sep 15, 2021 11:33:42.820122957 CEST5501453192.168.2.68.8.8.8
                    Sep 15, 2021 11:33:42.852207899 CEST53550148.8.8.8192.168.2.6
                    Sep 15, 2021 11:33:46.412646055 CEST6220853192.168.2.68.8.8.8
                    Sep 15, 2021 11:33:46.440562010 CEST53622088.8.8.8192.168.2.6
                    Sep 15, 2021 11:33:47.684313059 CEST5757453192.168.2.68.8.8.8
                    Sep 15, 2021 11:33:47.719176054 CEST53575748.8.8.8192.168.2.6
                    Sep 15, 2021 11:33:47.725955009 CEST5181853192.168.2.68.8.8.8
                    Sep 15, 2021 11:33:47.752490044 CEST53518188.8.8.8192.168.2.6
                    Sep 15, 2021 11:34:00.951739073 CEST5662853192.168.2.68.8.8.8
                    Sep 15, 2021 11:34:00.980815887 CEST53566288.8.8.8192.168.2.6
                    Sep 15, 2021 11:34:04.541281939 CEST6077853192.168.2.68.8.8.8
                    Sep 15, 2021 11:34:04.576550961 CEST53607788.8.8.8192.168.2.6
                    Sep 15, 2021 11:34:06.556231976 CEST5379953192.168.2.68.8.8.8
                    Sep 15, 2021 11:34:06.732709885 CEST53537998.8.8.8192.168.2.6
                    Sep 15, 2021 11:34:15.638726950 CEST5468353192.168.2.68.8.8.8
                    Sep 15, 2021 11:34:15.786582947 CEST53546838.8.8.8192.168.2.6
                    Sep 15, 2021 11:34:22.484019995 CEST5932953192.168.2.68.8.8.8
                    Sep 15, 2021 11:34:22.511926889 CEST53593298.8.8.8192.168.2.6

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                    Sep 15, 2021 11:32:19.570002079 CEST192.168.2.68.8.8.80x4617Standard query (0)www.google.comA (IP address)IN (0x0001)
                    Sep 15, 2021 11:32:41.153145075 CEST192.168.2.68.8.8.80xda9cStandard query (0)www.google.comA (IP address)IN (0x0001)
                    Sep 15, 2021 11:32:47.875559092 CEST192.168.2.68.8.8.80x7015Standard query (0)www.google.comA (IP address)IN (0x0001)
                    Sep 15, 2021 11:33:04.766388893 CEST192.168.2.68.8.8.80xc8fbStandard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                    Sep 15, 2021 11:33:10.951142073 CEST192.168.2.68.8.8.80x8af5Standard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                    Sep 15, 2021 11:33:17.644721031 CEST192.168.2.68.8.8.80xff44Standard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                    Sep 15, 2021 11:33:22.908669949 CEST192.168.2.68.8.8.80xe7d0Standard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                    Sep 15, 2021 11:33:28.654567003 CEST192.168.2.68.8.8.80xa2abStandard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                    Sep 15, 2021 11:33:33.709258080 CEST192.168.2.68.8.8.80x1504Standard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                    Sep 15, 2021 11:33:46.412646055 CEST192.168.2.68.8.8.80x2b04Standard query (0)www.google.comA (IP address)IN (0x0001)
                    Sep 15, 2021 11:34:06.556231976 CEST192.168.2.68.8.8.80xd9aStandard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                    Sep 15, 2021 11:34:15.638726950 CEST192.168.2.68.8.8.80xa007Standard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)
                    Sep 15, 2021 11:34:22.484019995 CEST192.168.2.68.8.8.80x650fStandard query (0)e-businessloader.mywire.orgA (IP address)IN (0x0001)

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                    Sep 15, 2021 11:32:19.597857952 CEST8.8.8.8192.168.2.60x4617No error (0)www.google.com172.217.168.36A (IP address)IN (0x0001)
                    Sep 15, 2021 11:32:41.178901911 CEST8.8.8.8192.168.2.60xda9cNo error (0)www.google.com172.217.168.36A (IP address)IN (0x0001)
                    Sep 15, 2021 11:32:47.904624939 CEST8.8.8.8192.168.2.60x7015No error (0)www.google.com172.217.168.36A (IP address)IN (0x0001)
                    Sep 15, 2021 11:33:04.952572107 CEST8.8.8.8192.168.2.60xc8fbNo error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                    Sep 15, 2021 11:33:11.131176949 CEST8.8.8.8192.168.2.60x8af5No error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                    Sep 15, 2021 11:33:17.840219975 CEST8.8.8.8192.168.2.60xff44No error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                    Sep 15, 2021 11:33:22.936415911 CEST8.8.8.8192.168.2.60xe7d0No error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                    Sep 15, 2021 11:33:28.692516088 CEST8.8.8.8192.168.2.60xa2abNo error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                    Sep 15, 2021 11:33:33.892616034 CEST8.8.8.8192.168.2.60x1504No error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                    Sep 15, 2021 11:33:46.440562010 CEST8.8.8.8192.168.2.60x2b04No error (0)www.google.com172.217.168.36A (IP address)IN (0x0001)
                    Sep 15, 2021 11:34:06.732709885 CEST8.8.8.8192.168.2.60xd9aNo error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                    Sep 15, 2021 11:34:15.786582947 CEST8.8.8.8192.168.2.60xa007No error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)
                    Sep 15, 2021 11:34:22.511926889 CEST8.8.8.8192.168.2.60x650fNo error (0)e-businessloader.mywire.org194.5.98.103A (IP address)IN (0x0001)

                    HTTP Request Dependency Graph

                    • www.google.com

                    HTTPS Proxied Packets

                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    0192.168.2.649738172.217.168.36443C:\Users\user\Desktop\P9vxkMpyQ5.exe
                    TimestampkBytes transferredDirectionData
                    2021-09-15 09:32:20 UTC0OUTGET / HTTP/1.1
                    Host: www.google.com
                    Connection: Keep-Alive
                    2021-09-15 09:32:20 UTC0INHTTP/1.1 200 OK
                    Date: Wed, 15 Sep 2021 09:32:20 GMT
                    Expires: -1
                    Cache-Control: private, max-age=0
                    Content-Type: text/html; charset=ISO-8859-1
                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                    Server: gws
                    X-XSS-Protection: 0
                    X-Frame-Options: SAMEORIGIN
                    Set-Cookie: CONSENT=PENDING+152; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.google.com; Secure
                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                    Accept-Ranges: none
                    Vary: Accept-Encoding
                    Connection: close
                    Transfer-Encoding: chunked
                    2021-09-15 09:32:20 UTC0INData Raw: 35 30 61 34 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 47 42 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61 72 64 5f 63 6f 6c 6f 72 5f 31 32 38 64 70 2e 70 6e 67 22 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65
                    Data Ascii: 50a4<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-GB"><head><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image
                    2021-09-15 09:32:20 UTC1INData Raw: 30 2c 33 35 31 34 2c 36 30 36 2c 32 30 32 33 2c 31 37 33 33 2c 34 33 2c 35 32 31 2c 36 33 34 34 2c 38 33 32 36 2c 33 32 32 37 2c 32 38 34 35 2c 37 2c 31 32 33 35 34 2c 35 30 39 36 2c 31 35 37 36 38 2c 35 35 32 2c 39 30 38 2c 32 2c 39 34 30 2c 36 30 33 39 2c 31 30 2c 39 37 30 38 2c 33 2c 33 34 36 2c 32 33 30 2c 31 30 31 34 2c 31 2c 35 34 34 35 2c 31 34 38 2c 31 31 33 32 33 2c 39 39 31 2c 31 36 36 31 2c 34 2c 31 32 35 33 2c 32 37 34 2c 32 33 30 35 2c 31 32 33 38 2c 35 38 30 31 2c 37 34 2c 31 39 38 33 2c 32 36 32 36 2c 32 30 31 35 2c 31 36 33 33 36 2c 32 30 33 39 2c 32 36 35 38 2c 38 37 32 2c 33 33 37 30 2c 33 31 31 33 2c 33 32 2c 31 33 36 32 38 2c 32 33 30 35 2c 36 33 38 2c 31 34 39 34 2c 35 35 38 38 2c 31 31 31 39 38 2c 36 35 31 2c 31 38 37 31 2c 33 32 38
                    Data Ascii: 0,3514,606,2023,1733,43,521,6344,8326,3227,2845,7,12354,5096,15768,552,908,2,940,6039,10,9708,3,346,230,1014,1,5445,148,11323,991,1661,4,1253,274,2305,1238,5801,74,1983,2626,2015,16336,2039,2658,872,3370,3113,32,13628,2305,638,1494,5588,11198,651,1871,328
                    2021-09-15 09:32:20 UTC2INData Raw: 76 61 72 20 62 3b 61 26 26 28 21 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 7c 7c 21 28 62 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 65 69 64 22 29 29 29 3b 29 61 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 7c 7c 68 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3d 6e 75 6c 6c 3b 61 26 26 28 21 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 7c 7c 21 28 62 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 6c 65 69 64 22 29 29 29 3b 29 61 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 7d 0a 66 75 6e 63 74 69 6f 6e 20 6e 28 61 2c 62 2c 63 2c 64 2c 67 29 7b 76 61 72 20 65 3d 22 22 3b 63 7c 7c 2d 31 21 3d 3d 62 2e 73 65 61 72 63 68 28 22 26 65 69 3d 22 29 7c 7c 28 65 3d 22 26 65 69 3d 22 2b
                    Data Ascii: var b;a&&(!a.getAttribute||!(b=a.getAttribute("eid")));)a=a.parentNode;return b||h}function m(a){for(var b=null;a&&(!a.getAttribute||!(b=a.getAttribute("leid")));)a=a.parentNode;return b}function n(a,b,c,d,g){var e="";c||-1!==b.search("&ei=")||(e="&ei="+
                    2021-09-15 09:32:20 UTC3INData Raw: 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 73 75 62 6d 69 74 22 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 61 3b 69 66 28 61 3d 62 2e 74 61 72 67 65 74 29 7b 76 61 72 20 63 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 73 75 62 6d 69 74 66 61 6c 73 65 22 29 3b 61 3d 22 31 22 3d 3d 3d 63 7c 7c 22 71 22 3d 3d 3d 63 26 26 21 61 2e 65 6c 65 6d 65 6e 74 73 2e 71 2e 76 61 6c 75 65 3f 21 30 3a 21 31 7d 65 6c 73 65 20 61 3d 21 31 3b 61 26 26 28 62 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 2c 62 2e 73 74 6f 70 50 72 6f 70 61 67 61 74 69 6f 6e 28 29 29 7d 2c 21 30 29 3b 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c
                    Data Ascii: documentElement.addEventListener("submit",function(b){var a;if(a=b.target){var c=a.getAttribute("data-submitfalse");a="1"===c||"q"===c&&!a.elements.q.value?!0:!1}else a=!1;a&&(b.preventDefault(),b.stopPropagation())},!0);document.documentElement.addEventL
                    2021-09-15 09:32:20 UTC5INData Raw: 61 63 69 74 79 3a 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 66 69 6c 74 65 72 3a 61 6c 70 68 61 28 6f 70 61 63 69 74 79 3d 30 29 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 6d 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 7a 2d 69 6e 64 65 78 3a 39 39 39 3b 74 6f 70 3a 2d 39 39 39 70 78 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 2d 31 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c
                    Data Ascii: acity:0 !important;filter:alpha(opacity=0) !important}.gbm{position:absolute;z-index:999;top:-999px;visibility:hidden;text-align:left;border:1px solid #bebebe;background:#fff;-moz-box-shadow:-1px 1px 1px rgba(0,0,0,.2);-webkit-box-shadow:0 2px 4px rgba(0,
                    2021-09-15 09:32:20 UTC6INData Raw: 6e 65 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 6f 70 7d 2e 67 62 74 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 2e 67 62 74 6f 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 7d 2e 67 62 7a 74 2c 2e 67 62 67 74 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 64 69 73 70 6c 61
                    Data Ascii: ne-box;display:inline-block;line-height:27px;padding:0;vertical-align:top}.gbt{*display:inline}.gbto{box-shadow:0 2px 4px rgba(0,0,0,.2);-moz-box-shadow:0 2px 4px rgba(0,0,0,.2);-webkit-box-shadow:0 2px 4px rgba(0,0,0,.2)}.gbzt,.gbgt{cursor:pointer;displa
                    2021-09-15 09:32:20 UTC7INData Raw: 72 61 74 69 6f 6e 3a 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 70 64 6a 73 20 2e 67 62 74 6f 20 2e 67 62 6d 7b 6d 69 6e 2d 77 69 64 74 68 3a 39 39 25 7d 2e 67 62 7a 30 6c 20 2e 67 62 74 62 32 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 63 6f 6c 6f 72 3a 23 64 64 34 62 33 39 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 34 73 2c 23 67 62 69 34 73 31 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 23 67 62 67 36 2e 67 62 67 74 2d 68 76 72 2c 23 67 62 67 36 2e 67 62 67 74 3a 66 6f 63 75 73 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6e 6f 6e 65 7d 2e 67 62 67 34 61 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 30 7d 2e 67
                    Data Ascii: ration:none !important}.gbpdjs .gbto .gbm{min-width:99%}.gbz0l .gbtb2{border-top-color:#dd4b39!important}#gbi4s,#gbi4s1{font-weight:bold}#gbg6.gbgt-hvr,#gbg6.gbgt:focus{background-color:transparent;background-image:none}.gbg4a{font-size:0;line-height:0}.g
                    2021-09-15 09:32:20 UTC8INData Raw: 6d 74 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 31 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 62 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 33 36 63 20 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 6d 74 2c 2e 67 62 6d 74 3a 76 69 73 69 74 65 64 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 67 62 6d 6c 31 2c 2e 67 62 6d 6c 62 2c 2e 67 62 6d 6c 31 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 62 3a 76 69 73 69 74 65 64 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 30 20 31 30 70 78 7d 2e 67 62 6d 6c 31 2c 2e 67 62 6d 6c 62 2c 2e 67 62 6d 6c 31 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 62 3a 76 69 73 69 74 65 64 7b 2a 64 69
                    Data Ascii: mt:visited,.gbml1:visited,.gbmlb:visited{color:#36c !important;text-decoration:none !important}.gbmt,.gbmt:visited{display:block}.gbml1,.gbmlb,.gbml1:visited,.gbmlb:visited{display:inline-block;margin:0 10px}.gbml1,.gbmlb,.gbml1:visited,.gbmlb:visited{*di
                    2021-09-15 09:32:20 UTC10INData Raw: 64 3a 61 66 74 65 72 2c 23 47 42 4d 50 41 4c 3a 6c 61 73 74 2d 63 68 69 6c 64 3a 61 66 74 65 72 7b 63 6f 6e 74 65 6e 74 3a 27 5c 30 41 5c 30 41 27 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 70 72 65 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 7d 23 67 62 6d 70 73 7b 2a 7a 6f 6f 6d 3a 31 7d 23 67 62 64 34 20 2e 67 62 70 63 2c 23 67 62 6d 70 61 73 20 2e 67 62 6d 74 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 37 70 78 7d 23 67 62 64 34 20 2e 67 62 70 67 73 20 2e 67 62 6d 74 63 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 7d 23 67 62 64 34 20 2e 67 62 6d 74 63 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 7d 23 67 62 64 34 20 2e 67 62 70 63 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63
                    Data Ascii: d:after,#GBMPAL:last-child:after{content:'\0A\0A';white-space:pre;position:absolute}#gbmps{*zoom:1}#gbd4 .gbpc,#gbmpas .gbmt{line-height:17px}#gbd4 .gbpgs .gbmtc{line-height:27px}#gbd4 .gbmtc{border-bottom:1px solid #bebebe}#gbd4 .gbpc{display:inline-bloc
                    2021-09-15 09:32:20 UTC11INData Raw: 6c 20 2e 67 62 71 66 62 62 7b 6d 61 72 67 69 6e 3a 30 20 32 30 70 78 7d 2e 67 62 70 30 20 2e 67 62 70 73 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 61 2e 67 62 69 62 61 7b 6d 61 72 67 69 6e 3a 38 70 78 20 32 30 70 78 20 31 30 70 78 7d 2e 67 62 6d 70 69 61 77 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 30 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 36 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 67 62 78 76 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 2e 67 62 6d 70 69 61 61 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 67 62 6d 70 69 61 7b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 64 69 73 70 6c 61 79 3a
                    Data Ascii: l .gbqfbb{margin:0 20px}.gbp0 .gbps{*display:inline}a.gbiba{margin:8px 20px 10px}.gbmpiaw{display:inline-block;padding-right:10px;margin-bottom:6px;margin-top:10px}.gbxv{visibility:hidden}.gbmpiaa{display:block;margin-top:10px}.gbmpia{border:none;display:
                    2021-09-15 09:32:20 UTC12INData Raw: 66 62 62 2d 68 76 72 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 7d 2e 67 62 71 66 62 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 2e 67 62 71 66 62 61 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 2e 67 62 71 66 62 62 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 7b 62 6f 72 64 65 72 3a 30 7d 2e 67 62 71 66 62 61 2c 2e 67 62 71 66 62 62 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 63 64 63 64 63
                    Data Ascii: fbb-hvr{-webkit-box-shadow:0 1px 1px rgba(0,0,0,.1);-moz-box-shadow:0 1px 1px rgba(0,0,0,.1);box-shadow:0 1px 1px rgba(0,0,0,.1)}.gbqfb::-moz-focus-inner,.gbqfba::-moz-focus-inner,.gbqfbb::-moz-focus-inner{border:0}.gbqfba,.gbqfbb{border:1px solid #dcdcdc
                    2021-09-15 09:32:20 UTC14INData Raw: 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 34 64 39 30 66 65 2c 23 33 35 37 61 65 38 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 34 64 39 30 66 65 2c 23 33 35 37 61 65 38 29 7d 2e 67 62 71 66 62 3a 61 63 74 69 76 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 33 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 33 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20
                    Data Ascii: gradient(top,#4d90fe,#357ae8);background-image:linear-gradient(top,#4d90fe,#357ae8)}.gbqfb:active{background-color:inherit;-webkit-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.3);-moz-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.3);box-shadow:inset 0 1px 2px
                    2021-09-15 09:32:20 UTC15INData Raw: 27 23 66 31 66 31 66 31 27 29 7d 2e 67 62 71 66 62 62 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 67 72 61 64 69 65 6e 74 28 6c 69 6e 65 61 72 2c 6c 65 66 74 20 74 6f 70 2c 6c 65 66 74 20 62 6f 74 74 6f 6d 2c 66 72 6f 6d 28 23 66 66 66 29 2c 74 6f 28 23 66 62 66 62 66 62 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 66 66 66 2c 23 66 62 66 62 66 62 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 66 66 66 2c 23 66 62 66 62 66 62 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d
                    Data Ascii: '#f1f1f1')}.gbqfbb{background-color:#fff;background-image:-webkit-gradient(linear,left top,left bottom,from(#fff),to(#fbfbfb));background-image:-webkit-linear-gradient(top,#fff,#fbfbfb);background-image:-moz-linear-gradient(top,#fff,#fbfbfb);background-im
                    2021-09-15 09:32:20 UTC16INData Raw: 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 7d 0a 23 67 62 6d 70 61 73 7b 6d 61 78 2d 68 65 69 67 68 74 3a 32 32 30 70 78 7d 23 67 62 6d 6d 7b 6d 61 78 2d 68 65 69 67 68 74 3a 35 33 30 70 78 7d 2e 67 62 73 62 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 2a 7a 6f 6f 6d 3a 31 7d 2e 67 62 73 62 69 63 7b 6f 76 65 72 66 6c 6f 77 3a 61 75 74 6f 7d 2e 67 62 73 62 69 73
                    Data Ascii: a(0,0,0,.1);-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,.1);box-shadow:inset 0 1px 2px rgba(0,0,0,.1)}#gbmpas{max-height:220px}#gbmm{max-height:530px}.gbsb{-webkit-box-sizing:border-box;display:block;position:relative;*zoom:1}.gbsbic{overflow:auto}.gbsbis
                    2021-09-15 09:32:20 UTC17INData Raw: 2c 63 6f 6c 6f 72 2d 73 74 6f 70 28 31 2c 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 2d 77 65 62 6b 69 74 2d 67 72 61 64 69 65 6e 74 28 6c 69 6e 65 61 72 2c 6c 65 66 74 20 62 6f 74 74 6f 6d 2c 6c 65 66 74 20 74 6f 70 2c 66 72 6f 6d 28 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 29 2c 74 6f 28 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 2c 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 72 67 62 61 28
                    Data Ascii: ,color-stop(1,rgba(0,0,0,.1)));background:-webkit-gradient(linear,left bottom,left top,from(rgba(0,0,0,.2)),to(rgba(0,0,0,0)));background-image:-webkit-linear-gradient(bottom,rgba(0,0,0,.2),rgba(0,0,0,0));background-image:-moz-linear-gradient(bottom,rgba(
                    2021-09-15 09:32:20 UTC19INData Raw: 67 72 6f 75 6e 64 3a 23 66 38 66 39 66 61 3b 62 6f 72 64 65 72 3a 73 6f 6c 69 64 20 31 70 78 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 61 64 63 65 30 20 23 37 30 37 35 37 61 20 23 37 30 37 35 37 61 20 23 64 61 64 63 65 30 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 2e 6c 73 62 62 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 23 57 71 51 41 4e 62 20 61 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 30 20 31 32 70 78 7d 2e 6c 73 62 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 69 6d 61 67 65 73 2f 6e 61 76 5f 6c 6f 67 6f 32 32 39 2e 70 6e 67 29 20 30 20 2d 32 36 31 70 78 20 72 65 70 65 61 74 2d 78 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b
                    Data Ascii: ground:#f8f9fa;border:solid 1px;border-color:#dadce0 #70757a #70757a #dadce0;height:30px}.lsbb{display:block}#WqQANb a{display:inline-block;margin:0 12px}.lsb{background:url(/images/nav_logo229.png) 0 -261px repeat-x;border:none;color:#000;cursor:pointer;
                    2021-09-15 09:32:20 UTC20INData Raw: 6f 6e 28 61 2c 62 2c 65 2c 6d 2c 64 29 7b 70 21 3d 3d 61 26 26 67 6f 6f 67 6c 65 2e 6d 6c 28 64 20 69 6e 73 74 61 6e 63 65 6f 66 20 45 72 72 6f 72 3f 64 3a 45 72 72 6f 72 28 61 29 2c 21 31 2c 76 6f 69 64 20 30 2c 21 31 2c 67 6f 6f 67 6c 65 2e 64 6c 3f 30 3a 32 29 3b 70 3d 6e 75 6c 6c 3b 6c 26 26 6e 3e 3d 6b 26 26 28 77 69 6e 64 6f 77 2e 6f 6e 65 72 72 6f 72 3d 6e 75 6c 6c 29 7d 3b 7d 29 28 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 76 61 72 20 65 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 76 61 72 20 61
                    Data Ascii: on(a,b,e,m,d){p!==a&&google.ml(d instanceof Error?d:Error(a),!1,void 0,!1,google.dl?0:2);p=null;l&&n>=k&&(window.onerror=null)};})();(function(){try{/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/var e=this||self;var a
                    2021-09-15 09:32:20 UTC20INData Raw: 31 31 62 0d 0a 66 75 6e 63 74 69 6f 6e 20 5f 74 76 66 28 61 2c 62 29 7b 61 3d 70 61 72 73 65 46 6c 6f 61 74 28 61 29 3b 72 65 74 75 72 6e 20 69 73 4e 61 4e 28 61 29 3f 62 3a 61 7d 66 75 6e 63 74 69 6f 6e 20 5f 74 76 76 28 61 29 7b 72 65 74 75 72 6e 21 21 61 7d 66 75 6e 63 74 69 6f 6e 20 70 28 61 2c 62 2c 63 29 7b 28 63 7c 7c 67 29 5b 61 5d 3d 62 7d 67 2e 62 76 3d 7b 6e 3a 5f 74 76 6e 28 22 32 22 2c 30 29 2c 72 3a 22 22 2c 66 3a 22 2e 36 36 2e 22 2c 65 3a 22 22 2c 6d 3a 5f 74 76 6e 28 22 31 22 2c 31 29 7d 3b 0a 66 75 6e 63 74 69 6f 6e 20 63 61 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3d 22 6f 6e 22 2b 62 3b 69 66 28 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 29 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 62 2c 63 2c 21 31 29 3b 65 6c
                    Data Ascii: 11bfunction _tvf(a,b){a=parseFloat(a);return isNaN(a)?b:a}function _tvv(a){return!!a}function p(a,b,c){(c||g)[a]=b}g.bv={n:_tvn("2",0),r:"",f:".66.",e:"",m:_tvn("1",1)};function ca(a,b,c){var d="on"+b;if(a.addEventListener)a.addEventListener(b,c,!1);el
                    2021-09-15 09:32:20 UTC21INData Raw: 36 64 66 65 0d 0a 28 64 2c 63 29 3b 65 6c 73 65 7b 76 61 72 20 66 3d 61 5b 64 5d 3b 61 5b 64 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6b 3d 66 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 2c 6d 3d 63 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 3b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 3d 3d 6b 3f 6d 3a 76 6f 69 64 20 30 3d 3d 6d 3f 6b 3a 6d 26 26 6b 7d 7d 7d 76 61 72 20 64 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 67 2e 62 76 2e 6d 3d 3d 61 7d 7d 2c 65 61 3d 64 61 28 31 29 2c 66 61 3d 64 61 28 32 29 3b 70 28 22 73 62 22 2c 65 61 29 3b 70 28 22 6b 6e 22 2c 66 61 29 3b 68 2e 61 3d 5f 74 76 76 3b 68 2e 62 3d 5f 74 76 66 3b 68 2e 63
                    Data Ascii: 6dfe(d,c);else{var f=a[d];a[d]=function(){var k=f.apply(this,arguments),m=c.apply(this,arguments);return void 0==k?m:void 0==m?k:m&&k}}}var da=function(a){return function(){return g.bv.m==a}},ea=da(1),fa=da(2);p("sb",ea);p("kn",fa);h.a=_tvv;h.b=_tvf;h.c
                    2021-09-15 09:32:20 UTC22INData Raw: 66 6f 72 28 76 61 72 20 64 20 69 6e 20 63 29 61 5b 64 5d 3d 63 5b 64 5d 3b 74 72 79 7b 75 61 28 61 29 7d 63 61 74 63 68 28 66 29 7b 7d 7d 7d 3b 70 28 22 6d 64 63 22 2c 76 29 3b 70 28 22 6d 64 69 22 2c 6c 61 29 3b 70 28 22 62 6e 63 22 2c 77 29 3b 70 28 22 71 47 43 22 2c 74 61 29 3b 70 28 22 71 6d 22 2c 42 29 3b 70 28 22 71 64 22 2c 78 29 3b 70 28 22 6c 62 22 2c 44 29 3b 70 28 22 6d 63 66 22 2c 70 61 29 3b 70 28 22 62 63 66 22 2c 6f 61 29 3b 70 28 22 61 71 22 2c 41 29 3b 70 28 22 6d 64 64 22 2c 22 22 29 3b 0a 70 28 22 68 61 73 22 2c 71 61 29 3b 70 28 22 74 72 68 22 2c 76 61 29 3b 70 28 22 74 65 76 22 2c 73 61 29 3b 69 66 28 68 2e 61 28 22 6d 3b 2f 5f 2f 73 63 73 2f 61 62 63 2d 73 74 61 74 69 63 2f 5f 2f 6a 73 2f 6b 3d 67 61 70 69 2e 67 61 70 69 2e 65 6e 2e
                    Data Ascii: for(var d in c)a[d]=c[d];try{ua(a)}catch(f){}}};p("mdc",v);p("mdi",la);p("bnc",w);p("qGC",ta);p("qm",B);p("qd",x);p("lb",D);p("mcf",pa);p("bcf",oa);p("aq",A);p("mdd","");p("has",qa);p("trh",va);p("tev",sa);if(h.a("m;/_/scs/abc-static/_/js/k=gapi.gapi.en.
                    2021-09-15 09:32:20 UTC23INData Raw: 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 2c 66 3d 5b 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 67 65 6e 5f 32 30 34 3f 61 74 79 70 3d 69 26 7a 78 3d 22 2c 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 2c 22 26 6a 65 78 70 69 64 3d 22 2c 64 28 22 32 38 38 33 34 22 29 2c 22 26 73 72 63 70 67 3d 22 2c 64 28 22 70 72 6f 70 3d 31 22 29 2c 22 26 6a 73 72 3d 22 2c 4d 61 74 68 2e 72 6f 75 6e 64 28 31 2f 46 61 29 2c 22 26 6f 67 65 76 3d 22 2c 64 28 22 70 4c 31 42 59 63 72 38 42 5f 4b 6c 31 51 47 30 6d 37 4c 34 42 51 22 29 2c 22 26 6f 67 66 3d 22 2c 67 2e 62 76 2e 66 2c 22 26 6f 67 72 70 3d 22 2c 64 28 22 22 29 2c 22 26 6f 67 76 3d 22 2c 64 28 22 33 39 35 33 37 32 39 35 34 2e 30 22 29 2c 22 26 6f 67 67 76 3d 22 2b 64 28 22 65 73 5f 70 6c 75 73
                    Data Ascii: URIComponent,f=["//www.google.com/gen_204?atyp=i&zx=",(new Date).getTime(),"&jexpid=",d("28834"),"&srcpg=",d("prop=1"),"&jsr=",Math.round(1/Fa),"&ogev=",d("pL1BYcr8B_Kl1QG0m7L4BQ"),"&ogf=",g.bv.f,"&ogrp=",d(""),"&ogv=",d("395372954.0"),"&oggv="+d("es_plus
                    2021-09-15 09:32:20 UTC24INData Raw: 2c 22 2f 72 74 3d 6a 2f 6d 3d 22 2c 61 2c 22 2f 72 73 3d 22 2c 22 41 41 32 59 72 54 76 7a 56 4b 52 79 73 75 6d 6a 50 44 45 37 52 4d 7a 63 56 68 33 6a 78 79 73 51 43 67 22 5d 3b 4b 61 26 26 61 2e 70 75 73 68 28 22 3f 68 6f 73 74 3d 77 77 77 2e 67 73 74 61 74 69 63 2e 63 6f 6d 26 62 75 73 74 3d 6f 67 2e 6f 67 32 2e 65 6e 5f 55 53 2e 6b 30 63 62 66 4e 53 33 64 6b 63 2e 44 55 22 29 3b 61 3d 61 2e 6a 6f 69 6e 28 22 22 29 3b 72 61 28 61 29 7d 3b 70 28 22 63 61 22 2c 4a 29 3b 70 28 22 63 72 22 2c 4b 29 3b 70 28 22 63 63 22 2c 48 29 3b 68 2e 6b 3d 4a 3b 68 2e 6c 3d 4b 3b 68 2e 6d 3d 48 3b 68 2e 6e 3d 4c 61 3b 68 2e 70 3d 4e 61 3b 68 2e 71 3d 4d 61 3b 76 61 72 20 4f 61 3d 5b 22 67 62 5f 37 31 22 2c 22 67 62 5f 31 35 35 22 5d 2c 50 61 3b 66 75 6e 63 74 69 6f 6e 20
                    Data Ascii: ,"/rt=j/m=",a,"/rs=","AA2YrTvzVKRysumjPDE7RMzcVh3jxysQCg"];Ka&&a.push("?host=www.gstatic.com&bust=og.og2.en_US.k0cbfNS3dkc.DU");a=a.join("");ra(a)};p("ca",J);p("cr",K);p("cc",H);h.k=J;h.l=K;h.m=H;h.n=La;h.p=Na;h.q=Ma;var Oa=["gb_71","gb_155"],Pa;function
                    2021-09-15 09:32:20 UTC26INData Raw: 72 22 29 3b 69 66 28 6e 2e 6c 65 6e 67 74 68 29 7b 76 61 72 20 6c 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 6e 29 3b 6c 26 26 6c 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 4b 28 6c 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 22 67 62 74 6f 22 29 7d 7d 7d 5a 61 28 66 29 26 26 24 61 28 66 29 3b 4f 3d 64 3b 4a 28 6b 2c 22 67 62 74 6f 22 29 7d 7d 7d 7d 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 74 67 28 61 2c 62 2c 21 30 29 7d 29 3b 61 62 28 61 29 7d 63 61 74 63 68 28 71 29 7b 72 28 71 2c 22 73 62 22 2c 22 74 67 22 29 7d 7d 2c 63 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 63 6c 6f 73 65 28 61 29 7d 29 7d 2c 64 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67
                    Data Ascii: r");if(n.length){var l=document.getElementById(n);l&&l.parentNode&&K(l.parentNode,"gbto")}}}Za(f)&&$a(f);O=d;J(k,"gbto")}}}}B(function(){g.tg(a,b,!0)});ab(a)}catch(q){r(q,"sb","tg")}},cb=function(a){B(function(){g.close(a)})},db=function(a){B(function(){g
                    2021-09-15 09:32:20 UTC27INData Raw: 67 2e 61 64 64 48 6f 76 65 72 28 61 29 7d 65 6c 73 65 20 6b 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6d 29 7d 7d 63 61 74 63 68 28 44 62 29 7b 72 28 44 62 2c 22 73 62 22 2c 22 61 6c 22 29 7d 7d 2c 65 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 6f 72 28 76 61 72 20 63 3d 62 2e 6c 65 6e 67 74 68 2c 0a 64 3d 30 3b 64 3c 63 3b 64 2b 2b 29 69 66 28 48 28 61 2c 62 5b 64 5d 29 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 67 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 66 62 28 61 2c 62 2c 63 29 7d 2c 68 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 62 28 61 2c 22 67 62 65 22 2c 62 29 7d 2c 69 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 70 63 6d 26 26 67 2e 70 63 6d 28 29 7d 29 7d 2c 6a 62
                    Data Ascii: g.addHover(a)}else k.appendChild(m)}}catch(Db){r(Db,"sb","al")}},eb=function(a,b){for(var c=b.length,d=0;d<c;d++)if(H(a,b[d]))return!0;return!1},gb=function(a,b,c){fb(a,b,c)},hb=function(a,b){fb(a,"gbe",b)},ib=function(){B(function(){g.pcm&&g.pcm()})},jb
                    2021-09-15 09:32:20 UTC28INData Raw: 62 3d 30 2c 63 3b 63 3d 61 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 62 5d 3b 62 2b 2b 29 69 66 28 48 28 63 2c 22 67 62 6d 73 67 22 29 29 72 65 74 75 72 6e 20 63 7d 2c 50 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 70 62 26 26 77 69 6e 64 6f 77 2e 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 70 62 29 7d 2c 74 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 22 69 6e 6e 65 72 22 2b 61 3b 61 3d 22 6f 66 66 73 65 74 22 2b 61 3b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 5b 62 5d 3f 77 69 6e 64 6f 77 5b 62 5d 3a 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 26 26 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 5b 61 5d 3f 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 5b 61 5d 3a 30 7d 2c 75 62 3d
                    Data Ascii: b=0,c;c=a.childNodes[b];b++)if(H(c,"gbmsg"))return c},P=function(){pb&&window.clearTimeout(pb)},tb=function(a){var b="inner"+a;a="offset"+a;return window[b]?window[b]:document.documentElement&&document.documentElement[a]?document.documentElement[a]:0},ub=
                    2021-09-15 09:32:20 UTC30INData Raw: 2c 42 62 29 3b 68 2e 61 28 22 31 22 29 26 26 70 28 22 6c 50 57 46 22 2c 42 62 29 7d 3b 77 69 6e 64 6f 77 2e 5f 5f 50 56 54 3d 22 22 3b 69 66 28 68 2e 61 28 22 31 22 29 26 26 68 2e 61 28 22 31 22 29 29 7b 76 61 72 20 43 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 42 62 28 66 75 6e 63 74 69 6f 6e 28 29 7b 41 28 22 70 77 22 2c 61 29 3b 44 28 22 70 77 22 29 7d 29 7d 3b 70 28 22 6c 50 57 22 2c 43 62 29 3b 77 2e 70 75 73 68 28 5b 22 70 77 22 2c 7b 75 72 6c 3a 22 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 6a 73 2f 61 62 63 2f 70 77 6d 5f 34 35 66 37 33 65 34 64 66 30 37 61 30 65 33 38 38 62 30 66 61 31 66 33 64 33 30 65 37 32 38 30 2e 6a 73 22 7d 5d 29 3b 76 61 72 20 45 62 3d 5b 5d 2c 46 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 45 62 5b 30 5d
                    Data Ascii: ,Bb);h.a("1")&&p("lPWF",Bb)};window.__PVT="";if(h.a("1")&&h.a("1")){var Cb=function(a){Bb(function(){A("pw",a);D("pw")})};p("lPW",Cb);w.push(["pw",{url:"//ssl.gstatic.com/gb/js/abc/pwm_45f73e4df07a0e388b0fa1f3d30e7280.js"}]);var Eb=[],Fb=function(a){Eb[0]
                    2021-09-15 09:32:20 UTC31INData Raw: 30 3b 68 2e 61 28 22 22 29 26 26 28 79 7c 3d 31 29 3b 68 2e 61 28 22 22 29 26 26 28 79 7c 3d 32 29 3b 68 2e 61 28 22 22 29 26 26 28 79 7c 3d 34 29 3b 61 3d 5b 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 67 65 6e 5f 32 30 34 3f 61 74 79 70 3d 69 26 7a 78 3d 22 2c 66 2c 22 26 6f 67 65 3d 22 2c 61 2c 22 26 6f 67 65 78 3d 22 2c 6b 2c 22 26 6f 67 65 76 3d 22 2c 6d 2c 22 26 6f 67 66 3d 22 2c 6c 2c 22 26 6f 67 70 3d 22 2c 71 2c 22 26 6f 67 72 70 3d 22 2c 6e 2c 22 26 6f 67 73 72 3d 22 2c 63 2c 22 26 6f 67 76 3d 22 2c 45 2c 55 2c 22 26 6f 67 64 3d 22 2c 49 2c 22 26 6f 67 6c 3d 22 2c 56 2c 22 26 6f 67 63 3d 22 2c 57 2c 22 26 6f 67 75 73 3d 22 2c 79 5d 3b 69 66 28 62 29 7b 22 6f 67 77 22 69 6e 20 62 26 26 28 61 2e 70 75 73 68 28 22 26 6f 67 77 3d 22 2b 62
                    Data Ascii: 0;h.a("")&&(y|=1);h.a("")&&(y|=2);h.a("")&&(y|=4);a=["//www.google.com/gen_204?atyp=i&zx=",f,"&oge=",a,"&ogex=",k,"&ogev=",m,"&ogf=",l,"&ogp=",q,"&ogrp=",n,"&ogsr=",c,"&ogv=",E,U,"&ogd=",I,"&ogl=",V,"&ogc=",W,"&ogus=",y];if(b){"ogw"in b&&(a.push("&ogw="+b
                    2021-09-15 09:32:20 UTC32INData Raw: 2e 63 6f 6d 2f 6f 67 77 2f 64 65 66 61 75 6c 74 2d 75 73 65 72 3d 73 39 36 22 2c 63 70 3a 22 31 22 2c 78 70 3a 68 2e 61 28 22 31 22 29 2c 6d 67 3a 22 25 31 24 73 20 28 64 65 6c 65 67 61 74 65 64 29 22 2c 6d 64 3a 22 25 31 24 73 20 28 64 65 66 61 75 6c 74 29 22 2c 6d 68 3a 22 32 32 30 22 2c 73 3a 22 31 22 2c 70 70 3a 59 62 2c 70 70 6c 3a 68 2e 61 28 22 22 29 2c 70 70 61 3a 68 2e 61 28 22 22 29 2c 0a 70 70 6d 3a 22 47 6f 6f 67 6c 65 2b 20 70 61 67 65 22 7d 3b 76 2e 70 72 66 3d 24 62 7d 3b 76 61 72 20 53 2c 61 63 2c 54 2c 62 63 2c 58 3d 30 2c 63 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 2e 69 6e 64 65 78 4f 66 29 72 65 74 75 72 6e 20 61 2e 69 6e 64 65 78 4f 66 28 62 2c 63 29 3b 69 66 28 41 72 72 61 79 2e 69 6e 64 65 78 4f 66 29 72 65
                    Data Ascii: .com/ogw/default-user=s96",cp:"1",xp:h.a("1"),mg:"%1$s (delegated)",md:"%1$s (default)",mh:"220",s:"1",pp:Yb,ppl:h.a(""),ppa:h.a(""),ppm:"Google+ page"};v.prf=$b};var S,ac,T,bc,X=0,cc=function(a,b,c){if(a.indexOf)return a.indexOf(b,c);if(Array.indexOf)re
                    2021-09-15 09:32:20 UTC33INData Raw: 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 61 2e 6c 6f 61 64 7d 2c 6c 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 74 72 79 7b 69 63 28 64 6f 63 75 6d 65 6e 74 29 7c 7c 28 64 7c 7c 28 62 3d 22 6f 67 2d 75 70 2d 22 2b 62 29 2c 6a 63 28 29 3f 65 2e 6c 6f 63 61 6c 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 62 2c 63 29 3a 6b 63 28 61 29 26 26 28 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 62 2c 63 29 2c 61 2e 73 61 76 65 28 61 2e 69 64 29 29 29 7d 63 61 74 63 68 28 66 29 7b 66 2e 63 6f 64 65 21 3d 44 4f 4d 45 78 63 65 70 74 69 6f 6e 2e 51 55 4f 54 41 5f 45 58 43 45 45 44 45 44 5f 45 52 52 26 26 72 28 66 2c 22 75 70 22 2c 22 73 70 64 22 29 7d 7d 2c 6d 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 74 72 79 7b 69 66 28
                    Data Ascii: undefined"!=typeof a.load},lc=function(a,b,c,d){try{ic(document)||(d||(b="og-up-"+b),jc()?e.localStorage.setItem(b,c):kc(a)&&(a.setAttribute(b,c),a.save(a.id)))}catch(f){f.code!=DOMException.QUOTA_EXCEEDED_ERR&&r(f,"up","spd")}},mc=function(a,b,c){try{if(
                    2021-09-15 09:32:20 UTC35INData Raw: 2e 75 72 6c 2c 6c 5b 30 5d 29 2c 6c 5b 31 5d 2e 6c 69 62 73 26 26 43 26 26 43 28 6c 5b 31 5d 2e 6c 69 62 73 29 29 3b 6d 3c 6b 2e 6c 65 6e 67 74 68 26 26 73 65 74 54 69 6d 65 6f 75 74 28 61 2c 30 29 7d 66 75 6e 63 74 69 6f 6e 20 62 28 29 7b 30 3c 66 2d 2d 3f 73 65 74 54 69 6d 65 6f 75 74 28 62 2c 30 29 3a 61 28 29 7d 76 61 72 20 63 3d 68 2e 61 28 22 31 22 29 2c 64 3d 68 2e 61 28 22 22 29 2c 66 3d 33 2c 6b 3d 77 2c 6d 3d 30 2c 6e 3d 77 69 6e 64 6f 77 2e 67 62 61 72 4f 6e 52 65 61 64 79 3b 69 66 28 6e 29 74 72 79 7b 6e 28 29 7d 63 61 74 63 68 28 6c 29 7b 72 28 6c 2c 22 6d 6c 22 2c 22 6f 72 22 29 7d 64 3f 70 28 22 6c 64 62 22 2c 61 29 3a 63 3f 63 61 28 77 69 6e 64 6f 77 2c 22 6c 6f 61 64 22 2c 62 29 3a 62 28 29 7d 70 28 22 72 64 6c 22 2c 71 63 29 3b 7d 63 61
                    Data Ascii: .url,l[0]),l[1].libs&&C&&C(l[1].libs));m<k.length&&setTimeout(a,0)}function b(){0<f--?setTimeout(b,0):a()}var c=h.a("1"),d=h.a(""),f=3,k=w,m=0,n=window.gbarOnReady;if(n)try{n()}catch(l){r(l,"ml","or")}d?p("ldb",a):c?ca(window,"load",b):b()}p("rdl",qc);}ca
                    2021-09-15 09:32:20 UTC36INData Raw: 6e 63 74 69 6f 6e 28 61 29 7b 74 72 79 7b 76 61 72 20 62 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 67 62 5f 22 2b 67 29 2c 63 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 67 62 5f 22 2b 61 29 3b 62 26 26 66 2e 6c 28 62 2c 68 2e 74 65 73 74 28 62 2e 63 6c 61 73 73 4e 61 6d 65 29 3f 22 67 62 6d 30 6c 22 3a 22 67 62 7a 30 6c 22 29 3b 63 26 26 66 2e 6b 28 63 2c 68 2e 74 65 73 74 28 63 2e 63 6c 61 73 73 4e 61 6d 65 29 3f 22 67 62 6d 30 6c 22 3a 22 67 62 7a 30 6c 22 29 7d 63 61 74 63 68 28 6c 29 7b 64 28 6c 2c 22 73 6a 22 2c 22 73 73 70 22 29 7d 67 3d 61 7d 2c 6d 3d 65 2e 71 73 2c 6e 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 68 72 65 66 3b 76 61 72 20 63 3d 77 69 6e 64 6f
                    Data Ascii: nction(a){try{var b=document.getElementById("gb_"+g),c=document.getElementById("gb_"+a);b&&f.l(b,h.test(b.className)?"gbm0l":"gbz0l");c&&f.k(c,h.test(c.className)?"gbm0l":"gbz0l")}catch(l){d(l,"sj","ssp")}g=a},m=e.qs,n=function(a){var b=a.href;var c=windo
                    2021-09-15 09:32:20 UTC37INData Raw: 6c 5d 3f 6b 5b 6c 5d 3a 6b 5b 6c 5d 3d 7b 7d 3a 6b 5b 6c 5d 3d 67 3b 7d 63 61 74 63 68 28 65 29 7b 77 69 6e 64 6f 77 2e 67 62 61 72 26 26 67 62 61 72 2e 6c 6f 67 67 65 72 26 26 67 62 61 72 2e 6c 6f 67 67 65 72 2e 6d 6c 28 65 2c 7b 22 5f 73 6e 22 3a 22 63 66 67 2e 69 6e 69 74 22 7d 29 3b 7d 7d 29 28 29 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 77 69 6e 64 6f 77 2e 67 62 61 72 2e 72 64 6c 28 29 3b 7d 63 61 74 63 68 28 65 29 7b 77 69 6e 64 6f 77 2e 67 62 61 72 26 26 67 62 61 72 2e 6c 6f 67 67 65 72
                    Data Ascii: l]?k[l]:k[l]={}:k[l]=g;}catch(e){window.gbar&&gbar.logger&&gbar.logger.ml(e,{"_sn":"cfg.init"});}})();(function(){try{/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/window.gbar.rdl();}catch(e){window.gbar&&gbar.logger
                    2021-09-15 09:32:20 UTC39INData Raw: 62 7a 74 20 69 64 3d 67 62 5f 37 38 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 6c 61 79 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 3f 68 6c 3d 65 6e 26 74 61 62 3d 77 38 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 62 32 3e 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 73 3e 50 6c 61 79 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 74 3e 3c 61 20 63 6c 61 73 73 3d 67 62 7a 74 20 69 64 3d 67 62 5f 33 36 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 2f 3f 67 6c 3d 47 42 26 74 61 62 3d 77 31 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 62 32 3e 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 73 3e 59 6f 75 54 75 62 65 3c 2f 73 70
                    Data Ascii: bzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?gl=GB&tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</sp
                    2021-09-15 09:32:20 UTC40INData Raw: 22 3e 43 61 6c 65 6e 64 61 72 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 6d 74 63 3e 3c 61 20 63 6c 61 73 73 3d 67 62 6d 74 20 69 64 3d 67 62 5f 35 31 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 72 61 6e 73 6c 61 74 65 2e 67 6f 6f 67 6c 65 2e 63 6f 2e 75 6b 2f 3f 68 6c 3d 65 6e 26 74 61 62 3d 77 54 22 3e 54 72 61 6e 73 6c 61 74 65 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 6d 74 63 3e 3c 61 20 63 6c 61 73 73 3d 67 62 6d 74 20 69 64 3d 67 62 5f 31 30 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 6f 6f 6b 73 2e 67 6f 6f 67 6c 65 2e 63 6f 2e 75 6b 2f 3f 68 6c 3d 65 6e 26 74 61 62 3d 77 70 22 3e 42 6f 6f 6b 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 6d 74 63 3e 3c 61 20 63 6c 61 73 73 3d 67
                    Data Ascii: ">Calendar</a></li><li class=gbmtc><a class=gbmt id=gb_51 href="https://translate.google.co.uk/?hl=en&tab=wT">Translate</a></li><li class=gbmtc><a class=gbmt id=gb_10 href="https://books.google.co.uk/?hl=en&tab=wp">Books</a></li><li class=gbmtc><a class=g
                    2021-09-15 09:32:20 UTC41INData Raw: 63 63 6f 75 6e 74 20 4f 70 74 69 6f 6e 73 3c 2f 68 32 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 63 62 3e 3c 2f 73 70 61 6e 3e 3c 6f 6c 20 63 6c 61 73 73 3d 67 62 74 63 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 74 3e 3c 61 20 74 61 72 67 65 74 3d 5f 74 6f 70 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 63 63 6f 75 6e 74 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 53 65 72 76 69 63 65 4c 6f 67 69 6e 3f 68 6c 3d 65 6e 26 70 61 73 73 69 76 65 3d 74 72 75 65 26 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 26 65 63 3d 47 41 5a 41 41 51 22 20 6f 6e 63 6c 69 63 6b 3d 22 67 62 61 72 2e 6c 6f 67 67 65 72 2e 69 6c 28 39 2c 7b 6c 3a 27 69 27 7d 29 22 20 69 64 3d 67 62 5f 37 30 20 63 6c 61 73 73 3d 67 62 67 74 3e 3c
                    Data Ascii: ccount Options</h2><span class=gbtcb></span><ol class=gbtc><li class=gbt><a target=_top href="https://accounts.google.com/ServiceLogin?hl=en&passive=true&continue=https://www.google.com/&ec=GAZAAQ" onclick="gbar.logger.il(9,{l:'i'})" id=gb_70 class=gbgt><
                    2021-09-15 09:32:20 UTC42INData Raw: 67 70 64 22 3e 3c 64 69 76 20 69 64 3d 22 6c 67 61 22 3e 3c 69 6d 67 20 61 6c 74 3d 22 47 6f 6f 67 6c 65 22 20 68 65 69 67 68 74 3d 22 39 32 22 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 77 68 69 74 65 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 63 6f 6c 6f 72 5f 32 37 32 78 39 32 64 70 2e 70 6e 67 22 20 73 74 79 6c 65 3d 22 70 61 64 64 69 6e 67 3a 32 38 70 78 20 30 20 31 34 70 78 22 20 77 69 64 74 68 3d 22 32 37 32 22 20 69 64 3d 22 68 70 6c 6f 67 6f 22 3e 3c 62 72 3e 3c 62 72 3e 3c 2f 64 69 76 3e 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 73 65 61 72 63 68 22 20 6e 61 6d 65 3d 22 66 22 3e 3c 74 61 62 6c 65 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 20 63
                    Data Ascii: gpd"><div id="lga"><img alt="Google" height="92" src="/images/branding/googlelogo/1x/googlelogo_white_background_color_272x92dp.png" style="padding:28px 0 14px" width="272" id="hplogo"><br><br></div><form action="/search" name="f"><table cellpadding="0" c
                    2021-09-15 09:32:20 UTC44INData Raw: 75 74 20 76 61 6c 75 65 3d 22 41 4c 73 2d 77 41 4d 41 41 41 41 41 59 55 48 4c 74 45 79 65 50 4e 65 67 48 34 6b 45 37 43 79 51 68 37 69 5f 6f 5a 31 37 37 6f 45 47 22 20 6e 61 6d 65 3d 22 69 66 6c 73 69 67 22 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 3e 3c 2f 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 74 64 3e 3c 74 64 20 63 6c 61 73 73 3d 22 66 6c 20 73 62 6c 63 22 20 61 6c 69 67 6e 3d 22 6c 65 66 74 22 20 6e 6f 77 72 61 70 3d 22 22 20 77 69 64 74 68 3d 22 32 35 25 22 3e 3c 61 20 68 72 65 66 3d 22 2f 61 64 76 61 6e 63 65 64 5f 73 65 61 72 63 68 3f 68 6c 3d 65 6e 2d 47 42 26 61 6d 70 3b 61 75 74 68 75 73 65 72 3d 30 22 3e 41 64 76 61 6e 63 65 64 20 73 65 61 72 63 68 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 69 6e 70 75 74 20 69 64
                    Data Ascii: ut value="ALs-wAMAAAAAYUHLtEyePNegH4kE7CyQh7i_oZ177oEG" name="iflsig" type="hidden"></span></span></td><td class="fl sblc" align="left" nowrap="" width="25%"><a href="/advanced_search?hl=en-GB&amp;authuser=0">Advanced search</a></td></tr></table><input id
                    2021-09-15 09:32:20 UTC45INData Raw: 6c 65 2e 63 6f 2e 75 6b 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 38 70 74 3b 63 6f 6c 6f 72 3a 23 37 30 37 35 37 61 22 3e 26 63 6f 70 79 3b 20 32 30 32 31 20 2d 20 3c 61 20 68 72 65 66 3d 22 2f 69 6e 74 6c 2f 65 6e 2f 70 6f 6c 69 63 69 65 73 2f 70 72 69 76 61 63 79 2f 22 3e 50 72 69 76 61 63 79 3c 2f 61 3e 20 2d 20 3c 61 20 68 72 65 66 3d 22 2f 69 6e 74 6c 2f 65 6e 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 3c 2f 61 3e 3c 2f 70 3e 3c 2f 73 70 61 6e 3e 3c 2f 63 65 6e 74 65 72 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 4a 73 33 57 65 73 77 50 4e 35 70 6c 6d 73 65 6b 56 77 45 47 71 41 3d 3d 22 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 67 6f 6f
                    Data Ascii: le.co.uk</a></div></div><p style="font-size:8pt;color:#70757a">&copy; 2021 - <a href="/intl/en/policies/privacy/">Privacy</a> - <a href="/intl/en/policies/terms/">Terms</a></p></span></center><script nonce="Js3WeswPN5plmsekVwEGqA==">(function(){window.goo
                    2021-09-15 09:32:20 UTC46INData Raw: 26 26 28 63 3d 63 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 3b 63 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 63 29 3b 69 66 28 76 6f 69 64 20 30 3d 3d 3d 67 29 7b 62 3d 6e 75 6c 6c 3b 76 61 72 20 6b 3d 65 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 69 66 28 6b 26 26 6b 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 29 7b 74 72 79 7b 62 3d 6b 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 28 22 67 6f 6f 67 23 68 74 6d 6c 22 2c 7b 63 72 65 61 74 65 48 54 4d 4c 3a 66 2c 63 72 65 61 74 65 53 63 72 69 70 74 3a 66 2c 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 3a 66 7d 29 7d 63 61 74 63 68 28 70 29 7b 65 2e 63 6f 6e 73 6f 6c 65 26 26 65 2e 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 70 2e 6d 65 73 73 61 67 65 29 7d 67 3d 62 7d 65 6c 73 65 20 67 3d 62 7d 61 3d 28 62 3d
                    Data Ascii: &&(c=c.toLowerCase());c=b.createElement(c);if(void 0===g){b=null;var k=e.trustedTypes;if(k&&k.createPolicy){try{b=k.createPolicy("goog#html",{createHTML:f,createScript:f,createScriptURL:f})}catch(p){e.console&&e.console.error(p.message)}g=b}else g=b}a=(b=
                    2021-09-15 09:32:20 UTC47INData Raw: 69 73 62 68 5c 78 32 32 3a 32 38 2c 5c 78 32 32 6a 73 6f 6e 70 5c 78 32 32 3a 74 72 75 65 2c 5c 78 32 32 6d 73 67 73 5c 78 32 32 3a 7b 5c 78 32 32 63 69 62 6c 5c 78 32 32 3a 5c 78 32 32 43 6c 65 61 72 20 53 65 61 72 63 68 5c 78 32 32 2c 5c 78 32 32 64 79 6d 5c 78 32 32 3a 5c 78 32 32 44 69 64 20 79 6f 75 20 6d 65 61 6e 3a 5c 78 32 32 2c 5c 78 32 32 6c 63 6b 79 5c 78 32 32 3a 5c 78 32 32 49 5c 5c 75 30 30 32 36 23 33 39 3b 6d 20 46 65 65 6c 69 6e 67 20 4c 75 63 6b 79 5c 78 32 32 2c 5c 78 32 32 6c 6d 6c 5c 78 32 32 3a 5c 78 32 32 4c 65 61 72 6e 20 6d 6f 72 65 5c 78 32 32 2c 5c 78 32 32 6f 73 6b 74 5c 78 32 32 3a 5c 78 32 32 49 6e 70 75 74 20 74 6f 6f 6c 73 5c 78 32 32 2c 5c 78 32 32 70 73 72 63 5c 78 32 32 3a 5c 78 32 32 54 68 69 73 20 73 65 61 72 63 68 20
                    Data Ascii: isbh\x22:28,\x22jsonp\x22:true,\x22msgs\x22:{\x22cibl\x22:\x22Clear Search\x22,\x22dym\x22:\x22Did you mean:\x22,\x22lcky\x22:\x22I\\u0026#39;m Feeling Lucky\x22,\x22lml\x22:\x22Learn more\x22,\x22oskt\x22:\x22Input tools\x22,\x22psrc\x22:\x22This search
                    2021-09-15 09:32:20 UTC48INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    1192.168.2.649740172.217.168.36443C:\Users\user\Desktop\P9vxkMpyQ5.exe
                    TimestampkBytes transferredDirectionData
                    2021-09-15 09:32:41 UTC48OUTGET / HTTP/1.1
                    Host: www.google.com
                    Connection: Keep-Alive
                    2021-09-15 09:32:41 UTC48INHTTP/1.1 200 OK
                    Date: Wed, 15 Sep 2021 09:32:41 GMT
                    Expires: -1
                    Cache-Control: private, max-age=0
                    Content-Type: text/html; charset=ISO-8859-1
                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                    Server: gws
                    X-XSS-Protection: 0
                    X-Frame-Options: SAMEORIGIN
                    Set-Cookie: CONSENT=PENDING+445; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.google.com; Secure
                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                    Accept-Ranges: none
                    Vary: Accept-Encoding
                    Connection: close
                    Transfer-Encoding: chunked
                    2021-09-15 09:32:41 UTC49INData Raw: 35 31 31 39 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 47 42 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61 72 64 5f 63 6f 6c 6f 72 5f 31 32 38 64 70 2e 70 6e 67 22 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65
                    Data Ascii: 5119<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-GB"><head><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image
                    2021-09-15 09:32:41 UTC50INData Raw: 33 35 31 34 2c 36 30 36 2c 32 30 32 34 2c 31 37 37 36 2c 35 32 30 2c 38 38 34 37 2c 35 38 32 33 2c 33 32 32 37 2c 32 38 34 35 2c 37 2c 34 37 37 34 2c 37 35 38 30 2c 35 30 39 36 2c 31 31 36 32 35 2c 34 36 39 35 2c 39 30 38 2c 32 2c 39 34 31 2c 31 35 37 35 36 2c 33 2c 33 34 36 2c 32 33 30 2c 31 30 31 34 2c 31 2c 35 34 34 34 2c 31 34 39 2c 31 31 33 32 35 2c 39 36 34 2c 31 36 38 36 2c 34 2c 31 35 32 38 2c 32 33 30 34 2c 31 32 33 36 2c 35 38 30 33 2c 37 34 2c 31 39 38 33 2c 32 36 32 36 2c 32 30 31 35 2c 31 38 33 37 35 2c 32 36 35 38 2c 34 31 36 34 2c 37 38 2c 33 31 31 33 2c 33 32 2c 31 33 36 32 38 2c 32 33 30 35 2c 36 33 38 2c 31 34 39 34 2c 35 35 38 36 2c 37 32 36 36 2c 33 39 33 34 2c 35 38 31 35 2c 32 35 34 32 2c 34 30 39 34 2c 33 31 33 38 2c 36 2c 39 30 38
                    Data Ascii: 3514,606,2024,1776,520,8847,5823,3227,2845,7,4774,7580,5096,11625,4695,908,2,941,15756,3,346,230,1014,1,5444,149,11325,964,1686,4,1528,2304,1236,5803,74,1983,2626,2015,18375,2658,4164,78,3113,32,13628,2305,638,1494,5586,7266,3934,5815,2542,4094,3138,6,908
                    2021-09-15 09:32:41 UTC51INData Raw: 72 69 62 75 74 65 7c 7c 21 28 62 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 65 69 64 22 29 29 29 3b 29 61 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 7c 7c 68 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3d 6e 75 6c 6c 3b 61 26 26 28 21 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 7c 7c 21 28 62 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 6c 65 69 64 22 29 29 29 3b 29 61 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 7d 0a 66 75 6e 63 74 69 6f 6e 20 6e 28 61 2c 62 2c 63 2c 64 2c 67 29 7b 76 61 72 20 65 3d 22 22 3b 63 7c 7c 2d 31 21 3d 3d 62 2e 73 65 61 72 63 68 28 22 26 65 69 3d 22 29 7c 7c 28 65 3d 22 26 65 69 3d 22 2b 6c 28 64 29 2c 2d 31 3d 3d 3d 62 2e 73 65 61 72 63 68 28
                    Data Ascii: ribute||!(b=a.getAttribute("eid")));)a=a.parentNode;return b||h}function m(a){for(var b=null;a&&(!a.getAttribute||!(b=a.getAttribute("leid")));)a=a.parentNode;return b}function n(a,b,c,d,g){var e="";c||-1!==b.search("&ei=")||(e="&ei="+l(d),-1===b.search(
                    2021-09-15 09:32:41 UTC52INData Raw: 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 73 75 62 6d 69 74 22 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 61 3b 69 66 28 61 3d 62 2e 74 61 72 67 65 74 29 7b 76 61 72 20 63 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 73 75 62 6d 69 74 66 61 6c 73 65 22 29 3b 61 3d 22 31 22 3d 3d 3d 63 7c 7c 22 71 22 3d 3d 3d 63 26 26 21 61 2e 65 6c 65 6d 65 6e 74 73 2e 71 2e 76 61 6c 75 65 3f 21 30 3a 21 31 7d 65 6c 73 65 20 61 3d 21 31 3b 61 26 26 28 62 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 2c 62 2e 73 74 6f 70 50 72 6f 70 61 67 61 74 69 6f 6e 28 29 29 7d 2c 21 30 29 3b 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e
                    Data Ascii: EventListener("submit",function(b){var a;if(a=b.target){var c=a.getAttribute("data-submitfalse");a="1"===c||"q"===c&&!a.elements.q.value?!0:!1}else a=!1;a&&(b.preventDefault(),b.stopPropagation())},!0);document.documentElement.addEventListener("click",fun
                    2021-09-15 09:32:41 UTC53INData Raw: 66 69 6c 74 65 72 3a 61 6c 70 68 61 28 6f 70 61 63 69 74 79 3d 30 29 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 6d 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 7a 2d 69 6e 64 65 78 3a 39 39 39 3b 74 6f 70 3a 2d 39 39 39 70 78 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 2d 31 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a
                    Data Ascii: filter:alpha(opacity=0) !important}.gbm{position:absolute;z-index:999;top:-999px;visibility:hidden;text-align:left;border:1px solid #bebebe;background:#fff;-moz-box-shadow:-1px 1px 1px rgba(0,0,0,.2);-webkit-box-shadow:0 2px 4px rgba(0,0,0,.2);box-shadow:
                    2021-09-15 09:32:41 UTC55INData Raw: 6e 65 2d 62 6c 6f 63 6b 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 6f 70 7d 2e 67 62 74 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 2e 67 62 74 6f 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 7d 2e 67 62 7a 74 2c 2e 67 62 67 74 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 74 65 78 74 2d 64 65 63 6f 72 61
                    Data Ascii: ne-block;line-height:27px;padding:0;vertical-align:top}.gbt{*display:inline}.gbto{box-shadow:0 2px 4px rgba(0,0,0,.2);-moz-box-shadow:0 2px 4px rgba(0,0,0,.2);-webkit-box-shadow:0 2px 4px rgba(0,0,0,.2)}.gbzt,.gbgt{cursor:pointer;display:block;text-decora
                    2021-09-15 09:32:41 UTC56INData Raw: 61 6e 74 7d 2e 67 62 70 64 6a 73 20 2e 67 62 74 6f 20 2e 67 62 6d 7b 6d 69 6e 2d 77 69 64 74 68 3a 39 39 25 7d 2e 67 62 7a 30 6c 20 2e 67 62 74 62 32 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 63 6f 6c 6f 72 3a 23 64 64 34 62 33 39 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 34 73 2c 23 67 62 69 34 73 31 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 23 67 62 67 36 2e 67 62 67 74 2d 68 76 72 2c 23 67 62 67 36 2e 67 62 67 74 3a 66 6f 63 75 73 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6e 6f 6e 65 7d 2e 67 62 67 34 61 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 30 7d 2e 67 62 67 34 61 20 2e 67 62 74 73 7b 70 61 64 64 69 6e 67 3a
                    Data Ascii: ant}.gbpdjs .gbto .gbm{min-width:99%}.gbz0l .gbtb2{border-top-color:#dd4b39!important}#gbi4s,#gbi4s1{font-weight:bold}#gbg6.gbgt-hvr,#gbg6.gbgt:focus{background-color:transparent;background-image:none}.gbg4a{font-size:0;line-height:0}.gbg4a .gbts{padding:
                    2021-09-15 09:32:41 UTC57INData Raw: 69 73 69 74 65 64 2c 2e 67 62 6d 6c 62 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 33 36 63 20 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 6d 74 2c 2e 67 62 6d 74 3a 76 69 73 69 74 65 64 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 67 62 6d 6c 31 2c 2e 67 62 6d 6c 62 2c 2e 67 62 6d 6c 31 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 62 3a 76 69 73 69 74 65 64 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 30 20 31 30 70 78 7d 2e 67 62 6d 6c 31 2c 2e 67 62 6d 6c 62 2c 2e 67 62 6d 6c 31 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 62 3a 76 69 73 69 74 65 64 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 2e 67 62 6d 6c 31
                    Data Ascii: isited,.gbmlb:visited{color:#36c !important;text-decoration:none !important}.gbmt,.gbmt:visited{display:block}.gbml1,.gbmlb,.gbml1:visited,.gbmlb:visited{display:inline-block;margin:0 10px}.gbml1,.gbmlb,.gbml1:visited,.gbmlb:visited{*display:inline}.gbml1
                    2021-09-15 09:32:41 UTC58INData Raw: 74 2d 63 68 69 6c 64 3a 61 66 74 65 72 7b 63 6f 6e 74 65 6e 74 3a 27 5c 30 41 5c 30 41 27 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 70 72 65 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 7d 23 67 62 6d 70 73 7b 2a 7a 6f 6f 6d 3a 31 7d 23 67 62 64 34 20 2e 67 62 70 63 2c 23 67 62 6d 70 61 73 20 2e 67 62 6d 74 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 37 70 78 7d 23 67 62 64 34 20 2e 67 62 70 67 73 20 2e 67 62 6d 74 63 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 7d 23 67 62 64 34 20 2e 67 62 6d 74 63 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 7d 23 67 62 64 34 20 2e 67 62 70 63 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 31 36 70 78 20 30 20 31 30 70
                    Data Ascii: t-child:after{content:'\0A\0A';white-space:pre;position:absolute}#gbmps{*zoom:1}#gbd4 .gbpc,#gbmpas .gbmt{line-height:17px}#gbd4 .gbpgs .gbmtc{line-height:27px}#gbd4 .gbmtc{border-bottom:1px solid #bebebe}#gbd4 .gbpc{display:inline-block;margin:16px 0 10p
                    2021-09-15 09:32:41 UTC60INData Raw: 32 30 70 78 7d 2e 67 62 70 30 20 2e 67 62 70 73 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 61 2e 67 62 69 62 61 7b 6d 61 72 67 69 6e 3a 38 70 78 20 32 30 70 78 20 31 30 70 78 7d 2e 67 62 6d 70 69 61 77 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 30 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 36 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 67 62 78 76 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 2e 67 62 6d 70 69 61 61 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 67 62 6d 70 69 61 7b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 34 38 70 78 3b 77
                    Data Ascii: 20px}.gbp0 .gbps{*display:inline}a.gbiba{margin:8px 20px 10px}.gbmpiaw{display:inline-block;padding-right:10px;margin-bottom:6px;margin-top:10px}.gbxv{visibility:hidden}.gbmpiaa{display:block;margin-top:10px}.gbmpia{border:none;display:block;height:48px;w
                    2021-09-15 09:32:41 UTC61INData Raw: 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 7d 2e 67 62 71 66 62 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 2e 67 62 71 66 62 61 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 2e 67 62 71 66 62 62 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 7b 62 6f 72 64 65 72 3a 30 7d 2e 67 62 71 66 62 61 2c 2e 67 62 71 66 62 62 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 63 64 63 64 63 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 72 67 62 61 28
                    Data Ascii: -shadow:0 1px 1px rgba(0,0,0,.1);-moz-box-shadow:0 1px 1px rgba(0,0,0,.1);box-shadow:0 1px 1px rgba(0,0,0,.1)}.gbqfb::-moz-focus-inner,.gbqfba::-moz-focus-inner,.gbqfbb::-moz-focus-inner{border:0}.gbqfba,.gbqfbb{border:1px solid #dcdcdc;border-color:rgba(
                    2021-09-15 09:32:41 UTC62INData Raw: 65 2c 23 33 35 37 61 65 38 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 34 64 39 30 66 65 2c 23 33 35 37 61 65 38 29 7d 2e 67 62 71 66 62 3a 61 63 74 69 76 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 33 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 33 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 33 29 7d
                    Data Ascii: e,#357ae8);background-image:linear-gradient(top,#4d90fe,#357ae8)}.gbqfb:active{background-color:inherit;-webkit-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.3);-moz-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.3);box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.3)}
                    2021-09-15 09:32:41 UTC64INData Raw: 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 67 72 61 64 69 65 6e 74 28 6c 69 6e 65 61 72 2c 6c 65 66 74 20 74 6f 70 2c 6c 65 66 74 20 62 6f 74 74 6f 6d 2c 66 72 6f 6d 28 23 66 66 66 29 2c 74 6f 28 23 66 62 66 62 66 62 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 66 66 66 2c 23 66 62 66 62 66 62 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 66 66 66 2c 23 66 62 66 62 66 62 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6d 73 2d 6c 69 6e 65 61 72 2d 67 72 61 64
                    Data Ascii: background-color:#fff;background-image:-webkit-gradient(linear,left top,left bottom,from(#fff),to(#fbfbfb));background-image:-webkit-linear-gradient(top,#fff,#fbfbfb);background-image:-moz-linear-gradient(top,#fff,#fbfbfb);background-image:-ms-linear-grad
                    2021-09-15 09:32:41 UTC65INData Raw: 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 7d 0a 23 67 62 6d 70 61 73 7b 6d 61 78 2d 68 65 69 67 68 74 3a 32 32 30 70 78 7d 23 67 62 6d 6d 7b 6d 61 78 2d 68 65 69 67 68 74 3a 35 33 30 70 78 7d 2e 67 62 73 62 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 2a 7a 6f 6f 6d 3a 31 7d 2e 67 62 73 62 69 63 7b 6f 76 65 72 66 6c 6f 77 3a 61 75 74 6f 7d 2e 67 62 73 62 69 73 20 2e 67 62 73 62 74 2c 2e 67 62 73 62 69 73 20 2e 67 62
                    Data Ascii: x-shadow:inset 0 1px 2px rgba(0,0,0,.1);box-shadow:inset 0 1px 2px rgba(0,0,0,.1)}#gbmpas{max-height:220px}#gbmm{max-height:530px}.gbsb{-webkit-box-sizing:border-box;display:block;position:relative;*zoom:1}.gbsbic{overflow:auto}.gbsbis .gbsbt,.gbsbis .gb
                    2021-09-15 09:32:41 UTC66INData Raw: 30 2c 30 2c 30 2c 2e 31 29 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 2d 77 65 62 6b 69 74 2d 67 72 61 64 69 65 6e 74 28 6c 69 6e 65 61 72 2c 6c 65 66 74 20 62 6f 74 74 6f 6d 2c 6c 65 66 74 20 74 6f 70 2c 66 72 6f 6d 28 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 29 2c 74 6f 28 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 2c 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 2c 72 67 62 61 28 30 2c 30 2c
                    Data Ascii: 0,0,0,.1)));background:-webkit-gradient(linear,left bottom,left top,from(rgba(0,0,0,.2)),to(rgba(0,0,0,0)));background-image:-webkit-linear-gradient(bottom,rgba(0,0,0,.2),rgba(0,0,0,0));background-image:-moz-linear-gradient(bottom,rgba(0,0,0,.2),rgba(0,0,
                    2021-09-15 09:32:41 UTC67INData Raw: 65 72 3a 73 6f 6c 69 64 20 31 70 78 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 61 64 63 65 30 20 23 37 30 37 35 37 61 20 23 37 30 37 35 37 61 20 23 64 61 64 63 65 30 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 2e 6c 73 62 62 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 23 57 71 51 41 4e 62 20 61 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 30 20 31 32 70 78 7d 2e 6c 73 62 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 69 6d 61 67 65 73 2f 6e 61 76 5f 6c 6f 67 6f 32 32 39 2e 70 6e 67 29 20 30 20 2d 32 36 31 70 78 20 72 65 70 65 61 74 2d 78 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 6d 61 72 67 69 6e 3a
                    Data Ascii: er:solid 1px;border-color:#dadce0 #70757a #70757a #dadce0;height:30px}.lsbb{display:block}#WqQANb a{display:inline-block;margin:0 12px}.lsb{background:url(/images/nav_logo229.png) 0 -261px repeat-x;border:none;color:#000;cursor:pointer;height:30px;margin:
                    2021-09-15 09:32:41 UTC69INData Raw: 26 26 67 6f 6f 67 6c 65 2e 6d 6c 28 64 20 69 6e 73 74 61 6e 63 65 6f 66 20 45 72 72 6f 72 3f 64 3a 45 72 72 6f 72 28 61 29 2c 21 31 2c 76 6f 69 64 20 30 2c 21 31 2c 67 6f 6f 67 6c 65 2e 64 6c 3f 30 3a 32 29 3b 70 3d 6e 75 6c 6c 3b 6c 26 26 6e 3e 3d 6b 26 26 28 77 69 6e 64 6f 77 2e 6f 6e 65 72 72 6f 72 3d 6e 75 6c 6c 29 7d 3b 7d 29 28 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 76 61 72 20 65 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 76 61 72 20 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29
                    Data Ascii: &&google.ml(d instanceof Error?d:Error(a),!1,void 0,!1,google.dl?0:2);p=null;l&&n>=k&&(window.onerror=null)};})();(function(){try{/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/var e=this||self;var aa=function(a,b,c,d)
                    2021-09-15 09:32:41 UTC69INData Raw: 31 30 63 0d 0a 2c 66 3a 22 2e 36 36 2e 22 2c 65 3a 22 22 2c 6d 3a 5f 74 76 6e 28 22 31 22 2c 31 29 7d 3b 0a 66 75 6e 63 74 69 6f 6e 20 63 61 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3d 22 6f 6e 22 2b 62 3b 69 66 28 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 29 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 62 2c 63 2c 21 31 29 3b 65 6c 73 65 20 69 66 28 61 2e 61 74 74 61 63 68 45 76 65 6e 74 29 61 2e 61 74 74 61 63 68 45 76 65 6e 74 28 64 2c 63 29 3b 65 6c 73 65 7b 76 61 72 20 66 3d 61 5b 64 5d 3b 61 5b 64 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6b 3d 66 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 2c 6d 3d 63 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 3b 72 65 74 75 72 6e 20 76 6f
                    Data Ascii: 10c,f:".66.",e:"",m:_tvn("1",1)};function ca(a,b,c){var d="on"+b;if(a.addEventListener)a.addEventListener(b,c,!1);else if(a.attachEvent)a.attachEvent(d,c);else{var f=a[d];a[d]=function(){var k=f.apply(this,arguments),m=c.apply(this,arguments);return vo
                    2021-09-15 09:32:41 UTC69INData Raw: 36 64 38 61 0d 0a 6d 3f 6b 3a 6d 26 26 6b 7d 7d 7d 76 61 72 20 64 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 67 2e 62 76 2e 6d 3d 3d 61 7d 7d 2c 65 61 3d 64 61 28 31 29 2c 66 61 3d 64 61 28 32 29 3b 70 28 22 73 62 22 2c 65 61 29 3b 70 28 22 6b 6e 22 2c 66 61 29 3b 68 2e 61 3d 5f 74 76 76 3b 68 2e 62 3d 5f 74 76 66 3b 68 2e 63 3d 5f 74 76 6e 3b 68 2e 69 3d 61 61 3b 76 61 72 20 72 3d 77 69 6e 64 6f 77 2e 67 62 61 72 2e 69 2e 69 3b 76 61 72 20 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 68 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 6b 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 6e 65 77 20 49 6d 61 67 65 2c 63 3d 69 61 3b 62 2e 6f 6e 65 72 72 6f 72 3d 62 2e 6f 6e 6c
                    Data Ascii: 6d8am?k:m&&k}}}var da=function(a){return function(){return g.bv.m==a}},ea=da(1),fa=da(2);p("sb",ea);p("kn",fa);h.a=_tvv;h.b=_tvf;h.c=_tvn;h.i=aa;var r=window.gbar.i.i;var t=function(){},ha=function(){},ka=function(a){var b=new Image,c=ia;b.onerror=b.onl
                    2021-09-15 09:32:41 UTC71INData Raw: 44 29 3b 70 28 22 6d 63 66 22 2c 70 61 29 3b 70 28 22 62 63 66 22 2c 6f 61 29 3b 70 28 22 61 71 22 2c 41 29 3b 70 28 22 6d 64 64 22 2c 22 22 29 3b 0a 70 28 22 68 61 73 22 2c 71 61 29 3b 70 28 22 74 72 68 22 2c 76 61 29 3b 70 28 22 74 65 76 22 2c 73 61 29 3b 69 66 28 68 2e 61 28 22 6d 3b 2f 5f 2f 73 63 73 2f 61 62 63 2d 73 74 61 74 69 63 2f 5f 2f 6a 73 2f 6b 3d 67 61 70 69 2e 67 61 70 69 2e 65 6e 2e 4d 35 52 44 39 34 72 6d 67 5a 49 2e 4f 2f 64 3d 31 2f 72 73 3d 41 48 70 4f 6f 6f 38 7a 33 5a 49 47 62 53 34 51 31 68 64 78 6c 4f 30 2d 69 37 67 51 43 41 68 65 75 67 2f 6d 3d 5f 5f 66 65 61 74 75 72 65 73 5f 5f 22 29 29 7b 76 61 72 20 46 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 77 61 3f 61 7c 7c 62 3a 62 7d 2c 78 61 3d 68 2e 61 28 22 31
                    Data Ascii: D);p("mcf",pa);p("bcf",oa);p("aq",A);p("mdd","");p("has",qa);p("trh",va);p("tev",sa);if(h.a("m;/_/scs/abc-static/_/js/k=gapi.gapi.en.M5RD94rmgZI.O/d=1/rs=AHpOoo8z3ZIGbS4Q1hdxlO0-i7gQCAheug/m=__features__")){var F=function(a,b){return wa?a||b:b},xa=h.a("1
                    2021-09-15 09:32:41 UTC72INData Raw: 6a 73 72 3d 22 2c 4d 61 74 68 2e 72 6f 75 6e 64 28 31 2f 46 61 29 2c 22 26 6f 67 65 76 3d 22 2c 64 28 22 75 62 31 42 59 62 2d 63 4e 4f 71 4f 78 63 38 50 69 6f 4b 37 38 41 6f 22 29 2c 22 26 6f 67 66 3d 22 2c 67 2e 62 76 2e 66 2c 22 26 6f 67 72 70 3d 22 2c 64 28 22 22 29 2c 22 26 6f 67 76 3d 22 2c 64 28 22 33 39 35 33 37 32 39 35 34 2e 30 22 29 2c 22 26 6f 67 67 76 3d 22 2b 64 28 22 65 73 5f 70 6c 75 73 6f 6e 65 5f 67 63 5f 32 30 32 31 30 39 30 38 2e 30 5f 70 30 22 29 2c 22 26 6f 67 64 3d 22 2c 64 28 22 63 6f 6d 22 29 2c 22 26 6f 67 63 3d 22 2c 64 28 22 47 42 52 22 29 2c 22 26 6f 67 6c 3d 22 2c 64 28 22 65 6e 22 29 5d 3b 62 2e 5f 73 6e 26 26 28 62 2e 5f 73 6e 3d 0a 22 6f 67 2e 22 2b 62 2e 5f 73 6e 29 3b 66 6f 72 28 76 61 72 20 6b 20 69 6e 20 62 29 66 2e 70
                    Data Ascii: jsr=",Math.round(1/Fa),"&ogev=",d("ub1BYb-cNOqOxc8PioK78Ao"),"&ogf=",g.bv.f,"&ogrp=",d(""),"&ogv=",d("395372954.0"),"&oggv="+d("es_plusone_gc_20210908.0_p0"),"&ogd=",d("com"),"&ogc=",d("GBR"),"&ogl=",d("en")];b._sn&&(b._sn="og."+b._sn);for(var k in b)f.p
                    2021-09-15 09:32:41 UTC73INData Raw: 6b 63 2e 44 55 22 29 3b 61 3d 61 2e 6a 6f 69 6e 28 22 22 29 3b 72 61 28 61 29 7d 3b 70 28 22 63 61 22 2c 4a 29 3b 70 28 22 63 72 22 2c 4b 29 3b 70 28 22 63 63 22 2c 48 29 3b 68 2e 6b 3d 4a 3b 68 2e 6c 3d 4b 3b 68 2e 6d 3d 48 3b 68 2e 6e 3d 4c 61 3b 68 2e 70 3d 4e 61 3b 68 2e 71 3d 4d 61 3b 76 61 72 20 4f 61 3d 5b 22 67 62 5f 37 31 22 2c 22 67 62 5f 31 35 35 22 5d 2c 50 61 3b 66 75 6e 63 74 69 6f 6e 20 51 61 28 61 29 7b 50 61 3d 61 7d 66 75 6e 63 74 69 6f 6e 20 52 61 28 61 29 7b 76 61 72 20 62 3d 50 61 26 26 21 61 2e 68 72 65 66 2e 6d 61 74 63 68 28 2f 2e 2a 5c 2f 61 63 63 6f 75 6e 74 73 5c 2f 43 6c 65 61 72 53 49 44 5b 3f 5d 2f 29 26 26 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 50 61 28 29 29 3b 62 26 26 28 61 2e 68 72 65 66 3d 61 2e 68 72
                    Data Ascii: kc.DU");a=a.join("");ra(a)};p("ca",J);p("cr",K);p("cc",H);h.k=J;h.l=K;h.m=H;h.n=La;h.p=Na;h.q=Ma;var Oa=["gb_71","gb_155"],Pa;function Qa(a){Pa=a}function Ra(a){var b=Pa&&!a.href.match(/.*\/accounts\/ClearSID[?]/)&&encodeURIComponent(Pa());b&&(a.href=a.hr
                    2021-09-15 09:32:41 UTC75INData Raw: 7d 7d 7d 7d 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 74 67 28 61 2c 62 2c 21 30 29 7d 29 3b 61 62 28 61 29 7d 63 61 74 63 68 28 71 29 7b 72 28 71 2c 22 73 62 22 2c 22 74 67 22 29 7d 7d 2c 63 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 63 6c 6f 73 65 28 61 29 7d 29 7d 2c 64 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 72 64 64 28 61 29 7d 29 7d 2c 59 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 63 3d 64 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 3b 63 26 26 63 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 3f 28 61 3d 63 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 61 2c 22 22 29 29 26 26 28 62 3d 61 2e 64 69 72 65 63 74 69 6f
                    Data Ascii: }}}}B(function(){g.tg(a,b,!0)});ab(a)}catch(q){r(q,"sb","tg")}},cb=function(a){B(function(){g.close(a)})},db=function(a){B(function(){g.rdd(a)})},Ya=function(a){var b,c=document.defaultView;c&&c.getComputedStyle?(a=c.getComputedStyle(a,""))&&(b=a.directio
                    2021-09-15 09:32:41 UTC76INData Raw: 2c 62 5b 64 5d 29 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 67 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 66 62 28 61 2c 62 2c 63 29 7d 2c 68 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 62 28 61 2c 22 67 62 65 22 2c 62 29 7d 2c 69 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 70 63 6d 26 26 67 2e 70 63 6d 28 29 7d 29 7d 2c 6a 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 70 63 61 26 26 67 2e 70 63 61 28 29 7d 29 7d 2c 6b 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 66 2c 6b 2c 6d 2c 6e 2c 6c 2c 71 29 7b 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 70 61 61 26 26 67 2e 70 61 61 28 61 2c 62 2c 63 2c 64 2c 66 2c 6b 2c 6d 2c 6e 2c 6c 2c
                    Data Ascii: ,b[d]))return!0;return!1},gb=function(a,b,c){fb(a,b,c)},hb=function(a,b){fb(a,"gbe",b)},ib=function(){B(function(){g.pcm&&g.pcm()})},jb=function(){B(function(){g.pca&&g.pca()})},kb=function(a,b,c,d,f,k,m,n,l,q){B(function(){g.paa&&g.paa(a,b,c,d,f,k,m,n,l,
                    2021-09-15 09:32:41 UTC77INData Raw: 6e 65 72 22 2b 61 3b 61 3d 22 6f 66 66 73 65 74 22 2b 61 3b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 5b 62 5d 3f 77 69 6e 64 6f 77 5b 62 5d 3a 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 26 26 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 5b 61 5d 3f 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 5b 61 5d 3a 30 7d 2c 75 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 31 7d 2c 76 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 21 4f 7d 3b 70 28 22 73 6f 22 2c 56 61 29 3b 70 28 22 73 6f 73 22 2c 55 61 29 3b 70 28 22 73 69 22 2c 57 61 29 3b 70 28 22 74 67 22 2c 62 62 29 3b 0a 70 28 22 63 6c 6f 73 65 22 2c 63 62 29 3b 70 28 22 72 64 64 22 2c 64 62 29 3b 70 28
                    Data Ascii: ner"+a;a="offset"+a;return window[b]?window[b]:document.documentElement&&document.documentElement[a]?document.documentElement[a]:0},ub=function(){return!1},vb=function(){return!!O};p("so",Va);p("sos",Ua);p("si",Wa);p("tg",bb);p("close",cb);p("rdd",db);p(
                    2021-09-15 09:32:41 UTC78INData Raw: 7d 3b 70 28 22 6c 50 57 22 2c 43 62 29 3b 77 2e 70 75 73 68 28 5b 22 70 77 22 2c 7b 75 72 6c 3a 22 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 6a 73 2f 61 62 63 2f 70 77 6d 5f 34 35 66 37 33 65 34 64 66 30 37 61 30 65 33 38 38 62 30 66 61 31 66 33 64 33 30 65 37 32 38 30 2e 6a 73 22 7d 5d 29 3b 76 61 72 20 45 62 3d 5b 5d 2c 46 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 45 62 5b 30 5d 3d 61 7d 2c 47 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 7c 7c 7b 7d 3b 62 2e 5f 73 6e 3d 22 70 77 22 3b 74 28 61 2c 62 29 7d 2c 48 62 3d 7b 73 69 67 6e 65 64 3a 45 62 2c 65 6c 6f 67 3a 47 62 2c 62 61 73 65 3a 22 68 74 74 70 73 3a 2f 2f 70 6c 75 73 6f 6e 65 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 2f 30 22 2c 6c 6f 61 64 54 69 6d 65 3a 28 6e 65
                    Data Ascii: };p("lPW",Cb);w.push(["pw",{url:"//ssl.gstatic.com/gb/js/abc/pwm_45f73e4df07a0e388b0fa1f3d30e7280.js"}]);var Eb=[],Fb=function(a){Eb[0]=a},Gb=function(a,b){b=b||{};b._sn="pw";t(a,b)},Hb={signed:Eb,elog:Gb,base:"https://plusone.google.com/u/0",loadTime:(ne
                    2021-09-15 09:32:41 UTC80INData Raw: 76 3d 22 2c 6d 2c 22 26 6f 67 66 3d 22 2c 6c 2c 22 26 6f 67 70 3d 22 2c 71 2c 22 26 6f 67 72 70 3d 22 2c 6e 2c 22 26 6f 67 73 72 3d 22 2c 63 2c 22 26 6f 67 76 3d 22 2c 45 2c 55 2c 22 26 6f 67 64 3d 22 2c 49 2c 22 26 6f 67 6c 3d 22 2c 56 2c 22 26 6f 67 63 3d 22 2c 57 2c 22 26 6f 67 75 73 3d 22 2c 79 5d 3b 69 66 28 62 29 7b 22 6f 67 77 22 69 6e 20 62 26 26 28 61 2e 70 75 73 68 28 22 26 6f 67 77 3d 22 2b 62 2e 6f 67 77 29 2c 64 65 6c 65 74 65 20 62 2e 6f 67 77 29 3b 66 3d 5b 5d 3b 66 6f 72 28 7a 20 69 6e 20 62 29 30 21 3d 66 2e 6c 65 6e 67 74 68 26 26 66 2e 70 75 73 68 28 22 2c 22 29 2c 66 2e 70 75 73 68 28 51 62 28 7a 29 29 2c 66 2e 70 75 73 68 28 22 2e 22 29 2c 66 2e 70 75 73 68 28 51 62 28 62 5b 7a 5d 29 29 3b 76 61 72 20 7a 3d 66 2e 6a 6f 69 6e 28 22 22
                    Data Ascii: v=",m,"&ogf=",l,"&ogp=",q,"&ogrp=",n,"&ogsr=",c,"&ogv=",E,U,"&ogd=",I,"&ogl=",V,"&ogc=",W,"&ogus=",y];if(b){"ogw"in b&&(a.push("&ogw="+b.ogw),delete b.ogw);f=[];for(z in b)0!=f.length&&f.push(","),f.push(Qb(z)),f.push("."),f.push(Qb(b[z]));var z=f.join(""
                    2021-09-15 09:32:41 UTC81INData Raw: 29 2c 70 70 61 3a 68 2e 61 28 22 22 29 2c 0a 70 70 6d 3a 22 47 6f 6f 67 6c 65 2b 20 70 61 67 65 22 7d 3b 76 2e 70 72 66 3d 24 62 7d 3b 76 61 72 20 53 2c 61 63 2c 54 2c 62 63 2c 58 3d 30 2c 63 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 2e 69 6e 64 65 78 4f 66 29 72 65 74 75 72 6e 20 61 2e 69 6e 64 65 78 4f 66 28 62 2c 63 29 3b 69 66 28 41 72 72 61 79 2e 69 6e 64 65 78 4f 66 29 72 65 74 75 72 6e 20 41 72 72 61 79 2e 69 6e 64 65 78 4f 66 28 61 2c 62 2c 63 29 3b 66 6f 72 28 63 3d 6e 75 6c 6c 3d 3d 63 3f 30 3a 30 3e 63 3f 4d 61 74 68 2e 6d 61 78 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 63 29 3a 63 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 63 20 69 6e 20 61 26 26 61 5b 63 5d 3d 3d 3d 62 29 72 65 74 75 72 6e 20 63 3b 72 65 74 75
                    Data Ascii: ),ppa:h.a(""),ppm:"Google+ page"};v.prf=$b};var S,ac,T,bc,X=0,cc=function(a,b,c){if(a.indexOf)return a.indexOf(b,c);if(Array.indexOf)return Array.indexOf(a,b,c);for(c=null==c?0:0>c?Math.max(0,a.length+c):c;c<a.length;c++)if(c in a&&a[c]===b)return c;retu
                    2021-09-15 09:32:41 UTC82INData Raw: 63 28 61 29 26 26 28 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 62 2c 63 29 2c 61 2e 73 61 76 65 28 61 2e 69 64 29 29 29 7d 63 61 74 63 68 28 66 29 7b 66 2e 63 6f 64 65 21 3d 44 4f 4d 45 78 63 65 70 74 69 6f 6e 2e 51 55 4f 54 41 5f 45 58 43 45 45 44 45 44 5f 45 52 52 26 26 72 28 66 2c 22 75 70 22 2c 22 73 70 64 22 29 7d 7d 2c 6d 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 74 72 79 7b 69 66 28 69 63 28 64 6f 63 75 6d 65 6e 74 29 29 72 65 74 75 72 6e 22 22 3b 0a 63 7c 7c 28 62 3d 22 6f 67 2d 75 70 2d 22 2b 62 29 3b 69 66 28 6a 63 28 29 29 72 65 74 75 72 6e 20 65 2e 6c 6f 63 61 6c 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 62 29 3b 69 66 28 6b 63 28 61 29 29 72 65 74 75 72 6e 20 61 2e 6c 6f 61 64 28 61 2e 69 64 29 2c 61 2e 67 65 74 41 74 74
                    Data Ascii: c(a)&&(a.setAttribute(b,c),a.save(a.id)))}catch(f){f.code!=DOMException.QUOTA_EXCEEDED_ERR&&r(f,"up","spd")}},mc=function(a,b,c){try{if(ic(document))return"";c||(b="og-up-"+b);if(jc())return e.localStorage.getItem(b);if(kc(a))return a.load(a.id),a.getAtt
                    2021-09-15 09:32:41 UTC83INData Raw: 29 2c 64 3d 68 2e 61 28 22 22 29 2c 66 3d 33 2c 6b 3d 77 2c 6d 3d 30 2c 6e 3d 77 69 6e 64 6f 77 2e 67 62 61 72 4f 6e 52 65 61 64 79 3b 69 66 28 6e 29 74 72 79 7b 6e 28 29 7d 63 61 74 63 68 28 6c 29 7b 72 28 6c 2c 22 6d 6c 22 2c 22 6f 72 22 29 7d 64 3f 70 28 22 6c 64 62 22 2c 61 29 3a 63 3f 63 61 28 77 69 6e 64 6f 77 2c 22 6c 6f 61 64 22 2c 62 29 3a 62 28 29 7d 70 28 22 72 64 6c 22 2c 71 63 29 3b 7d 63 61 74 63 68 28 65 29 7b 77 69 6e 64 6f 77 2e 67 62 61 72 26 26 67 62 61 72 2e 6c 6f 67 67 65 72 26 26 67 62 61 72 2e 6c 6f 67 67 65 72 2e 6d 6c 28 65 2c 7b 22 5f 73 6e 22 3a 22 63 66 67 2e 69 6e 69 74 22 7d 29 3b 7d 7d 29 28 29 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65
                    Data Ascii: ),d=h.a(""),f=3,k=w,m=0,n=window.gbarOnReady;if(n)try{n()}catch(l){r(l,"ml","or")}d?p("ldb",a):c?ca(window,"load",b):b()}p("rdl",qc);}catch(e){window.gbar&&gbar.logger&&gbar.logger.ml(e,{"_sn":"cfg.init"});}})();(function(){try{/* Copyright The Closure
                    2021-09-15 09:32:41 UTC85INData Raw: 62 6d 30 6c 22 3a 22 67 62 7a 30 6c 22 29 3b 63 26 26 66 2e 6b 28 63 2c 68 2e 74 65 73 74 28 63 2e 63 6c 61 73 73 4e 61 6d 65 29 3f 22 67 62 6d 30 6c 22 3a 22 67 62 7a 30 6c 22 29 7d 63 61 74 63 68 28 6c 29 7b 64 28 6c 2c 22 73 6a 22 2c 22 73 73 70 22 29 7d 67 3d 61 7d 2c 6d 3d 65 2e 71 73 2c 6e 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 68 72 65 66 3b 76 61 72 20 63 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 6d 61 74 63 68 28 2f 2e 2a 3f 3a 5c 2f 5c 2f 5b 5e 5c 2f 5d 2a 2f 29 5b 30 5d 3b 63 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5e 22 2b 63 2b 22 2f 73 65 61 72 63 68 5c 5c 3f 22 29 3b 28 62 3d 63 2e 74 65 73 74 28 62 29 29 26 26 21 2f 28 5e 7c 5c 5c 3f 7c 26 29 65 69 3d 2f 2e 74 65 73 74 28 61 2e 68 72 65 66 29
                    Data Ascii: bm0l":"gbz0l");c&&f.k(c,h.test(c.className)?"gbm0l":"gbz0l")}catch(l){d(l,"sj","ssp")}g=a},m=e.qs,n=function(a){var b=a.href;var c=window.location.href.match(/.*?:\/\/[^\/]*/)[0];c=new RegExp("^"+c+"/search\\?");(b=c.test(b))&&!/(^|\\?|&)ei=/.test(a.href)
                    2021-09-15 09:32:41 UTC86INData Raw: 7b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 77 69 6e 64 6f 77 2e 67 62 61 72 2e 72 64 6c 28 29 3b 7d 63 61 74 63 68 28 65 29 7b 77 69 6e 64 6f 77 2e 67 62 61 72 26 26 67 62 61 72 2e 6c 6f 67 67 65 72 26 26 67 62 61 72 2e 6c 6f 67 67 65 72 2e 6d 6c 28 65 2c 7b 22 5f 73 6e 22 3a 22 63 66 67 2e 69 6e 69 74 22 7d 29 3b 7d 7d 29 28 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 23 66 66 66 22 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 36 4d 62 75 76 76 63 4e 65 59 59 54 53 4d 68 6e 51 52 45 50
                    Data Ascii: {/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/window.gbar.rdl();}catch(e){window.gbar&&gbar.logger&&gbar.logger.ml(e,{"_sn":"cfg.init"});}})();</script></head><body bgcolor="#fff"><script nonce="6MbuvvcNeYYTSMhnQREP
                    2021-09-15 09:32:41 UTC87INData Raw: 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 74 3e 3c 61 20 63 6c 61 73 73 3d 67 62 7a 74 20 69 64 3d 67 62 5f 33 36 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 2f 3f 67 6c 3d 47 42 26 74 61 62 3d 77 31 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 62 32 3e 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 73 3e 59 6f 75 54 75 62 65 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 74 3e 3c 61 20 63 6c 61 73 73 3d 67 62 7a 74 20 69 64 3d 67 62 5f 34 32 36 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 65 77 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 3f 74 61 62 3d 77 6e 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 62 32 3e 3c 2f 73 70 61 6e 3e 3c 73 70 61
                    Data Ascii: i><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?gl=GB&tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><spa
                    2021-09-15 09:32:41 UTC89INData Raw: 65 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 6d 74 63 3e 3c 61 20 63 6c 61 73 73 3d 67 62 6d 74 20 69 64 3d 67 62 5f 31 30 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 6f 6f 6b 73 2e 67 6f 6f 67 6c 65 2e 63 6f 2e 75 6b 2f 3f 68 6c 3d 65 6e 26 74 61 62 3d 77 70 22 3e 42 6f 6f 6b 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 6d 74 63 3e 3c 61 20 63 6c 61 73 73 3d 67 62 6d 74 20 69 64 3d 67 62 5f 36 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 2e 75 6b 2f 73 68 6f 70 70 69 6e 67 3f 68 6c 3d 65 6e 26 73 6f 75 72 63 65 3d 6f 67 26 74 61 62 3d 77 66 22 3e 53 68 6f 70 70 69 6e 67 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 6d 74 63 3e 3c 61 20 63 6c 61 73 73 3d
                    Data Ascii: e</a></li><li class=gbmtc><a class=gbmt id=gb_10 href="https://books.google.co.uk/?hl=en&tab=wp">Books</a></li><li class=gbmtc><a class=gbmt id=gb_6 href="https://www.google.co.uk/shopping?hl=en&source=og&tab=wf">Shopping</a></li><li class=gbmtc><a class=
                    2021-09-15 09:32:41 UTC90INData Raw: 63 6f 6d 2f 53 65 72 76 69 63 65 4c 6f 67 69 6e 3f 68 6c 3d 65 6e 26 70 61 73 73 69 76 65 3d 74 72 75 65 26 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 26 65 63 3d 47 41 5a 41 41 51 22 20 6f 6e 63 6c 69 63 6b 3d 22 67 62 61 72 2e 6c 6f 67 67 65 72 2e 69 6c 28 39 2c 7b 6c 3a 27 69 27 7d 29 22 20 69 64 3d 67 62 5f 37 30 20 63 6c 61 73 73 3d 67 62 67 74 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 62 32 3e 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 69 64 3d 67 62 67 73 34 20 63 6c 61 73 73 3d 67 62 74 73 3e 3c 73 70 61 6e 20 69 64 3d 67 62 69 34 73 31 3e 53 69 67 6e 20 69 6e 3c 2f 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 67 62 74 20 67 62 74 62 22 3e 3c
                    Data Ascii: com/ServiceLogin?hl=en&passive=true&continue=https://www.google.com/&ec=GAZAAQ" onclick="gbar.logger.il(9,{l:'i'})" id=gb_70 class=gbgt><span class=gbtb2></span><span id=gbgs4 class=gbts><span id=gbi4s1>Sign in</span></span></a></li><li class="gbt gbtb"><
                    2021-09-15 09:32:41 UTC91INData Raw: 5f 32 37 32 78 39 32 64 70 2e 70 6e 67 22 20 73 74 79 6c 65 3d 22 70 61 64 64 69 6e 67 3a 32 38 70 78 20 30 20 31 34 70 78 22 20 77 69 64 74 68 3d 22 32 37 32 22 20 69 64 3d 22 68 70 6c 6f 67 6f 22 3e 3c 62 72 3e 3c 62 72 3e 3c 2f 64 69 76 3e 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 73 65 61 72 63 68 22 20 6e 61 6d 65 3d 22 66 22 3e 3c 74 61 62 6c 65 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 22 30 22 3e 3c 74 72 20 76 61 6c 69 67 6e 3d 22 74 6f 70 22 3e 3c 74 64 20 77 69 64 74 68 3d 22 32 35 25 22 3e 26 6e 62 73 70 3b 3c 2f 74 64 3e 3c 74 64 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 20 6e 6f 77 72 61 70 3d 22 22 3e 3c 69 6e 70 75 74 20 6e 61 6d 65 3d 22 69 65 22 20 76 61 6c 75 65 3d 22 49 53 4f 2d 38 38
                    Data Ascii: _272x92dp.png" style="padding:28px 0 14px" width="272" id="hplogo"><br><br></div><form action="/search" name="f"><table cellpadding="0" cellspacing="0"><tr valign="top"><td width="25%">&nbsp;</td><td align="center" nowrap=""><input name="ie" value="ISO-88
                    2021-09-15 09:32:41 UTC92INData Raw: 62 6c 63 22 20 61 6c 69 67 6e 3d 22 6c 65 66 74 22 20 6e 6f 77 72 61 70 3d 22 22 20 77 69 64 74 68 3d 22 32 35 25 22 3e 3c 61 20 68 72 65 66 3d 22 2f 61 64 76 61 6e 63 65 64 5f 73 65 61 72 63 68 3f 68 6c 3d 65 6e 2d 47 42 26 61 6d 70 3b 61 75 74 68 75 73 65 72 3d 30 22 3e 41 64 76 61 6e 63 65 64 20 73 65 61 72 63 68 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 69 6e 70 75 74 20 69 64 3d 22 67 62 76 22 20 6e 61 6d 65 3d 22 67 62 76 22 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 76 61 6c 75 65 3d 22 31 22 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 36 4d 62 75 76 76 63 4e 65 59 59 54 53 4d 68 6e 51 52 45 50 73 67 3d 3d 22 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 76 61 72 20 61 2c 62 3d 22 31 22 3b 69 66 28 64 6f 63 75 6d 65 6e
                    Data Ascii: blc" align="left" nowrap="" width="25%"><a href="/advanced_search?hl=en-GB&amp;authuser=0">Advanced search</a></td></tr></table><input id="gbv" name="gbv" type="hidden" value="1"><script nonce="6MbuvvcNeYYTSMhnQREPsg==">(function(){var a,b="1";if(documen
                    2021-09-15 09:32:41 UTC94INData Raw: 61 63 79 3c 2f 61 3e 20 2d 20 3c 61 20 68 72 65 66 3d 22 2f 69 6e 74 6c 2f 65 6e 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 3c 2f 61 3e 3c 2f 70 3e 3c 2f 73 70 61 6e 3e 3c 2f 63 65 6e 74 65 72 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 36 4d 62 75 76 76 63 4e 65 59 59 54 53 4d 68 6e 51 52 45 50 73 67 3d 3d 22 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 2e 63 64 6f 3d 7b 68 65 69 67 68 74 3a 37 35 37 2c 77 69 64 74 68 3a 31 34 34 30 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 76 61 72 20 61 3d 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 57 69 64 74 68 2c 62 3d 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 48 65 69 67 68 74 3b 69 66 28 21 61 7c 7c 21 62 29 7b 76 61 72 20 63 3d 77 69 6e 64 6f 77 2e 64 6f 63 75
                    Data Ascii: acy</a> - <a href="/intl/en/policies/terms/">Terms</a></p></span></center><script nonce="6MbuvvcNeYYTSMhnQREPsg==">(function(){window.google.cdo={height:757,width:1440};(function(){var a=window.innerWidth,b=window.innerHeight;if(!a||!b){var c=window.docu
                    2021-09-15 09:32:41 UTC95INData Raw: 65 61 74 65 50 6f 6c 69 63 79 28 22 67 6f 6f 67 23 68 74 6d 6c 22 2c 7b 63 72 65 61 74 65 48 54 4d 4c 3a 66 2c 63 72 65 61 74 65 53 63 72 69 70 74 3a 66 2c 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 3a 66 7d 29 7d 63 61 74 63 68 28 70 29 7b 65 2e 63 6f 6e 73 6f 6c 65 26 26 65 2e 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 70 2e 6d 65 73 73 61 67 65 29 7d 67 3d 62 7d 65 6c 73 65 20 67 3d 62 7d 61 3d 28 62 3d 67 29 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 3b 61 3d 6e 65 77 20 6c 28 61 2c 68 29 3b 63 2e 73 72 63 3d 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 6c 26 26 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 6c 3f 61 2e 67 3a 22 74 79 70 65 5f 65 72 72 6f 72 3a 54 72 75 73 74 65 64 52 65 73 6f 75 72 63 65 55 72 6c 22 3b 76 61 72
                    Data Ascii: eatePolicy("goog#html",{createHTML:f,createScript:f,createScriptURL:f})}catch(p){e.console&&e.console.error(p.message)}g=b}else g=b}a=(b=g)?b.createScriptURL(a):a;a=new l(a,h);c.src=a instanceof l&&a.constructor===l?a.g:"type_error:TrustedResourceUrl";var
                    2021-09-15 09:32:41 UTC96INData Raw: 32 6c 63 6b 79 5c 78 32 32 3a 5c 78 32 32 49 5c 5c 75 30 30 32 36 23 33 39 3b 6d 20 46 65 65 6c 69 6e 67 20 4c 75 63 6b 79 5c 78 32 32 2c 5c 78 32 32 6c 6d 6c 5c 78 32 32 3a 5c 78 32 32 4c 65 61 72 6e 20 6d 6f 72 65 5c 78 32 32 2c 5c 78 32 32 6f 73 6b 74 5c 78 32 32 3a 5c 78 32 32 49 6e 70 75 74 20 74 6f 6f 6c 73 5c 78 32 32 2c 5c 78 32 32 70 73 72 63 5c 78 32 32 3a 5c 78 32 32 54 68 69 73 20 73 65 61 72 63 68 20 77 61 73 20 72 65 6d 6f 76 65 64 20 66 72 6f 6d 20 79 6f 75 72 20 5c 5c 75 30 30 33 43 61 20 68 72 65 66 5c 78 33 64 5c 5c 5c 78 32 32 2f 68 69 73 74 6f 72 79 5c 5c 5c 78 32 32 5c 5c 75 30 30 33 45 57 65 62 20 48 69 73 74 6f 72 79 5c 5c 75 30 30 33 43 2f 61 5c 5c 75 30 30 33 45 5c 78 32 32 2c 5c 78 32 32 70 73 72 6c 5c 78 32 32 3a 5c 78 32 32 52
                    Data Ascii: 2lcky\x22:\x22I\\u0026#39;m Feeling Lucky\x22,\x22lml\x22:\x22Learn more\x22,\x22oskt\x22:\x22Input tools\x22,\x22psrc\x22:\x22This search was removed from your \\u003Ca href\x3d\\\x22/history\\\x22\\u003EWeb History\\u003C/a\\u003E\x22,\x22psrl\x22:\x22R
                    2021-09-15 09:32:41 UTC97INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    2192.168.2.649744172.217.168.36443C:\Users\user\Desktop\P9vxkMpyQ5.exe
                    TimestampkBytes transferredDirectionData
                    2021-09-15 09:32:48 UTC97OUTGET / HTTP/1.1
                    Host: www.google.com
                    Connection: Keep-Alive
                    2021-09-15 09:32:48 UTC97INHTTP/1.1 200 OK
                    Date: Wed, 15 Sep 2021 09:32:48 GMT
                    Expires: -1
                    Cache-Control: private, max-age=0
                    Content-Type: text/html; charset=ISO-8859-1
                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                    Server: gws
                    X-XSS-Protection: 0
                    X-Frame-Options: SAMEORIGIN
                    Set-Cookie: CONSENT=PENDING+143; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.google.com; Secure
                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                    Accept-Ranges: none
                    Vary: Accept-Encoding
                    Connection: close
                    Transfer-Encoding: chunked
                    2021-09-15 09:32:48 UTC98INData Raw: 35 30 38 65 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 47 42 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61 72 64 5f 63 6f 6c 6f 72 5f 31 32 38 64 70 2e 70 6e 67 22 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65
                    Data Ascii: 508e<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-GB"><head><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image
                    2021-09-15 09:32:48 UTC98INData Raw: 2c 38 34 30 2c 32 31 39 36 2c 34 31 30 31 2c 31 30 38 2c 33 34 30 36 2c 36 30 36 2c 32 30 32 33 2c 32 32 39 37 2c 31 34 36 37 30 2c 32 32 37 33 2c 31 2c 39 35 33 2c 32 38 34 35 2c 37 2c 31 32 33 35 34 2c 35 30 39 36 2c 37 35 33 39 2c 38 37 38 31 2c 39 30 38 2c 32 2c 39 34 31 2c 31 35 37 35 36 2c 33 2c 35 37 36 2c 31 30 31 34 2c 31 2c 35 34 34 35 2c 31 34 38 2c 31 31 33 32 33 2c 32 36 35 32 2c 34 2c 31 35 32 38 2c 32 33 30 34 2c 31 32 33 36 2c 35 32 32 37 2c 35 37 36 2c 37 34 2c 31 39 38 33 2c 32 36 32 37 2c 32 30 31 34 2c 31 38 33 37 35 2c 32 36 35 38 2c 34 32 34 33 2c 33 31 31 33 2c 33 31 2c 31 33 36 32 38 2c 32 33 30 36 2c 36 33 37 2c 31 34 39 34 2c 35 35 38 36 2c 31 31 32 30 30 2c 36 35 31 2c 31 38 37 31 2c 33 33 30 38 2c 32 35 32 37 2c 34 30 39 34 2c
                    Data Ascii: ,840,2196,4101,108,3406,606,2023,2297,14670,2273,1,953,2845,7,12354,5096,7539,8781,908,2,941,15756,3,576,1014,1,5445,148,11323,2652,4,1528,2304,1236,5227,576,74,1983,2627,2014,18375,2658,4243,3113,31,13628,2306,637,1494,5586,11200,651,1871,3308,2527,4094,
                    2021-09-15 09:32:48 UTC99INData Raw: 76 61 72 20 62 3b 61 26 26 28 21 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 7c 7c 21 28 62 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 65 69 64 22 29 29 29 3b 29 61 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 7c 7c 68 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3d 6e 75 6c 6c 3b 61 26 26 28 21 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 7c 7c 21 28 62 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 6c 65 69 64 22 29 29 29 3b 29 61 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 7d 0a 66 75 6e 63 74 69 6f 6e 20 6e 28 61 2c 62 2c 63 2c 64 2c 67 29 7b 76 61 72 20 65 3d 22 22 3b 63 7c 7c 2d 31 21 3d 3d 62 2e 73 65 61 72 63 68 28 22 26 65 69 3d 22 29 7c 7c 28 65 3d 22 26 65 69 3d 22 2b
                    Data Ascii: var b;a&&(!a.getAttribute||!(b=a.getAttribute("eid")));)a=a.parentNode;return b||h}function m(a){for(var b=null;a&&(!a.getAttribute||!(b=a.getAttribute("leid")));)a=a.parentNode;return b}function n(a,b,c,d,g){var e="";c||-1!==b.search("&ei=")||(e="&ei="+
                    2021-09-15 09:32:48 UTC101INData Raw: 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 73 75 62 6d 69 74 22 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 61 3b 69 66 28 61 3d 62 2e 74 61 72 67 65 74 29 7b 76 61 72 20 63 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 73 75 62 6d 69 74 66 61 6c 73 65 22 29 3b 61 3d 22 31 22 3d 3d 3d 63 7c 7c 22 71 22 3d 3d 3d 63 26 26 21 61 2e 65 6c 65 6d 65 6e 74 73 2e 71 2e 76 61 6c 75 65 3f 21 30 3a 21 31 7d 65 6c 73 65 20 61 3d 21 31 3b 61 26 26 28 62 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 2c 62 2e 73 74 6f 70 50 72 6f 70 61 67 61 74 69 6f 6e 28 29 29 7d 2c 21 30 29 3b 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c
                    Data Ascii: documentElement.addEventListener("submit",function(b){var a;if(a=b.target){var c=a.getAttribute("data-submitfalse");a="1"===c||"q"===c&&!a.elements.q.value?!0:!1}else a=!1;a&&(b.preventDefault(),b.stopPropagation())},!0);document.documentElement.addEventL
                    2021-09-15 09:32:48 UTC102INData Raw: 61 63 69 74 79 3a 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 66 69 6c 74 65 72 3a 61 6c 70 68 61 28 6f 70 61 63 69 74 79 3d 30 29 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 6d 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 7a 2d 69 6e 64 65 78 3a 39 39 39 3b 74 6f 70 3a 2d 39 39 39 70 78 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 2d 31 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c
                    Data Ascii: acity:0 !important;filter:alpha(opacity=0) !important}.gbm{position:absolute;z-index:999;top:-999px;visibility:hidden;text-align:left;border:1px solid #bebebe;background:#fff;-moz-box-shadow:-1px 1px 1px rgba(0,0,0,.2);-webkit-box-shadow:0 2px 4px rgba(0,
                    2021-09-15 09:32:48 UTC103INData Raw: 6e 65 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 6f 70 7d 2e 67 62 74 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 2e 67 62 74 6f 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 7d 2e 67 62 7a 74 2c 2e 67 62 67 74 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 64 69 73 70 6c 61
                    Data Ascii: ne-box;display:inline-block;line-height:27px;padding:0;vertical-align:top}.gbt{*display:inline}.gbto{box-shadow:0 2px 4px rgba(0,0,0,.2);-moz-box-shadow:0 2px 4px rgba(0,0,0,.2);-webkit-box-shadow:0 2px 4px rgba(0,0,0,.2)}.gbzt,.gbgt{cursor:pointer;displa
                    2021-09-15 09:32:48 UTC105INData Raw: 72 61 74 69 6f 6e 3a 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 70 64 6a 73 20 2e 67 62 74 6f 20 2e 67 62 6d 7b 6d 69 6e 2d 77 69 64 74 68 3a 39 39 25 7d 2e 67 62 7a 30 6c 20 2e 67 62 74 62 32 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 63 6f 6c 6f 72 3a 23 64 64 34 62 33 39 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 34 73 2c 23 67 62 69 34 73 31 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 23 67 62 67 36 2e 67 62 67 74 2d 68 76 72 2c 23 67 62 67 36 2e 67 62 67 74 3a 66 6f 63 75 73 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6e 6f 6e 65 7d 2e 67 62 67 34 61 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 30 7d 2e 67
                    Data Ascii: ration:none !important}.gbpdjs .gbto .gbm{min-width:99%}.gbz0l .gbtb2{border-top-color:#dd4b39!important}#gbi4s,#gbi4s1{font-weight:bold}#gbg6.gbgt-hvr,#gbg6.gbgt:focus{background-color:transparent;background-image:none}.gbg4a{font-size:0;line-height:0}.g
                    2021-09-15 09:32:48 UTC106INData Raw: 6d 74 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 31 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 62 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 33 36 63 20 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 6d 74 2c 2e 67 62 6d 74 3a 76 69 73 69 74 65 64 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 67 62 6d 6c 31 2c 2e 67 62 6d 6c 62 2c 2e 67 62 6d 6c 31 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 62 3a 76 69 73 69 74 65 64 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 30 20 31 30 70 78 7d 2e 67 62 6d 6c 31 2c 2e 67 62 6d 6c 62 2c 2e 67 62 6d 6c 31 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 62 3a 76 69 73 69 74 65 64 7b 2a 64 69
                    Data Ascii: mt:visited,.gbml1:visited,.gbmlb:visited{color:#36c !important;text-decoration:none !important}.gbmt,.gbmt:visited{display:block}.gbml1,.gbmlb,.gbml1:visited,.gbmlb:visited{display:inline-block;margin:0 10px}.gbml1,.gbmlb,.gbml1:visited,.gbmlb:visited{*di
                    2021-09-15 09:32:48 UTC107INData Raw: 64 3a 61 66 74 65 72 2c 23 47 42 4d 50 41 4c 3a 6c 61 73 74 2d 63 68 69 6c 64 3a 61 66 74 65 72 7b 63 6f 6e 74 65 6e 74 3a 27 5c 30 41 5c 30 41 27 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 70 72 65 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 7d 23 67 62 6d 70 73 7b 2a 7a 6f 6f 6d 3a 31 7d 23 67 62 64 34 20 2e 67 62 70 63 2c 23 67 62 6d 70 61 73 20 2e 67 62 6d 74 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 37 70 78 7d 23 67 62 64 34 20 2e 67 62 70 67 73 20 2e 67 62 6d 74 63 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 7d 23 67 62 64 34 20 2e 67 62 6d 74 63 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 7d 23 67 62 64 34 20 2e 67 62 70 63 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63
                    Data Ascii: d:after,#GBMPAL:last-child:after{content:'\0A\0A';white-space:pre;position:absolute}#gbmps{*zoom:1}#gbd4 .gbpc,#gbmpas .gbmt{line-height:17px}#gbd4 .gbpgs .gbmtc{line-height:27px}#gbd4 .gbmtc{border-bottom:1px solid #bebebe}#gbd4 .gbpc{display:inline-bloc
                    2021-09-15 09:32:48 UTC108INData Raw: 6c 20 2e 67 62 71 66 62 62 7b 6d 61 72 67 69 6e 3a 30 20 32 30 70 78 7d 2e 67 62 70 30 20 2e 67 62 70 73 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 61 2e 67 62 69 62 61 7b 6d 61 72 67 69 6e 3a 38 70 78 20 32 30 70 78 20 31 30 70 78 7d 2e 67 62 6d 70 69 61 77 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 30 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 36 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 67 62 78 76 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 2e 67 62 6d 70 69 61 61 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 67 62 6d 70 69 61 7b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 64 69 73 70 6c 61 79 3a
                    Data Ascii: l .gbqfbb{margin:0 20px}.gbp0 .gbps{*display:inline}a.gbiba{margin:8px 20px 10px}.gbmpiaw{display:inline-block;padding-right:10px;margin-bottom:6px;margin-top:10px}.gbxv{visibility:hidden}.gbmpiaa{display:block;margin-top:10px}.gbmpia{border:none;display:
                    2021-09-15 09:32:48 UTC110INData Raw: 66 62 62 2d 68 76 72 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 7d 2e 67 62 71 66 62 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 2e 67 62 71 66 62 61 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 2e 67 62 71 66 62 62 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 7b 62 6f 72 64 65 72 3a 30 7d 2e 67 62 71 66 62 61 2c 2e 67 62 71 66 62 62 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 63 64 63 64 63
                    Data Ascii: fbb-hvr{-webkit-box-shadow:0 1px 1px rgba(0,0,0,.1);-moz-box-shadow:0 1px 1px rgba(0,0,0,.1);box-shadow:0 1px 1px rgba(0,0,0,.1)}.gbqfb::-moz-focus-inner,.gbqfba::-moz-focus-inner,.gbqfbb::-moz-focus-inner{border:0}.gbqfba,.gbqfbb{border:1px solid #dcdcdc
                    2021-09-15 09:32:48 UTC111INData Raw: 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 34 64 39 30 66 65 2c 23 33 35 37 61 65 38 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 34 64 39 30 66 65 2c 23 33 35 37 61 65 38 29 7d 2e 67 62 71 66 62 3a 61 63 74 69 76 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 33 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 33 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20
                    Data Ascii: gradient(top,#4d90fe,#357ae8);background-image:linear-gradient(top,#4d90fe,#357ae8)}.gbqfb:active{background-color:inherit;-webkit-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.3);-moz-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.3);box-shadow:inset 0 1px 2px
                    2021-09-15 09:32:48 UTC112INData Raw: 27 23 66 31 66 31 66 31 27 29 7d 2e 67 62 71 66 62 62 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 67 72 61 64 69 65 6e 74 28 6c 69 6e 65 61 72 2c 6c 65 66 74 20 74 6f 70 2c 6c 65 66 74 20 62 6f 74 74 6f 6d 2c 66 72 6f 6d 28 23 66 66 66 29 2c 74 6f 28 23 66 62 66 62 66 62 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 66 66 66 2c 23 66 62 66 62 66 62 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 66 66 66 2c 23 66 62 66 62 66 62 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d
                    Data Ascii: '#f1f1f1')}.gbqfbb{background-color:#fff;background-image:-webkit-gradient(linear,left top,left bottom,from(#fff),to(#fbfbfb));background-image:-webkit-linear-gradient(top,#fff,#fbfbfb);background-image:-moz-linear-gradient(top,#fff,#fbfbfb);background-im
                    2021-09-15 09:32:48 UTC113INData Raw: 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 7d 0a 23 67 62 6d 70 61 73 7b 6d 61 78 2d 68 65 69 67 68 74 3a 32 32 30 70 78 7d 23 67 62 6d 6d 7b 6d 61 78 2d 68 65 69 67 68 74 3a 35 33 30 70 78 7d 2e 67 62 73 62 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 2a 7a 6f 6f 6d 3a 31 7d 2e 67 62 73 62 69 63 7b 6f 76 65 72 66 6c 6f 77 3a 61 75 74 6f 7d 2e 67 62 73 62 69 73
                    Data Ascii: a(0,0,0,.1);-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,.1);box-shadow:inset 0 1px 2px rgba(0,0,0,.1)}#gbmpas{max-height:220px}#gbmm{max-height:530px}.gbsb{-webkit-box-sizing:border-box;display:block;position:relative;*zoom:1}.gbsbic{overflow:auto}.gbsbis
                    2021-09-15 09:32:48 UTC115INData Raw: 2c 63 6f 6c 6f 72 2d 73 74 6f 70 28 31 2c 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 2d 77 65 62 6b 69 74 2d 67 72 61 64 69 65 6e 74 28 6c 69 6e 65 61 72 2c 6c 65 66 74 20 62 6f 74 74 6f 6d 2c 6c 65 66 74 20 74 6f 70 2c 66 72 6f 6d 28 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 29 2c 74 6f 28 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 2c 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 72 67 62 61 28
                    Data Ascii: ,color-stop(1,rgba(0,0,0,.1)));background:-webkit-gradient(linear,left bottom,left top,from(rgba(0,0,0,.2)),to(rgba(0,0,0,0)));background-image:-webkit-linear-gradient(bottom,rgba(0,0,0,.2),rgba(0,0,0,0));background-image:-moz-linear-gradient(bottom,rgba(
                    2021-09-15 09:32:48 UTC116INData Raw: 67 72 6f 75 6e 64 3a 23 66 38 66 39 66 61 3b 62 6f 72 64 65 72 3a 73 6f 6c 69 64 20 31 70 78 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 61 64 63 65 30 20 23 37 30 37 35 37 61 20 23 37 30 37 35 37 61 20 23 64 61 64 63 65 30 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 2e 6c 73 62 62 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 23 57 71 51 41 4e 62 20 61 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 30 20 31 32 70 78 7d 2e 6c 73 62 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 69 6d 61 67 65 73 2f 6e 61 76 5f 6c 6f 67 6f 32 32 39 2e 70 6e 67 29 20 30 20 2d 32 36 31 70 78 20 72 65 70 65 61 74 2d 78 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b
                    Data Ascii: ground:#f8f9fa;border:solid 1px;border-color:#dadce0 #70757a #70757a #dadce0;height:30px}.lsbb{display:block}#WqQANb a{display:inline-block;margin:0 12px}.lsb{background:url(/images/nav_logo229.png) 0 -261px repeat-x;border:none;color:#000;cursor:pointer;
                    2021-09-15 09:32:48 UTC117INData Raw: 6f 6e 28 61 2c 62 2c 65 2c 6d 2c 64 29 7b 70 21 3d 3d 61 26 26 67 6f 6f 67 6c 65 2e 6d 6c 28 64 20 69 6e 73 74 61 6e 63 65 6f 66 20 45 72 72 6f 72 3f 64 3a 45 72 72 6f 72 28 61 29 2c 21 31 2c 76 6f 69 64 20 30 2c 21 31 2c 67 6f 6f 67 6c 65 2e 64 6c 3f 30 3a 32 29 3b 70 3d 6e 75 6c 6c 3b 6c 26 26 6e 3e 3d 6b 26 26 28 77 69 6e 64 6f 77 2e 6f 6e 65 72 72 6f 72 3d 6e 75 6c 6c 29 7d 3b 7d 29 28 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 76 61 72 20 65 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 76 61 72 20 61
                    Data Ascii: on(a,b,e,m,d){p!==a&&google.ml(d instanceof Error?d:Error(a),!1,void 0,!1,google.dl?0:2);p=null;l&&n>=k&&(window.onerror=null)};})();(function(){try{/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/var e=this||self;var a
                    2021-09-15 09:32:48 UTC118INData Raw: 31 30 63 0d 0a 29 3b 72 65 74 75 72 6e 20 69 73 4e 61 4e 28 61 29 3f 62 3a 61 7d 66 75 6e 63 74 69 6f 6e 20 5f 74 76 66 28 61 2c 62 29 7b 61 3d 70 61 72 73 65 46 6c 6f 61 74 28 61 29 3b 72 65 74 75 72 6e 20 69 73 4e 61 4e 28 61 29 3f 62 3a 61 7d 66 75 6e 63 74 69 6f 6e 20 5f 74 76 76 28 61 29 7b 72 65 74 75 72 6e 21 21 61 7d 66 75 6e 63 74 69 6f 6e 20 70 28 61 2c 62 2c 63 29 7b 28 63 7c 7c 67 29 5b 61 5d 3d 62 7d 67 2e 62 76 3d 7b 6e 3a 5f 74 76 6e 28 22 32 22 2c 30 29 2c 72 3a 22 22 2c 66 3a 22 2e 36 36 2e 22 2c 65 3a 22 22 2c 6d 3a 5f 74 76 6e 28 22 31 22 2c 31 29 7d 3b 0a 66 75 6e 63 74 69 6f 6e 20 63 61 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3d 22 6f 6e 22 2b 62 3b 69 66 28 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 29 61 2e 61 64 64 45 76
                    Data Ascii: 10c);return isNaN(a)?b:a}function _tvf(a,b){a=parseFloat(a);return isNaN(a)?b:a}function _tvv(a){return!!a}function p(a,b,c){(c||g)[a]=b}g.bv={n:_tvn("2",0),r:"",f:".66.",e:"",m:_tvn("1",1)};function ca(a,b,c){var d="on"+b;if(a.addEventListener)a.addEv
                    2021-09-15 09:32:48 UTC118INData Raw: 36 65 32 36 0d 0a 29 3b 65 6c 73 65 20 69 66 28 61 2e 61 74 74 61 63 68 45 76 65 6e 74 29 61 2e 61 74 74 61 63 68 45 76 65 6e 74 28 64 2c 63 29 3b 65 6c 73 65 7b 76 61 72 20 66 3d 61 5b 64 5d 3b 61 5b 64 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6b 3d 66 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 2c 6d 3d 63 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 3b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 3d 3d 6b 3f 6d 3a 76 6f 69 64 20 30 3d 3d 6d 3f 6b 3a 6d 26 26 6b 7d 7d 7d 76 61 72 20 64 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 67 2e 62 76 2e 6d 3d 3d 61 7d 7d 2c 65 61 3d 64 61 28 31 29 2c 66 61 3d 64 61 28 32 29 3b 70 28 22 73 62 22
                    Data Ascii: 6e26);else if(a.attachEvent)a.attachEvent(d,c);else{var f=a[d];a[d]=function(){var k=f.apply(this,arguments),m=c.apply(this,arguments);return void 0==k?m:void 0==m?k:m&&k}}}var da=function(a){return function(){return g.bv.m==a}},ea=da(1),fa=da(2);p("sb"
                    2021-09-15 09:32:48 UTC119INData Raw: 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 75 61 29 7b 61 3d 7b 74 3a 61 2c 62 3a 62 7d 3b 69 66 28 63 29 66 6f 72 28 76 61 72 20 64 20 69 6e 20 63 29 61 5b 64 5d 3d 63 5b 64 5d 3b 74 72 79 7b 75 61 28 61 29 7d 63 61 74 63 68 28 66 29 7b 7d 7d 7d 3b 70 28 22 6d 64 63 22 2c 76 29 3b 70 28 22 6d 64 69 22 2c 6c 61 29 3b 70 28 22 62 6e 63 22 2c 77 29 3b 70 28 22 71 47 43 22 2c 74 61 29 3b 70 28 22 71 6d 22 2c 42 29 3b 70 28 22 71 64 22 2c 78 29 3b 70 28 22 6c 62 22 2c 44 29 3b 70 28 22 6d 63 66 22 2c 70 61 29 3b 70 28 22 62 63 66 22 2c 6f 61 29 3b 70 28 22 61 71 22 2c 41 29 3b 70 28 22 6d 64 64 22 2c 22 22 29 3b 0a 70 28 22 68 61 73 22 2c 71 61 29 3b 70 28 22 74 72 68 22 2c 76 61 29 3b 70 28 22 74 65 76 22 2c 73 61 29 3b 69 66 28 68 2e 61 28 22 6d 3b 2f
                    Data Ascii: ction(a,b,c){if(ua){a={t:a,b:b};if(c)for(var d in c)a[d]=c[d];try{ua(a)}catch(f){}}};p("mdc",v);p("mdi",la);p("bnc",w);p("qGC",ta);p("qm",B);p("qd",x);p("lb",D);p("mcf",pa);p("bcf",oa);p("aq",A);p("mdd","");p("has",qa);p("trh",va);p("tev",sa);if(h.a("m;/
                    2021-09-15 09:32:48 UTC121INData Raw: 47 61 29 7b 47 61 2b 2b 3b 76 61 72 20 63 3d 61 3b 62 3d 62 7c 7c 7b 7d 3b 76 61 72 20 64 3d 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 2c 66 3d 5b 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 67 65 6e 5f 32 30 34 3f 61 74 79 70 3d 69 26 7a 78 3d 22 2c 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 2c 22 26 6a 65 78 70 69 64 3d 22 2c 64 28 22 32 38 38 33 34 22 29 2c 22 26 73 72 63 70 67 3d 22 2c 64 28 22 70 72 6f 70 3d 31 22 29 2c 22 26 6a 73 72 3d 22 2c 4d 61 74 68 2e 72 6f 75 6e 64 28 31 2f 46 61 29 2c 22 26 6f 67 65 76 3d 22 2c 64 28 22 77 4c 31 42 59 61 32 70 49 39 43 53 78 63 38 50 36 73 47 6b 30 41 6f 22 29 2c 22 26 6f 67 66 3d 22 2c 67 2e 62 76 2e 66 2c 22 26 6f 67 72 70 3d 22 2c 64 28 22 22 29 2c 22 26 6f 67 76 3d
                    Data Ascii: Ga){Ga++;var c=a;b=b||{};var d=encodeURIComponent,f=["//www.google.com/gen_204?atyp=i&zx=",(new Date).getTime(),"&jexpid=",d("28834"),"&srcpg=",d("prop=1"),"&jsr=",Math.round(1/Fa),"&ogev=",d("wL1BYa2pI9CSxc8P6sGk0Ao"),"&ogf=",g.bv.f,"&ogrp=",d(""),"&ogv=
                    2021-09-15 09:32:48 UTC122INData Raw: 2f 64 3d 31 2f 6b 3d 22 2c 0a 22 6f 67 2e 6f 67 32 2e 65 6e 5f 55 53 2e 6d 64 38 54 6c 61 44 52 41 64 38 2e 4f 22 2c 22 2f 72 74 3d 6a 2f 6d 3d 22 2c 61 2c 22 2f 72 73 3d 22 2c 22 41 41 32 59 72 54 76 7a 56 4b 52 79 73 75 6d 6a 50 44 45 37 52 4d 7a 63 56 68 33 6a 78 79 73 51 43 67 22 5d 3b 4b 61 26 26 61 2e 70 75 73 68 28 22 3f 68 6f 73 74 3d 77 77 77 2e 67 73 74 61 74 69 63 2e 63 6f 6d 26 62 75 73 74 3d 6f 67 2e 6f 67 32 2e 65 6e 5f 55 53 2e 6b 30 63 62 66 4e 53 33 64 6b 63 2e 44 55 22 29 3b 61 3d 61 2e 6a 6f 69 6e 28 22 22 29 3b 72 61 28 61 29 7d 3b 70 28 22 63 61 22 2c 4a 29 3b 70 28 22 63 72 22 2c 4b 29 3b 70 28 22 63 63 22 2c 48 29 3b 68 2e 6b 3d 4a 3b 68 2e 6c 3d 4b 3b 68 2e 6d 3d 48 3b 68 2e 6e 3d 4c 61 3b 68 2e 70 3d 4e 61 3b 68 2e 71 3d 4d 61 3b
                    Data Ascii: /d=1/k=","og.og2.en_US.md8TlaDRAd8.O","/rt=j/m=",a,"/rs=","AA2YrTvzVKRysumjPDE7RMzcVh3jxysQCg"];Ka&&a.push("?host=www.gstatic.com&bust=og.og2.en_US.k0cbfNS3dkc.DU");a=a.join("");ra(a)};p("ca",J);p("cr",K);p("cc",H);h.k=J;h.l=K;h.m=H;h.n=La;h.p=Na;h.q=Ma;
                    2021-09-15 09:32:48 UTC123INData Raw: 69 62 75 74 65 29 7b 76 61 72 20 6e 3d 6d 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 61 72 69 61 2d 6f 77 6e 65 72 22 29 3b 69 66 28 6e 2e 6c 65 6e 67 74 68 29 7b 76 61 72 20 6c 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 6e 29 3b 6c 26 26 6c 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 4b 28 6c 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 22 67 62 74 6f 22 29 7d 7d 7d 5a 61 28 66 29 26 26 24 61 28 66 29 3b 4f 3d 64 3b 4a 28 6b 2c 22 67 62 74 6f 22 29 7d 7d 7d 7d 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 74 67 28 61 2c 62 2c 21 30 29 7d 29 3b 61 62 28 61 29 7d 63 61 74 63 68 28 71 29 7b 72 28 71 2c 22 73 62 22 2c 22 74 67 22 29 7d 7d 2c 63 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 63 6c 6f
                    Data Ascii: ibute){var n=m.getAttribute("aria-owner");if(n.length){var l=document.getElementById(n);l&&l.parentNode&&K(l.parentNode,"gbto")}}}Za(f)&&$a(f);O=d;J(k,"gbto")}}}}B(function(){g.tg(a,b,!0)});ab(a)}catch(q){r(q,"sb","tg")}},cb=function(a){B(function(){g.clo
                    2021-09-15 09:32:48 UTC124INData Raw: 42 65 66 6f 72 65 28 79 2c 6b 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 6c 5d 29 7d 67 2e 61 64 64 48 6f 76 65 72 26 26 67 2e 61 64 64 48 6f 76 65 72 28 61 29 7d 65 6c 73 65 20 6b 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6d 29 7d 7d 63 61 74 63 68 28 44 62 29 7b 72 28 44 62 2c 22 73 62 22 2c 22 61 6c 22 29 7d 7d 2c 65 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 6f 72 28 76 61 72 20 63 3d 62 2e 6c 65 6e 67 74 68 2c 0a 64 3d 30 3b 64 3c 63 3b 64 2b 2b 29 69 66 28 48 28 61 2c 62 5b 64 5d 29 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 67 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 66 62 28 61 2c 62 2c 63 29 7d 2c 68 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 62 28 61 2c 22 67 62 65 22 2c 62 29 7d 2c 69 62 3d 66 75 6e 63 74 69
                    Data Ascii: Before(y,k.childNodes[l])}g.addHover&&g.addHover(a)}else k.appendChild(m)}}catch(Db){r(Db,"sb","al")}},eb=function(a,b){for(var c=b.length,d=0;d<c;d++)if(H(a,b[d]))return!0;return!1},gb=function(a,b,c){fb(a,b,c)},hb=function(a,b){fb(a,"gbe",b)},ib=functi
                    2021-09-15 09:32:48 UTC126INData Raw: 4b 28 61 2c 22 67 62 6d 73 67 6f 22 29 7d 2c 5a 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3d 30 2c 63 3b 63 3d 61 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 62 5d 3b 62 2b 2b 29 69 66 28 48 28 63 2c 22 67 62 6d 73 67 22 29 29 72 65 74 75 72 6e 20 63 7d 2c 50 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 70 62 26 26 77 69 6e 64 6f 77 2e 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 70 62 29 7d 2c 74 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 22 69 6e 6e 65 72 22 2b 61 3b 61 3d 22 6f 66 66 73 65 74 22 2b 61 3b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 5b 62 5d 3f 77 69 6e 64 6f 77 5b 62 5d 3a 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 26 26 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74
                    Data Ascii: K(a,"gbmsgo")},Za=function(a){for(var b=0,c;c=a.childNodes[b];b++)if(H(c,"gbmsg"))return c},P=function(){pb&&window.clearTimeout(pb)},tb=function(a){var b="inner"+a;a="offset"+a;return window[b]?window[b]:document.documentElement&&document.documentElement
                    2021-09-15 09:32:48 UTC127INData Raw: 6d 65 73 3f 61 26 26 61 28 29 3a 28 61 26 26 74 61 28 61 29 2c 44 28 22 67 63 22 29 29 7d 3b 70 28 22 6c 47 43 22 2c 42 62 29 3b 68 2e 61 28 22 31 22 29 26 26 70 28 22 6c 50 57 46 22 2c 42 62 29 7d 3b 77 69 6e 64 6f 77 2e 5f 5f 50 56 54 3d 22 22 3b 69 66 28 68 2e 61 28 22 31 22 29 26 26 68 2e 61 28 22 31 22 29 29 7b 76 61 72 20 43 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 42 62 28 66 75 6e 63 74 69 6f 6e 28 29 7b 41 28 22 70 77 22 2c 61 29 3b 44 28 22 70 77 22 29 7d 29 7d 3b 70 28 22 6c 50 57 22 2c 43 62 29 3b 77 2e 70 75 73 68 28 5b 22 70 77 22 2c 7b 75 72 6c 3a 22 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 6a 73 2f 61 62 63 2f 70 77 6d 5f 34 35 66 37 33 65 34 64 66 30 37 61 30 65 33 38 38 62 30 66 61 31 66 33 64 33 30 65 37 32 38 30
                    Data Ascii: mes?a&&a():(a&&ta(a),D("gc"))};p("lGC",Bb);h.a("1")&&p("lPWF",Bb)};window.__PVT="";if(h.a("1")&&h.a("1")){var Cb=function(a){Bb(function(){A("pw",a);D("pw")})};p("lPW",Cb);w.push(["pw",{url:"//ssl.gstatic.com/gb/js/abc/pwm_45f73e4df07a0e388b0fa1f3d30e7280
                    2021-09-15 09:32:48 UTC128INData Raw: 49 3d 64 28 22 63 6f 6d 22 29 2c 56 3d 64 28 22 65 6e 22 29 2c 57 3d 0a 64 28 22 47 42 52 22 29 3b 76 61 72 20 79 3d 30 3b 68 2e 61 28 22 22 29 26 26 28 79 7c 3d 31 29 3b 68 2e 61 28 22 22 29 26 26 28 79 7c 3d 32 29 3b 68 2e 61 28 22 22 29 26 26 28 79 7c 3d 34 29 3b 61 3d 5b 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 67 65 6e 5f 32 30 34 3f 61 74 79 70 3d 69 26 7a 78 3d 22 2c 66 2c 22 26 6f 67 65 3d 22 2c 61 2c 22 26 6f 67 65 78 3d 22 2c 6b 2c 22 26 6f 67 65 76 3d 22 2c 6d 2c 22 26 6f 67 66 3d 22 2c 6c 2c 22 26 6f 67 70 3d 22 2c 71 2c 22 26 6f 67 72 70 3d 22 2c 6e 2c 22 26 6f 67 73 72 3d 22 2c 63 2c 22 26 6f 67 76 3d 22 2c 45 2c 55 2c 22 26 6f 67 64 3d 22 2c 49 2c 22 26 6f 67 6c 3d 22 2c 56 2c 22 26 6f 67 63 3d 22 2c 57 2c 22 26 6f 67 75 73 3d
                    Data Ascii: I=d("com"),V=d("en"),W=d("GBR");var y=0;h.a("")&&(y|=1);h.a("")&&(y|=2);h.a("")&&(y|=4);a=["//www.google.com/gen_204?atyp=i&zx=",f,"&oge=",a,"&ogex=",k,"&ogev=",m,"&ogf=",l,"&ogp=",q,"&ogrp=",n,"&ogsr=",c,"&ogv=",E,U,"&ogd=",I,"&ogl=",V,"&ogc=",W,"&ogus=
                    2021-09-15 09:32:48 UTC129INData Raw: 2e 61 28 22 22 29 2c 70 3a 22 68 74 74 70 73 3a 2f 2f 6c 68 33 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 6f 67 77 2f 64 65 66 61 75 6c 74 2d 75 73 65 72 3d 73 39 36 22 2c 63 70 3a 22 31 22 2c 78 70 3a 68 2e 61 28 22 31 22 29 2c 6d 67 3a 22 25 31 24 73 20 28 64 65 6c 65 67 61 74 65 64 29 22 2c 6d 64 3a 22 25 31 24 73 20 28 64 65 66 61 75 6c 74 29 22 2c 6d 68 3a 22 32 32 30 22 2c 73 3a 22 31 22 2c 70 70 3a 59 62 2c 70 70 6c 3a 68 2e 61 28 22 22 29 2c 70 70 61 3a 68 2e 61 28 22 22 29 2c 0a 70 70 6d 3a 22 47 6f 6f 67 6c 65 2b 20 70 61 67 65 22 7d 3b 76 2e 70 72 66 3d 24 62 7d 3b 76 61 72 20 53 2c 61 63 2c 54 2c 62 63 2c 58 3d 30 2c 63 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 2e 69 6e 64 65 78 4f 66 29 72 65
                    Data Ascii: .a(""),p:"https://lh3.googleusercontent.com/ogw/default-user=s96",cp:"1",xp:h.a("1"),mg:"%1$s (delegated)",md:"%1$s (default)",mh:"220",s:"1",pp:Yb,ppl:h.a(""),ppa:h.a(""),ppm:"Google+ page"};v.prf=$b};var S,ac,T,bc,X=0,cc=function(a,b,c){if(a.indexOf)re
                    2021-09-15 09:32:48 UTC131INData Raw: 7b 72 65 74 75 72 6e 20 61 26 26 61 2e 73 74 79 6c 65 26 26 61 2e 73 74 79 6c 65 2e 62 65 68 61 76 69 6f 72 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 61 2e 6c 6f 61 64 7d 2c 6c 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 74 72 79 7b 69 63 28 64 6f 63 75 6d 65 6e 74 29 7c 7c 28 64 7c 7c 28 62 3d 22 6f 67 2d 75 70 2d 22 2b 62 29 2c 6a 63 28 29 3f 65 2e 6c 6f 63 61 6c 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 62 2c 63 29 3a 6b 63 28 61 29 26 26 28 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 62 2c 63 29 2c 61 2e 73 61 76 65 28 61 2e 69 64 29 29 29 7d 63 61 74 63 68 28 66 29 7b 66 2e 63 6f 64 65 21 3d 44 4f 4d 45 78 63 65 70 74 69 6f 6e 2e 51 55 4f 54 41 5f 45 58 43 45 45 44 45 44 5f 45 52 52 26 26 72 28 66 2c 22
                    Data Ascii: {return a&&a.style&&a.style.behavior&&"undefined"!=typeof a.load},lc=function(a,b,c,d){try{ic(document)||(d||(b="og-up-"+b),jc()?e.localStorage.setItem(b,c):kc(a)&&(a.setAttribute(b,c),a.save(a.id)))}catch(f){f.code!=DOMException.QUOTA_EXCEEDED_ERR&&r(f,"
                    2021-09-15 09:32:48 UTC132INData Raw: 61 75 74 6f 3b 29 3b 6c 26 26 28 73 61 28 32 2c 6c 5b 30 5d 29 2c 6c 5b 31 5d 2e 75 72 6c 26 26 72 61 28 6c 5b 31 5d 2e 75 72 6c 2c 6c 5b 30 5d 29 2c 6c 5b 31 5d 2e 6c 69 62 73 26 26 43 26 26 43 28 6c 5b 31 5d 2e 6c 69 62 73 29 29 3b 6d 3c 6b 2e 6c 65 6e 67 74 68 26 26 73 65 74 54 69 6d 65 6f 75 74 28 61 2c 30 29 7d 66 75 6e 63 74 69 6f 6e 20 62 28 29 7b 30 3c 66 2d 2d 3f 73 65 74 54 69 6d 65 6f 75 74 28 62 2c 30 29 3a 61 28 29 7d 76 61 72 20 63 3d 68 2e 61 28 22 31 22 29 2c 64 3d 68 2e 61 28 22 22 29 2c 66 3d 33 2c 6b 3d 77 2c 6d 3d 30 2c 6e 3d 77 69 6e 64 6f 77 2e 67 62 61 72 4f 6e 52 65 61 64 79 3b 69 66 28 6e 29 74 72 79 7b 6e 28 29 7d 63 61 74 63 68 28 6c 29 7b 72 28 6c 2c 22 6d 6c 22 2c 22 6f 72 22 29 7d 64 3f 70 28 22 6c 64 62 22 2c 61 29 3a 63 3f
                    Data Ascii: auto;);l&&(sa(2,l[0]),l[1].url&&ra(l[1].url,l[0]),l[1].libs&&C&&C(l[1].libs));m<k.length&&setTimeout(a,0)}function b(){0<f--?setTimeout(b,0):a()}var c=h.a("1"),d=h.a(""),f=3,k=w,m=0,n=window.gbarOnReady;if(n)try{n()}catch(l){r(l,"ml","or")}d?p("ldb",a):c?
                    2021-09-15 09:32:48 UTC133INData Raw: 3d 65 2e 69 3b 76 61 72 20 67 3d 66 2e 63 28 22 31 22 2c 30 29 2c 68 3d 2f 5c 62 67 62 6d 74 5c 62 2f 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 72 79 7b 76 61 72 20 62 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 67 62 5f 22 2b 67 29 2c 63 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 67 62 5f 22 2b 61 29 3b 62 26 26 66 2e 6c 28 62 2c 68 2e 74 65 73 74 28 62 2e 63 6c 61 73 73 4e 61 6d 65 29 3f 22 67 62 6d 30 6c 22 3a 22 67 62 7a 30 6c 22 29 3b 63 26 26 66 2e 6b 28 63 2c 68 2e 74 65 73 74 28 63 2e 63 6c 61 73 73 4e 61 6d 65 29 3f 22 67 62 6d 30 6c 22 3a 22 67 62 7a 30 6c 22 29 7d 63 61 74 63 68 28 6c 29 7b 64 28 6c 2c 22 73 6a 22 2c 22 73 73 70 22 29 7d 67 3d 61 7d 2c 6d 3d 65 2e 71 73
                    Data Ascii: =e.i;var g=f.c("1",0),h=/\bgbmt\b/,k=function(a){try{var b=document.getElementById("gb_"+g),c=document.getElementById("gb_"+a);b&&f.l(b,h.test(b.className)?"gbm0l":"gbz0l");c&&f.k(c,h.test(c.className)?"gbm0l":"gbz0l")}catch(l){d(l,"sj","ssp")}g=a},m=e.qs
                    2021-09-15 09:32:48 UTC135INData Raw: 64 20 30 3d 3d 3d 67 3f 6b 3d 6b 5b 6c 5d 26 26 6b 5b 6c 5d 21 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 5b 6c 5d 3f 6b 5b 6c 5d 3a 6b 5b 6c 5d 3d 7b 7d 3a 6b 5b 6c 5d 3d 67 3b 7d 63 61 74 63 68 28 65 29 7b 77 69 6e 64 6f 77 2e 67 62 61 72 26 26 67 62 61 72 2e 6c 6f 67 67 65 72 26 26 67 62 61 72 2e 6c 6f 67 67 65 72 2e 6d 6c 28 65 2c 7b 22 5f 73 6e 22 3a 22 63 66 67 2e 69 6e 69 74 22 7d 29 3b 7d 7d 29 28 29 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 77 69 6e 64 6f 77 2e 67 62 61 72 2e
                    Data Ascii: d 0===g?k=k[l]&&k[l]!==Object.prototype[l]?k[l]:k[l]={}:k[l]=g;}catch(e){window.gbar&&gbar.logger&&gbar.logger.ml(e,{"_sn":"cfg.init"});}})();(function(){try{/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/window.gbar.
                    2021-09-15 09:32:48 UTC136INData Raw: 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 74 3e 3c 61 20 63 6c 61 73 73 3d 67 62 7a 74 20 69 64 3d 67 62 5f 37 38 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 6c 61 79 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 3f 68 6c 3d 65 6e 26 74 61 62 3d 77 38 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 62 32 3e 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 73 3e 50 6c 61 79 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 74 3e 3c 61 20 63 6c 61 73 73 3d 67 62 7a 74 20 69 64 3d 67 62 5f 33 36 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 2f 3f 67 6c 3d 47 42 26 74 61 62 3d 77 31 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67
                    Data Ascii: </span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?gl=GB&tab=w1"><span class=g
                    2021-09-15 09:32:48 UTC137INData Raw: 70 73 3a 2f 2f 63 61 6c 65 6e 64 61 72 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 61 6c 65 6e 64 61 72 3f 74 61 62 3d 77 63 22 3e 43 61 6c 65 6e 64 61 72 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 6d 74 63 3e 3c 61 20 63 6c 61 73 73 3d 67 62 6d 74 20 69 64 3d 67 62 5f 35 31 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 72 61 6e 73 6c 61 74 65 2e 67 6f 6f 67 6c 65 2e 63 6f 2e 75 6b 2f 3f 68 6c 3d 65 6e 26 74 61 62 3d 77 54 22 3e 54 72 61 6e 73 6c 61 74 65 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 6d 74 63 3e 3c 61 20 63 6c 61 73 73 3d 67 62 6d 74 20 69 64 3d 67 62 5f 31 30 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 6f 6f 6b 73 2e 67 6f 6f 67 6c 65 2e 63 6f 2e 75 6b 2f 3f 68 6c 3d 65 6e 26 74 61 62 3d 77 70 22 3e
                    Data Ascii: ps://calendar.google.com/calendar?tab=wc">Calendar</a></li><li class=gbmtc><a class=gbmt id=gb_51 href="https://translate.google.co.uk/?hl=en&tab=wT">Translate</a></li><li class=gbmtc><a class=gbmt id=gb_10 href="https://books.google.co.uk/?hl=en&tab=wp">
                    2021-09-15 09:32:48 UTC138INData Raw: 3e 3c 2f 6f 6c 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 64 3d 67 62 67 3e 3c 68 32 20 63 6c 61 73 73 3d 67 62 78 78 3e 41 63 63 6f 75 6e 74 20 4f 70 74 69 6f 6e 73 3c 2f 68 32 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 63 62 3e 3c 2f 73 70 61 6e 3e 3c 6f 6c 20 63 6c 61 73 73 3d 67 62 74 63 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 74 3e 3c 61 20 74 61 72 67 65 74 3d 5f 74 6f 70 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 63 63 6f 75 6e 74 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 53 65 72 76 69 63 65 4c 6f 67 69 6e 3f 68 6c 3d 65 6e 26 70 61 73 73 69 76 65 3d 74 72 75 65 26 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 26 65 63 3d 47 41 5a 41 41 51 22 20 6f 6e 63 6c 69 63 6b 3d 22 67 62 61 72 2e 6c 6f 67
                    Data Ascii: ></ol></div><div id=gbg><h2 class=gbxx>Account Options</h2><span class=gbtcb></span><ol class=gbtc><li class=gbt><a target=_top href="https://accounts.google.com/ServiceLogin?hl=en&passive=true&continue=https://www.google.com/&ec=GAZAAQ" onclick="gbar.log
                    2021-09-15 09:32:48 UTC140INData Raw: 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 63 65 6e 74 65 72 3e 3c 62 72 20 63 6c 65 61 72 3d 22 61 6c 6c 22 20 69 64 3d 22 6c 67 70 64 22 3e 3c 64 69 76 20 69 64 3d 22 6c 67 61 22 3e 3c 69 6d 67 20 61 6c 74 3d 22 47 6f 6f 67 6c 65 22 20 68 65 69 67 68 74 3d 22 39 32 22 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 77 68 69 74 65 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 63 6f 6c 6f 72 5f 32 37 32 78 39 32 64 70 2e 70 6e 67 22 20 73 74 79 6c 65 3d 22 70 61 64 64 69 6e 67 3a 32 38 70 78 20 30 20 31 34 70 78 22 20 77 69 64 74 68 3d 22 32 37 32 22 20 69 64 3d 22 68 70 6c 6f 67 6f 22 3e 3c 62 72 3e 3c 62 72 3e 3c 2f 64 69 76 3e 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 73
                    Data Ascii: /div></div><center><br clear="all" id="lgpd"><div id="lga"><img alt="Google" height="92" src="/images/branding/googlelogo/1x/googlelogo_white_background_color_272x92dp.png" style="padding:28px 0 14px" width="272" id="hplogo"><br><br></div><form action="/s
                    2021-09-15 09:32:48 UTC141INData Raw: 6f 63 61 74 69 6f 6e 3d 27 2f 64 6f 6f 64 6c 65 73 2f 27 3b 7d 3b 7d 29 28 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 69 6e 70 75 74 20 76 61 6c 75 65 3d 22 41 4c 73 2d 77 41 4d 41 41 41 41 41 59 55 48 4c 30 45 7a 64 62 43 49 74 6e 71 70 72 4e 38 50 49 2d 77 64 7a 36 70 2d 5a 48 56 70 4d 22 20 6e 61 6d 65 3d 22 69 66 6c 73 69 67 22 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 3e 3c 2f 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 74 64 3e 3c 74 64 20 63 6c 61 73 73 3d 22 66 6c 20 73 62 6c 63 22 20 61 6c 69 67 6e 3d 22 6c 65 66 74 22 20 6e 6f 77 72 61 70 3d 22 22 20 77 69 64 74 68 3d 22 32 35 25 22 3e 3c 61 20 68 72 65 66 3d 22 2f 61 64 76 61 6e 63 65 64 5f 73 65 61 72 63 68 3f 68 6c 3d 65 6e 2d 47 42 26 61 6d 70 3b 61 75 74 68 75 73 65 72 3d 30 22 3e 41 64 76 61 6e 63
                    Data Ascii: ocation='/doodles/';};})();</script><input value="ALs-wAMAAAAAYUHL0EzdbCItnqprN8PI-wdz6p-ZHVpM" name="iflsig" type="hidden"></span></span></td><td class="fl sblc" align="left" nowrap="" width="25%"><a href="/advanced_search?hl=en-GB&amp;authuser=0">Advanc
                    2021-09-15 09:32:48 UTC142INData Raw: 67 3d 4b 5f 72 4b 56 44 72 78 39 46 4d 6c 61 72 68 30 37 75 64 32 51 6d 53 69 59 4d 61 6f 6f 25 33 44 22 3e 47 6f 6f 67 6c 65 2e 63 6f 2e 75 6b 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 38 70 74 3b 63 6f 6c 6f 72 3a 23 37 30 37 35 37 61 22 3e 26 63 6f 70 79 3b 20 32 30 32 31 20 2d 20 3c 61 20 68 72 65 66 3d 22 2f 69 6e 74 6c 2f 65 6e 2f 70 6f 6c 69 63 69 65 73 2f 70 72 69 76 61 63 79 2f 22 3e 50 72 69 76 61 63 79 3c 2f 61 3e 20 2d 20 3c 61 20 68 72 65 66 3d 22 2f 69 6e 74 6c 2f 65 6e 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 3c 2f 61 3e 3c 2f 70 3e 3c 2f 73 70 61 6e 3e 3c 2f 63 65 6e 74 65 72 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 6a 4f 2b 78 7a 5a 38 2f
                    Data Ascii: g=K_rKVDrx9FMlarh07ud2QmSiYMaoo%3D">Google.co.uk</a></div></div><p style="font-size:8pt;color:#70757a">&copy; 2021 - <a href="/intl/en/policies/privacy/">Privacy</a> - <a href="/intl/en/policies/terms/">Terms</a></p></span></center><script nonce="jO+xzZ8/
                    2021-09-15 09:32:48 UTC143INData Raw: 3b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 22 3d 3d 3d 62 2e 63 6f 6e 74 65 6e 74 54 79 70 65 26 26 28 63 3d 63 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 3b 63 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 63 29 3b 69 66 28 76 6f 69 64 20 30 3d 3d 3d 67 29 7b 62 3d 6e 75 6c 6c 3b 76 61 72 20 6b 3d 65 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 69 66 28 6b 26 26 6b 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 29 7b 74 72 79 7b 62 3d 6b 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 28 22 67 6f 6f 67 23 68 74 6d 6c 22 2c 7b 63 72 65 61 74 65 48 54 4d 4c 3a 66 2c 63 72 65 61 74 65 53 63 72 69 70 74 3a 66 2c 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 3a 66 7d 29 7d 63 61 74 63 68 28 70 29 7b 65 2e 63 6f 6e 73 6f 6c 65 26 26 65 2e 63 6f 6e
                    Data Ascii: ;"application/xhtml+xml"===b.contentType&&(c=c.toLowerCase());c=b.createElement(c);if(void 0===g){b=null;var k=e.trustedTypes;if(k&&k.createPolicy){try{b=k.createPolicy("goog#html",{createHTML:f,createScript:f,createScriptURL:f})}catch(p){e.console&&e.con
                    2021-09-15 09:32:48 UTC145INData Raw: 72 75 65 2c 5c 78 32 32 68 6f 73 74 5c 78 32 32 3a 5c 78 32 32 67 6f 6f 67 6c 65 2e 63 6f 6d 5c 78 32 32 2c 5c 78 32 32 69 73 62 68 5c 78 32 32 3a 32 38 2c 5c 78 32 32 6a 73 6f 6e 70 5c 78 32 32 3a 74 72 75 65 2c 5c 78 32 32 6d 73 67 73 5c 78 32 32 3a 7b 5c 78 32 32 63 69 62 6c 5c 78 32 32 3a 5c 78 32 32 43 6c 65 61 72 20 53 65 61 72 63 68 5c 78 32 32 2c 5c 78 32 32 64 79 6d 5c 78 32 32 3a 5c 78 32 32 44 69 64 20 79 6f 75 20 6d 65 61 6e 3a 5c 78 32 32 2c 5c 78 32 32 6c 63 6b 79 5c 78 32 32 3a 5c 78 32 32 49 5c 5c 75 30 30 32 36 23 33 39 3b 6d 20 46 65 65 6c 69 6e 67 20 4c 75 63 6b 79 5c 78 32 32 2c 5c 78 32 32 6c 6d 6c 5c 78 32 32 3a 5c 78 32 32 4c 65 61 72 6e 20 6d 6f 72 65 5c 78 32 32 2c 5c 78 32 32 6f 73 6b 74 5c 78 32 32 3a 5c 78 32 32 49 6e 70 75 74
                    Data Ascii: rue,\x22host\x22:\x22google.com\x22,\x22isbh\x22:28,\x22jsonp\x22:true,\x22msgs\x22:{\x22cibl\x22:\x22Clear Search\x22,\x22dym\x22:\x22Did you mean:\x22,\x22lcky\x22:\x22I\\u0026#39;m Feeling Lucky\x22,\x22lml\x22:\x22Learn more\x22,\x22oskt\x22:\x22Input
                    2021-09-15 09:32:48 UTC146INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    3192.168.2.649825172.217.168.36443C:\Users\user\Desktop\P9vxkMpyQ5.exe
                    TimestampkBytes transferredDirectionData
                    2021-09-15 09:33:47 UTC146OUTGET / HTTP/1.1
                    Host: www.google.com
                    Connection: Keep-Alive
                    2021-09-15 09:33:47 UTC146INHTTP/1.1 200 OK
                    Date: Wed, 15 Sep 2021 09:33:47 GMT
                    Expires: -1
                    Cache-Control: private, max-age=0
                    Content-Type: text/html; charset=ISO-8859-1
                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                    Server: gws
                    X-XSS-Protection: 0
                    X-Frame-Options: SAMEORIGIN
                    Set-Cookie: CONSENT=PENDING+145; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.google.com; Secure
                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                    Accept-Ranges: none
                    Vary: Accept-Encoding
                    Connection: close
                    Transfer-Encoding: chunked
                    2021-09-15 09:33:47 UTC146INData Raw: 35 31 34 30 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 47 42 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61 72 64 5f 63 6f 6c 6f 72 5f 31 32 38 64 70 2e 70 6e 67 22 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65
                    Data Ascii: 5140<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-GB"><head><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image
                    2021-09-15 09:33:47 UTC147INData Raw: 2c 32 30 32 33 2c 31 37 37 37 2c 35 32 30 2c 31 34 36 37 30 2c 33 32 32 39 2c 32 38 34 33 2c 38 2c 35 35 39 38 2c 36 37 35 35 2c 35 30 39 36 2c 31 36 33 32 30 2c 39 30 38 2c 32 2c 39 34 31 2c 31 35 37 35 36 2c 33 2c 33 34 36 2c 32 33 30 2c 31 30 31 34 2c 31 2c 35 34 34 34 2c 31 34 39 2c 31 31 33 32 33 2c 32 36 35 32 2c 34 2c 31 35 32 38 2c 32 33 30 34 2c 31 32 33 36 2c 35 38 30 33 2c 37 34 2c 31 39 38 33 2c 32 36 32 37 2c 32 30 33 2c 31 38 31 31 2c 31 33 36 31 31 2c 34 37 36 34 2c 32 36 35 38 2c 34 31 36 33 2c 37 39 2c 33 31 31 34 2c 33 31 2c 35 36 36 34 2c 37 39 36 34 2c 32 33 30 35 2c 36 33 38 2c 31 34 39 34 2c 35 35 38 36 2c 31 31 32 30 30 2c 32 35 32 31 2c 33 32 39 31 2c 32 35 34 35 2c 34 30 39 34 2c 33 31 33 38 2c 36 2c 39 30 38 2c 33 2c 33 35 34 31
                    Data Ascii: ,2023,1777,520,14670,3229,2843,8,5598,6755,5096,16320,908,2,941,15756,3,346,230,1014,1,5444,149,11323,2652,4,1528,2304,1236,5803,74,1983,2627,203,1811,13611,4764,2658,4163,79,3114,31,5664,7964,2305,638,1494,5586,11200,2521,3291,2545,4094,3138,6,908,3,3541
                    2021-09-15 09:33:47 UTC148INData Raw: 21 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 7c 7c 21 28 62 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 65 69 64 22 29 29 29 3b 29 61 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 7c 7c 68 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3d 6e 75 6c 6c 3b 61 26 26 28 21 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 7c 7c 21 28 62 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 6c 65 69 64 22 29 29 29 3b 29 61 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 7d 0a 66 75 6e 63 74 69 6f 6e 20 6e 28 61 2c 62 2c 63 2c 64 2c 67 29 7b 76 61 72 20 65 3d 22 22 3b 63 7c 7c 2d 31 21 3d 3d 62 2e 73 65 61 72 63 68 28 22 26 65 69 3d 22 29 7c 7c 28 65 3d 22 26 65 69 3d 22 2b 6c 28 64 29 2c 2d 31 3d 3d 3d
                    Data Ascii: !a.getAttribute||!(b=a.getAttribute("eid")));)a=a.parentNode;return b||h}function m(a){for(var b=null;a&&(!a.getAttribute||!(b=a.getAttribute("leid")));)a=a.parentNode;return b}function n(a,b,c,d,g){var e="";c||-1!==b.search("&ei=")||(e="&ei="+l(d),-1===
                    2021-09-15 09:33:47 UTC149INData Raw: 65 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 73 75 62 6d 69 74 22 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 61 3b 69 66 28 61 3d 62 2e 74 61 72 67 65 74 29 7b 76 61 72 20 63 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 73 75 62 6d 69 74 66 61 6c 73 65 22 29 3b 61 3d 22 31 22 3d 3d 3d 63 7c 7c 22 71 22 3d 3d 3d 63 26 26 21 61 2e 65 6c 65 6d 65 6e 74 73 2e 71 2e 76 61 6c 75 65 3f 21 30 3a 21 31 7d 65 6c 73 65 20 61 3d 21 31 3b 61 26 26 28 62 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 2c 62 2e 73 74 6f 70 50 72 6f 70 61 67 61 74 69 6f 6e 28 29 29 7d 2c 21 30 29 3b 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63
                    Data Ascii: ement.addEventListener("submit",function(b){var a;if(a=b.target){var c=a.getAttribute("data-submitfalse");a="1"===c||"q"===c&&!a.elements.q.value?!0:!1}else a=!1;a&&(b.preventDefault(),b.stopPropagation())},!0);document.documentElement.addEventListener("c
                    2021-09-15 09:33:47 UTC151INData Raw: 6d 70 6f 72 74 61 6e 74 3b 66 69 6c 74 65 72 3a 61 6c 70 68 61 28 6f 70 61 63 69 74 79 3d 30 29 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 6d 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 7a 2d 69 6e 64 65 78 3a 39 39 39 3b 74 6f 70 3a 2d 39 39 39 70 78 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 2d 31 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 62 6f
                    Data Ascii: mportant;filter:alpha(opacity=0) !important}.gbm{position:absolute;z-index:999;top:-999px;visibility:hidden;text-align:left;border:1px solid #bebebe;background:#fff;-moz-box-shadow:-1px 1px 1px rgba(0,0,0,.2);-webkit-box-shadow:0 2px 4px rgba(0,0,0,.2);bo
                    2021-09-15 09:33:47 UTC152INData Raw: 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 6f 70 7d 2e 67 62 74 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 2e 67 62 74 6f 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 7d 2e 67 62 7a 74 2c 2e 67 62 67 74 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 74 65
                    Data Ascii: play:inline-block;line-height:27px;padding:0;vertical-align:top}.gbt{*display:inline}.gbto{box-shadow:0 2px 4px rgba(0,0,0,.2);-moz-box-shadow:0 2px 4px rgba(0,0,0,.2);-webkit-box-shadow:0 2px 4px rgba(0,0,0,.2)}.gbzt,.gbgt{cursor:pointer;display:block;te
                    2021-09-15 09:33:47 UTC153INData Raw: 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 70 64 6a 73 20 2e 67 62 74 6f 20 2e 67 62 6d 7b 6d 69 6e 2d 77 69 64 74 68 3a 39 39 25 7d 2e 67 62 7a 30 6c 20 2e 67 62 74 62 32 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 63 6f 6c 6f 72 3a 23 64 64 34 62 33 39 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 34 73 2c 23 67 62 69 34 73 31 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 23 67 62 67 36 2e 67 62 67 74 2d 68 76 72 2c 23 67 62 67 36 2e 67 62 67 74 3a 66 6f 63 75 73 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6e 6f 6e 65 7d 2e 67 62 67 34 61 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 30 7d 2e 67 62 67 34 61 20 2e 67 62 74 73
                    Data Ascii: e !important}.gbpdjs .gbto .gbm{min-width:99%}.gbz0l .gbtb2{border-top-color:#dd4b39!important}#gbi4s,#gbi4s1{font-weight:bold}#gbg6.gbgt-hvr,#gbg6.gbgt:focus{background-color:transparent;background-image:none}.gbg4a{font-size:0;line-height:0}.gbg4a .gbts
                    2021-09-15 09:33:47 UTC155INData Raw: 2c 2e 67 62 6d 6c 31 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 62 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 33 36 63 20 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 6d 74 2c 2e 67 62 6d 74 3a 76 69 73 69 74 65 64 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 67 62 6d 6c 31 2c 2e 67 62 6d 6c 62 2c 2e 67 62 6d 6c 31 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 62 3a 76 69 73 69 74 65 64 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 30 20 31 30 70 78 7d 2e 67 62 6d 6c 31 2c 2e 67 62 6d 6c 62 2c 2e 67 62 6d 6c 31 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 62 3a 76 69 73 69 74 65 64 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69
                    Data Ascii: ,.gbml1:visited,.gbmlb:visited{color:#36c !important;text-decoration:none !important}.gbmt,.gbmt:visited{display:block}.gbml1,.gbmlb,.gbml1:visited,.gbmlb:visited{display:inline-block;margin:0 10px}.gbml1,.gbmlb,.gbml1:visited,.gbmlb:visited{*display:inli
                    2021-09-15 09:33:47 UTC156INData Raw: 42 4d 50 41 4c 3a 6c 61 73 74 2d 63 68 69 6c 64 3a 61 66 74 65 72 7b 63 6f 6e 74 65 6e 74 3a 27 5c 30 41 5c 30 41 27 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 70 72 65 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 7d 23 67 62 6d 70 73 7b 2a 7a 6f 6f 6d 3a 31 7d 23 67 62 64 34 20 2e 67 62 70 63 2c 23 67 62 6d 70 61 73 20 2e 67 62 6d 74 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 37 70 78 7d 23 67 62 64 34 20 2e 67 62 70 67 73 20 2e 67 62 6d 74 63 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 7d 23 67 62 64 34 20 2e 67 62 6d 74 63 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 7d 23 67 62 64 34 20 2e 67 62 70 63 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 31
                    Data Ascii: BMPAL:last-child:after{content:'\0A\0A';white-space:pre;position:absolute}#gbmps{*zoom:1}#gbd4 .gbpc,#gbmpas .gbmt{line-height:17px}#gbd4 .gbpgs .gbmtc{line-height:27px}#gbd4 .gbmtc{border-bottom:1px solid #bebebe}#gbd4 .gbpc{display:inline-block;margin:1
                    2021-09-15 09:33:47 UTC157INData Raw: 6d 61 72 67 69 6e 3a 30 20 32 30 70 78 7d 2e 67 62 70 30 20 2e 67 62 70 73 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 61 2e 67 62 69 62 61 7b 6d 61 72 67 69 6e 3a 38 70 78 20 32 30 70 78 20 31 30 70 78 7d 2e 67 62 6d 70 69 61 77 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 30 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 36 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 67 62 78 76 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 2e 67 62 6d 70 69 61 61 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 67 62 6d 70 69 61 7b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67
                    Data Ascii: margin:0 20px}.gbp0 .gbps{*display:inline}a.gbiba{margin:8px 20px 10px}.gbmpiaw{display:inline-block;padding-right:10px;margin-bottom:6px;margin-top:10px}.gbxv{visibility:hidden}.gbmpiaa{display:block;margin-top:10px}.gbmpia{border:none;display:block;heig
                    2021-09-15 09:33:47 UTC158INData Raw: 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 7d 2e 67 62 71 66 62 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 2e 67 62 71 66 62 61 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 2e 67 62 71 66 62 62 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 7b 62 6f 72 64 65 72 3a 30 7d 2e 67 62 71 66 62 61 2c 2e 67 62 71 66 62 62 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 63 64 63 64 63 3b 62 6f 72 64 65 72 2d 63 6f
                    Data Ascii: ebkit-box-shadow:0 1px 1px rgba(0,0,0,.1);-moz-box-shadow:0 1px 1px rgba(0,0,0,.1);box-shadow:0 1px 1px rgba(0,0,0,.1)}.gbqfb::-moz-focus-inner,.gbqfba::-moz-focus-inner,.gbqfbb::-moz-focus-inner{border:0}.gbqfba,.gbqfbb{border:1px solid #dcdcdc;border-co
                    2021-09-15 09:33:47 UTC160INData Raw: 6f 70 2c 23 34 64 39 30 66 65 2c 23 33 35 37 61 65 38 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 34 64 39 30 66 65 2c 23 33 35 37 61 65 38 29 7d 2e 67 62 71 66 62 3a 61 63 74 69 76 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 33 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 33 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c
                    Data Ascii: op,#4d90fe,#357ae8);background-image:linear-gradient(top,#4d90fe,#357ae8)}.gbqfb:active{background-color:inherit;-webkit-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.3);-moz-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.3);box-shadow:inset 0 1px 2px rgba(0, 0,
                    2021-09-15 09:33:47 UTC161INData Raw: 7d 2e 67 62 71 66 62 62 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 67 72 61 64 69 65 6e 74 28 6c 69 6e 65 61 72 2c 6c 65 66 74 20 74 6f 70 2c 6c 65 66 74 20 62 6f 74 74 6f 6d 2c 66 72 6f 6d 28 23 66 66 66 29 2c 74 6f 28 23 66 62 66 62 66 62 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 66 66 66 2c 23 66 62 66 62 66 62 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 66 66 66 2c 23 66 62 66 62 66 62 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6d 73 2d 6c 69
                    Data Ascii: }.gbqfbb{background-color:#fff;background-image:-webkit-gradient(linear,left top,left bottom,from(#fff),to(#fbfbfb));background-image:-webkit-linear-gradient(top,#fff,#fbfbfb);background-image:-moz-linear-gradient(top,#fff,#fbfbfb);background-image:-ms-li
                    2021-09-15 09:33:47 UTC162INData Raw: 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 7d 0a 23 67 62 6d 70 61 73 7b 6d 61 78 2d 68 65 69 67 68 74 3a 32 32 30 70 78 7d 23 67 62 6d 6d 7b 6d 61 78 2d 68 65 69 67 68 74 3a 35 33 30 70 78 7d 2e 67 62 73 62 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 2a 7a 6f 6f 6d 3a 31 7d 2e 67 62 73 62 69 63 7b 6f 76 65 72 66 6c 6f 77 3a 61 75 74 6f 7d 2e 67 62 73 62 69 73 20 2e 67 62 73 62 74 2c 2e 67
                    Data Ascii: );-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,.1);box-shadow:inset 0 1px 2px rgba(0,0,0,.1)}#gbmpas{max-height:220px}#gbmm{max-height:530px}.gbsb{-webkit-box-sizing:border-box;display:block;position:relative;*zoom:1}.gbsbic{overflow:auto}.gbsbis .gbsbt,.g
                    2021-09-15 09:33:47 UTC163INData Raw: 70 28 31 2c 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 2d 77 65 62 6b 69 74 2d 67 72 61 64 69 65 6e 74 28 6c 69 6e 65 61 72 2c 6c 65 66 74 20 62 6f 74 74 6f 6d 2c 6c 65 66 74 20 74 6f 70 2c 66 72 6f 6d 28 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 29 2c 74 6f 28 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 2c 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 2c
                    Data Ascii: p(1,rgba(0,0,0,.1)));background:-webkit-gradient(linear,left bottom,left top,from(rgba(0,0,0,.2)),to(rgba(0,0,0,0)));background-image:-webkit-linear-gradient(bottom,rgba(0,0,0,.2),rgba(0,0,0,0));background-image:-moz-linear-gradient(bottom,rgba(0,0,0,.2),
                    2021-09-15 09:33:47 UTC165INData Raw: 66 39 66 61 3b 62 6f 72 64 65 72 3a 73 6f 6c 69 64 20 31 70 78 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 61 64 63 65 30 20 23 37 30 37 35 37 61 20 23 37 30 37 35 37 61 20 23 64 61 64 63 65 30 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 2e 6c 73 62 62 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 23 57 71 51 41 4e 62 20 61 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 30 20 31 32 70 78 7d 2e 6c 73 62 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 69 6d 61 67 65 73 2f 6e 61 76 5f 6c 6f 67 6f 32 32 39 2e 70 6e 67 29 20 30 20 2d 32 36 31 70 78 20 72 65 70 65 61 74 2d 78 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 68 65 69 67 68 74 3a 33 30 70
                    Data Ascii: f9fa;border:solid 1px;border-color:#dadce0 #70757a #70757a #dadce0;height:30px}.lsbb{display:block}#WqQANb a{display:inline-block;margin:0 12px}.lsb{background:url(/images/nav_logo229.png) 0 -261px repeat-x;border:none;color:#000;cursor:pointer;height:30p
                    2021-09-15 09:33:47 UTC166INData Raw: 2c 64 29 7b 70 21 3d 3d 61 26 26 67 6f 6f 67 6c 65 2e 6d 6c 28 64 20 69 6e 73 74 61 6e 63 65 6f 66 20 45 72 72 6f 72 3f 64 3a 45 72 72 6f 72 28 61 29 2c 21 31 2c 76 6f 69 64 20 30 2c 21 31 2c 67 6f 6f 67 6c 65 2e 64 6c 3f 30 3a 32 29 3b 70 3d 6e 75 6c 6c 3b 6c 26 26 6e 3e 3d 6b 26 26 28 77 69 6e 64 6f 77 2e 6f 6e 65 72 72 6f 72 3d 6e 75 6c 6c 29 7d 3b 7d 29 28 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 76 61 72 20 65 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 76 61 72 20 61 61 3d 66 75 6e 63 74 69 6f 6e
                    Data Ascii: ,d){p!==a&&google.ml(d instanceof Error?d:Error(a),!1,void 0,!1,google.dl?0:2);p=null;l&&n>=k&&(window.onerror=null)};})();(function(){try{/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/var e=this||self;var aa=function
                    2021-09-15 09:33:47 UTC167INData Raw: 31 31 33 0d 0a 0a 66 75 6e 63 74 69 6f 6e 20 63 61 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3d 22 6f 6e 22 2b 62 3b 69 66 28 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 29 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 62 2c 63 2c 21 31 29 3b 65 6c 73 65 20 69 66 28 61 2e 61 74 74 61 63 68 45 76 65 6e 74 29 61 2e 61 74 74 61 63 68 45 76 65 6e 74 28 64 2c 63 29 3b 65 6c 73 65 7b 76 61 72 20 66 3d 61 5b 64 5d 3b 61 5b 64 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6b 3d 66 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 2c 6d 3d 63 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 3b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 3d 3d 6b 3f 6d 3a 76 6f 69 64 20 30 3d 3d 6d 3f 6b 3a 6d 26 26 6b 7d 7d 7d 76
                    Data Ascii: 113function ca(a,b,c){var d="on"+b;if(a.addEventListener)a.addEventListener(b,c,!1);else if(a.attachEvent)a.attachEvent(d,c);else{var f=a[d];a[d]=function(){var k=f.apply(this,arguments),m=c.apply(this,arguments);return void 0==k?m:void 0==m?k:m&&k}}}v
                    2021-09-15 09:33:47 UTC167INData Raw: 36 64 36 30 0d 0a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 67 2e 62 76 2e 6d 3d 3d 61 7d 7d 2c 65 61 3d 64 61 28 31 29 2c 66 61 3d 64 61 28 32 29 3b 70 28 22 73 62 22 2c 65 61 29 3b 70 28 22 6b 6e 22 2c 66 61 29 3b 68 2e 61 3d 5f 74 76 76 3b 68 2e 62 3d 5f 74 76 66 3b 68 2e 63 3d 5f 74 76 6e 3b 68 2e 69 3d 61 61 3b 76 61 72 20 72 3d 77 69 6e 64 6f 77 2e 67 62 61 72 2e 69 2e 69 3b 76 61 72 20 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 68 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 6b 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 6e 65 77 20 49 6d 61 67 65 2c 63 3d 69 61 3b 62 2e 6f 6e 65 72 72 6f 72 3d 62 2e 6f 6e 6c 6f 61 64 3d 62 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 64 65 6c 65 74 65 20 6a
                    Data Ascii: 6d60function(){return g.bv.m==a}},ea=da(1),fa=da(2);p("sb",ea);p("kn",fa);h.a=_tvv;h.b=_tvf;h.c=_tvn;h.i=aa;var r=window.gbar.i.i;var t=function(){},ha=function(){},ka=function(a){var b=new Image,c=ia;b.onerror=b.onload=b.onabort=function(){try{delete j
                    2021-09-15 09:33:47 UTC168INData Raw: 70 28 22 6d 64 64 22 2c 22 22 29 3b 0a 70 28 22 68 61 73 22 2c 71 61 29 3b 70 28 22 74 72 68 22 2c 76 61 29 3b 70 28 22 74 65 76 22 2c 73 61 29 3b 69 66 28 68 2e 61 28 22 6d 3b 2f 5f 2f 73 63 73 2f 61 62 63 2d 73 74 61 74 69 63 2f 5f 2f 6a 73 2f 6b 3d 67 61 70 69 2e 67 61 70 69 2e 65 6e 2e 37 52 70 68 74 4e 63 47 48 44 51 2e 4f 2f 64 3d 31 2f 72 73 3d 41 48 70 4f 6f 6f 5f 2d 7a 6d 59 68 70 5f 49 72 37 5f 43 43 78 4d 33 6c 2d 41 63 6b 4d 76 61 49 39 41 2f 6d 3d 5f 5f 66 65 61 74 75 72 65 73 5f 5f 22 29 29 7b 76 61 72 20 46 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 77 61 3f 61 7c 7c 62 3a 62 7d 2c 78 61 3d 68 2e 61 28 22 31 22 29 2c 79 61 3d 68 2e 61 28 22 22 29 2c 7a 61 3d 68 2e 61 28 22 22 29 2c 77 61 3d 68 2e 61 28 22 22 29 2c 41
                    Data Ascii: p("mdd","");p("has",qa);p("trh",va);p("tev",sa);if(h.a("m;/_/scs/abc-static/_/js/k=gapi.gapi.en.7RphtNcGHDQ.O/d=1/rs=AHpOoo_-zmYhp_Ir7_CCxM3l-AckMvaI9A/m=__features__")){var F=function(a,b){return wa?a||b:b},xa=h.a("1"),ya=h.a(""),za=h.a(""),wa=h.a(""),A
                    2021-09-15 09:33:47 UTC169INData Raw: 31 42 59 62 71 75 49 35 61 78 79 74 4d 50 5f 5a 53 71 4d 41 22 29 2c 22 26 6f 67 66 3d 22 2c 67 2e 62 76 2e 66 2c 22 26 6f 67 72 70 3d 22 2c 64 28 22 22 29 2c 22 26 6f 67 76 3d 22 2c 64 28 22 33 39 35 33 37 32 39 35 34 2e 30 22 29 2c 22 26 6f 67 67 76 3d 22 2b 64 28 22 65 73 5f 70 6c 75 73 6f 6e 65 5f 67 63 5f 32 30 32 31 30 38 30 33 2e 30 5f 70 31 22 29 2c 22 26 6f 67 64 3d 22 2c 64 28 22 63 6f 6d 22 29 2c 22 26 6f 67 63 3d 22 2c 64 28 22 47 42 52 22 29 2c 22 26 6f 67 6c 3d 22 2c 64 28 22 65 6e 22 29 5d 3b 62 2e 5f 73 6e 26 26 28 62 2e 5f 73 6e 3d 0a 22 6f 67 2e 22 2b 62 2e 5f 73 6e 29 3b 66 6f 72 28 76 61 72 20 6b 20 69 6e 20 62 29 66 2e 70 75 73 68 28 22 26 22 29 2c 66 2e 70 75 73 68 28 64 28 6b 29 29 2c 66 2e 70 75 73 68 28 22 3d 22 29 2c 66 2e 70 75
                    Data Ascii: 1BYbquI5axytMP_ZSqMA"),"&ogf=",g.bv.f,"&ogrp=",d(""),"&ogv=",d("395372954.0"),"&oggv="+d("es_plusone_gc_20210803.0_p1"),"&ogd=",d("com"),"&ogc=",d("GBR"),"&ogl=",d("en")];b._sn&&(b._sn="og."+b._sn);for(var k in b)f.push("&"),f.push(d(k)),f.push("="),f.pu
                    2021-09-15 09:33:47 UTC171INData Raw: 70 28 22 63 72 22 2c 4b 29 3b 70 28 22 63 63 22 2c 48 29 3b 68 2e 6b 3d 4a 3b 68 2e 6c 3d 4b 3b 68 2e 6d 3d 48 3b 68 2e 6e 3d 4c 61 3b 68 2e 70 3d 4e 61 3b 68 2e 71 3d 4d 61 3b 76 61 72 20 4f 61 3d 5b 22 67 62 5f 37 31 22 2c 22 67 62 5f 31 35 35 22 5d 2c 50 61 3b 66 75 6e 63 74 69 6f 6e 20 51 61 28 61 29 7b 50 61 3d 61 7d 66 75 6e 63 74 69 6f 6e 20 52 61 28 61 29 7b 76 61 72 20 62 3d 50 61 26 26 21 61 2e 68 72 65 66 2e 6d 61 74 63 68 28 2f 2e 2a 5c 2f 61 63 63 6f 75 6e 74 73 5c 2f 43 6c 65 61 72 53 49 44 5b 3f 5d 2f 29 26 26 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 50 61 28 29 29 3b 62 26 26 28 61 2e 68 72 65 66 3d 61 2e 68 72 65 66 2e 72 65 70 6c 61 63 65 28 2f 28 5b 3f 26 5d 63 6f 6e 74 69 6e 75 65 3d 29 5b 5e 26 5d 2a 2f 2c 22 24 31 22
                    Data Ascii: p("cr",K);p("cc",H);h.k=J;h.l=K;h.m=H;h.n=La;h.p=Na;h.q=Ma;var Oa=["gb_71","gb_155"],Pa;function Qa(a){Pa=a}function Ra(a){var b=Pa&&!a.href.match(/.*\/accounts\/ClearSID[?]/)&&encodeURIComponent(Pa());b&&(a.href=a.href.replace(/([?&]continue=)[^&]*/,"$1"
                    2021-09-15 09:33:47 UTC172INData Raw: 63 61 74 63 68 28 71 29 7b 72 28 71 2c 22 73 62 22 2c 22 74 67 22 29 7d 7d 2c 63 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 63 6c 6f 73 65 28 61 29 7d 29 7d 2c 64 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 72 64 64 28 61 29 7d 29 7d 2c 59 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 63 3d 64 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 3b 63 26 26 63 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 3f 28 61 3d 63 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 61 2c 22 22 29 29 26 26 28 62 3d 61 2e 64 69 72 65 63 74 69 6f 6e 29 3a 62 3d 61 2e 63 75 72 72 65 6e 74 53 74 79 6c 65 3f 0a 61 2e 63 75 72 72 65 6e 74 53 74 79 6c 65 2e 64 69
                    Data Ascii: catch(q){r(q,"sb","tg")}},cb=function(a){B(function(){g.close(a)})},db=function(a){B(function(){g.rdd(a)})},Ya=function(a){var b,c=document.defaultView;c&&c.getComputedStyle?(a=c.getComputedStyle(a,""))&&(b=a.direction):b=a.currentStyle?a.currentStyle.di
                    2021-09-15 09:33:47 UTC173INData Raw: 61 2c 62 2c 63 29 7b 66 62 28 61 2c 62 2c 63 29 7d 2c 68 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 62 28 61 2c 22 67 62 65 22 2c 62 29 7d 2c 69 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 70 63 6d 26 26 67 2e 70 63 6d 28 29 7d 29 7d 2c 6a 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 70 63 61 26 26 67 2e 70 63 61 28 29 7d 29 7d 2c 6b 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 66 2c 6b 2c 6d 2c 6e 2c 6c 2c 71 29 7b 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 70 61 61 26 26 67 2e 70 61 61 28 61 2c 62 2c 63 2c 64 2c 66 2c 6b 2c 6d 2c 6e 2c 6c 2c 71 29 7d 29 7d 2c 6c 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 4c 5b 61 5d 7c 7c 28 4c 5b 61 5d 3d 5b 5d 29
                    Data Ascii: a,b,c){fb(a,b,c)},hb=function(a,b){fb(a,"gbe",b)},ib=function(){B(function(){g.pcm&&g.pcm()})},jb=function(){B(function(){g.pca&&g.pca()})},kb=function(a,b,c,d,f,k,m,n,l,q){B(function(){g.paa&&g.paa(a,b,c,d,f,k,m,n,l,q)})},lb=function(a,b){L[a]||(L[a]=[])
                    2021-09-15 09:33:47 UTC175INData Raw: 69 6e 64 6f 77 5b 62 5d 3a 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 26 26 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 5b 61 5d 3f 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 5b 61 5d 3a 30 7d 2c 75 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 31 7d 2c 76 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 21 4f 7d 3b 70 28 22 73 6f 22 2c 56 61 29 3b 70 28 22 73 6f 73 22 2c 55 61 29 3b 70 28 22 73 69 22 2c 57 61 29 3b 70 28 22 74 67 22 2c 62 62 29 3b 0a 70 28 22 63 6c 6f 73 65 22 2c 63 62 29 3b 70 28 22 72 64 64 22 2c 64 62 29 3b 70 28 22 61 64 64 4c 69 6e 6b 22 2c 67 62 29 3b 70 28 22 61 64 64 45 78 74 72 61 4c 69 6e 6b 22 2c 68 62 29 3b 70 28 22
                    Data Ascii: indow[b]:document.documentElement&&document.documentElement[a]?document.documentElement[a]:0},ub=function(){return!1},vb=function(){return!!O};p("so",Va);p("sos",Ua);p("si",Wa);p("tg",bb);p("close",cb);p("rdd",db);p("addLink",gb);p("addExtraLink",hb);p("
                    2021-09-15 09:33:47 UTC176INData Raw: 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 6a 73 2f 61 62 63 2f 70 77 6d 5f 34 35 66 37 33 65 34 64 66 30 37 61 30 65 33 38 38 62 30 66 61 31 66 33 64 33 30 65 37 32 38 30 2e 6a 73 22 7d 5d 29 3b 76 61 72 20 45 62 3d 5b 5d 2c 46 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 45 62 5b 30 5d 3d 61 7d 2c 47 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 7c 7c 7b 7d 3b 62 2e 5f 73 6e 3d 22 70 77 22 3b 74 28 61 2c 62 29 7d 2c 48 62 3d 7b 73 69 67 6e 65 64 3a 45 62 2c 65 6c 6f 67 3a 47 62 2c 62 61 73 65 3a 22 68 74 74 70 73 3a 2f 2f 70 6c 75 73 6f 6e 65 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 2f 30 22 2c 6c 6f 61 64 54 69 6d 65 3a 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 7d 3b 76 2e 70 77 3d 48 62 3b 76 61 72 20 49 62 3d 66 75 6e 63
                    Data Ascii: .gstatic.com/gb/js/abc/pwm_45f73e4df07a0e388b0fa1f3d30e7280.js"}]);var Eb=[],Fb=function(a){Eb[0]=a},Gb=function(a,b){b=b||{};b._sn="pw";t(a,b)},Hb={signed:Eb,elog:Gb,base:"https://plusone.google.com/u/0",loadTime:(new Date).getTime()};v.pw=Hb;var Ib=func
                    2021-09-15 09:33:47 UTC177INData Raw: 6f 67 73 72 3d 22 2c 63 2c 22 26 6f 67 76 3d 22 2c 45 2c 55 2c 22 26 6f 67 64 3d 22 2c 49 2c 22 26 6f 67 6c 3d 22 2c 56 2c 22 26 6f 67 63 3d 22 2c 57 2c 22 26 6f 67 75 73 3d 22 2c 79 5d 3b 69 66 28 62 29 7b 22 6f 67 77 22 69 6e 20 62 26 26 28 61 2e 70 75 73 68 28 22 26 6f 67 77 3d 22 2b 62 2e 6f 67 77 29 2c 64 65 6c 65 74 65 20 62 2e 6f 67 77 29 3b 66 3d 5b 5d 3b 66 6f 72 28 7a 20 69 6e 20 62 29 30 21 3d 66 2e 6c 65 6e 67 74 68 26 26 66 2e 70 75 73 68 28 22 2c 22 29 2c 66 2e 70 75 73 68 28 51 62 28 7a 29 29 2c 66 2e 70 75 73 68 28 22 2e 22 29 2c 66 2e 70 75 73 68 28 51 62 28 62 5b 7a 5d 29 29 3b 76 61 72 20 7a 3d 66 2e 6a 6f 69 6e 28 22 22 29 3b 22 22 21 3d 7a 26 26 28 61 2e 70 75 73 68 28 22 26 6f 67 61 64 3d 22 29 2c 61 2e 70 75 73 68 28 64 28 7a 29 29
                    Data Ascii: ogsr=",c,"&ogv=",E,U,"&ogd=",I,"&ogl=",V,"&ogc=",W,"&ogus=",y];if(b){"ogw"in b&&(a.push("&ogw="+b.ogw),delete b.ogw);f=[];for(z in b)0!=f.length&&f.push(","),f.push(Qb(z)),f.push("."),f.push(Qb(b[z]));var z=f.join("");""!=z&&(a.push("&ogad="),a.push(d(z))
                    2021-09-15 09:33:47 UTC178INData Raw: 66 3d 24 62 7d 3b 76 61 72 20 53 2c 61 63 2c 54 2c 62 63 2c 58 3d 30 2c 63 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 2e 69 6e 64 65 78 4f 66 29 72 65 74 75 72 6e 20 61 2e 69 6e 64 65 78 4f 66 28 62 2c 63 29 3b 69 66 28 41 72 72 61 79 2e 69 6e 64 65 78 4f 66 29 72 65 74 75 72 6e 20 41 72 72 61 79 2e 69 6e 64 65 78 4f 66 28 61 2c 62 2c 63 29 3b 66 6f 72 28 63 3d 6e 75 6c 6c 3d 3d 63 3f 30 3a 30 3e 63 3f 4d 61 74 68 2e 6d 61 78 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 63 29 3a 63 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 63 20 69 6e 20 61 26 26 61 5b 63 5d 3d 3d 3d 62 29 72 65 74 75 72 6e 20 63 3b 72 65 74 75 72 6e 2d 31 7d 2c 59 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 2d 31 3d 3d 63 63 28 61 2c 58 29
                    Data Ascii: f=$b};var S,ac,T,bc,X=0,cc=function(a,b,c){if(a.indexOf)return a.indexOf(b,c);if(Array.indexOf)return Array.indexOf(a,b,c);for(c=null==c?0:0>c?Math.max(0,a.length+c):c;c<a.length;c++)if(c in a&&a[c]===b)return c;return-1},Y=function(a,b){return-1==cc(a,X)
                    2021-09-15 09:33:47 UTC180INData Raw: 29 29 7d 63 61 74 63 68 28 66 29 7b 66 2e 63 6f 64 65 21 3d 44 4f 4d 45 78 63 65 70 74 69 6f 6e 2e 51 55 4f 54 41 5f 45 58 43 45 45 44 45 44 5f 45 52 52 26 26 72 28 66 2c 22 75 70 22 2c 22 73 70 64 22 29 7d 7d 2c 6d 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 74 72 79 7b 69 66 28 69 63 28 64 6f 63 75 6d 65 6e 74 29 29 72 65 74 75 72 6e 22 22 3b 0a 63 7c 7c 28 62 3d 22 6f 67 2d 75 70 2d 22 2b 62 29 3b 69 66 28 6a 63 28 29 29 72 65 74 75 72 6e 20 65 2e 6c 6f 63 61 6c 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 62 29 3b 69 66 28 6b 63 28 61 29 29 72 65 74 75 72 6e 20 61 2e 6c 6f 61 64 28 61 2e 69 64 29 2c 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 62 29 7d 63 61 74 63 68 28 64 29 7b 64 2e 63 6f 64 65 21 3d 44 4f 4d 45 78 63 65 70 74 69 6f 6e
                    Data Ascii: ))}catch(f){f.code!=DOMException.QUOTA_EXCEEDED_ERR&&r(f,"up","spd")}},mc=function(a,b,c){try{if(ic(document))return"";c||(b="og-up-"+b);if(jc())return e.localStorage.getItem(b);if(kc(a))return a.load(a.id),a.getAttribute(b)}catch(d){d.code!=DOMException
                    2021-09-15 09:33:47 UTC181INData Raw: 52 65 61 64 79 3b 69 66 28 6e 29 74 72 79 7b 6e 28 29 7d 63 61 74 63 68 28 6c 29 7b 72 28 6c 2c 22 6d 6c 22 2c 22 6f 72 22 29 7d 64 3f 70 28 22 6c 64 62 22 2c 61 29 3a 63 3f 63 61 28 77 69 6e 64 6f 77 2c 22 6c 6f 61 64 22 2c 62 29 3a 62 28 29 7d 70 28 22 72 64 6c 22 2c 71 63 29 3b 7d 63 61 74 63 68 28 65 29 7b 77 69 6e 64 6f 77 2e 67 62 61 72 26 26 67 62 61 72 2e 6c 6f 67 67 65 72 26 26 67 62 61 72 2e 6c 6f 67 67 65 72 2e 6d 6c 28 65 2c 7b 22 5f 73 6e 22 3a 22 63 66 67 2e 69 6e 69 74 22 7d 29 3b 7d 7d 29 28 29 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66
                    Data Ascii: Ready;if(n)try{n()}catch(l){r(l,"ml","or")}d?p("ldb",a):c?ca(window,"load",b):b()}p("rdl",qc);}catch(e){window.gbar&&gbar.logger&&gbar.logger.ml(e,{"_sn":"cfg.init"});}})();(function(){try{/* Copyright The Closure Library Authors. SPDX-License-Identif
                    2021-09-15 09:33:47 UTC182INData Raw: 61 6d 65 29 3f 22 67 62 6d 30 6c 22 3a 22 67 62 7a 30 6c 22 29 7d 63 61 74 63 68 28 6c 29 7b 64 28 6c 2c 22 73 6a 22 2c 22 73 73 70 22 29 7d 67 3d 61 7d 2c 6d 3d 65 2e 71 73 2c 6e 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 68 72 65 66 3b 76 61 72 20 63 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 6d 61 74 63 68 28 2f 2e 2a 3f 3a 5c 2f 5c 2f 5b 5e 5c 2f 5d 2a 2f 29 5b 30 5d 3b 63 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5e 22 2b 63 2b 22 2f 73 65 61 72 63 68 5c 5c 3f 22 29 3b 28 62 3d 63 2e 74 65 73 74 28 62 29 29 26 26 21 2f 28 5e 7c 5c 5c 3f 7c 26 29 65 69 3d 2f 2e 74 65 73 74 28 61 2e 68 72 65 66 29 26 26 28 62 3d 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 29 26 26 62 2e 6b 45 58 50 49 26 26 28 61 2e 68 72 65 66 2b 3d
                    Data Ascii: ame)?"gbm0l":"gbz0l")}catch(l){d(l,"sj","ssp")}g=a},m=e.qs,n=function(a){var b=a.href;var c=window.location.href.match(/.*?:\/\/[^\/]*/)[0];c=new RegExp("^"+c+"/search\\?");(b=c.test(b))&&!/(^|\\?|&)ei=/.test(a.href)&&(b=window.google)&&b.kEXPI&&(a.href+=
                    2021-09-15 09:33:47 UTC183INData Raw: 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 77 69 6e 64 6f 77 2e 67 62 61 72 2e 72 64 6c 28 29 3b 7d 63 61 74 63 68 28 65 29 7b 77 69 6e 64 6f 77 2e 67 62 61 72 26 26 67 62 61 72 2e 6c 6f 67 67 65 72 26 26 67 62 61 72 2e 6c 6f 67 67 65 72 2e 6d 6c 28 65 2c 7b 22 5f 73 6e 22 3a 22 63 66 67 2e 69 6e 69 74 22 7d 29 3b 7d 7d 29 28 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 23 66 66 66 22 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 6b 6e 51 6a 63 4f 43 44 6e 57 56 7a 64 32 76 55 78 6d 52 36 56 51 3d 3d 22 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 73 72 63 3d 27 2f 69 6d 61 67 65 73 2f 6e 61 76 5f 6c
                    Data Ascii: ors. SPDX-License-Identifier: Apache-2.0*/window.gbar.rdl();}catch(e){window.gbar&&gbar.logger&&gbar.logger.ml(e,{"_sn":"cfg.init"});}})();</script></head><body bgcolor="#fff"><script nonce="knQjcOCDnWVzd2vUxmR6VQ==">(function(){var src='/images/nav_l
                    2021-09-15 09:33:47 UTC185INData Raw: 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 2f 3f 67 6c 3d 47 42 26 74 61 62 3d 77 31 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 62 32 3e 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 73 3e 59 6f 75 54 75 62 65 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 74 3e 3c 61 20 63 6c 61 73 73 3d 67 62 7a 74 20 69 64 3d 67 62 5f 34 32 36 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 65 77 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 3f 74 61 62 3d 77 6e 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 62 32 3e 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 73 3e 4e 65 77 73 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61
                    Data Ascii: ref="https://www.youtube.com/?gl=GB&tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li cla
                    2021-09-15 09:33:47 UTC186INData Raw: 69 64 3d 67 62 5f 31 30 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 6f 6f 6b 73 2e 67 6f 6f 67 6c 65 2e 63 6f 2e 75 6b 2f 3f 68 6c 3d 65 6e 26 74 61 62 3d 77 70 22 3e 42 6f 6f 6b 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 6d 74 63 3e 3c 61 20 63 6c 61 73 73 3d 67 62 6d 74 20 69 64 3d 67 62 5f 36 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 2e 75 6b 2f 73 68 6f 70 70 69 6e 67 3f 68 6c 3d 65 6e 26 73 6f 75 72 63 65 3d 6f 67 26 74 61 62 3d 77 66 22 3e 53 68 6f 70 70 69 6e 67 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 6d 74 63 3e 3c 61 20 63 6c 61 73 73 3d 67 62 6d 74 20 69 64 3d 67 62 5f 33 30 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 6c 6f 67 67 65 72 2e
                    Data Ascii: id=gb_10 href="https://books.google.co.uk/?hl=en&tab=wp">Books</a></li><li class=gbmtc><a class=gbmt id=gb_6 href="https://www.google.co.uk/shopping?hl=en&source=og&tab=wf">Shopping</a></li><li class=gbmtc><a class=gbmt id=gb_30 href="https://www.blogger.
                    2021-09-15 09:33:47 UTC187INData Raw: 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 26 65 63 3d 47 41 5a 41 41 51 22 20 6f 6e 63 6c 69 63 6b 3d 22 67 62 61 72 2e 6c 6f 67 67 65 72 2e 69 6c 28 39 2c 7b 6c 3a 27 69 27 7d 29 22 20 69 64 3d 67 62 5f 37 30 20 63 6c 61 73 73 3d 67 62 67 74 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 62 32 3e 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 69 64 3d 67 62 67 73 34 20 63 6c 61 73 73 3d 67 62 74 73 3e 3c 73 70 61 6e 20 69 64 3d 67 62 69 34 73 31 3e 53 69 67 6e 20 69 6e 3c 2f 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 67 62 74 20 67 62 74 62 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 73 3e 3c 2f 73 70 61 6e 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62
                    Data Ascii: inue=https://www.google.com/&ec=GAZAAQ" onclick="gbar.logger.il(9,{l:'i'})" id=gb_70 class=gbgt><span class=gbtb2></span><span id=gbgs4 class=gbts><span id=gbi4s1>Sign in</span></span></a></li><li class="gbt gbtb"><span class=gbts></span></li><li class=gb
                    2021-09-15 09:33:47 UTC189INData Raw: 78 22 20 77 69 64 74 68 3d 22 32 37 32 22 20 69 64 3d 22 68 70 6c 6f 67 6f 22 3e 3c 62 72 3e 3c 62 72 3e 3c 2f 64 69 76 3e 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 73 65 61 72 63 68 22 20 6e 61 6d 65 3d 22 66 22 3e 3c 74 61 62 6c 65 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 22 30 22 3e 3c 74 72 20 76 61 6c 69 67 6e 3d 22 74 6f 70 22 3e 3c 74 64 20 77 69 64 74 68 3d 22 32 35 25 22 3e 26 6e 62 73 70 3b 3c 2f 74 64 3e 3c 74 64 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 20 6e 6f 77 72 61 70 3d 22 22 3e 3c 69 6e 70 75 74 20 6e 61 6d 65 3d 22 69 65 22 20 76 61 6c 75 65 3d 22 49 53 4f 2d 38 38 35 39 2d 31 22 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 3e 3c 69 6e 70 75 74 20 76 61 6c 75 65 3d 22 65 6e 2d 47 42 22
                    Data Ascii: x" width="272" id="hplogo"><br><br></div><form action="/search" name="f"><table cellpadding="0" cellspacing="0"><tr valign="top"><td width="25%">&nbsp;</td><td align="center" nowrap=""><input name="ie" value="ISO-8859-1" type="hidden"><input value="en-GB"
                    2021-09-15 09:33:47 UTC190INData Raw: 3c 61 20 68 72 65 66 3d 22 2f 61 64 76 61 6e 63 65 64 5f 73 65 61 72 63 68 3f 68 6c 3d 65 6e 2d 47 42 26 61 6d 70 3b 61 75 74 68 75 73 65 72 3d 30 22 3e 41 64 76 61 6e 63 65 64 20 73 65 61 72 63 68 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 69 6e 70 75 74 20 69 64 3d 22 67 62 76 22 20 6e 61 6d 65 3d 22 67 62 76 22 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 76 61 6c 75 65 3d 22 31 22 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 6b 6e 51 6a 63 4f 43 44 6e 57 56 7a 64 32 76 55 78 6d 52 36 56 51 3d 3d 22 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 76 61 72 20 61 2c 62 3d 22 31 22 3b 69 66 28 64 6f 63 75 6d 65 6e 74 26 26 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 29 69 66 28 22 75 6e 64 65 66 69 6e 65 64
                    Data Ascii: <a href="/advanced_search?hl=en-GB&amp;authuser=0">Advanced search</a></td></tr></table><input id="gbv" name="gbv" type="hidden" value="1"><script nonce="knQjcOCDnWVzd2vUxmR6VQ==">(function(){var a,b="1";if(document&&document.getElementById)if("undefined
                    2021-09-15 09:33:47 UTC191INData Raw: 6d 73 2f 22 3e 54 65 72 6d 73 3c 2f 61 3e 3c 2f 70 3e 3c 2f 73 70 61 6e 3e 3c 2f 63 65 6e 74 65 72 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 6b 6e 51 6a 63 4f 43 44 6e 57 56 7a 64 32 76 55 78 6d 52 36 56 51 3d 3d 22 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 2e 63 64 6f 3d 7b 68 65 69 67 68 74 3a 37 35 37 2c 77 69 64 74 68 3a 31 34 34 30 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 76 61 72 20 61 3d 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 57 69 64 74 68 2c 62 3d 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 48 65 69 67 68 74 3b 69 66 28 21 61 7c 7c 21 62 29 7b 76 61 72 20 63 3d 77 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 2c 64 3d 22 43 53 53 31 43 6f 6d 70 61 74 22 3d 3d 63 2e 63 6f 6d 70 61 74 4d 6f 64 65 3f 63 2e 64 6f 63 75
                    Data Ascii: ms/">Terms</a></p></span></center><script nonce="knQjcOCDnWVzd2vUxmR6VQ==">(function(){window.google.cdo={height:757,width:1440};(function(){var a=window.innerWidth,b=window.innerHeight;if(!a||!b){var c=window.document,d="CSS1Compat"==c.compatMode?c.docu
                    2021-09-15 09:33:47 UTC192INData Raw: 61 74 65 53 63 72 69 70 74 3a 66 2c 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 3a 66 7d 29 7d 63 61 74 63 68 28 70 29 7b 65 2e 63 6f 6e 73 6f 6c 65 26 26 65 2e 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 70 2e 6d 65 73 73 61 67 65 29 7d 67 3d 62 7d 65 6c 73 65 20 67 3d 62 7d 61 3d 28 62 3d 67 29 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 3b 61 3d 6e 65 77 20 6c 28 61 2c 68 29 3b 63 2e 73 72 63 3d 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 6c 26 26 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 6c 3f 61 2e 67 3a 22 74 79 70 65 5f 65 72 72 6f 72 3a 54 72 75 73 74 65 64 52 65 73 6f 75 72 63 65 55 72 6c 22 3b 76 61 72 20 64 3b 61 3d 28 63 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 26 26 63 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2e 64
                    Data Ascii: ateScript:f,createScriptURL:f})}catch(p){e.console&&e.console.error(p.message)}g=b}else g=b}a=(b=g)?b.createScriptURL(a):a;a=new l(a,h);c.src=a instanceof l&&a.constructor===l?a.g:"type_error:TrustedResourceUrl";var d;a=(c.ownerDocument&&c.ownerDocument.d
                    2021-09-15 09:33:47 UTC194INData Raw: 78 32 32 2c 5c 78 32 32 6c 6d 6c 5c 78 32 32 3a 5c 78 32 32 4c 65 61 72 6e 20 6d 6f 72 65 5c 78 32 32 2c 5c 78 32 32 6f 73 6b 74 5c 78 32 32 3a 5c 78 32 32 49 6e 70 75 74 20 74 6f 6f 6c 73 5c 78 32 32 2c 5c 78 32 32 70 73 72 63 5c 78 32 32 3a 5c 78 32 32 54 68 69 73 20 73 65 61 72 63 68 20 77 61 73 20 72 65 6d 6f 76 65 64 20 66 72 6f 6d 20 79 6f 75 72 20 5c 5c 75 30 30 33 43 61 20 68 72 65 66 5c 78 33 64 5c 5c 5c 78 32 32 2f 68 69 73 74 6f 72 79 5c 5c 5c 78 32 32 5c 5c 75 30 30 33 45 57 65 62 20 48 69 73 74 6f 72 79 5c 5c 75 30 30 33 43 2f 61 5c 5c 75 30 30 33 45 5c 78 32 32 2c 5c 78 32 32 70 73 72 6c 5c 78 32 32 3a 5c 78 32 32 52 65 6d 6f 76 65 5c 78 32 32 2c 5c 78 32 32 73 62 69 74 5c 78 32 32 3a 5c 78 32 32 53 65 61 72 63 68 20 62 79 20 69 6d 61 67 65
                    Data Ascii: x22,\x22lml\x22:\x22Learn more\x22,\x22oskt\x22:\x22Input tools\x22,\x22psrc\x22:\x22This search was removed from your \\u003Ca href\x3d\\\x22/history\\\x22\\u003EWeb History\\u003C/a\\u003E\x22,\x22psrl\x22:\x22Remove\x22,\x22sbit\x22:\x22Search by image
                    2021-09-15 09:33:47 UTC194INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Code Manipulations

                    Statistics

                    Behavior

                    Click to jump to process

                    System Behavior

                    Analysis Process: P9vxkMpyQ5.exe PID: 2916 Parent PID: 5812

                    General

                    Start time:11:32:18
                    Start date:15/09/2021
                    Path:C:\Users\user\Desktop\P9vxkMpyQ5.exe
                    Wow64 process (32bit):true
                    Commandline:'C:\Users\user\Desktop\P9vxkMpyQ5.exe'
                    Imagebase:0xed0000
                    File size:667136 bytes
                    MD5 hash:4C658DB84A58CE7EC0C2F2EB9F14C97C
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:.Net C# or VB.NET
                    Reputation:low

                    Analysis Process: sys30.exe PID: 6692 Parent PID: 3440

                    General

                    Start time:11:32:40
                    Start date:15/09/2021
                    Path:C:\Users\user\AppData\Local\sys4h57g\sys30.exe
                    Wow64 process (32bit):true
                    Commandline:'C:\Users\user\AppData\Local\sys4h57g\sys30.exe'
                    Imagebase:0x1b0000
                    File size:667136 bytes
                    MD5 hash:4C658DB84A58CE7EC0C2F2EB9F14C97C
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:.Net C# or VB.NET
                    Yara matches:
                    • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000002.641645564.0000000003816000.00000004.00000001.sdmp, Author: Florian Roth
                    • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000002.641645564.0000000003816000.00000004.00000001.sdmp, Author: Joe Security
                    • Rule: NanoCore, Description: unknown, Source: 00000005.00000002.641645564.0000000003816000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                    • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000002.640487654.0000000003585000.00000004.00000001.sdmp, Author: Florian Roth
                    • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000002.640487654.0000000003585000.00000004.00000001.sdmp, Author: Joe Security
                    • Rule: NanoCore, Description: unknown, Source: 00000005.00000002.640487654.0000000003585000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                    • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000002.641200263.0000000003749000.00000004.00000001.sdmp, Author: Florian Roth
                    • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000002.641200263.0000000003749000.00000004.00000001.sdmp, Author: Joe Security
                    • Rule: NanoCore, Description: unknown, Source: 00000005.00000002.641200263.0000000003749000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                    Antivirus matches:
                    • Detection: 100%, Joe Sandbox ML
                    • Detection: 29%, ReversingLabs
                    Reputation:low

                    Analysis Process: sys30.exe PID: 6140 Parent PID: 2916

                    General

                    Start time:11:32:46
                    Start date:15/09/2021
                    Path:C:\Users\user\AppData\Local\sys4h57g\sys30.exe
                    Wow64 process (32bit):true
                    Commandline:'C:\Users\user\AppData\Local\sys4h57g\sys30.exe'
                    Imagebase:0xf00000
                    File size:667136 bytes
                    MD5 hash:4C658DB84A58CE7EC0C2F2EB9F14C97C
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:.Net C# or VB.NET
                    Reputation:low

                    Analysis Process: sys30.exe PID: 7148 Parent PID: 6692

                    General

                    Start time:11:32:58
                    Start date:15/09/2021
                    Path:C:\Users\user\AppData\Local\sys4h57g\sys30.exe
                    Wow64 process (32bit):true
                    Commandline:C:\Users\user\AppData\Local\sys4h57g\sys30.exe
                    Imagebase:0xa10000
                    File size:667136 bytes
                    MD5 hash:4C658DB84A58CE7EC0C2F2EB9F14C97C
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:.Net C# or VB.NET
                    Yara matches:
                    • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.548017544.0000000007160000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.548017544.0000000007160000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.548309098.00000000071A0000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.548309098.00000000071A0000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.547346562.0000000007110000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.547346562.0000000007110000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.547488782.0000000007120000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.547488782.0000000007120000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.544723026.0000000006020000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.544723026.0000000006020000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.544723026.0000000006020000.00000004.00020000.sdmp, Author: Joe Security
                    • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.548094902.0000000007170000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.548094902.0000000007170000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.548637500.00000000071E0000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.548637500.00000000071E0000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.548181314.0000000007180000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.548181314.0000000007180000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.534671438.0000000004281000.00000004.00000001.sdmp, Author: Joe Security
                    • Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.534671438.0000000004281000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                    • Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.529719326.0000000002E65000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                    • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.548362586.00000000071B0000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.548362586.00000000071B0000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.542686341.0000000005460000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.542686341.0000000005460000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.548245058.0000000007190000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.548245058.0000000007190000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.532584351.0000000003EE0000.00000004.00000001.sdmp, Author: Joe Security
                    • Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.532584351.0000000003EE0000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                    • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.526766087.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                    • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.526766087.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                    • Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.526766087.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                    • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.548976373.0000000007230000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.548976373.0000000007230000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.533192933.0000000004046000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                    • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.548704836.00000000071F0000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.548704836.00000000071F0000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.532722174.0000000003F1A000.00000004.00000001.sdmp, Author: Joe Security
                    • Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.532722174.0000000003F1A000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                    • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.548409517.00000000071C0000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.548409517.00000000071C0000.00000004.00020000.sdmp, Author: Florian Roth
                    • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.532165573.0000000003E11000.00000004.00000001.sdmp, Author: Joe Security
                    • Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.532165573.0000000003E11000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                    Reputation:low

                    Analysis Process: sys30s.exe PID: 776 Parent PID: 6692

                    General

                    Start time:11:33:04
                    Start date:15/09/2021
                    Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                    Wow64 process (32bit):true
                    Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                    Imagebase:0x6e0000
                    File size:78336 bytes
                    MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:.Net C# or VB.NET
                    Antivirus matches:
                    • Detection: 14%, Metadefender, Browse
                    • Detection: 11%, ReversingLabs
                    Reputation:moderate

                    Analysis Process: sys30s.exe PID: 5544 Parent PID: 776

                    General

                    Start time:11:33:07
                    Start date:15/09/2021
                    Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                    Wow64 process (32bit):true
                    Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                    Imagebase:0xf90000
                    File size:78336 bytes
                    MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:.Net C# or VB.NET
                    Reputation:moderate

                    Analysis Process: sys30s.exe PID: 6980 Parent PID: 6692

                    General

                    Start time:11:33:12
                    Start date:15/09/2021
                    Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                    Wow64 process (32bit):true
                    Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                    Imagebase:0x830000
                    File size:78336 bytes
                    MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:.Net C# or VB.NET
                    Reputation:moderate

                    Analysis Process: sys30s.exe PID: 1676 Parent PID: 6980

                    General

                    Start time:11:33:16
                    Start date:15/09/2021
                    Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                    Wow64 process (32bit):true
                    Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                    Imagebase:0xc80000
                    File size:78336 bytes
                    MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:.Net C# or VB.NET

                    Analysis Process: sys30s.exe PID: 2968 Parent PID: 6692

                    General

                    Start time:11:33:20
                    Start date:15/09/2021
                    Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                    Wow64 process (32bit):true
                    Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                    Imagebase:0x790000
                    File size:78336 bytes
                    MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:.Net C# or VB.NET

                    Analysis Process: sys30s.exe PID: 2272 Parent PID: 2968

                    General

                    Start time:11:33:22
                    Start date:15/09/2021
                    Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                    Wow64 process (32bit):true
                    Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                    Imagebase:0xcb0000
                    File size:78336 bytes
                    MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:.Net C# or VB.NET

                    Analysis Process: sys30s.exe PID: 5840 Parent PID: 6692

                    General

                    Start time:11:33:27
                    Start date:15/09/2021
                    Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                    Wow64 process (32bit):true
                    Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                    Imagebase:0xc20000
                    File size:78336 bytes
                    MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:.Net C# or VB.NET

                    Analysis Process: sys30s.exe PID: 6324 Parent PID: 5840

                    General

                    Start time:11:33:29
                    Start date:15/09/2021
                    Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                    Wow64 process (32bit):true
                    Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                    Imagebase:0x1c0000
                    File size:78336 bytes
                    MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:.Net C# or VB.NET

                    Analysis Process: sys30s.exe PID: 7024 Parent PID: 6692

                    General

                    Start time:11:33:35
                    Start date:15/09/2021
                    Path:C:\Users\user\AppData\Local\Temp\sys30s.exe
                    Wow64 process (32bit):true
                    Commandline:'C:\Users\user\AppData\Local\Temp\sys30s.exe'
                    Imagebase:0x4f0000
                    File size:78336 bytes
                    MD5 hash:0E362E7005823D0BEC3719B902ED6D62
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:.Net C# or VB.NET

                    Disassembly

                    Code Analysis

                    Reset < >