Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report njw.exe

Overview

General Information

Sample Name:njw.exe
Analysis ID:511823
MD5:3f91f84924d1db7ace9ad307fcae35d1
SHA1:50e790e2b3324c1b3805916c5a3c323ed8a7305f
SHA256:a0254e8580186ca146fcc6082a6110888ac0cc3c7f733e760ad7a655bd2a0503
Infos:

Most interesting Screenshot:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Tries to steal Mail credentials (via file registry)
Machine Learning detection for sample
PE file has nameless sections
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to query locales information (e.g. system language)
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Found potential string decryption / allocating functions
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Uses the system / local time for branch decision (may execute only at specific dates)
IP address seen in connection with other malware
Abnormal high CPU Usage
Creates a DirectInput object (often for capturing keystrokes)
Queries information about the installed CPU (vendor, model number etc)
PE file contains an invalid checksum
PE file contains strange resources
Allocates memory with a write watch (potentially for evading sandboxes)
Uses a known web browser user agent for HTTP communication
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Installs a global mouse hook
Found evaded block containing many API calls
PE file contains more sections than normal
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • njw.exe (PID: 7120 cmdline: 'C:\Users\user\Desktop\njw.exe' MD5: 3F91F84924D1DB7ACE9AD307FCAE35D1)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.931984957.0000000000401000.00000004.00020000.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    0.2.njw.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

      Sigma Overview

      No Sigma rule has matched

      Jbx Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Multi AV Scanner detection for submitted fileShow sources
      Source: njw.exeVirustotal: Detection: 11%Perma Link
      Machine Learning detection for sampleShow sources
      Source: njw.exeJoe Sandbox ML: detected
      Source: njw.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, DEBUG_STRIPPED, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI, RELOCS_STRIPPED
      Source: unknownHTTPS traffic detected: 87.250.251.119:443 -> 192.168.2.4:49791 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 87.250.251.119:443 -> 192.168.2.4:49790 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 88.212.201.198:443 -> 192.168.2.4:49792 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 88.212.201.198:443 -> 192.168.2.4:49793 version: TLS 1.2
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0068FDFC FindFirstFileA,
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0068D8ED FindFirstFileA,GetTempPathA,DeleteFileA,FindNextFileA,
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: Joe Sandbox ViewIP Address: 88.212.201.198 88.212.201.198
      Source: Joe Sandbox ViewIP Address: 87.250.251.119 87.250.251.119
      Source: global trafficHTTP traffic detected: GET /metrika/watch.js HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.ru
      Source: global trafficHTTP traffic detected: GET /hit;counter1?r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/secondpage.html;0.5443641556055339 HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: counter.yadro.ru
      Source: global trafficHTTP traffic detected: GET /metrika/watch.js HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.ru
      Source: global trafficHTTP traffic detected: GET /hit;counter1?r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/firstpage.html;0.34476715437082456 HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: counter.yadro.ru
      Source: global trafficHTTP traffic detected: GET /hit;counter1?q;r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/firstpage.html;0.34476715437082456 HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: counter.yadro.ruCookie: FTID=1XV1Xy3Wb9uB1XV1Xy001EiW
      Source: global trafficHTTP traffic detected: GET /hit;counter1?q;r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/secondpage.html;0.5443641556055339 HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: counter.yadro.ruCookie: FTID=1XV1Xy3Wb9uB1XV1Xy001Ei9
      Source: global trafficHTTP traffic detected: GET /watch/14153041?callback=_ymjsp303195921&page-url=http%3A%2F%2Fwww.all-bearings.narod.ru%2Fsecondpage.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A9ezyymqkmijljhdjn%3Afp%3A1976%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A680%3Acn%3A1%3Adp%3A0%3Als%3A1156845228070%3Ahid%3A271984739%3Az%3A120%3Ai%3A202101029175118%3Aet%3A1635522678%3Ac%3A1%3Arn%3A1015963535%3Au%3A1635522678322622628%3Aw%3A148x55%3As%3A1280x1024x32%3Aifr%3A1%3Aj%3A1%3Ans%3A1635522674734%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C128%2C0%2C1973%2C1975%2C0%2C1973%3Aco%3A0%3Arqnl%3A1%3Ast%3A1635522680%3At%3AHTTP%20404%20Resource%20not%20found&t=gdpr(14)ti(3)&wmode=5 HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /watch/14153041?callback=_ymjsp355627947&page-url=http%3A%2F%2Fwww.all-bearings.narod.ru%2Ffirstpage.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A9ezyymqkmijljhdjn%3Afp%3A1930%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A680%3Acn%3A1%3Adp%3A0%3Als%3A732524701665%3Ahid%3A87010386%3Az%3A120%3Ai%3A202101029175120%3Aet%3A1635522680%3Ac%3A1%3Arn%3A244404675%3Au%3A1635522678322622628%3Aw%3A148x47%3As%3A1280x1024x32%3Aifr%3A1%3Aj%3A1%3Ans%3A1635522674781%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C155%2C0%2C2520%2C2521%2C0%2C2520%3Aco%3A0%3Arqnl%3A1%3Ast%3A1635522681%3At%3AHTTP%20404%20Resource%20not%20found&t=gdpr(14)ti(3)&wmode=5 HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /metrika/advert.gif?t=ti(4) HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /watch/14153041/1?callback=_ymjsp303195921&page-url=http%3A%2F%2Fwww.all-bearings.narod.ru%2Fsecondpage.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A9ezyymqkmijljhdjn%3Afp%3A1976%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A680%3Acn%3A1%3Adp%3A0%3Als%3A1156845228070%3Ahid%3A271984739%3Az%3A120%3Ai%3A202101029175118%3Aet%3A1635522678%3Ac%3A1%3Arn%3A1015963535%3Au%3A1635522678322622628%3Aw%3A148x55%3As%3A1280x1024x32%3Aifr%3A1%3Aj%3A1%3Ans%3A1635522674734%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C128%2C0%2C1973%2C1975%2C0%2C1973%3Aco%3A0%3Arqnl%3A1%3Ast%3A1635522680%3At%3AHTTP%20404%20Resource%20not%20found&t=gdpr%2814%29ti%283%29&wmode=5 HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-AliveCookie: yandexuid=847304281635522680; i=vL1T7ICVuHRXpyNPzwMzlaKjl/D94ryPalEPO4xIx2pX5AZpVtBfDP0muIercdmDCjCbNqUK2tSOHbHUPiY/6ZY1euA=; ymex=1667058680.yrts.1635522680#1667058680.yrtsi.1635522680; yabs-sid=2327043721635522680
      Source: global trafficHTTP traffic detected: GET /watch/14153041/1?callback=_ymjsp355627947&page-url=http%3A%2F%2Fwww.all-bearings.narod.ru%2Ffirstpage.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A9ezyymqkmijljhdjn%3Afp%3A1930%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A680%3Acn%3A1%3Adp%3A0%3Als%3A732524701665%3Ahid%3A87010386%3Az%3A120%3Ai%3A202101029175120%3Aet%3A1635522680%3Ac%3A1%3Arn%3A244404675%3Au%3A1635522678322622628%3Aw%3A148x47%3As%3A1280x1024x32%3Aifr%3A1%3Aj%3A1%3Ans%3A1635522674781%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C155%2C0%2C2520%2C2521%2C0%2C2520%3Aco%3A0%3Arqnl%3A1%3Ast%3A1635522681%3At%3AHTTP%20404%20Resource%20not%20found&t=gdpr%2814%29ti%283%29&wmode=5 HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-AliveCookie: yandexuid=3723159021635522681; i=yROKAQCkQEDp/MhTCtujtSWzFSx7PgG/2QZgPGeQuaYkCYGk4Lr5g33sdF0NzFWf3pPBk9Yj1OF7cHnVzZMM+SWO+Mc=; ymex=1667058681.yrts.1635522681#1667058681.yrtsi.1635522681; yabs-sid=702787781635522681
      Source: global trafficHTTP traffic detected: GET /metrika/advert.gif?t=ti(4) HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /secondpage.html HTTP/1.1Accept: */*Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.all-bearings.narod.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /firstpage.html HTTP/1.1Accept: */*Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.all-bearings.narod.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /hit;counter1?r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/firstpage.html;0.34476715437082456 HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: counter.yadro.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /metrika/watch.js HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /metrika/watch.js HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /hit;counter1?r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/secondpage.html;0.5443641556055339 HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: counter.yadro.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /.s/img/err/button.png HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.all-bearings.narod.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /.s/img/err/404-header-line.gif HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.all-bearings.narod.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /.s/img/err/404-arrow.png HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.all-bearings.narod.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /.s/img/err/404-logo.png HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.all-bearings.narod.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /.s/img/err/404.png HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.all-bearings.narod.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /.s/img/err/button.png HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.all-bearings.narod.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /.s/img/err/404-header-line.gif HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.all-bearings.narod.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /.s/img/err/404-logo.png HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.all-bearings.narod.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /.s/img/err/404-arrow.png HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.all-bearings.narod.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /.s/img/err/404.png HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.all-bearings.narod.ruConnection: Keep-Alive
      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Oct 2021 15:51:16 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveKeep-Alive: timeout=15ETag: W/"611e66ad-1ad5"Content-Encoding: gzipData Raw: 61 30 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9d 59 fb 6f db 38 12 fe 3d 7f 05 ab e0 60 bb 89 25 bf 92 a6 7e 15 6d da c5 2e 90 6e 7b bb e9 1d 8a a2 28 68 89 b6 d8 48 a2 4a 52 71 bc d9 fc ef 37 43 ea 65 5b 4e ba 67 a1 91 c4 c7 70 e6 9b 99 8f 43 75 fa ec ed 87 cb eb cf 1f df 91 50 c7 d1 fc 68 5a dc 18 0d e6 47 04 7e d3 98 69 0a bd 3a ed b2 1f 19 bf 9d 39 be 48 34 4b 74 57 6f 52 e6 90 fc 6d e6 68 76 a7 3d 9c 3e 21 7e 48 a5 62 7a 96 e9 65 f7 c2 21 5e 2e 49 73 1d b1 f9 af d7 d7 1f c9 a8 37 22 7f 30 25 32 e9 33 92 08 4d 96 22 4b 82 a9 67 87 1c 4d 95 de 44 8c e0 0a b9 60 5f 29 67 7e b4 10 c1 86 dc c7 54 ae 78 32 26 bd 09 49 69 10 f0 64 65 9e 17 d4 bf 59 49 94 33 26 c7 cb e5 72 02 42 13 3d 26 fd 41 7a e7 0d e0 0f 69 fd 87 c9 80 26 b4 05 2a 8a 48 48 18 77 7e 81 d7 e4 c1 8a a6 e4 be e8 18 0e e8 c0 07 19 b8 7a 37 60 be 90 54 73 01 ab 82 7c 26 23 9e b0 72 d2 38 14 b7 4c 92 fb bd a1 89 30 a3 74 70 4a 78 92 66 fa 94 28 16 31 1f ee 38 94 4a 06 eb 55 3a 92 a7 95 74 fd 88 51 58 c9 dc c6 64 21 74 68 5a ad 0f c8 fd 9a 07 3a 1c 93 17 c3 b3 f4 6e 42 0a 9c 68 a6 05 0c f3 9e 77 f3 1f 7a 97 49 fb fc dc 3b 3a b6 ef e4 3e 64 7c 15 82 36 67 66 7a 1d cf 4c 46 6d cf 55 1e 8f 57 1e 93 d2 03 ff 15 52 10 0a 77 c5 97 1d 22 59 ca a8 ee de 91 1e f8 17 24 3c 1c 1d 47 62 25 c0 c6 48 50 10 1b b1 a5 ae b4 aa 7b 6f 70 9e e2 ac 1e 36 e6 36 8c 86 a8 43 a1 d1 e0 45 4d 1e a0 16 70 95 46 74 03 10 44 c2 bf a9 c7 01 79 89 f3 0e 0b 21 e8 2b 50 68 3d 26 21 0f 02 96 40 4b a6 d1 88 dc 5f d6 e3 1c bc 8c 8e e9 be 84 df 2e 1a 18 5d 8d 90 a0 7a 6e 9a ac 3a 20 aa 6b e1 20 3e c8 01 70 ed 0d bd a5 b8 66 5d 1f 9c af 59 09 8d 44 0d 2b 6c ea 78 3c 62 ea 99 19 d5 37 de ca e3 a8 8f b1 7e 7e 20 8c 5e f8 3d 36 f8 49 53 a8 94 62 bd 6b 0b 7a 90 f4 ad 6f ab 70 aa ff 20 9c aa 8e 98 f2 a4 d6 71 8c ef e4 be 34 e0 ac 67 f4 3f 33 66 20 32 66 bc 59 63 3b 64 72 6f f6 cf 71 65 eb 1f 1a f1 15 00 55 a1 0a 7a 0b 69 e8 a3 cc a9 0b c4 62 d4 8c c5 0b b6 18 05 83 72 a2 2f 02 56 11 4b df 2a 36 b0 8a 95 cb db b4 28 a2 e9 fc fc 27 92 64 07 40 5c 2f a5 2b 06 8c 67 08 af 54 75 84 aa f6 0e a9 8a d7 de 54 9a 13 8e 96 34 51 4b 21 63 50 20 4d 99 f4 a9 62 4d 76 1a 70 4d 9c 35 a3 3b 7a b9 45 1a 26 fa c8 85 f5 75 7d 72 38 dc 62 e0 1a c7 22 e0 4d 06 0c 86 78 95 62 4a b6 6a 62 82 fe b0 8c fc dd f1 59 54 4d 19 96 91 0f 19 8a 6a d7 37 82 88 2b dd 35 3b 48 49 c1 c7 0a 08 d3 0f c9 3d e6 9f 79 5c 0b 19 94 84 39 7c d1 db 16 42 b6 5c 3d 30 bd c8 11 dd ed a6 1d e6 58 80 4c 06 16 43 12 12 25 22 1e 90 63 7f 89 57 d1 d5 95 34 e0 99 1a 5b f1 40 44 9a fb 34 2a 82 39 06 3e 8a 8c a3 ad 8a 6a 11 3f 1a 20 a5 2e 03 94 56 a0 7d 36 a2 41 b9 71 a9 90 06 48 75 3d a3 13 fe b3 3b 63 cd 52 23 15 37 1e 6b 52 93 0d 43 bc c8 33 1e a7 90 62 34 d1 cd e6 6c d1 0a bb c0 6b 2f 25 16 99 d6 22 b1 59 51 6c 17 a0 7a 26 15 ea 9e 0a 6
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Oct 2021 15:51:16 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveKeep-Alive: timeout=15ETag: W/"611e66ad-1ad5"Content-Encoding: gzipData Raw: 61 30 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9d 59 fb 6f db 38 12 fe 3d 7f 05 ab e0 60 bb 89 25 bf 92 a6 7e 15 6d da c5 2e 90 6e 7b bb e9 1d 8a a2 28 68 89 b6 d8 48 a2 4a 52 71 bc d9 fc ef 37 43 ea 65 5b 4e ba 67 a1 91 c4 c7 70 e6 9b 99 8f 43 75 fa ec ed 87 cb eb cf 1f df 91 50 c7 d1 fc 68 5a dc 18 0d e6 47 04 7e d3 98 69 0a bd 3a ed b2 1f 19 bf 9d 39 be 48 34 4b 74 57 6f 52 e6 90 fc 6d e6 68 76 a7 3d 9c 3e 21 7e 48 a5 62 7a 96 e9 65 f7 c2 21 5e 2e 49 73 1d b1 f9 af d7 d7 1f c9 a8 37 22 7f 30 25 32 e9 33 92 08 4d 96 22 4b 82 a9 67 87 1c 4d 95 de 44 8c e0 0a b9 60 5f 29 67 7e b4 10 c1 86 dc c7 54 ae 78 32 26 bd 09 49 69 10 f0 64 65 9e 17 d4 bf 59 49 94 33 26 c7 cb e5 72 02 42 13 3d 26 fd 41 7a e7 0d e0 0f 69 fd 87 c9 80 26 b4 05 2a 8a 48 48 18 77 7e 81 d7 e4 c1 8a a6 e4 be e8 18 0e e8 c0 07 19 b8 7a 37 60 be 90 54 73 01 ab 82 7c 26 23 9e b0 72 d2 38 14 b7 4c 92 fb bd a1 89 30 a3 74 70 4a 78 92 66 fa 94 28 16 31 1f ee 38 94 4a 06 eb 55 3a 92 a7 95 74 fd 88 51 58 c9 dc c6 64 21 74 68 5a ad 0f c8 fd 9a 07 3a 1c 93 17 c3 b3 f4 6e 42 0a 9c 68 a6 05 0c f3 9e 77 f3 1f 7a 97 49 fb fc dc 3b 3a b6 ef e4 3e 64 7c 15 82 36 67 66 7a 1d cf 4c 46 6d cf 55 1e 8f 57 1e 93 d2 03 ff 15 52 10 0a 77 c5 97 1d 22 59 ca a8 ee de 91 1e f8 17 24 3c 1c 1d 47 62 25 c0 c6 48 50 10 1b b1 a5 ae b4 aa 7b 6f 70 9e e2 ac 1e 36 e6 36 8c 86 a8 43 a1 d1 e0 45 4d 1e a0 16 70 95 46 74 03 10 44 c2 bf a9 c7 01 79 89 f3 0e 0b 21 e8 2b 50 68 3d 26 21 0f 02 96 40 4b a6 d1 88 dc 5f d6 e3 1c bc 8c 8e e9 be 84 df 2e 1a 18 5d 8d 90 a0 7a 6e 9a ac 3a 20 aa 6b e1 20 3e c8 01 70 ed 0d bd a5 b8 66 5d 1f 9c af 59 09 8d 44 0d 2b 6c ea 78 3c 62 ea 99 19 d5 37 de ca e3 a8 8f b1 7e 7e 20 8c 5e f8 3d 36 f8 49 53 a8 94 62 bd 6b 0b 7a 90 f4 ad 6f ab 70 aa ff 20 9c aa 8e 98 f2 a4 d6 71 8c ef e4 be 34 e0 ac 67 f4 3f 33 66 20 32 66 bc 59 63 3b 64 72 6f f6 cf 71 65 eb 1f 1a f1 15 00 55 a1 0a 7a 0b 69 e8 a3 cc a9 0b c4 62 d4 8c c5 0b b6 18 05 83 72 a2 2f 02 56 11 4b df 2a 36 b0 8a 95 cb db b4 28 a2 e9 fc fc 27 92 64 07 40 5c 2f a5 2b 06 8c 67 08 af 54 75 84 aa f6 0e a9 8a d7 de 54 9a 13 8e 96 34 51 4b 21 63 50 20 4d 99 f4 a9 62 4d 76 1a 70 4d 9c 35 a3 3b 7a b9 45 1a 26 fa c8 85 f5 75 7d 72 38 dc 62 e0 1a c7 22 e0 4d 06 0c 86 78 95 62 4a b6 6a 62 82 fe b0 8c fc dd f1 59 54 4d 19 96 91 0f 19 8a 6a d7 37 82 88 2b dd 35 3b 48 49 c1 c7 0a 08 d3 0f c9 3d e6 9f 79 5c 0b 19 94 84 39 7c d1 db 16 42 b6 5c 3d 30 bd c8 11 dd ed a6 1d e6 58 80 4c 06 16 43 12 12 25 22 1e 90 63 7f 89 57 d1 d5 95 34 e0 99 1a 5b f1 40 44 9a fb 34 2a 82 39 06 3e 8a 8c a3 ad 8a 6a 11 3f 1a 20 a5 2e 03 94 56 a0 7d 36 a2 41 b9 71 a9 90 06 48 75 3d a3 13 fe b3 3b 63 cd 52 23 15 37 1e 6b 52 93 0d 43 bc c8 33 1e a7 90 62 34 d1 cd e6 6c d1 0a bb c0 6b 2f 25 16 99 d6 22 b1 59 51 6c 17 a0 7a 26 15 ea 9e 0a 6
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpString found in binary or memory: <li><a href="http://www.facebook.com/ucoz.web.builder" target="_blank">Facebook</a></li> equals www.facebook.com (Facebook)
      Source: njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpString found in binary or memory: Phttp://www.facebook.com/ucoz.web.builder75.1 equals www.facebook.com (Facebook)
      Source: njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpString found in binary or memory: Phttp://www.facebook.com/ucoz.web.builderhtml equals www.facebook.com (Facebook)
      Source: njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpString found in binary or memory: http://www.facebook.com/ucoz.web.builder equals www.facebook.com (Facebook)
      Source: njw.exe, 00000000.00000002.936889233.000000000B821000.00000004.00000001.sdmpString found in binary or memory: http://www.facebook.com/ucoz.web.builder7 equals www.facebook.com (Facebook)
      Source: njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpString found in binary or memory: http://www.facebook.com/ucoz.web.buildert equals www.facebook.com (Facebook)
      Source: njw.exe, 00000000.00000002.934975035.0000000006A40000.00000004.00000001.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
      Source: njw.exe, 00000000.00000002.934975035.0000000006A40000.00000004.00000001.sdmpString found in binary or memory: www.facebook.comi equals www.facebook.com (Facebook)
      Source: njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpString found in binary or memory: http://book.ucoz.com
      Source: njw.exe, 00000000.00000002.936865761.000000000B811000.00000004.00000001.sdmpString found in binary or memory: http://book.ucoz.com/
      Source: njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpString found in binary or memory: http://counter.yadro.ru/
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpString found in binary or memory: http://counter.yadro.ru/hit;counter1?r
      Source: njw.exe, 00000000.00000002.935239138.0000000006A8C000.00000004.00000001.sdmpString found in binary or memory: http://counter.yadro.ru/hit;counter1?r;s1280
      Source: njw.exe, 00000000.00000003.754055959.000000000B75B000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmp, njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpString found in binary or memory: http://faq.ucoz.com/
      Source: njw.exe, 00000000.00000002.936865761.000000000B811000.00000004.00000001.sdmpString found in binary or memory: http://faq.ucoz.com/iCy
      Source: njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpString found in binary or memory: http://faq.ucoz.com/z
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmp, njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpString found in binary or memory: http://forum.ucoz.com/
      Source: njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpString found in binary or memory: http://forum.ucoz.com/)
      Source: njw.exe, 00000000.00000002.936889233.000000000B821000.00000004.00000001.sdmpString found in binary or memory: http://forum.ucoz.com/r4r
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmp, njw.exe, 00000000.00000002.935452329.0000000006ADC000.00000004.00000001.sdmpString found in binary or memory: http://google.com/search
      Source: njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpString found in binary or memory: http://google.com/searchb
      Source: njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpString found in binary or memory: http://google.com/searchr-c
      Source: njw.exeString found in binary or memory: http://madExcept.com
      Source: njw.exe, 00000000.00000002.931984957.0000000000401000.00000004.00020000.sdmpString found in binary or memory: http://madExcept.comU
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmp, njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmp, njw.exe, 00000000.00000002.936889233.000000000B821000.00000004.00000001.sdmpString found in binary or memory: http://top.ucoz.com/
      Source: njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpString found in binary or memory: http://top.ucoz.com/Ita
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmp, njw.exe, 00000000.00000002.936702634.000000000B7B1000.00000004.00000001.sdmpString found in binary or memory: http://ucoz.com
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpString found in binary or memory: http://ucoz.com/register/
      Source: njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpString found in binary or memory: http://ucoz.com/register/n:
      Source: njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpString found in binary or memory: http://ucoz.com/register/x;Z
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpString found in binary or memory: http://ucoz.com/register/~
      Source: njw.exe, 00000000.00000002.934975035.0000000006A40000.00000004.00000001.sdmpString found in binary or memory: http://ucoz.com/s
      Source: njw.exe, 00000000.00000002.935016714.0000000006A58000.00000004.00000001.sdmpString found in binary or memory: http://ucoz.com:
      Source: njw.exe, 00000000.00000002.935016714.0000000006A58000.00000004.00000001.sdmpString found in binary or memory: http://ucoz.comN
      Source: njw.exe, 00000000.00000002.934808825.00000000067D8000.00000004.00000001.sdmpString found in binary or memory: http://w3.o
      Source: njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.
      Source: njw.exe, 00000000.00000002.935353424.0000000006AA7000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.d
      Source: njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.naro:
      Source: njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod
      Source: njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.r
      Source: njw.exeString found in binary or memory: http://www.all-bearings.narod.ru
      Source: njw.exe, 00000000.00000002.935452329.0000000006ADC000.00000004.00000001.sdmp, njw.exe, 00000000.00000002.934046409.0000000004004000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/
      Source: njw.exe, 00000000.00000002.936702634.000000000B7B1000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/$
      Source: njw.exe, 00000000.00000003.754245026.0000000006B19000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-arrow.png
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-arrow.png$yE
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-arrow.png4yU
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-arrow.pngDye
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-arrow.pngDze
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-arrow.pngTDu
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-arrow.pngg
      Source: njw.exe, 00000000.00000002.936702634.000000000B7B1000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-arrow.pngu
      Source: njw.exe, 00000000.00000003.754055959.000000000B75B000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-arrow.pngx
      Source: njw.exe, 00000000.00000002.932325468.0000000000948000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-arrow.pngz
      Source: njw.exe, 00000000.00000003.754055959.000000000B75B000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-header-line.gif
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmp, njw.exe, 00000000.00000002.936684119.000000000B79C000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-header-line.gif...
      Source: njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-header-line.gif.dll
      Source: njw.exe, 00000000.00000002.935452329.0000000006ADC000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-header-line.gifQ
      Source: njw.exe, 00000000.00000002.935452329.0000000006ADC000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-header-line.gifT
      Source: njw.exe, 00000000.00000002.935452329.0000000006ADC000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-header-line.gifW
      Source: njw.exe, 00000000.00000003.754332572.000000000B7CE000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-header-line.gifY
      Source: njw.exe, 00000000.00000002.935452329.0000000006ADC000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-header-line.gifg
      Source: njw.exe, 00000000.00000003.754055959.000000000B75B000.00000004.00000001.sdmp, njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-logo.png
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-logo.png$zE
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-logo.png4
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-logo.png4DU
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-logo.pngD
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-logo.pngTzu
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-logo.pngd
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-logo.pngdD
      Source: njw.exe, 00000000.00000002.935452329.0000000006ADC000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404-logo.pngt
      Source: njw.exe, 00000000.00000003.754088792.000000000B79C000.00000004.00000001.sdmp, njw.exe, 00000000.00000002.935383674.0000000006AAD000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404.png
      Source: njw.exe, 00000000.00000002.935353424.0000000006AA7000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404.png07
      Source: njw.exe, 00000000.00000003.754088792.000000000B79C000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404.png?X
      Source: njw.exe, 00000000.00000002.935353424.0000000006AA7000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404.pngB7
      Source: njw.exe, 00000000.00000002.934975035.0000000006A40000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404.pngg/
      Source: njw.exe, 00000000.00000002.935353424.0000000006AA7000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/404.pngv6
      Source: njw.exe, 00000000.00000003.754332572.000000000B7CE000.00000004.00000001.sdmp, njw.exe, 00000000.00000002.935452329.0000000006ADC000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/button.png
      Source: njw.exe, 00000000.00000003.754316994.000000000B7B1000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/button.png&
      Source: njw.exe, 00000000.00000002.934975035.0000000006A40000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/button.png-c
      Source: njw.exe, 00000000.00000003.754037157.000000000B828000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/button.png...
      Source: njw.exe, 00000000.00000002.935383674.0000000006AAD000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/button.png5?
      Source: njw.exe, 00000000.00000002.935383674.0000000006AAD000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/button.pngT8T
      Source: njw.exe, 00000000.00000003.754332572.000000000B7CE000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/button.pngX
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/button.pnges
      Source: njw.exe, 00000000.00000002.935452329.0000000006ADC000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/button.pngf
      Source: njw.exe, 00000000.00000002.935383674.0000000006AAD000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/button.pngg8g
      Source: njw.exe, 00000000.00000003.754519394.000000000B7CE000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/button.pngj
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/.s/img/err/button.pngt
      Source: njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/B
      Source: njw.exe, 00000000.00000002.935452329.0000000006ADC000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/F
      Source: njw.exe, 00000000.00000002.935655115.0000000006B19000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/firstpage.html
      Source: njw.exe, 00000000.00000002.932520416.00000000009F9000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/firstpage.html-bearings.narod.ru/firstpage.html...
      Source: njw.exe, 00000000.00000002.932520416.00000000009F9000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/firstpage.html...
      Source: njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/firstpage.html/
      Source: njw.exe, 00000000.00000002.936702634.000000000B7B1000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/firstpage.html1
      Source: njw.exe, 00000000.00000003.754245026.0000000006B19000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/firstpage.html2
      Source: njw.exe, 00000000.00000002.940327666.000000000DF70000.00000004.00000010.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/firstpage.html4E
      Source: njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/firstpage.html7
      Source: njw.exe, 00000000.00000002.936631044.000000000B76B000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/firstpage.htmlGix
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/firstpage.htmlHIe
      Source: njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/firstpage.htmlI
      Source: njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/firstpage.htmlO
      Source: njw.exe, 00000000.00000002.934975035.0000000006A40000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/firstpage.htmlQ
      Source: njw.exe, 00000000.00000003.754245026.0000000006B19000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/firstpage.htmlU:
      Source: njw.exe, 00000000.00000003.754245026.0000000006B19000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/firstpage.htmlWK
      Source: njw.exe, 00000000.00000003.754316994.000000000B7B1000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/firstpage.htmleople
      Source: njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/firstpage.htmlg
      Source: njw.exe, 00000000.00000002.936034770.000000000A077000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/firstpage.htmlhttp://www.all-bearings.narod.ru/firstpage.html
      Source: njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/firstpage.htmlk
      Source: njw.exe, 00000000.00000003.754037157.000000000B828000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/firstpage.htmlk4y
      Source: njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/firstpage.htmly
      Source: njw.exe, 00000000.00000002.935452329.0000000006ADC000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/n
      Source: njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/secondp
      Source: njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmp, njw.exe, 00000000.00000002.940355610.000000000DF90000.00000004.00000010.sdmp, njw.exe, 00000000.00000002.935655115.0000000006B19000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/secondpage.html
      Source: njw.exe, 00000000.00000003.754245026.0000000006B19000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/secondpage.html(
      Source: njw.exe, 00000000.00000002.937283236.000000000BAF0000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/secondpage.html-Aloud
      Source: njw.exe, 00000000.00000002.932520416.00000000009F9000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/secondpage.html...
      Source: njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/secondpage.html3
      Source: njw.exe, 00000000.00000003.754088792.000000000B79C000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/secondpage.html6
      Source: njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/secondpage.htmlF
      Source: njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/secondpage.htmlK
      Source: njw.exe, 00000000.00000002.931984957.0000000000401000.00000004.00020000.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/secondpage.htmlU
      Source: njw.exe, 00000000.00000002.936631044.000000000B76B000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/secondpage.htmlX
      Source: njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/secondpage.htmlY
      Source: njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/secondpage.htmletCookies
      Source: njw.exe, 00000000.00000002.936631044.000000000B76B000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/secondpage.htmlh
      Source: njw.exe, 00000000.00000002.936009031.000000000A063000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/secondpage.htmlhttp://www.all-bearings.narod.ru/secondpage.html
      Source: njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/secondpage.htmllU
      Source: njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/secondpage.htmllq
      Source: njw.exe, 00000000.00000002.932520416.00000000009F9000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/secondpage.htmlndpage.html...rstpage.html
      Source: njw.exe, 00000000.00000002.932312200.0000000000940000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/secondpage.htmlng.pnge.gifE5
      Source: njw.exe, 00000000.00000002.932520416.00000000009F9000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/secondpage.htmlngs.narod.ru/secondpage.html
      Source: njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/secondpage.htmls
      Source: njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/secondpage.htmlsk
      Source: njw.exe, 00000000.00000003.754055959.000000000B75B000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/secondpage.htmlu6
      Source: njw.exe, 00000000.00000002.936702634.000000000B7B1000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/sl
      Source: njw.exe, njw.exe, 00000000.00000002.931984957.0000000000401000.00000004.00020000.sdmpString found in binary or memory: http://www.all-bearings.narod.ru/webhelp.html
      Source: njw.exe, 00000000.00000002.940327666.000000000DF70000.00000004.00000010.sdmpString found in binary or memory: http://www.all-bearings.narod.ruL
      Source: njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.ruc
      Source: njw.exe, 00000000.00000002.934975035.0000000006A40000.00000004.00000001.sdmpString found in binary or memory: http://www.all-bearings.narod.rud
      Source: njw.exe, 00000000.00000002.931984957.0000000000401000.00000004.00020000.sdmpString found in binary or memory: http://www.all-bearings.narod.ruopenS
      Source: njw.exe, 00000000.00000003.751994283.00000000067C9000.00000004.00000001.sdmp, njw.exe, 00000000.00000003.753243308.000000000680B000.00000004.00000001.sdmp, ga[1].js.0.drString found in binary or memory: http://www.google-analytics.com
      Source: njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpString found in binary or memory: http://www.google-analytics.com/
      Source: njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpString found in binary or memory: http://www.google-analytics.com/32
      Source: njw.exe, 00000000.00000002.935315308.0000000006A9C000.00000004.00000001.sdmpString found in binary or memory: http://www.google-analytics.com/7
      Source: njw.exe, 00000000.00000003.754245026.0000000006B19000.00000004.00000001.sdmpString found in binary or memory: http://www.google-analytics.com/__utm.gif?utmwv=5.7.2&utms=2&utmn=1625169737&utmhn=www.all-bearings.
      Source: njw.exe, 00000000.00000003.754245026.0000000006B19000.00000004.00000001.sdmpString found in binary or memory: http://www.google-analytics.com/ga.js
      Source: njw.exe, 00000000.00000003.754316994.000000000B7B1000.00000004.00000001.sdmpString found in binary or memory: http://www.google-analytics.com/ga.js)
      Source: njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpString found in binary or memory: http://www.google-analytics.com/ga.js-1002c
      Source: njw.exe, 00000000.00000003.754332572.000000000B7CE000.00000004.00000001.sdmpString found in binary or memory: http://www.google-analytics.com/ga.js021
      Source: njw.exe, 00000000.00000002.936009031.000000000A063000.00000004.00000001.sdmpString found in binary or memory: http://www.google-analytics.com/ga.jsV
      Source: njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpString found in binary or memory: http://www.google-analytics.com/ga.jscrC:
      Source: njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpString found in binary or memory: http://www.google-analytics.com/ga.jsitC:
      Source: njw.exe, 00000000.00000003.754265887.0000000006B3A000.00000004.00000001.sdmp, njw.exe, 00000000.00000003.754055959.000000000B75B000.00000004.00000001.sdmp, njw.exe, 00000000.00000003.754332572.000000000B7CE000.00000004.00000001.sdmpString found in binary or memory: http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1923535507&utmhn=www.all-bearing
      Source: njw.exe, 00000000.00000002.936009031.000000000A063000.00000004.00000001.sdmp, njw.exe, 00000000.00000002.937344665.000000000BB25000.00000004.00000001.sdmpString found in binary or memory: http://www.google-analytics.comwww.google-analytics.com
      Source: njw.exe, 00000000.00000002.938239805.000000000D9C0000.00000004.00000040.sdmpString found in binary or memory: http://www.macromedia.com
      Source: njw.exeString found in binary or memory: http://www.remserviss.ru
      Source: njw.exe, 00000000.00000002.931984957.0000000000401000.00000004.00020000.sdmpString found in binary or memory: http://www.remserviss.ruopen
      Source: njw.exe, 00000000.00000002.936854078.000000000B80E000.00000004.00000001.sdmp, njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpString found in binary or memory: http://www.ucoz.com/pricing/
      Source: njw.exe, 00000000.00000002.935353424.0000000006AA7000.00000004.00000001.sdmpString found in binary or memory: http://www.ucoz.com/pricing/.5
      Source: njw.exe, 00000000.00000002.936854078.000000000B80E000.00000004.00000001.sdmpString found in binary or memory: http://www.ucoz.com/pricing/Iy
      Source: njw.exe, 00000000.00000002.936854078.000000000B80E000.00000004.00000001.sdmp, njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmp, njw.exe, 00000000.00000002.935353424.0000000006AA7000.00000004.00000001.sdmpString found in binary or memory: http://www.ucoz.com/privacy/
      Source: njw.exe, 00000000.00000002.936854078.000000000B80E000.00000004.00000001.sdmpString found in binary or memory: http://www.ucoz.com/privacy/%y
      Source: njw.exe, 00000000.00000002.936854078.000000000B80E000.00000004.00000001.sdmpString found in binary or memory: http://www.ucoz.com/privacy/dyb
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmp, njw.exe, 00000000.00000002.936702634.000000000B7B1000.00000004.00000001.sdmpString found in binary or memory: http://www.ucoz.com/terms/
      Source: njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpString found in binary or memory: http://www.ucoz.com/terms/j
      Source: njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpString found in binary or memory: http://www.ucoz.com/terms/s
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmp, njw.exe, 00000000.00000002.936702634.000000000B7B1000.00000004.00000001.sdmpString found in binary or memory: http://www.ucoz.com/tour/
      Source: njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpString found in binary or memory: http://www.ucoz.com/tour/8a
      Source: njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpString found in binary or memory: http://www.ucoz.com/tour/px
      Source: njw.exe, 00000000.00000002.936702634.000000000B7B1000.00000004.00000001.sdmpString found in binary or memory: http://www.ucoz.com/tour/q
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpString found in binary or memory: https://counter.yadro.ru/
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpString found in binary or memory: https://counter.yadro.ru/&
      Source: njw.exe, 00000000.00000003.754332572.000000000B7CE000.00000004.00000001.sdmp, njw.exe, 00000000.00000002.935516918.0000000006AF2000.00000004.00000001.sdmpString found in binary or memory: https://counter.yadro.ru/hit;counter1?q;r;s1280
      Source: njw.exe, 00000000.00000002.935452329.0000000006ADC000.00000004.00000001.sdmpString found in binary or memory: https://counter.yadro.ru/hit;counter1?r;s1280
      Source: njw.exe, 00000000.00000003.792685337.000000000F5D7000.00000004.00000001.sdmp, njw.exe, 00000000.00000003.774568164.000000000E05A000.00000004.00000010.sdmp, njw.exe, 00000000.00000002.937010137.000000000B8DE000.00000004.00000001.sdmp, njw.exe, 00000000.00000003.756432489.000000000684E000.00000004.00000001.sdmp, watch[1].js.0.drString found in binary or memory: https://iframe-toloka.com/
      Source: njw.exe, 00000000.00000002.932520416.00000000009F9000.00000004.00000020.sdmpString found in binary or memory: https://login.live.comt
      Source: njw.exe, 00000000.00000002.935488975.0000000006AEB000.00000004.00000001.sdmpString found in binary or memory: https://mc.y
      Source: njw.exe, 00000000.00000002.936702634.000000000B7B1000.00000004.00000001.sdmpString found in binary or memory: https://mc.y0
      Source: njw.exe, 00000000.00000002.937010137.000000000B8DE000.00000004.00000001.sdmp, watch[1].js.0.drString found in binary or memory: https://mc.yandex.
      Source: njw.exe, 00000000.00000003.782452215.000000000DF16000.00000004.00000010.sdmpString found in binary or memory: https://mc.yandex.:
      Source: njw.exe, 00000000.00000002.937010137.000000000B8DE000.00000004.00000001.sdmp, watch[1].js.0.drString found in binary or memory: https://mc.yandex.md/cc
      Source: njw.exe, 00000000.00000003.789755108.000000000F548000.00000004.00000001.sdmpString found in binary or memory: https://mc.yandex.md/ccPageView.
      Source: njw.exe, 00000000.00000003.756432489.000000000684E000.00000004.00000001.sdmpString found in binary or memory: https://mc.yandex.md/ccba
      Source: njw.exe, 00000000.00000003.756492906.0000000006831000.00000004.00000001.sdmpString found in binary or memory: https://mc.yandex.pK
      Source: njw.exe, 00000000.00000002.937010137.000000000B8DE000.00000004.00000001.sdmp, njw.exe, 00000000.00000003.756432489.000000000684E000.00000004.00000001.sdmp, watch[1].js.0.drString found in binary or memory: https://s3.mds.yandex.net/internal-metrika-betas
      Source: njw.exe, 00000000.00000003.790985819.000000000F57D000.00000004.00000001.sdmpString found in binary or memory: https://s3.mds.yandex.net/internal-metrika-betasS
      Source: njw.exe, 00000000.00000002.936009031.000000000A063000.00000004.00000001.sdmp, njw.exe, 00000000.00000003.751994283.00000000067C9000.00000004.00000001.sdmp, njw.exe, 00000000.00000003.753243308.000000000680B000.00000004.00000001.sdmp, njw.exe, 00000000.00000002.937440425.000000000BB68000.00000004.00000001.sdmp, ga[1].js.0.drString found in binary or memory: https://ssl.google-analytics.com
      Source: njw.exe, 00000000.00000002.936009031.000000000A063000.00000004.00000001.sdmp, njw.exe, 00000000.00000003.751994283.00000000067C9000.00000004.00000001.sdmp, njw.exe, 00000000.00000003.753243308.000000000680B000.00000004.00000001.sdmp, ga[1].js.0.drString found in binary or memory: https://ssl.google-analytics.com/j/__utm.gif
      Source: njw.exe, 00000000.00000002.936233347.000000000A330000.00000004.00000001.sdmpString found in binary or memory: https://ssl.google-analytics.com/j/__utm.gifpN3
      Source: njw.exe, 00000000.00000002.936009031.000000000A063000.00000004.00000001.sdmp, njw.exe, 00000000.00000003.751994283.00000000067C9000.00000004.00000001.sdmp, njw.exe, 00000000.00000003.753243308.000000000680B000.00000004.00000001.sdmp, ga[1].js.0.drString found in binary or memory: https://stats.g.doubleclick.net/j/collect?
      Source: njw.exe, 00000000.00000002.936889233.000000000B821000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/
      Source: njw.exe, 00000000.00000002.935353424.0000000006AA7000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/#
      Source: njw.exe, 00000000.00000002.936889233.000000000B821000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/k4y
      Source: ga[1].js.0.drString found in binary or memory: https://www.google.%/ads/ga-audiences?
      Source: njw.exe, 00000000.00000002.936009031.000000000A063000.00000004.00000001.sdmp, njw.exe, 00000000.00000003.751994283.00000000067C9000.00000004.00000001.sdmp, njw.exe, 00000000.00000003.753243308.000000000680B000.00000004.00000001.sdmp, ga[1].js.0.drString found in binary or memory: https://www.google.com/analytics/web/inpage/pub/inpage.js?
      Source: njw.exe, 00000000.00000002.938239805.000000000D9C0000.00000004.00000040.sdmpString found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/
      Source: njw.exe, 00000000.00000002.937010137.000000000B8DE000.00000004.00000001.sdmp, njw.exe, 00000000.00000003.785521786.000000000ECC0000.00000004.00000010.sdmp, njw.exe, 00000000.00000002.940327666.000000000DF70000.00000004.00000010.sdmp, njw.exe, 00000000.00000003.756492906.0000000006831000.00000004.00000001.sdmp, watch[1].js.0.drString found in binary or memory: https://yastatic.net/s3/gdpr/popup/v2/
      Source: njw.exe, 00000000.00000003.792685337.000000000F5D7000.00000004.00000001.sdmp, njw.exe, 00000000.00000002.937010137.000000000B8DE000.00000004.00000001.sdmp, njw.exe, 00000000.00000003.756432489.000000000684E000.00000004.00000001.sdmp, watch[1].js.0.drString found in binary or memory: https://yastatic.net/s3/metrika
      Source: njw.exe, 00000000.00000003.774568164.000000000E05A000.00000004.00000010.sdmp, njw.exe, 00000000.00000002.937010137.000000000B8DE000.00000004.00000001.sdmp, watch[1].js.0.drString found in binary or memory: https://ymetrica1.com/watch/3/1
      Source: unknownDNS traffic detected: queries for: www.all-bearings.narod.ru
      Source: global trafficHTTP traffic detected: GET /metrika/watch.js HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.ru
      Source: global trafficHTTP traffic detected: GET /hit;counter1?r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/secondpage.html;0.5443641556055339 HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: counter.yadro.ru
      Source: global trafficHTTP traffic detected: GET /metrika/watch.js HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.ru
      Source: global trafficHTTP traffic detected: GET /hit;counter1?r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/firstpage.html;0.34476715437082456 HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: counter.yadro.ru
      Source: global trafficHTTP traffic detected: GET /hit;counter1?q;r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/firstpage.html;0.34476715437082456 HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: counter.yadro.ruCookie: FTID=1XV1Xy3Wb9uB1XV1Xy001EiW
      Source: global trafficHTTP traffic detected: GET /hit;counter1?q;r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/secondpage.html;0.5443641556055339 HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: counter.yadro.ruCookie: FTID=1XV1Xy3Wb9uB1XV1Xy001Ei9
      Source: global trafficHTTP traffic detected: GET /watch/14153041?callback=_ymjsp303195921&page-url=http%3A%2F%2Fwww.all-bearings.narod.ru%2Fsecondpage.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A9ezyymqkmijljhdjn%3Afp%3A1976%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A680%3Acn%3A1%3Adp%3A0%3Als%3A1156845228070%3Ahid%3A271984739%3Az%3A120%3Ai%3A202101029175118%3Aet%3A1635522678%3Ac%3A1%3Arn%3A1015963535%3Au%3A1635522678322622628%3Aw%3A148x55%3As%3A1280x1024x32%3Aifr%3A1%3Aj%3A1%3Ans%3A1635522674734%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C128%2C0%2C1973%2C1975%2C0%2C1973%3Aco%3A0%3Arqnl%3A1%3Ast%3A1635522680%3At%3AHTTP%20404%20Resource%20not%20found&t=gdpr(14)ti(3)&wmode=5 HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /watch/14153041?callback=_ymjsp355627947&page-url=http%3A%2F%2Fwww.all-bearings.narod.ru%2Ffirstpage.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A9ezyymqkmijljhdjn%3Afp%3A1930%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A680%3Acn%3A1%3Adp%3A0%3Als%3A732524701665%3Ahid%3A87010386%3Az%3A120%3Ai%3A202101029175120%3Aet%3A1635522680%3Ac%3A1%3Arn%3A244404675%3Au%3A1635522678322622628%3Aw%3A148x47%3As%3A1280x1024x32%3Aifr%3A1%3Aj%3A1%3Ans%3A1635522674781%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C155%2C0%2C2520%2C2521%2C0%2C2520%3Aco%3A0%3Arqnl%3A1%3Ast%3A1635522681%3At%3AHTTP%20404%20Resource%20not%20found&t=gdpr(14)ti(3)&wmode=5 HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /metrika/advert.gif?t=ti(4) HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /watch/14153041/1?callback=_ymjsp303195921&page-url=http%3A%2F%2Fwww.all-bearings.narod.ru%2Fsecondpage.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A9ezyymqkmijljhdjn%3Afp%3A1976%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A680%3Acn%3A1%3Adp%3A0%3Als%3A1156845228070%3Ahid%3A271984739%3Az%3A120%3Ai%3A202101029175118%3Aet%3A1635522678%3Ac%3A1%3Arn%3A1015963535%3Au%3A1635522678322622628%3Aw%3A148x55%3As%3A1280x1024x32%3Aifr%3A1%3Aj%3A1%3Ans%3A1635522674734%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C128%2C0%2C1973%2C1975%2C0%2C1973%3Aco%3A0%3Arqnl%3A1%3Ast%3A1635522680%3At%3AHTTP%20404%20Resource%20not%20found&t=gdpr%2814%29ti%283%29&wmode=5 HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-AliveCookie: yandexuid=847304281635522680; i=vL1T7ICVuHRXpyNPzwMzlaKjl/D94ryPalEPO4xIx2pX5AZpVtBfDP0muIercdmDCjCbNqUK2tSOHbHUPiY/6ZY1euA=; ymex=1667058680.yrts.1635522680#1667058680.yrtsi.1635522680; yabs-sid=2327043721635522680
      Source: global trafficHTTP traffic detected: GET /watch/14153041/1?callback=_ymjsp355627947&page-url=http%3A%2F%2Fwww.all-bearings.narod.ru%2Ffirstpage.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A9ezyymqkmijljhdjn%3Afp%3A1930%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A680%3Acn%3A1%3Adp%3A0%3Als%3A732524701665%3Ahid%3A87010386%3Az%3A120%3Ai%3A202101029175120%3Aet%3A1635522680%3Ac%3A1%3Arn%3A244404675%3Au%3A1635522678322622628%3Aw%3A148x47%3As%3A1280x1024x32%3Aifr%3A1%3Aj%3A1%3Ans%3A1635522674781%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C155%2C0%2C2520%2C2521%2C0%2C2520%3Aco%3A0%3Arqnl%3A1%3Ast%3A1635522681%3At%3AHTTP%20404%20Resource%20not%20found&t=gdpr%2814%29ti%283%29&wmode=5 HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-AliveCookie: yandexuid=3723159021635522681; i=yROKAQCkQEDp/MhTCtujtSWzFSx7PgG/2QZgPGeQuaYkCYGk4Lr5g33sdF0NzFWf3pPBk9Yj1OF7cHnVzZMM+SWO+Mc=; ymex=1667058681.yrts.1635522681#1667058681.yrtsi.1635522681; yabs-sid=702787781635522681
      Source: global trafficHTTP traffic detected: GET /metrika/advert.gif?t=ti(4) HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /secondpage.html HTTP/1.1Accept: */*Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.all-bearings.narod.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /firstpage.html HTTP/1.1Accept: */*Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.all-bearings.narod.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /hit;counter1?r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/firstpage.html;0.34476715437082456 HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: counter.yadro.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /metrika/watch.js HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /metrika/watch.js HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /hit;counter1?r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/secondpage.html;0.5443641556055339 HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: counter.yadro.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /.s/img/err/button.png HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.all-bearings.narod.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /.s/img/err/404-header-line.gif HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.all-bearings.narod.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /.s/img/err/404-arrow.png HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.all-bearings.narod.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /.s/img/err/404-logo.png HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.all-bearings.narod.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /.s/img/err/404.png HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/secondpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.all-bearings.narod.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /.s/img/err/button.png HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.all-bearings.narod.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /.s/img/err/404-header-line.gif HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.all-bearings.narod.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /.s/img/err/404-logo.png HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.all-bearings.narod.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /.s/img/err/404-arrow.png HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.all-bearings.narod.ruConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /.s/img/err/404.png HTTP/1.1Accept: */*Referer: http://www.all-bearings.narod.ru/firstpage.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.all-bearings.narod.ruConnection: Keep-Alive
      Source: unknownHTTPS traffic detected: 87.250.251.119:443 -> 192.168.2.4:49791 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 87.250.251.119:443 -> 192.168.2.4:49790 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 88.212.201.198:443 -> 192.168.2.4:49792 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 88.212.201.198:443 -> 192.168.2.4:49793 version: TLS 1.2
      Source: njw.exe, 00000000.00000002.932325468.0000000000948000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
      Source: C:\Users\user\Desktop\njw.exeWindows user hook set: 0 mouse low level C:\Windows\system32\dinput8.dll
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0042CB18 OpenClipboard,EmptyClipboard,CloseClipboard,OpenClipboard,GlobalAlloc,GlobalFix,GlobalUnWire,SetClipboardData,CloseClipboard,

      System Summary:

      barindex
      PE file has nameless sectionsShow sources
      Source: njw.exeStatic PE information: section name:
      Source: njw.exeStatic PE information: section name:
      Source: njw.exeStatic PE information: section name:
      Source: njw.exeStatic PE information: section name:
      Source: njw.exeStatic PE information: section name:
      Source: njw.exeStatic PE information: section name:
      Source: njw.exeStatic PE information: section name:
      Source: njw.exeStatic PE information: section name:
      Source: njw.exeStatic PE information: section name:
      Source: njw.exeStatic PE information: section name:
      Source: njw.exeStatic PE information: section name:
      Source: njw.exeStatic PE information: section name:
      Source: njw.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, DEBUG_STRIPPED, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI, RELOCS_STRIPPED
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_00410CCC
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_00418068
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_00412120
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_00415330
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0043F454
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_00416554
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0069251E
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_004247D8
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_004177E8
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0040D97C
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_00414938
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_00427A5C
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_00690DFF
      Source: C:\Users\user\Desktop\njw.exeCode function: String function: 00436A94 appears 46 times
      Source: C:\Users\user\Desktop\njw.exeCode function: String function: 00404C04 appears 35 times
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0040B8E8 NtdllDefWindowProc_A,WaitForSingleObject,ReleaseMutex,
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0042AC1C GetModuleHandleA,GetModuleHandleA,GetModuleHandleA,GetCurrentProcessId,GetModuleHandleA,NtQuerySystemInformation,LocalFree,LocalAlloc,LocalAlloc,NtQuerySystemInformation,GetCurrentProcessId,LocalFree,
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0043F454 NtdllDefWindowProc_A,LoadCursorA,SetCursor,NtdllDefWindowProc_A,BeginPaint,GetClientRect,GetSysColor,GetSysColor,SelectObject,GetTextExtentPoint32A,SetTextColor,GetSysColor,SetTextColor,GetSysColor,SetBkColor,TextOutA,SelectObject,EndPaint,NtdllDefWindowProc_A,InvalidateRect,NtdllDefWindowProc_A,ShellExecuteA,NtdllDefWindowProc_A,NtdllDefWindowProc_A,GetFocus,KillTimer,InvalidateRect,GetSysColor,GetSysColor,Sleep,GetSysColor,GetSysColor,GetSysColor,GetSysColor,GetSysColor,GetClientRect,PostMessageA,GetSysColor,GetSysColor,KillTimer,GetSysColor,GetSysColor,GetSysColor,GetSysColor,GetSysColor,GetSysColor,GetSysColor,GetSysColor,NtdllDefWindowProc_A,GetWindowRect,GetWindowPlacement,SetWindowPos,GetWindowPlacement,SetWindowPos,GetWindowPlacement,SetWindowPos,GetWindowPlacement,SetWindowPos,GetWindowPlacement,SetWindowPos,GetClientRect,InvalidateRect,NtdllDefWindowProc_A,
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_00427A5C GetCursorPos,ScreenToClient,IsWindowEnabled,LoadCursorA,SetCursor,NtdllDefWindowProc_A,SetCapture,ReleaseCapture,GetSysColor,GetSysColor,GetSysColor,GetSysColor,GetSysColor,GetSysColor,GetSysColor,GetSysColor,GetSysColor,GetSysColor,BeginPaint,EndPaint,SetTextColor,SetTextColor,SetTextColor,SetTextColor,GetSysColorBrush,GetClientRect,GetFocus,SetFocus,KillTimer,NtdllDefWindowProc_A,NtdllDefWindowProc_A,GetWindowRect,ScreenToClient,ScreenToClient,InflateRect,InvalidateRect,InvalidateRect,InvalidateRect,InvalidateRect,GetWindowLongA,PostMessageA,GetFocus,KillTimer,NtdllDefWindowProc_A,
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_00408BAC GetWindowLongA,GetWindowLongA,NtdllDefWindowProc_A,
      Source: C:\Users\user\Desktop\njw.exeProcess Stats: CPU usage > 98%
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
      Source: njw.exeStatic PE information: Number of sections : 12 > 10
      Source: njw.exeStatic PE information: Section: ZLIB complexity 1.0021484375
      Source: njw.exeVirustotal: Detection: 11%
      Source: C:\Users\user\Desktop\njw.exeFile read: C:\Users\user\Desktop\njw.exeJump to behavior
      Source: C:\Users\user\Desktop\njw.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
      Source: C:\Users\user\Desktop\njw.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32
      Source: C:\Users\user\Desktop\njw.exeFile created: C:\Users\user\Desktop\bugreport.txtJump to behavior
      Source: C:\Users\user\Desktop\njw.exeFile created: C:\Users\user\AppData\Local\Temp\njw.madExceptJump to behavior
      Source: classification engineClassification label: mal60.spyw.winEXE@1/17@4/3
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0068ED30 GetLastError,FormatMessageA,wsprintfA,
      Source: C:\Users\user\Desktop\njw.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
      Source: njw.exeJoe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
      Source: C:\Users\user\Desktop\njw.exeMutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$1bd0
      Source: C:\Users\user\Desktop\njw.exeMutant created: \Sessions\1\BaseNamedObjects\madToolsMsgHandlerMutex$1bd4$40ba70
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0042E204 FindResourceA,
      Source: Yara matchFile source: 0.2.njw.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 00000000.00000002.931984957.0000000000401000.00000004.00020000.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\njw.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\njw.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\njw.exeWindow found: window name: TEdit
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: njw.exeStatic file information: File size 1694802 > 1048576
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_00446FC4 push ecx; mov dword ptr [esp], edx
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_00407128 push 00407154h; ret
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0040B13C push 0040B168h; ret
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_00408184 push 004081B0h; ret
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0042A240 push 0042A26Ch; ret
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0040926C push 00409298h; ret
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_00408348 push 00408374h; ret
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_00408310 push 0040833Ch; ret
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0041331C push 00413348h; ret
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0042A3D8 push 0042A404h; ret
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_00418390 push 004183BCh; ret
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_004583B8 push ecx; mov dword ptr [esp], edx
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0042A458 push 0042A484h; ret
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0042A420 push 0042A44Ch; ret
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0042A4C8 push 0042A4F4h; ret
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0042A490 push 0042A4BCh; ret
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0042A550 push 0042A57Ch; ret
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0042A500 push 0042A52Ch; ret
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_004285B8 push ecx; mov dword ptr [esp], ecx
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_00417784 push 004177B0h; ret
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0042A8E0 push 0042A90Ch; ret
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_004098AC push ecx; mov dword ptr [esp], edx
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0041C968 push 0041C9ADh; ret
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_00423968 push 00423994h; ret
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_00409914 push ecx; mov dword ptr [esp], edx
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0041C920 push 0041C963h; ret
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0042A988 push 0042A9B4h; ret
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0040CB58 push 0040CB85h; ret
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0040CB00 push 0040CB53h; ret
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_00406DF4 push 00406E45h; ret
      Source: njw.exeStatic PE information: section name:
      Source: njw.exeStatic PE information: section name:
      Source: njw.exeStatic PE information: section name:
      Source: njw.exeStatic PE information: section name:
      Source: njw.exeStatic PE information: section name:
      Source: njw.exeStatic PE information: section name:
      Source: njw.exeStatic PE information: section name:
      Source: njw.exeStatic PE information: section name:
      Source: njw.exeStatic PE information: section name:
      Source: njw.exeStatic PE information: section name:
      Source: njw.exeStatic PE information: section name:
      Source: njw.exeStatic PE information: section name:
      Source: njw.exeStatic PE information: real checksum: 0x287c15 should be: 0x1a3590
      Source: initial sampleStatic PE information: section name: entropy: 7.97472353809
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_00429058 IsWindowEnabled,EnableWindow,CreateCompatibleDC,SelectObject,DeleteDC,GetWindowRect,GetClientRect,GetSystemMetrics,GetSystemMetrics,SetWindowPos,ShowWindow,IsIconic,ShowWindow,BringWindowToTop,SetForegroundWindow,SetTimer,GetKeyState,IsDialogMessage,TranslateMessage,DispatchMessageA,IsWindow,GetMessageA,VirtualFree,EnableWindow,SetActiveWindow,
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_004234B8 GetWindowThreadProcessId,GetCurrentProcessId,IsWindowVisible,IsIconic,GetWindowRect,OffsetRect,
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0042354C GetWindowThreadProcessId,GetCurrentProcessId,IsWindowVisible,IsIconic,GetWindowRect,OffsetRect,CreateRectRgnIndirect,CombineRgn,DeleteObject,
      Source: C:\Users\user\Desktop\njw.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\njw.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\njw.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\njw.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\njw.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\njw.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\njw.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\njw.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\njw.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\njw.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\njw.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\njw.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\njw.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\njw.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\njw.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\njw.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\njw.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0042AC1C GetModuleHandleA,GetModuleHandleA,GetModuleHandleA,GetCurrentProcessId,GetModuleHandleA,NtQuerySystemInformation,LocalFree,LocalAlloc,LocalAlloc,NtQuerySystemInformation,GetCurrentProcessId,LocalFree,
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0068A2D1 GetSystemTimeAsFileTime followed by cmp: cmp dword ptr [ebp-4ch], 03h and CTI: jnc 0068A3BEh
      Source: C:\Users\user\Desktop\njw.exeMemory allocated: 3F70000 memory reserve | memory write watch
      Source: C:\Users\user\Desktop\njw.exeMemory allocated: A110000 memory commit | memory reserve | memory write watch
      Source: C:\Users\user\Desktop\njw.exeMemory allocated: A2B0000 memory commit | memory reserve | memory write watch
      Source: C:\Users\user\Desktop\njw.exeMemory allocated: A2D0000 memory reserve | memory write watch
      Source: C:\Users\user\Desktop\njw.exeEvaded block: after key decision
      Source: C:\Users\user\Desktop\njw.exeEvaded block: after key decision
      Source: C:\Users\user\Desktop\njw.exeProcess information queried: ProcessInformation
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0068FDFC FindFirstFileA,
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0068D8ED FindFirstFileA,GetTempPathA,DeleteFileA,FindNextFileA,
      Source: C:\Users\user\Desktop\njw.exeFile Volume queried: C:\ FullSizeInformation
      Source: njw.exe, 00000000.00000003.738298118.00000000009A7000.00000004.00000001.sdmpBinary or memory string: 1&0SWD\MSRRAS\MS_AGILEVPNMINIPORTROOT\CompositeBus\0000ROOT\vdrvroot\0000ROOT\spaceport\0000ACPI\PNP0B00\4&1bd7f811&0ROOT\KDNIC\0000ACPI\PNP0303\4&1bd7f811&0USB\VID_0E0F&PID_0003&MI_01\7&1ffda586&0&0001SWD\PRINTENUM\{76EAF5AF-D6EB-4F92-BEE0-755C2D4343CA}SWD\PRINTENUM\{AD489F8D-3BDF-4E8D-B3D2-2E65A589368B}PCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&A8PCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&A9PCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&AAPCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&ABPCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&ACPCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&ADPCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&AEPCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&AFPCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&B0PCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&B1PCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&B2PCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&B3PCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&B4PCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&B5PCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&B6PCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&B7PCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&B8PCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&B9PCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&BAPCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&BBPCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&BCPCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&BDPCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&BEPCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&BFPCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&C0PCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&C1PCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&C2PCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&C3PCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&C4PCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&C5PCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&C6PCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&C7ACPI\PNP0200\4&1bd7f811&0ROOT\UMBUS\0000SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000ROOT\ACPI_HAL\0000SWD\MSRRAS\MS_NDISWANBHSWD\MSRRAS\MS_NDISWANIPPCI\VEN_15AD&DEV_1977&SUBSYS_197715AD&REV_09\4&bbf9765&0&0088ACPI_HAL\PNP0C08\0HTREE\ROOT\0ROOT\BasicRender\0000SWD\MSRRAS\MS_SSTPMINIPORTSCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000PCI\VEN_15AD&DEV_0740&SUBSYS_074015AD&REV_10\3&61aaa01&0&3FSWD\PRINTENUM\{56829D9F-AB04-4336-A25A-0504A6D184EC}ACPI\FixedButton\2&daba3ff&0PCI\VEN_8086&DEV_7110&SUBSYS_197615AD&REV_08\3&61aaa01&0&38ACPI\PNP0C02\1fHID\VID_0E0F&PID_0003&MI_00\8&1230c469&0&0000PCI\VEN_15AD&DEV_0779&SUBSYS_077915AD&REV_00\4&3b50545d&0&00B8STORAGE\Volume\{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000SWD\MMDEVAPI\{0.0.1.00000000}.{fcb8848f-2374-48ab-94
      Source: njw.exe, 00000000.00000003.738345129.000000000099F000.00000004.00000001.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&1EC51BF7&0&000000C=C
      Source: njw.exe, 00000000.00000003.738345129.000000000099F000.00000004.00000001.sdmpBinary or memory string: AS\MS_AGILEVPNMINIPORTROOT\CompositeBus\0000ROOT\vdrvroot\0000ROOT\spaceport\0000ACPI\PNP0B00\4&1bd7f811&0ROOT\KDNIC\0000ACPI\PNP0303\4&1bd7f811&0USB\VID_0E0F&PID_0003&MI_01\7&1ffda586&0&0001SWD\PRINTENUM\{76EAF5AF-D6EB-4F92-BEE0-755C2D4343CA}SWD\PRINTENUM\{AD489F8D-3BDF-4E8D-B3D2-2E65A589368B}PCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&A8PCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&A9PCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&AAPCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&ABPCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&ACPCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&ADPCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&AEPCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&AFPCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&B0PCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&B1PCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&B2PCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&B3PCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&B4PCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&B5PCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&B6PCI\VEN_8086&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&B7PCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&B8PCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&B9PCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&BAPCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&BBPCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&BCPCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&BDPCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&BEPCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&BFPCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&C0PCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&C1PCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&C2PCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&C3PCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&C4PCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&C5PCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&C6PCI\VEN_15AD&DEV_07A0&SUBSYS_07A015AD&REV_01\3&61aaa01&0&C7ACPI\PNP0200\4&1bd7f811&0ROOT\UMBUS\0000SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000ROOT\ACPI_HAL\0000SWD\MSRRAS\MS_NDISWANBHSWD\MSRRAS\MS_NDISWANIPPCI\VEN_15AD&DEV_1977&SUBSYS_197715AD&REV_09\4&bbf9765&0&0088ACPI_HAL\PNP0C08\0HTREE\ROOT\0ROOT\BasicRender\0000SWD\MSRRAS\MS_SSTPMINIPORTSCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000PCI\VEN_15AD&DEV_0740&SUBSYS_074015AD&REV_10\3&61aaa01&0&3FSWD\PRINTENUM\{56829D9F-AB04-4336-A25A-0504A6D184EC}ACPI\FixedButton\2&daba3ff&0PCI\VEN_8086&DEV_7110&SUBSYS_197615AD&REV_08\3&61aaa01&0&38ACPI\PNP0C02\1fHID\VID_0E0F&PID_0003&MI_00\8&1230c469&0&0000PCI\VEN_15AD&DEV_0779&SUBSYS_077915AD&REV_00\4&3b50545d&0&00B8STORAGE\Volume\{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000SWD\MMDEVAPI\{0.0.1.00000000}.{fcb8848f-2374-48ab-9412-fa1c511f
      Source: njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
      Source: njw.exe, 00000000.00000003.738345129.000000000099F000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
      Source: njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAWh
      Source: njw.exe, 00000000.00000003.742405334.0000000002658000.00000004.00000001.sdmp, bugreport.txt.0.drBinary or memory string: - Microsoft Hyper-V Generation Counter
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0042BA90 VirtualProtect 00000000,00000004,00607910,00607910,00000000,00000004,00000040,00607910,00000000,00000001,00000000
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0042AC1C GetModuleHandleA,GetModuleHandleA,GetModuleHandleA,GetCurrentProcessId,GetModuleHandleA,NtQuerySystemInformation,LocalFree,LocalAlloc,LocalAlloc,NtQuerySystemInformation,GetCurrentProcessId,LocalFree,
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0068EF5E SetUnhandledExceptionFilter,
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0068F6E2 EnterCriticalSection,SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0042B7EC InitializeSecurityDescriptor,SetSecurityDescriptorDacl,
      Source: njw.exe, 00000000.00000002.932618181.0000000000ED0000.00000002.00020000.sdmpBinary or memory string: Program Manager
      Source: njw.exe, 00000000.00000002.932618181.0000000000ED0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
      Source: njw.exe, 00000000.00000002.932618181.0000000000ED0000.00000002.00020000.sdmpBinary or memory string: Progman
      Source: njw.exe, 00000000.00000002.932618181.0000000000ED0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
      Source: C:\Users\user\Desktop\njw.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
      Source: C:\Users\user\Desktop\njw.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
      Source: C:\Users\user\Desktop\njw.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
      Source: C:\Users\user\Desktop\njw.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
      Source: C:\Users\user\Desktop\njw.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
      Source: C:\Users\user\Desktop\njw.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
      Source: C:\Users\user\Desktop\njw.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
      Source: C:\Users\user\Desktop\njw.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
      Source: C:\Users\user\Desktop\njw.exeQueries volume information: C:\Windows\SysWOW64\Macromed\Flash\activex.vch VolumeInformation
      Source: C:\Users\user\Desktop\njw.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
      Source: C:\Users\user\Desktop\njw.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
      Source: C:\Users\user\Desktop\njw.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,
      Source: C:\Users\user\Desktop\njw.exeCode function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,
      Source: C:\Users\user\Desktop\njw.exeCode function: GetThreadLocale,GetLocaleInfoA,
      Source: C:\Users\user\Desktop\njw.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
      Source: C:\Users\user\Desktop\njw.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
      Source: C:\Users\user\Desktop\njw.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
      Source: C:\Users\user\Desktop\njw.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1
      Source: C:\Users\user\Desktop\njw.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1
      Source: C:\Users\user\Desktop\njw.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0068A2D1 GetSystemTimeAsFileTime,SetFilePointer,ReadFile,GetSystemTimeAsFileTime,
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_0041CE14 RtlValidSecurityDescriptor,VirtualQuery,GetVersion,GetModuleHandleA,

      Stealing of Sensitive Information:

      barindex
      Tries to steal Mail credentials (via file registry)Show sources
      Source: C:\Users\user\Desktop\njw.exeCode function: EnterCriticalSection,LocalAlloc,LeaveCriticalSection, SmtpPassword
      Source: C:\Users\user\Desktop\njw.exeCode function: EnterCriticalSection,LocalAlloc,LeaveCriticalSection, SmtpPassword
      Source: C:\Users\user\Desktop\njw.exeCode function: SmtpPassword
      Source: C:\Users\user\Desktop\njw.exeCode function: 0_2_00439C00 socket,bind,htons,sendto,select,closesocket,

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsNative API1Path InterceptionProcess Injection1Masquerading1Input Capture2System Time Discovery11Remote ServicesInput Capture2Exfiltration Over Other Network MediumEncrypted Channel11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1Credentials in Registry1Security Software Discovery11Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion1Security Account ManagerVirtualization/Sandbox Evasion1SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection1NTDSProcess Discovery2Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol14SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsApplication Window Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information3Cached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing2DCSyncFile and Directory Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Information Discovery34Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      njw.exe11%VirustotalBrowse
      njw.exe4%ReversingLabs
      njw.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      SourceDetectionScannerLabelLinkDownload
      0.2.njw.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
      0.0.njw.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
      0.1.njw.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

      Domains

      SourceDetectionScannerLabelLink
      counter.yadro.ru3%VirustotalBrowse

      URLs

      SourceDetectionScannerLabelLink
      http://counter.yadro.ru/hit;counter1?r1%VirustotalBrowse
      http://counter.yadro.ru/hit;counter1?r0%Avira URL Cloudsafe
      http://www.all-bearings.narod0%Avira URL Cloudsafe
      http://counter.yadro.ru/hit;counter1?r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/secondpage.html;0.54436415560553390%Avira URL Cloudsafe
      https://counter.yadro.ru/0%Avira URL Cloudsafe
      https://mc.yandex.0%URL Reputationsafe
      https://mc.yandex.:0%Avira URL Cloudsafe
      http://www.all-bearings.narod.ruc0%Avira URL Cloudsafe
      http://www.all-bearings.narod.rud0%Avira URL Cloudsafe
      https://mc.y0%Avira URL Cloudsafe
      https://mc.y00%Avira URL Cloudsafe
      https://counter.yadro.ru/&0%Avira URL Cloudsafe
      http://www.all-bearings.narod.ruopenS0%Avira URL Cloudsafe
      https://mc.yandex.md/cc0%URL Reputationsafe
      https://mc.yandex.pK0%Avira URL Cloudsafe
      https://counter.yadro.ru/hit;counter1?q;r;s12800%Avira URL Cloudsafe
      http://w3.o0%Avira URL Cloudsafe
      http://www.remserviss.ruopen0%Avira URL Cloudsafe
      http://counter.yadro.ru/hit;counter1?r;s12800%Avira URL Cloudsafe
      https://counter.yadro.ru/hit;counter1?q;r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/firstpage.html;0.344767154370824560%Avira URL Cloudsafe
      http://www.remserviss.ru0%Avira URL Cloudsafe
      https://mc.yandex.md/ccPageView.0%Avira URL Cloudsafe
      https://iframe-toloka.com/0%Avira URL Cloudsafe
      http://www.all-bearings.d0%Avira URL Cloudsafe
      http://counter.yadro.ru/0%Avira URL Cloudsafe
      https://mc.yandex.md/ccba0%Avira URL Cloudsafe
      http://www.all-bearings.0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      mc.yandex.ru
      		87.250.251.119
      		truefalse
        		high
        counter.yadro.ru
        		88.212.201.198
        		truefalseunknown
        www-google-analytics.l.google.com
        		142.250.203.110
        		truefalse
          		high
          www.all-bearings.narod.ru
          		193.109.247.229
          		truefalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://counter.yadro.ru/hit;counter1?r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/secondpage.html;0.5443641556055339false
            • Avira URL Cloud: safe
            		unknown
            http://www.all-bearings.narod.ru/.s/img/err/404-arrow.pngfalse
              		high
              https://mc.yandex.ru/watch/14153041?callback=_ymjsp355627947&page-url=http%3A%2F%2Fwww.all-bearings.narod.ru%2Ffirstpage.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A9ezyymqkmijljhdjn%3Afp%3A1930%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A680%3Acn%3A1%3Adp%3A0%3Als%3A732524701665%3Ahid%3A87010386%3Az%3A120%3Ai%3A202101029175120%3Aet%3A1635522680%3Ac%3A1%3Arn%3A244404675%3Au%3A1635522678322622628%3Aw%3A148x47%3As%3A1280x1024x32%3Aifr%3A1%3Aj%3A1%3Ans%3A1635522674781%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C155%2C0%2C2520%2C2521%2C0%2C2520%3Aco%3A0%3Arqnl%3A1%3Ast%3A1635522681%3At%3AHTTP%20404%20Resource%20not%20found&t=gdpr(14)ti(3)&wmode=5false
                		high
                http://www.all-bearings.narod.ru/.s/img/err/404-logo.pngfalse
                  		high
                  https://mc.yandex.ru/metrika/advert.gif?t=ti(4)false
                    		high
                    http://www.all-bearings.narod.ru/.s/img/err/404.pngfalse
                      		high
                      http://www.all-bearings.narod.ru/.s/img/err/404-header-line.giffalse
                        		high
                        http://mc.yandex.ru/metrika/watch.jsfalse
                          		high
                          http://www.all-bearings.narod.ru/.s/img/err/button.pngfalse
                            		high
                            https://counter.yadro.ru/hit;counter1?q;r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/firstpage.html;0.34476715437082456false
                            • Avira URL Cloud: safe
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://counter.yadro.ru/hit;counter1?rnjw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpfalse
                            • 1%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            http://google.com/searchnjw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmp, njw.exe, 00000000.00000002.935452329.0000000006ADC000.00000004.00000001.sdmpfalse
                              		high
                              http://ucoz.com/register/x;Znjw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpfalse
                                		high
                                http://www.all-bearings.narodnjw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.all-bearings.narod.ru/secondpage.htmlngs.narod.ru/secondpage.htmlnjw.exe, 00000000.00000002.932520416.00000000009F9000.00000004.00000020.sdmpfalse
                                  		high
                                  https://twitter.com/#njw.exe, 00000000.00000002.935353424.0000000006AA7000.00000004.00000001.sdmpfalse
                                    		high
                                    http://www.all-bearings.narod.ru/.s/img/err/404-header-line.gifgnjw.exe, 00000000.00000002.935452329.0000000006ADC000.00000004.00000001.sdmpfalse
                                      		high
                                      http://www.all-bearings.narod.ru/firstpage.htmlynjw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpfalse
                                        		high
                                        http://www.macromedia.comnjw.exe, 00000000.00000002.938239805.000000000D9C0000.00000004.00000040.sdmpfalse
                                          		high
                                          http://www.all-bearings.narod.ru/Bnjw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpfalse
                                            		high
                                            http://www.ucoz.com/tour/8anjw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpfalse
                                              		high
                                              http://www.all-bearings.narod.ru/Fnjw.exe, 00000000.00000002.935452329.0000000006ADC000.00000004.00000001.sdmpfalse
                                                		high
                                                http://www.all-bearings.narod.ru/.s/img/err/404-arrow.pngDyenjw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpfalse
                                                  		high
                                                  http://www.all-bearings.narod.ru/secondpage.htmllUnjw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpfalse
                                                    		high
                                                    https://counter.yadro.ru/njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://ucoz.com/register/njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpfalse
                                                      		high
                                                      http://www.all-bearings.narod.ru/secondpage.htmllqnjw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpfalse
                                                        		high
                                                        http://faq.ucoz.com/iCynjw.exe, 00000000.00000002.936865761.000000000B811000.00000004.00000001.sdmpfalse
                                                          		high
                                                          http://www.all-bearings.narod.ru/.s/img/err/404-header-line.gifTnjw.exe, 00000000.00000002.935452329.0000000006ADC000.00000004.00000001.sdmpfalse
                                                            		high
                                                            https://mc.yandex.njw.exe, 00000000.00000002.937010137.000000000B8DE000.00000004.00000001.sdmp, watch[1].js.0.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.all-bearings.narod.ru/.s/img/err/button.pngesnjw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpfalse
                                                              		high
                                                              http://www.all-bearings.narod.ru/.s/img/err/404-header-line.gifWnjw.exe, 00000000.00000002.935452329.0000000006ADC000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://www.all-bearings.narod.ru/firstpage.htmlhttp://www.all-bearings.narod.ru/firstpage.htmlnjw.exe, 00000000.00000002.936034770.000000000A077000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  http://www.all-bearings.narod.ru/.s/img/err/404-header-line.gifYnjw.exe, 00000000.00000003.754332572.000000000B7CE000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    http://www.all-bearings.narod.ru/.s/img/err/button.png5?njw.exe, 00000000.00000002.935383674.0000000006AAD000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      http://www.all-bearings.narod.ru/.s/img/err/404.pngg/njw.exe, 00000000.00000002.934975035.0000000006A40000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        https://mc.yandex.:njw.exe, 00000000.00000003.782452215.000000000DF16000.00000004.00000010.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.all-bearings.narod.rucnjw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.all-bearings.narod.ru/.s/img/err/button.png...njw.exe, 00000000.00000003.754037157.000000000B828000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          http://www.all-bearings.narod.rudnjw.exe, 00000000.00000002.934975035.0000000006A40000.00000004.00000001.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.ucoz.com/pricing/Iynjw.exe, 00000000.00000002.936854078.000000000B80E000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            https://mc.ynjw.exe, 00000000.00000002.935488975.0000000006AEB000.00000004.00000001.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.all-bearings.narod.ru/$njw.exe, 00000000.00000002.936702634.000000000B7B1000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              https://mc.y0njw.exe, 00000000.00000002.936702634.000000000B7B1000.00000004.00000001.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://www.ucoz.com/terms/njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmp, njw.exe, 00000000.00000002.936702634.000000000B7B1000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                https://s3.mds.yandex.net/internal-metrika-betasSnjw.exe, 00000000.00000003.790985819.000000000F57D000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://www.all-bearings.narod.ru/firstpage.htmlgnjw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpfalse
                                                                                    		high
                                                                                    http://www.all-bearings.narod.ru/.s/img/err/404-arrow.png4yUnjw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpfalse
                                                                                      		high
                                                                                      https://counter.yadro.ru/&njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.all-bearings.narod.ru/.s/img/err/404-header-line.gifQnjw.exe, 00000000.00000002.935452329.0000000006ADC000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://www.all-bearings.narod.ru/.s/img/err/button.pngXnjw.exe, 00000000.00000003.754332572.000000000B7CE000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://www.all-bearings.narod.ru/.s/img/err/404.pngv6njw.exe, 00000000.00000002.935353424.0000000006AA7000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            http://www.all-bearings.narod.ru/.s/img/err/button.pngfnjw.exe, 00000000.00000002.935452329.0000000006ADC000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              http://www.all-bearings.narod.ruopenSnjw.exe, 00000000.00000002.931984957.0000000000401000.00000004.00020000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://s3.mds.yandex.net/internal-metrika-betasnjw.exe, 00000000.00000002.937010137.000000000B8DE000.00000004.00000001.sdmp, njw.exe, 00000000.00000003.756432489.000000000684E000.00000004.00000001.sdmp, watch[1].js.0.drfalse
                                                                                                		high
                                                                                                http://www.all-bearings.narod.ru/firstpage.htmlknjw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  https://yastatic.net/s3/metrikanjw.exe, 00000000.00000003.792685337.000000000F5D7000.00000004.00000001.sdmp, njw.exe, 00000000.00000002.937010137.000000000B8DE000.00000004.00000001.sdmp, njw.exe, 00000000.00000003.756432489.000000000684E000.00000004.00000001.sdmp, watch[1].js.0.drfalse
                                                                                                    		high
                                                                                                    http://www.ucoz.com/privacy/%ynjw.exe, 00000000.00000002.936854078.000000000B80E000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      https://mc.yandex.md/ccnjw.exe, 00000000.00000002.937010137.000000000B8DE000.00000004.00000001.sdmp, watch[1].js.0.drfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://www.all-bearings.narod.ru/.s/img/err/button.pngjnjw.exe, 00000000.00000003.754519394.000000000B7CE000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.all-bearings.narod.ru/secondpage.html...njw.exe, 00000000.00000002.932520416.00000000009F9000.00000004.00000020.sdmpfalse
                                                                                                          		high
                                                                                                          https://mc.yandex.pKnjw.exe, 00000000.00000003.756492906.0000000006831000.00000004.00000001.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://www.all-bearings.narod.ru/firstpage.htmleoplenjw.exe, 00000000.00000003.754316994.000000000B7B1000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            https://counter.yadro.ru/hit;counter1?q;r;s1280njw.exe, 00000000.00000003.754332572.000000000B7CE000.00000004.00000001.sdmp, njw.exe, 00000000.00000002.935516918.0000000006AF2000.00000004.00000001.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://www.all-bearings.narod.ru/.s/img/err/button.png-cnjw.exe, 00000000.00000002.934975035.0000000006A40000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.all-bearings.narod.ru/.s/img/err/404-arrow.png$yEnjw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.all-bearings.narod.ru/secondpage.html-Aloudnjw.exe, 00000000.00000002.937283236.000000000BAF0000.00000004.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://w3.onjw.exe, 00000000.00000002.934808825.00000000067D8000.00000004.00000001.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://www.remserviss.ruopennjw.exe, 00000000.00000002.931984957.0000000000401000.00000004.00020000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://www.all-bearings.narod.ru/firstpage.htmlU:njw.exe, 00000000.00000003.754245026.0000000006B19000.00000004.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://top.ucoz.com/njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmp, njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmp, njw.exe, 00000000.00000002.936889233.000000000B821000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.all-bearings.narod.ru/.s/img/err/button.pngT8Tnjw.exe, 00000000.00000002.935383674.0000000006AAD000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://counter.yadro.ru/hit;counter1?r;s1280njw.exe, 00000000.00000002.935239138.0000000006A8C000.00000004.00000001.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://www.all-bearings.narod.ru/.s/img/err/404-logo.png$zEnjw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://forum.ucoz.com/r4rnjw.exe, 00000000.00000002.936889233.000000000B821000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://ucoz.com/register/n:njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://stats.g.doubleclick.net/j/collect?njw.exe, 00000000.00000002.936009031.000000000A063000.00000004.00000001.sdmp, njw.exe, 00000000.00000003.751994283.00000000067C9000.00000004.00000001.sdmp, njw.exe, 00000000.00000003.753243308.000000000680B000.00000004.00000001.sdmp, ga[1].js.0.drfalse
                                                                                                                                		high
                                                                                                                                http://www.all-bearings.narod.ru/firstpage.html4Enjw.exe, 00000000.00000002.940327666.000000000DF70000.00000004.00000010.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://www.all-bearings.narod.runjw.exefalse
                                                                                                                                    		high
                                                                                                                                    http://www.ucoz.com/tour/pxnjw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.remserviss.runjw.exefalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      http://www.all-bearings.narod.ru/.s/img/err/button.png&njw.exe, 00000000.00000003.754316994.000000000B7B1000.00000004.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.all-bearings.narod.ru/.s/img/err/404-header-line.gif.dllnjw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://www.all-bearings.narod.ru/nnjw.exe, 00000000.00000002.935452329.0000000006ADC000.00000004.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://book.ucoz.comnjw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://mc.yandex.md/ccPageView.njw.exe, 00000000.00000003.789755108.000000000F548000.00000004.00000001.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              http://www.all-bearings.narod.ru/.s/img/err/404-arrow.pngTDunjw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://iframe-toloka.com/njw.exe, 00000000.00000003.792685337.000000000F5D7000.00000004.00000001.sdmp, njw.exe, 00000000.00000003.774568164.000000000E05A000.00000004.00000010.sdmp, njw.exe, 00000000.00000002.937010137.000000000B8DE000.00000004.00000001.sdmp, njw.exe, 00000000.00000003.756432489.000000000684E000.00000004.00000001.sdmp, watch[1].js.0.drfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                http://forum.ucoz.com/)njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://www.all-bearings.dnjw.exe, 00000000.00000002.935353424.0000000006AA7000.00000004.00000001.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://www.macromedia.com/support/flashplayer/sys/njw.exe, 00000000.00000002.938239805.000000000D9C0000.00000004.00000040.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://www.all-bearings.narod.ru/secondpage.htmlsnjw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://counter.yadro.ru/njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://mc.yandex.md/ccbanjw.exe, 00000000.00000003.756432489.000000000684E000.00000004.00000001.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      http://www.all-bearings.narod.ru/firstpage.html...njw.exe, 00000000.00000002.932520416.00000000009F9000.00000004.00000020.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://www.all-bearings.narod.ru/.s/img/err/404-logo.pngTzunjw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://twitter.com/k4ynjw.exe, 00000000.00000002.936889233.000000000B821000.00000004.00000001.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://www.all-bearings.njw.exe, 00000000.00000002.935398970.0000000006AB2000.00000004.00000001.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://www.all-bearings.narod.ru/secondpage.htmlng.pnge.gifE5njw.exe, 00000000.00000002.932312200.0000000000940000.00000004.00000020.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://forum.ucoz.com/njw.exe, 00000000.00000002.932537112.0000000000A0D000.00000004.00000020.sdmp, njw.exe, 00000000.00000002.932431127.000000000099B000.00000004.00000020.sdmpfalse
                                                                                                                                                                		high

                                                                                                                                                                Contacted IPs

                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                Public

                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                88.212.201.198
                                                                                                                                                                		counter.yadro.ruRussian Federation
                                                                                                                                                                		39134UNITEDNETRUfalse
                                                                                                                                                                87.250.251.119
                                                                                                                                                                		mc.yandex.ruRussian Federation
                                                                                                                                                                		13238YANDEXRUfalse
                                                                                                                                                                193.109.247.229
                                                                                                                                                                		www.all-bearings.narod.ruVirgin Islands (BRITISH)
                                                                                                                                                                		204343COMPUBYTE-ASRUfalse

                                                                                                                                                                General Information

                                                                                                                                                                Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                                                                Analysis ID:511823
                                                                                                                                                                Start date:29.10.2021
                                                                                                                                                                Start time:17:49:38
                                                                                                                                                                Joe Sandbox Product:CloudBasic
                                                                                                                                                                Overall analysis duration:0h 7m 6s
                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                Report type:light
                                                                                                                                                                Sample file name:njw.exe
                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                                Number of analysed new started processes analysed:15
                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                Technologies:
                                                                                                                                                                • HCA enabled
                                                                                                                                                                • EGA enabled
                                                                                                                                                                • HDC enabled
                                                                                                                                                                • AMSI enabled
                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                Detection:MAL
                                                                                                                                                                Classification:mal60.spyw.winEXE@1/17@4/3
                                                                                                                                                                EGA Information:
                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                HDC Information:
                                                                                                                                                                • Successful, ratio: 5% (good quality ratio 4.6%)
                                                                                                                                                                • Quality average: 68.6%
                                                                                                                                                                • Quality standard deviation: 30.2%
                                                                                                                                                                HCA Information:Failed
                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                • Adjust boot time
                                                                                                                                                                • Enable AMSI
                                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                                Warnings:
                                                                                                                                                                Show All
                                                                                                                                                                • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                                                                                                                                • TCP Packets have been reduced to 100
                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 23.211.6.115, 204.79.197.200, 13.107.21.200, 20.82.209.183, 142.250.203.110, 20.54.110.249, 40.91.112.76, 40.112.88.60, 80.67.82.211, 80.67.82.235, 20.82.210.154
                                                                                                                                                                • Excluded domains from analysis (whitelisted): displaycatalog-rp-uswest.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, wus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, www-bing-com.dual-a-0001.a-msedge.net, arc.trafficmanager.net, consumer-displaycatalogrp-aks2aks-uswest.md.mp.microsoft.com.akadns.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, www.google-analytics.com, www.bing.com, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, dual-a-0001.a-msedge.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                                                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                                                                                                Simulations

                                                                                                                                                                Behavior and APIs

                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                17:51:14API Interceptor956x Sleep call for process: njw.exe modified

                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                IPs

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                88.212.201.198bEzxgfoo6O.rtfGet hashmaliciousBrowse
                                                                                                                                                                  http://3ladies.suGet hashmaliciousBrowse
                                                                                                                                                                    https://u.to/r9nvGQGet hashmaliciousBrowse
                                                                                                                                                                      http://videomytube.cfGet hashmaliciousBrowse
                                                                                                                                                                        https://u.to/ofqqGAGet hashmaliciousBrowse
                                                                                                                                                                          https://xurl.es/bz56kGet hashmaliciousBrowse
                                                                                                                                                                            https://u.to/MM3SFwGet hashmaliciousBrowse
                                                                                                                                                                              https://u.to/SBTlFgGet hashmaliciousBrowse
                                                                                                                                                                                https://u.to/JGK-FgGet hashmaliciousBrowse
                                                                                                                                                                                  https://u.to/YxOpFg&umid=a2728f18-d3ff-4aef-921f-5b5203212a15&auth=0bf7e98084f3624f56880a7a00d412c1d514f34b-95e09708099e407ce94156c8921315b6f95a718eGet hashmaliciousBrowse
                                                                                                                                                                                    87.250.251.119http://www.cennikiexcel.ruGet hashmaliciousBrowse
                                                                                                                                                                                    • mc.yandex.ru/metrika/watch.js
                                                                                                                                                                                    http://An-Crimea.ruGet hashmaliciousBrowse
                                                                                                                                                                                    • mc.yandex.ru/metrika/watch.js
                                                                                                                                                                                    http://./Documents/2019-01Get hashmaliciousBrowse
                                                                                                                                                                                    • mc.yandex.ru/metrika/watch.js

                                                                                                                                                                                    Domains

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                    mc.yandex.ruOpen B024L128 .xhtmlGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    uFvG6DlSUpNCq_0a0Y3vNrYQ.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 93.158.134.119
                                                                                                                                                                                    MYUNG IN QUotation request.docxGet hashmaliciousBrowse
                                                                                                                                                                                    • 77.88.21.119
                                                                                                                                                                                    t37BGZn2O1.msiGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.250.119
                                                                                                                                                                                    Elon Musk Site CI6501 .htmGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    Elon Musk Invite EZ2375 .htmGet hashmaliciousBrowse
                                                                                                                                                                                    • 77.88.21.119
                                                                                                                                                                                    28jJSvNzXz.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    Elon Musk Club - 024705 .htmGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    Bonus Bitcoin - 065540 .htmGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.250.119
                                                                                                                                                                                    DriverPack-17-Online_749652650.1631058953__eqiqpdyx4midqk9.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.250.119
                                                                                                                                                                                    qB6P2WfUjb.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    IDWCH2.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 93.158.134.119
                                                                                                                                                                                    LJSFz5iuuf.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 93.158.134.119
                                                                                                                                                                                    OPEN AO-8820 .htmlGet hashmaliciousBrowse
                                                                                                                                                                                    • 93.158.134.119
                                                                                                                                                                                    DriverPack-17-Online_174007544.1629221836__itapkqvv6k3n1w8.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.250.119
                                                                                                                                                                                    lo3H2fUlKG.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    Setup.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    YWBLA3LR.htmGet hashmaliciousBrowse
                                                                                                                                                                                    • 93.158.134.119
                                                                                                                                                                                    J7yWiSGmFh.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.250.119
                                                                                                                                                                                    GIJ0V7s4DG.docGet hashmaliciousBrowse
                                                                                                                                                                                    • 77.88.21.119
                                                                                                                                                                                    counter.yadro.ruElon Musk Club - 024705 .htmGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.204
                                                                                                                                                                                    Bonus Bitcoin - 065540 .htmGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.210
                                                                                                                                                                                    zw0w9vn3tl.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.216
                                                                                                                                                                                    bEzxgfoo6O.rtfGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    bEzxgfoo6O.rtfGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.204
                                                                                                                                                                                    iqKNGLP6PS.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.216
                                                                                                                                                                                    Ve8rhkTls5.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.216
                                                                                                                                                                                    dPWf8DPe5x.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.216
                                                                                                                                                                                    http://browsermine.comGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.210
                                                                                                                                                                                    https://bajashpna.site/Koyo-Oil-Seal-Cross-Reference-Chart/docGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.216
                                                                                                                                                                                    https://ofd.beeline.ru/check-order/oxjsoinmqGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.210
                                                                                                                                                                                    http://barddistocor.com/mozglue.dllGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.210
                                                                                                                                                                                    http://www.2926659.ru/Get hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.216
                                                                                                                                                                                    http://www.emergys.com.mxGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.216
                                                                                                                                                                                    https://xmastertrk.com:443Get hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.204
                                                                                                                                                                                    http://3ladies.suGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    https://loptrk.comGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.204
                                                                                                                                                                                    https://u.to/r9nvGQGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    https://pdfdocdownloadspanel.site/c6092ba97dfbd305a5bbf77d7de3d86e/Assurant-Trade-In-Value-Phone/doc/capxqjxzbjGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.216
                                                                                                                                                                                    https://www.google.com/url?q=https://www.google.com/url?q%3Dhttps://www.google.com/url?q%253Dhttps%25253A%25252F%25252Ffree-porno.site%25252Fsestra-porno-komiks-incest%2526sa%253DD%2526sntz%253D1%2526usg%253DAFQjCNH31NWj_BM8nKT1IECA8pWwYU8jkQ%26amp;sa%3DD%26amp;ust%3D1600094899031000%26amp;usg%3DAOvVaw07fZ2B1xkNEovI70NLM1Sd&sa=D&ust=1600094899044000&usg=AFQjCNFDsSWFDQJ9fjo9ZnFaOp1n4lUx9gGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.216

                                                                                                                                                                                    ASN

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                    UNITEDNETRUzCS6X4TGYbGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.199.3
                                                                                                                                                                                    Elon Musk Club - 024705 .htmGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.204
                                                                                                                                                                                    Bonus Bitcoin - 065540 .htmGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.210
                                                                                                                                                                                    zw0w9vn3tl.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.216
                                                                                                                                                                                    bEzxgfoo6O.rtfGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    bEzxgfoo6O.rtfGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.204
                                                                                                                                                                                    iqKNGLP6PS.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.216
                                                                                                                                                                                    http://browsermine.comGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.210
                                                                                                                                                                                    https://bajashpna.site/Koyo-Oil-Seal-Cross-Reference-Chart/docGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.216
                                                                                                                                                                                    https://ofd.beeline.ru/check-order/oxjsoinmqGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.210
                                                                                                                                                                                    http://coronavir-novosti.ruGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.210
                                                                                                                                                                                    http://barddistocor.com/mozglue.dllGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.210
                                                                                                                                                                                    http://www.2926659.ru/Get hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.216
                                                                                                                                                                                    http://www.emergys.com.mxGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.216
                                                                                                                                                                                    https://xmastertrk.com:443Get hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.204
                                                                                                                                                                                    http://3ladies.suGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    https://loptrk.comGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.204
                                                                                                                                                                                    https://u.to/r9nvGQGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    https://www.google.com/url?q=https://www.google.com/url?q%3Dhttps://www.google.com/url?q%253Dhttps%25253A%25252F%25252Ffree-porno.site%25252Fsestra-porno-komiks-incest%2526sa%253DD%2526sntz%253D1%2526usg%253DAFQjCNH31NWj_BM8nKT1IECA8pWwYU8jkQ%26amp;sa%3DD%26amp;ust%3D1600094899031000%26amp;usg%3DAOvVaw07fZ2B1xkNEovI70NLM1Sd&sa=D&ust=1600094899044000&usg=AFQjCNFDsSWFDQJ9fjo9ZnFaOp1n4lUx9gGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.216
                                                                                                                                                                                    http://videomytube.cfGet hashmaliciousBrowse
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    YANDEXRUSecuriteInfo.com.Trojan.GenericKD.47272401.17364.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 77.88.21.158
                                                                                                                                                                                    SecuriteInfo.com.Gen.Variant.Nemesis.1785.13723.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 77.88.21.158
                                                                                                                                                                                    PO 407274.docGet hashmaliciousBrowse
                                                                                                                                                                                    • 77.88.21.158
                                                                                                                                                                                    PO 407274.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                    • 77.88.21.158
                                                                                                                                                                                    PO.08996.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 77.88.21.158
                                                                                                                                                                                    New Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 77.88.21.158
                                                                                                                                                                                    Swift USD PDF.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 77.88.21.158
                                                                                                                                                                                    Open B024L128 .xhtmlGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    Payment PDF.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 77.88.21.158
                                                                                                                                                                                    uFvG6DlSUpNCq_0a0Y3vNrYQ.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    MYUNG IN QUotation request.docxGet hashmaliciousBrowse
                                                                                                                                                                                    • 77.88.21.119
                                                                                                                                                                                    kutipan langsung.14.10.2021.xlxs.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 77.88.21.158
                                                                                                                                                                                    SecuriteInfo.com.Suspicious.Win32.Save.a.20932.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 77.88.21.158
                                                                                                                                                                                    sora.x86Get hashmaliciousBrowse
                                                                                                                                                                                    • 95.108.149.15
                                                                                                                                                                                    sora.armGet hashmaliciousBrowse
                                                                                                                                                                                    • 100.43.91.162
                                                                                                                                                                                    Petikan segera.12.10.2021.xlxs.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 77.88.21.158
                                                                                                                                                                                    Purchase_Order_QBO6814_from_Salvona_Technologies.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 77.88.21.158
                                                                                                                                                                                    RFQ-117404.docGet hashmaliciousBrowse
                                                                                                                                                                                    • 77.88.21.158
                                                                                                                                                                                    Petikan segera.08.10.2021.xlxs.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 77.88.21.158
                                                                                                                                                                                    t37BGZn2O1.msiGet hashmaliciousBrowse
                                                                                                                                                                                    • 77.88.21.119

                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                    37f463bf4616ecd445d4a1937da06e19jWuh2gZyOs.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    SEMqjw.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    New Fax Message from 120283803.htmlGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    fax45367876545678.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    gemfs.co.uk (1).htmlGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    instruction.dllGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    stash-9131480.xlsGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    oCN3rc0FzJ.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    cjzu7hTifh.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    e0PXyEbkUg.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    #Ud83d#Udd0a VM 9193407174.wav.htmlGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    PL5m30TFgh.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    Hgny9xwmj6.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    Pv9fSenm0V.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    stash-1675061873.xlsGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    stash-1822309505.xlsGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    stash-1817904387.xlsGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    stash-1675061873.xlsGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    Casting Invite.-06503_20211027.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    • 88.212.201.198
                                                                                                                                                                                    0x000500000001abb1-152.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 87.250.251.119
                                                                                                                                                                                    • 88.212.201.198

                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                    No context

                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\www.all-bearings.narod[1].xml
                                                                                                                                                                                    Process:C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):13
                                                                                                                                                                                    Entropy (8bit):2.469670487371862
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:D90aKb:JFKb
                                                                                                                                                                                    MD5:C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
                                                                                                                                                                                    SHA1:35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966
                                                                                                                                                                                    SHA-256:B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
                                                                                                                                                                                    SHA-512:6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FED
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                                                                    Preview: <root></root>
                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\404-arrow[1].png
                                                                                                                                                                                    Process:C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    File Type:PNG image data, 6 x 9, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1169
                                                                                                                                                                                    Entropy (8bit):6.375857124482774
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24:zS1he91Wwh82lYSKw7+H1V/uT3cyJ3V2r7hGQ9/9mekJ:MqQvnL8q1durJ3Gh5/Y5J
                                                                                                                                                                                    MD5:F491D002C601CED0C0BC19994B89CDDC
                                                                                                                                                                                    SHA1:65B26746EC3BF706DFED1CA6D81BEF6211D15FEF
                                                                                                                                                                                    SHA-256:BA146CE6FB6E788B50E02B45B72835450B513EC744B2F8DE1DD85589B42F8F05
                                                                                                                                                                                    SHA-512:0E96575D89DFDE823A577EAF6D4CB4EFAB56C37875B7E5955F7F9FF759B67805FF0013DEDC1C98A73616F7C55CEEBBD5222C0A1EF2F17A936CAE36425E129887
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Preview: .PNG........IHDR...............].....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:9A714C550974E111987BC97C16A991C4" xmpMM:DocumentID="xmp.did:8F1EEDA87F2611E18D85EF20DD25A302" xmpMM:InstanceID="xmp.iid:8F1EEDA77F2611E18D85EF20DD25A302" xmp:CreatorTool="Adobe Photoshop CS4 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:92ED5C9A097FE111BC73B13FF08B8A3F" stRef:documentID="xmp.did:9A714C550974E111987BC97C16A991C4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...r....IDATx.b..t.r..G....g.b..f..aW8......w\........
                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\404[1].png
                                                                                                                                                                                    Process:C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    File Type:PNG image data, 155 x 66, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):4451
                                                                                                                                                                                    Entropy (8bit):7.815188084249031
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:mqQvnL8QsrJ3GhrwUC5CY1s7P5ShGRQvQCfCWzSWAnXmeQkzkCgDoSbKVRVbGeLG:XQoL0hrYg9yXvjdSWAWeQlFCXukVaa16
                                                                                                                                                                                    MD5:9684186972F20E829835912A9FF55F3A
                                                                                                                                                                                    SHA1:ACA5BF4DE51319525F1DB749DC0825CA8E1C06C1
                                                                                                                                                                                    SHA-256:389267599E2B30CDA3F0091BCDAA856C39E38543038A52955EBA5B048E915742
                                                                                                                                                                                    SHA-512:31BBD89B9801E09EA5BFA25FDA51FFFDD765C8BEA4BD7FFC80C89750220F99AC35616BDB8146044F69E948424468C3E8691871D6AA2E5C0C27730BFC6AE8AED0
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Preview: .PNG........IHDR.......B.....@P.k....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:9A714C550974E111987BC97C16A991C4" xmpMM:DocumentID="xmp.did:A2E971A17F2C11E19D72841B70F96071" xmpMM:InstanceID="xmp.iid:A2E971A07F2C11E19D72841B70F96071" xmp:CreatorTool="Adobe Photoshop CS4 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:92ED5C9A097FE111BC73B13FF08B8A3F" stRef:documentID="xmp.did:9A714C550974E111987BC97C16A991C4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>*N.....IDATx..].r...........f...[..*.<@..G.....J...V
                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ga[1].js
                                                                                                                                                                                    Process:C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    File Type:ASCII text, with very long lines
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46274
                                                                                                                                                                                    Entropy (8bit):5.48786904450865
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:aqNVrKn0VGhn+K7U1r2p/Y60fyy3/g3OMZht1z1prkfw1+9NZ5VA:RHrLVGhnpIwp/Y7cnz1RkLL5m
                                                                                                                                                                                    MD5:E9372F0EBBCF71F851E3D321EF2A8E5A
                                                                                                                                                                                    SHA1:2C7D19D1AF7D97085C977D1B69DCB8B84483D87C
                                                                                                                                                                                    SHA-256:1259EA99BD76596239BFD3102C679EB0A5052578DC526B0452F4D42F8BCDD45F
                                                                                                                                                                                    SHA-512:C3A1C74AC968FC2FA366D9C25442162773DB9AF1289ADFB165FC71E7750A7E62BD22F424F241730F3C2427AFFF8A540C214B3B97219A360A231D4875E6DDEE6F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                                                                    Preview: (function(){var E;var g=window,n=document,p=function(a){var b=g._gaUserPrefs;if(b&&b.ioo&&b.ioo()||a&&!0===g["ga-disable-"+a])return!0;try{var c=g.external;if(c&&c._gaUserPrefs&&"oo"==c._gaUserPrefs)return!0}catch(f){}a=[];b=n.cookie.split(";");c=/^\s*AMP_TOKEN=\s*(.*?)\s*$/;for(var d=0;d<b.length;d++){var e=b[d].match(c);e&&a.push(e[1])}for(b=0;b<a.length;b++)if("$OPT_OUT"==decodeURIComponent(a[b]))return!0;return!1};var q=function(a){return encodeURIComponent?encodeURIComponent(a).replace(/\(/g,"%28").replace(/\)/g,"%29"):a},r=/^(www\.)?google(\.com?)?(\.[a-z]{2})?$/,u=/(^|\.)doubleclick\.net$/i;function Aa(a,b){switch(b){case 0:return""+a;case 1:return 1*a;case 2:return!!a;case 3:return 1E3*a}return a}function Ba(a){return"function"==typeof a}function Ca(a){return void 0!=a&&-1<(a.constructor+"").indexOf("String")}function F(a,b){return void 0==a||"-"==a&&!b||""==a}function Da(a){if(!a||""==a)return"";for(;a&&-1<" \n\r\t".indexOf(a.charAt(0));)a=a.substring(1);for(;a&&-1<" \n\r\t".i
                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ga[2].js
                                                                                                                                                                                    Process:C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    File Type:ASCII text, with very long lines
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46274
                                                                                                                                                                                    Entropy (8bit):5.48786904450865
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:aqNVrKn0VGhn+K7U1r2p/Y60fyy3/g3OMZht1z1prkfw1+9NZ5VA:RHrLVGhnpIwp/Y7cnz1RkLL5m
                                                                                                                                                                                    MD5:E9372F0EBBCF71F851E3D321EF2A8E5A
                                                                                                                                                                                    SHA1:2C7D19D1AF7D97085C977D1B69DCB8B84483D87C
                                                                                                                                                                                    SHA-256:1259EA99BD76596239BFD3102C679EB0A5052578DC526B0452F4D42F8BCDD45F
                                                                                                                                                                                    SHA-512:C3A1C74AC968FC2FA366D9C25442162773DB9AF1289ADFB165FC71E7750A7E62BD22F424F241730F3C2427AFFF8A540C214B3B97219A360A231D4875E6DDEE6F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                                                                    Preview: (function(){var E;var g=window,n=document,p=function(a){var b=g._gaUserPrefs;if(b&&b.ioo&&b.ioo()||a&&!0===g["ga-disable-"+a])return!0;try{var c=g.external;if(c&&c._gaUserPrefs&&"oo"==c._gaUserPrefs)return!0}catch(f){}a=[];b=n.cookie.split(";");c=/^\s*AMP_TOKEN=\s*(.*?)\s*$/;for(var d=0;d<b.length;d++){var e=b[d].match(c);e&&a.push(e[1])}for(b=0;b<a.length;b++)if("$OPT_OUT"==decodeURIComponent(a[b]))return!0;return!1};var q=function(a){return encodeURIComponent?encodeURIComponent(a).replace(/\(/g,"%28").replace(/\)/g,"%29"):a},r=/^(www\.)?google(\.com?)?(\.[a-z]{2})?$/,u=/(^|\.)doubleclick\.net$/i;function Aa(a,b){switch(b){case 0:return""+a;case 1:return 1*a;case 2:return!!a;case 3:return 1E3*a}return a}function Ba(a){return"function"==typeof a}function Ca(a){return void 0!=a&&-1<(a.constructor+"").indexOf("String")}function F(a,b){return void 0==a||"-"==a&&!b||""==a}function Da(a){if(!a||""==a)return"";for(;a&&-1<" \n\r\t".indexOf(a.charAt(0));)a=a.substring(1);for(;a&&-1<" \n\r\t".i
                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\advert[1].gif
                                                                                                                                                                                    Process:C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):43
                                                                                                                                                                                    Entropy (8bit):2.7374910194847146
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:CU9yltxlHh/:m/
                                                                                                                                                                                    MD5:DF3E567D6F16D040326C7A0EA29A4F41
                                                                                                                                                                                    SHA1:EA7DF583983133B62712B5E73BFFBCD45CC53736
                                                                                                                                                                                    SHA-256:548F2D6F4D0D820C6C5FFBEFFCBD7F0E73193E2932EEFE542ACCC84762DEEC87
                                                                                                                                                                                    SHA-512:B2CA25A3311DC42942E046EB1A27038B71D689925B7D6B3EBB4D7CD2C7B9A0C7DE3D10175790AC060DC3F8ACF3C1708C336626BE06879097F4D0ECAA7F567041
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                                                                    Preview: GIF89a.............!.......,...........D..;
                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\404-arrow[1].png
                                                                                                                                                                                    Process:C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    File Type:PNG image data, 6 x 9, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1169
                                                                                                                                                                                    Entropy (8bit):6.375857124482774
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24:zS1he91Wwh82lYSKw7+H1V/uT3cyJ3V2r7hGQ9/9mekJ:MqQvnL8q1durJ3Gh5/Y5J
                                                                                                                                                                                    MD5:F491D002C601CED0C0BC19994B89CDDC
                                                                                                                                                                                    SHA1:65B26746EC3BF706DFED1CA6D81BEF6211D15FEF
                                                                                                                                                                                    SHA-256:BA146CE6FB6E788B50E02B45B72835450B513EC744B2F8DE1DD85589B42F8F05
                                                                                                                                                                                    SHA-512:0E96575D89DFDE823A577EAF6D4CB4EFAB56C37875B7E5955F7F9FF759B67805FF0013DEDC1C98A73616F7C55CEEBBD5222C0A1EF2F17A936CAE36425E129887
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview: .PNG........IHDR...............].....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:9A714C550974E111987BC97C16A991C4" xmpMM:DocumentID="xmp.did:8F1EEDA87F2611E18D85EF20DD25A302" xmpMM:InstanceID="xmp.iid:8F1EEDA77F2611E18D85EF20DD25A302" xmp:CreatorTool="Adobe Photoshop CS4 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:92ED5C9A097FE111BC73B13FF08B8A3F" stRef:documentID="xmp.did:9A714C550974E111987BC97C16A991C4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...r....IDATx.b..t.r..G....g.b..f..aW8......w\........
                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\404-header-line[1].gif
                                                                                                                                                                                    Process:C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1161
                                                                                                                                                                                    Entropy (8bit):6.66123176440527
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24:4al1he91Wwh82lYSKw7+AVRT3cyJ3V2r7hGY8D:RqQvnL8rjrJ3GhL8D
                                                                                                                                                                                    MD5:5B4E842D2F840996ECB19B6AE635E873
                                                                                                                                                                                    SHA1:EE82D94636E4393AAF6E97931793975950A82CA6
                                                                                                                                                                                    SHA-256:AC9C14376FAC0CD59069AEEF8D7667E6A85DAD3BA0379DC2A6026A20DB18DF1A
                                                                                                                                                                                    SHA-512:8E0061925AF72421F8F003F22FC51D284B7F97FBCA3D4A5525CB3411485946CC0738066AE0A88B9D2BA8C4252DB20A69F64E9748BE03FF97AAB7EE2347C4A88D
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview: GIF89a.............!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:9A714C550974E111987BC97C16A991C4" xmpMM:DocumentID="xmp.did:4C014FE07F2611E19F57DEAD3C227423" xmpMM:InstanceID="xmp.iid:4C014FDF7F2611E19F57DEAD3C227423" xmp:CreatorTool="Adobe Photoshop CS4 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:92ED5C9A097FE111BC73B13FF08B8A3F" stRef:documentID="xmp.did:9A714C550974E111987BC97C16A991C4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.........................................................................................................................
                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\404-header-line[2].gif
                                                                                                                                                                                    Process:C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1161
                                                                                                                                                                                    Entropy (8bit):6.66123176440527
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24:4al1he91Wwh82lYSKw7+AVRT3cyJ3V2r7hGY8D:RqQvnL8rjrJ3GhL8D
                                                                                                                                                                                    MD5:5B4E842D2F840996ECB19B6AE635E873
                                                                                                                                                                                    SHA1:EE82D94636E4393AAF6E97931793975950A82CA6
                                                                                                                                                                                    SHA-256:AC9C14376FAC0CD59069AEEF8D7667E6A85DAD3BA0379DC2A6026A20DB18DF1A
                                                                                                                                                                                    SHA-512:8E0061925AF72421F8F003F22FC51D284B7F97FBCA3D4A5525CB3411485946CC0738066AE0A88B9D2BA8C4252DB20A69F64E9748BE03FF97AAB7EE2347C4A88D
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview: GIF89a.............!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:9A714C550974E111987BC97C16A991C4" xmpMM:DocumentID="xmp.did:4C014FE07F2611E19F57DEAD3C227423" xmpMM:InstanceID="xmp.iid:4C014FDF7F2611E19F57DEAD3C227423" xmp:CreatorTool="Adobe Photoshop CS4 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:92ED5C9A097FE111BC73B13FF08B8A3F" stRef:documentID="xmp.did:9A714C550974E111987BC97C16A991C4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.........................................................................................................................
                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\404-logo[1].png
                                                                                                                                                                                    Process:C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    File Type:PNG image data, 43 x 27, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2152
                                                                                                                                                                                    Entropy (8bit):7.4508196985650255
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:4wqQvnL8HZ3rJ3Gh0NNeqNwzja90uVfAZO6UE:4BQot0h0rSja90uFAhP
                                                                                                                                                                                    MD5:62A569EF932D3AA5B44BBC515DF09653
                                                                                                                                                                                    SHA1:E910390D6A312FA9F4B222AEEA3226C1F7EA7FA0
                                                                                                                                                                                    SHA-256:0945354CAD56584EB978AFC9800BC9BD8D24DF25FBFE063573A0511AF5138E8B
                                                                                                                                                                                    SHA-512:5FD5A2236ACF1E1BB72A12C74FB00C6FB8A3B8D084F513867EA8FAAC1E76027A7CE342A0054B0F873440B7B083551A218324012E021EE343F2FC0CDE03DF94F5
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview: .PNG........IHDR...+..........'vm....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:9A714C550974E111987BC97C16A991C4" xmpMM:DocumentID="xmp.did:6A7BBACF7F2611E19F01EE589B08C430" xmpMM:InstanceID="xmp.iid:6A7BBACE7F2611E19F01EE589B08C430" xmp:CreatorTool="Adobe Photoshop CS4 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:92ED5C9A097FE111BC73B13FF08B8A3F" stRef:documentID="xmp.did:9A714C550974E111987BC97C16A991C4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.O.....IDATx..{lTE....EZjC....j..h.....b..!b*/.c...W
                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\404-logo[2].png
                                                                                                                                                                                    Process:C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    File Type:PNG image data, 43 x 27, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2152
                                                                                                                                                                                    Entropy (8bit):7.4508196985650255
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:4wqQvnL8HZ3rJ3Gh0NNeqNwzja90uVfAZO6UE:4BQot0h0rSja90uFAhP
                                                                                                                                                                                    MD5:62A569EF932D3AA5B44BBC515DF09653
                                                                                                                                                                                    SHA1:E910390D6A312FA9F4B222AEEA3226C1F7EA7FA0
                                                                                                                                                                                    SHA-256:0945354CAD56584EB978AFC9800BC9BD8D24DF25FBFE063573A0511AF5138E8B
                                                                                                                                                                                    SHA-512:5FD5A2236ACF1E1BB72A12C74FB00C6FB8A3B8D084F513867EA8FAAC1E76027A7CE342A0054B0F873440B7B083551A218324012E021EE343F2FC0CDE03DF94F5
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview: .PNG........IHDR...+..........'vm....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:9A714C550974E111987BC97C16A991C4" xmpMM:DocumentID="xmp.did:6A7BBACF7F2611E19F01EE589B08C430" xmpMM:InstanceID="xmp.iid:6A7BBACE7F2611E19F01EE589B08C430" xmp:CreatorTool="Adobe Photoshop CS4 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:92ED5C9A097FE111BC73B13FF08B8A3F" stRef:documentID="xmp.did:9A714C550974E111987BC97C16A991C4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.O.....IDATx..{lTE....EZjC....j..h.....b..!b*/.c...W
                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\404[1].png
                                                                                                                                                                                    Process:C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    File Type:PNG image data, 155 x 66, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):4451
                                                                                                                                                                                    Entropy (8bit):7.815188084249031
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:mqQvnL8QsrJ3GhrwUC5CY1s7P5ShGRQvQCfCWzSWAnXmeQkzkCgDoSbKVRVbGeLG:XQoL0hrYg9yXvjdSWAWeQlFCXukVaa16
                                                                                                                                                                                    MD5:9684186972F20E829835912A9FF55F3A
                                                                                                                                                                                    SHA1:ACA5BF4DE51319525F1DB749DC0825CA8E1C06C1
                                                                                                                                                                                    SHA-256:389267599E2B30CDA3F0091BCDAA856C39E38543038A52955EBA5B048E915742
                                                                                                                                                                                    SHA-512:31BBD89B9801E09EA5BFA25FDA51FFFDD765C8BEA4BD7FFC80C89750220F99AC35616BDB8146044F69E948424468C3E8691871D6AA2E5C0C27730BFC6AE8AED0
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview: .PNG........IHDR.......B.....@P.k....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:9A714C550974E111987BC97C16A991C4" xmpMM:DocumentID="xmp.did:A2E971A17F2C11E19D72841B70F96071" xmpMM:InstanceID="xmp.iid:A2E971A07F2C11E19D72841B70F96071" xmp:CreatorTool="Adobe Photoshop CS4 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:92ED5C9A097FE111BC73B13FF08B8A3F" stRef:documentID="xmp.did:9A714C550974E111987BC97C16A991C4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>*N.....IDATx..].r...........f...[..*.<@..G.....J...V
                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\button[2].png
                                                                                                                                                                                    Process:C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    File Type:PNG image data, 1 x 20, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1036
                                                                                                                                                                                    Entropy (8bit):6.003417494129505
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24:PQJ1he91Wwh82lYSKw7+AzVvT3cyJ3V2r7hGAOK7:qqQvnL83RrJ3GhOQ
                                                                                                                                                                                    MD5:20ECCCF80B7CCE904C2EE06F65007306
                                                                                                                                                                                    SHA1:951474262705F3D4C58E3E937DAF03A9D0BFC7FA
                                                                                                                                                                                    SHA-256:DB06224375A1362DE84DA041DB7BD476C60267D1E7D24A8569F967CE0C07EF05
                                                                                                                                                                                    SHA-512:692DDE2E59BBB0DE8411E46787DDCDE95156F0E15994219194105CFE3CBDA9A666FAC512DD059297BD5560B6117D0D15DFCC657A431187161F887A525821AE9F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview: .PNG........IHDR..............l......tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:9A714C550974E111987BC97C16A991C4" xmpMM:DocumentID="xmp.did:3331FF467FCD11E18838E5F708B7572B" xmpMM:InstanceID="xmp.iid:3331FF457FCD11E18838E5F708B7572B" xmp:CreatorTool="Adobe Photoshop CS4 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:92ED5C9A097FE111BC73B13FF08B8A3F" stRef:documentID="xmp.did:9A714C550974E111987BC97C16A991C4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..L....>IDATx.l....!.....KS...P"..70.{.*.9..L".....;
                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\watch[1].js
                                                                                                                                                                                    Process:C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    File Type:UTF-8 Unicode (with BOM) text, with very long lines
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):132911
                                                                                                                                                                                    Entropy (8bit):5.575537014376501
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:gSYWWEU3rdOKg7spQAFdmxdoxUxZ2mCeEo/sS8r7kuuDvWvzODHIbkZUQ1mOTMnF:g5WWboAnmxYztM4cMpNO5K
                                                                                                                                                                                    MD5:ECA5C7083EF9B406373D0C3399A909DF
                                                                                                                                                                                    SHA1:186F214942A03FAEBAEE065A9AD6C44509FD595C
                                                                                                                                                                                    SHA-256:D583F0408C31E539635F93EA833DA6D7FFF4707B3B17679A16B16FD24D639864
                                                                                                                                                                                    SHA-512:4B63B57801F39D330626588816E5550619EDE8611E1CB22013EA8DB79BA6F643383BB69D57D0168BD2946F7B88DA048E60719B2E7648D201643DF5094DDB5059
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview: .(function(){try{(function(Jc){function Hi(a){return a.replace(Ii,function(b,c,d,e){return""+c+e})}function Kc(a,b){if(!b)return!1;var c=M(a);return(new RegExp(b)).test(""+c.pathname+c.hash+c.search)}function Ji(a,b){return Da(a,b,function(c){var d=n(c,"settings.dr");return{rc:Ki(a,d),isEnabled:n(c,"settings.auto_goals")}})}function Li(a,b){function c(){var m=l+"0",p=l+"1";h[m]?h[p]?(l=l.slice(0,-1),--k):(g[p]=e(8),h[p]=1):(g[m]=e(8),h[m]=1)}function d(){var m=l+"1";h[l+"0"]?h[m]?(l=l.slice(0,-1),--k):(l+="1",.h[l]=1):(l+="0",h[l]=1)}function e(m){void 0===m&&(m=1);var p=f.slice(k,k+m);k+=m;return p}for(var f=Ye(a,b,""),g={},h={},k=1,l="";k<f.length-1;)("0"===e()?d:c)();return g}function Mi(a,b,c,d,e){c=Dd(a,a.document.body,c);d=Dd(a,a.document.body,d);N(e.target,[c,d])&&Ed(a,b)}function Ze(a,b,c,d){(c=Ni(a,d,c))&&Ed(a,b,c)}function $e(a,b){var c=af(a,b);return Oi(a,c)}function af(a,b){var c=Dd(a,a.document.body,b);return c?Pi(a,c):""}function Ed(a,b,c){(b=Ea(a,b))&&b.params(cc(["__y
                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\watch[2].js
                                                                                                                                                                                    Process:C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    File Type:UTF-8 Unicode (with BOM) text, with very long lines
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):132911
                                                                                                                                                                                    Entropy (8bit):5.575537014376501
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:gSYWWEU3rdOKg7spQAFdmxdoxUxZ2mCeEo/sS8r7kuuDvWvzODHIbkZUQ1mOTMnF:g5WWboAnmxYztM4cMpNO5K
                                                                                                                                                                                    MD5:ECA5C7083EF9B406373D0C3399A909DF
                                                                                                                                                                                    SHA1:186F214942A03FAEBAEE065A9AD6C44509FD595C
                                                                                                                                                                                    SHA-256:D583F0408C31E539635F93EA833DA6D7FFF4707B3B17679A16B16FD24D639864
                                                                                                                                                                                    SHA-512:4B63B57801F39D330626588816E5550619EDE8611E1CB22013EA8DB79BA6F643383BB69D57D0168BD2946F7B88DA048E60719B2E7648D201643DF5094DDB5059
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview: .(function(){try{(function(Jc){function Hi(a){return a.replace(Ii,function(b,c,d,e){return""+c+e})}function Kc(a,b){if(!b)return!1;var c=M(a);return(new RegExp(b)).test(""+c.pathname+c.hash+c.search)}function Ji(a,b){return Da(a,b,function(c){var d=n(c,"settings.dr");return{rc:Ki(a,d),isEnabled:n(c,"settings.auto_goals")}})}function Li(a,b){function c(){var m=l+"0",p=l+"1";h[m]?h[p]?(l=l.slice(0,-1),--k):(g[p]=e(8),h[p]=1):(g[m]=e(8),h[m]=1)}function d(){var m=l+"1";h[l+"0"]?h[m]?(l=l.slice(0,-1),--k):(l+="1",.h[l]=1):(l+="0",h[l]=1)}function e(m){void 0===m&&(m=1);var p=f.slice(k,k+m);k+=m;return p}for(var f=Ye(a,b,""),g={},h={},k=1,l="";k<f.length-1;)("0"===e()?d:c)();return g}function Mi(a,b,c,d,e){c=Dd(a,a.document.body,c);d=Dd(a,a.document.body,d);N(e.target,[c,d])&&Ed(a,b)}function Ze(a,b,c,d){(c=Ni(a,d,c))&&Ed(a,b,c)}function $e(a,b){var c=af(a,b);return Oi(a,c)}function af(a,b){var c=Dd(a,a.document.body,b);return c?Pi(a,c):""}function Ed(a,b,c){(b=Ea(a,b))&&b.params(cc(["__y
                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\advert[1].gif
                                                                                                                                                                                    Process:C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):43
                                                                                                                                                                                    Entropy (8bit):2.7374910194847146
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:CU9yltxlHh/:m/
                                                                                                                                                                                    MD5:DF3E567D6F16D040326C7A0EA29A4F41
                                                                                                                                                                                    SHA1:EA7DF583983133B62712B5E73BFFBCD45CC53736
                                                                                                                                                                                    SHA-256:548F2D6F4D0D820C6C5FFBEFFCBD7F0E73193E2932EEFE542ACCC84762DEEC87
                                                                                                                                                                                    SHA-512:B2CA25A3311DC42942E046EB1A27038B71D689925B7D6B3EBB4D7CD2C7B9A0C7DE3D10175790AC060DC3F8ACF3C1708C336626BE06879097F4D0ECAA7F567041
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview: GIF89a.............!.......,...........D..;
                                                                                                                                                                                    C:\Users\user\Desktop\bugreport.txt
                                                                                                                                                                                    Process:C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):18164
                                                                                                                                                                                    Entropy (8bit):4.9882772544962215
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:f9rMWwQN3CxK+8T6zPtw1c5bgrwuBG5bgqO4pPQCAK3JEaKmI6xYVGnbYWEdOaCN:JwQN3Cg+8T6zPu1c5bgrwuBG5bgqO4pZ
                                                                                                                                                                                    MD5:C1757ECB255B635D6BA341EF72AF480D
                                                                                                                                                                                    SHA1:87D16FC44477F4F06640B02D27674BBD228614CA
                                                                                                                                                                                    SHA-256:7A96B64D191CF08F88C8C21DAE04C0A925E7893D8919BD94CCD14AA7527963AC
                                                                                                                                                                                    SHA-512:2005270175A3C936A9AB9D17265AAF63C629287ED634E581E0F9DA56200174401B31DC3D03EBBF0A7F44CA20C322A2B62AA4E3257863D274A32F5434EFA64E0D
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview: date/time : 2021-10-29, 17:51:08, 31ms..computer name : 114127..user name : user <admin>..operating system : Windows NT New build 9200..system language : English..system up time : 1 hour 43 minutes..program up time : 5 seconds..processors : 2x Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..physical memory : 2743/8191 MB (free/total)..free disk space : (C:) 79.99 GB..display mode : 1280x1024, 32 bit..process id : $1bd0..allocated memory : 39.16 MB..executable : njw.exe..exec. date/time : 2021-10-29 17:50..madExcept version : 3.0b..callstack crc : $1a0983a1, $6b1df792, $6b1df792..exception number : 1..exception class : EDatabaseError..exception message : Cannot open file bearingdb.tdb.....main thread ($1bd4):..004ca780 +074 njw.exe DB DatabaseError..004ca7e9 +031 njw.exe DB DatabaseErrorFmt..004f0e72 +06e njw.exe TinyDB 6042 +9 TTinyDBFileIO.Open..004f79ba +07e njw.exe

                                                                                                                                                                                    Static File Info

                                                                                                                                                                                    General

                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                    Entropy (8bit):7.935591299650064
                                                                                                                                                                                    TrID:
                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.81%
                                                                                                                                                                                    • Windows Screen Saver (13104/52) 0.13%
                                                                                                                                                                                    • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                    File name:njw.exe
                                                                                                                                                                                    File size:1694802
                                                                                                                                                                                    MD5:3f91f84924d1db7ace9ad307fcae35d1
                                                                                                                                                                                    SHA1:50e790e2b3324c1b3805916c5a3c323ed8a7305f
                                                                                                                                                                                    SHA256:a0254e8580186ca146fcc6082a6110888ac0cc3c7f733e760ad7a655bd2a0503
                                                                                                                                                                                    SHA512:fda6aeccba43b923567ca1e662f31526a5458dc74df356f077116b0a6300f2e7ac0ce3af8ae81a18064048279c1a231d94c2f5a6c66e5dd210363e6bcf734218
                                                                                                                                                                                    SSDEEP:49152:iOv9gx8KFwoDGqqO3XG00ASL6/PaSm9eMqDsnF0v:i8GxP+qquXGtLsXaeMqDUF2
                                                                                                                                                                                    File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                                    File Icon

                                                                                                                                                                                    Icon Hash:6860d1e434cc7c80

                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                    General

                                                                                                                                                                                    Entrypoint:0x68861c
                                                                                                                                                                                    Entrypoint Section:
                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                    Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, DEBUG_STRIPPED, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI, RELOCS_STRIPPED
                                                                                                                                                                                    DLL Characteristics:
                                                                                                                                                                                    Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                    OS Version Major:4
                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                    File Version Major:4
                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                    Subsystem Version Major:4
                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                    Import Hash:09240fdb1ba0c5773dfe515581b453b6

                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                    Instruction
                                                                                                                                                                                    pushad
                                                                                                                                                                                    call 00007FF550801894h
                                                                                                                                                                                    inc edx
                                                                                                                                                                                    outsd
                                                                                                                                                                                    stosb
                                                                                                                                                                                    adc eax, 1AB8D87Bh
                                                                                                                                                                                    add ah, dh
                                                                                                                                                                                    sbb ecx, dword ptr [eax+3Bh]
                                                                                                                                                                                    stosd
                                                                                                                                                                                    in eax, 2Eh
                                                                                                                                                                                    jc 00007FF55080180Eh
                                                                                                                                                                                    cmp dword ptr [edx+162584A0h], esi
                                                                                                                                                                                    int3
                                                                                                                                                                                    jno 00007FF55080186Fh
                                                                                                                                                                                    inc ebp
                                                                                                                                                                                    jne 00007FF5508017FDh
                                                                                                                                                                                    pop esp
                                                                                                                                                                                    xchg eax, esi
                                                                                                                                                                                    mov ch, 3Eh
                                                                                                                                                                                    sbb al, B8h
                                                                                                                                                                                    pop ebp
                                                                                                                                                                                    cmp dword ptr [ecx-6BF631BBh], edx
                                                                                                                                                                                    jc 00007FF550801859h
                                                                                                                                                                                    int1
                                                                                                                                                                                    inc ecx
                                                                                                                                                                                    mov al, byte ptr [2C11AFFAh]
                                                                                                                                                                                    dec esp
                                                                                                                                                                                    int1
                                                                                                                                                                                    inc ecx
                                                                                                                                                                                    mov al, byte ptr [2C11AFFAh]
                                                                                                                                                                                    dec esp
                                                                                                                                                                                    jmp 00007FF550804901h
                                                                                                                                                                                    jmp 00007FF550804915h
                                                                                                                                                                                    jmp 00007FF550804910h
                                                                                                                                                                                    call 00007FF55080178Fh
                                                                                                                                                                                    stc
                                                                                                                                                                                    outsb
                                                                                                                                                                                    salc
                                                                                                                                                                                    or byte ptr [edx+70h], bh
                                                                                                                                                                                    mov byte ptr [95782E22h], al
                                                                                                                                                                                    and edx, dword ptr [edx+2FFC7C9Ah]
                                                                                                                                                                                    or dword ptr [eax], esp
                                                                                                                                                                                    pop dword ptr [ebx]
                                                                                                                                                                                    mov ebx, B9CF5065h
                                                                                                                                                                                    push dword ptr [eax+0Ch]
                                                                                                                                                                                    stosd
                                                                                                                                                                                    cwde
                                                                                                                                                                                    test eax, 10F2044Eh
                                                                                                                                                                                    sti
                                                                                                                                                                                    xlatb
                                                                                                                                                                                    sti
                                                                                                                                                                                    adc eax, ebx
                                                                                                                                                                                    cmp byte ptr [ecx+2Ah], 0000001Ch
                                                                                                                                                                                    and eax, 06860821h
                                                                                                                                                                                    jnl 00007FF55080184Eh
                                                                                                                                                                                    cmp dword ptr [ebx], edx
                                                                                                                                                                                    mov esi, dword ptr [663AC317h]
                                                                                                                                                                                    jnl 00007FF5508017EAh
                                                                                                                                                                                    cmp al, 1Ah
                                                                                                                                                                                    cmp dword ptr [edi+4Eh], ecx
                                                                                                                                                                                    shr byte ptr [ebx], cl
                                                                                                                                                                                    lahf
                                                                                                                                                                                    dec byte ptr [ebp+6Ch]
                                                                                                                                                                                    cmp ebx, esi
                                                                                                                                                                                    cmp bh, dh
                                                                                                                                                                                    add al, D1h
                                                                                                                                                                                    cmc
                                                                                                                                                                                    imul ecx, dword ptr [edx+ebp*4], C6h
                                                                                                                                                                                    jne 00007FF55080181Eh
                                                                                                                                                                                    pop ebx
                                                                                                                                                                                    pushad
                                                                                                                                                                                    or byte ptr [ebx], bh
                                                                                                                                                                                    sub dl, byte ptr [eax-14h]
                                                                                                                                                                                    xchg eax, esi
                                                                                                                                                                                    movsd
                                                                                                                                                                                    xchg eax, ebx
                                                                                                                                                                                    sbb byte ptr [C14FCB1Fh], FFFFFF96h
                                                                                                                                                                                    and al, byte ptr [00000075h]

                                                                                                                                                                                    Data Directories

                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x2937b00x50
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x2370000x5061c
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x20f0000x18
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x2930000x128
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                    Sections

                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                    0x10000x1f8a340xf6200unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    0x1fa0000xba1c0x5a00False0.982118055556data7.98180899146IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    0x2060000x24890x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    0x2090000x32e20x1400False0.93984375data7.89313292742IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    0x20d0000x510x200False0.193359375data3.96131250875IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    0x20e0000xf00x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    0x20f0000x180x200False0.048828125data0.19667565744IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    0x2100000x26d280x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    0x2370000x5061c0x50800False0.749223602484data7.33188771893IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    0x2880000xab9c0x7200False0.985094572368data7.97472353809IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    0x2930000xe2c0x1000False0.3603515625data4.53691628835IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    0x2940000x615a0x1400False1.0021484375data7.96644681101IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                    Resources

                                                                                                                                                                                    NameRVASizeTypeLanguageCountry
                                                                                                                                                                                    MAD0x239ba40x14data
                                                                                                                                                                                    MAD0x239bb80x31788data
                                                                                                                                                                                    RT_CURSOR0x26b3400x134data
                                                                                                                                                                                    RT_CURSOR0x26b4740x134data
                                                                                                                                                                                    RT_CURSOR0x26b5a80x134data
                                                                                                                                                                                    RT_CURSOR0x26b6dc0x134data
                                                                                                                                                                                    RT_CURSOR0x26b8100x134dataEnglishUnited States
                                                                                                                                                                                    RT_CURSOR0x26b9440x134data
                                                                                                                                                                                    RT_CURSOR0x26ba780x134data
                                                                                                                                                                                    RT_CURSOR0x26bbac0x134AmigaOS bitmap fontRussianRussia
                                                                                                                                                                                    RT_CURSOR0x26bce00x134dataEnglishUnited States
                                                                                                                                                                                    RT_CURSOR0x26be140x134dataEnglishUnited States
                                                                                                                                                                                    RT_CURSOR0x26bf480x134AmigaOS bitmap fontRussianRussia
                                                                                                                                                                                    RT_CURSOR0x26c07c0x134dataRussianRussia
                                                                                                                                                                                    RT_CURSOR0x26c1b00x134dataRussianRussia
                                                                                                                                                                                    RT_CURSOR0x26c2e40x134dataRussianRussia
                                                                                                                                                                                    RT_CURSOR0x26c4180x134AmigaOS bitmap fontRussianRussia
                                                                                                                                                                                    RT_CURSOR0x26c54c0x134dataEnglishUnited States
                                                                                                                                                                                    RT_CURSOR0x26c6800x134AmigaOS bitmap fontRussianRussia
                                                                                                                                                                                    RT_CURSOR0x26c7b40x134dataRussianRussia
                                                                                                                                                                                    RT_CURSOR0x26c8e80x134dataRussianRussia
                                                                                                                                                                                    RT_CURSOR0x26ca1c0x134AmigaOS bitmap fontRussianRussia
                                                                                                                                                                                    RT_CURSOR0x26cb500x134AmigaOS bitmap fontRussianRussia
                                                                                                                                                                                    RT_CURSOR0x26cc840x134AmigaOS bitmap font
                                                                                                                                                                                    RT_CURSOR0x26cdb80x134data
                                                                                                                                                                                    RT_CURSOR0x26ceec0x134data
                                                                                                                                                                                    RT_BITMAP0x26d0200x1d0data
                                                                                                                                                                                    RT_BITMAP0x26d1f00x1e4data
                                                                                                                                                                                    RT_BITMAP0x26d3d40x1d0data
                                                                                                                                                                                    RT_BITMAP0x26d5a40x1d0data
                                                                                                                                                                                    RT_BITMAP0x26d7740x1d0data
                                                                                                                                                                                    RT_BITMAP0x26d9440x1d0data
                                                                                                                                                                                    RT_BITMAP0x26db140x1d0data
                                                                                                                                                                                    RT_BITMAP0x26dce40x1d0data
                                                                                                                                                                                    RT_BITMAP0x26deb40x1d0data
                                                                                                                                                                                    RT_BITMAP0x26e0840x1d0data
                                                                                                                                                                                    RT_BITMAP0x26e2540xc0GLS_BINARY_LSB_FIRST
                                                                                                                                                                                    RT_BITMAP0x26e3140xe0GLS_BINARY_LSB_FIRST
                                                                                                                                                                                    RT_BITMAP0x26e3f40xe0GLS_BINARY_LSB_FIRST
                                                                                                                                                                                    RT_BITMAP0x26e4d40x128dataEnglishUnited States
                                                                                                                                                                                    RT_BITMAP0x26e5fc0x128dataEnglishUnited States
                                                                                                                                                                                    RT_BITMAP0x26e7240x128dataEnglishUnited States
                                                                                                                                                                                    RT_BITMAP0x26e84c0x128dataEnglishUnited States
                                                                                                                                                                                    RT_BITMAP0x26e9740x128dataEnglishUnited States
                                                                                                                                                                                    RT_BITMAP0x26ea9c0x128dataEnglishUnited States
                                                                                                                                                                                    RT_BITMAP0x26ebc40x128dataEnglishUnited States
                                                                                                                                                                                    RT_BITMAP0x26ecec0x128dataEnglishUnited States
                                                                                                                                                                                    RT_BITMAP0x26ee140xe8GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                                                    RT_BITMAP0x26eefc0xe8GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                                                    RT_BITMAP0x26efe40xe8GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                                                    RT_BITMAP0x26f0cc0xe8GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                                                    RT_BITMAP0x26f1b40xe8GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                                                    RT_BITMAP0x26f29c0xe8GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                                                    RT_BITMAP0x26f3840x8cdata
                                                                                                                                                                                    RT_BITMAP0x26f4100x8cdata
                                                                                                                                                                                    RT_BITMAP0x26f49c0x238data
                                                                                                                                                                                    RT_BITMAP0x26f6d40x238data
                                                                                                                                                                                    RT_BITMAP0x26f90c0x8cdata
                                                                                                                                                                                    RT_BITMAP0x26f9980x8cdata
                                                                                                                                                                                    RT_BITMAP0x26fa240x8cdata
                                                                                                                                                                                    RT_BITMAP0x26fab00x238data
                                                                                                                                                                                    RT_BITMAP0x26fce80x5cdata
                                                                                                                                                                                    RT_BITMAP0x26fd440x5cdata
                                                                                                                                                                                    RT_BITMAP0x26fda00x5cdata
                                                                                                                                                                                    RT_BITMAP0x26fdfc0x5cdata
                                                                                                                                                                                    RT_BITMAP0x26fe580x5cdata
                                                                                                                                                                                    RT_BITMAP0x26feb40x138data
                                                                                                                                                                                    RT_BITMAP0x26ffec0x138data
                                                                                                                                                                                    RT_BITMAP0x2701240x138data
                                                                                                                                                                                    RT_BITMAP0x27025c0x138data
                                                                                                                                                                                    RT_BITMAP0x2703940x138data
                                                                                                                                                                                    RT_BITMAP0x2704cc0x138data
                                                                                                                                                                                    RT_BITMAP0x2706040x104data
                                                                                                                                                                                    RT_BITMAP0x2707080x138data
                                                                                                                                                                                    RT_BITMAP0x2708400x104data
                                                                                                                                                                                    RT_BITMAP0x2709440x138data
                                                                                                                                                                                    RT_BITMAP0x270a7c0xe0GLS_BINARY_LSB_FIRST
                                                                                                                                                                                    RT_BITMAP0x270b5c0xc0GLS_BINARY_LSB_FIRST
                                                                                                                                                                                    RT_BITMAP0x270c1c0xc0GLS_BINARY_LSB_FIRST
                                                                                                                                                                                    RT_BITMAP0x270cdc0xe0GLS_BINARY_LSB_FIRST
                                                                                                                                                                                    RT_BITMAP0x270dbc0x1028dBase IV DBT, block length 4096, next free block index 40, next free block 0, next used block 0
                                                                                                                                                                                    RT_BITMAP0x271de40x428GLS_BINARY_LSB_FIRST
                                                                                                                                                                                    RT_BITMAP0x27220c0x428GLS_BINARY_LSB_FIRST
                                                                                                                                                                                    RT_BITMAP0x2726340x428GLS_BINARY_LSB_FIRST
                                                                                                                                                                                    RT_BITMAP0x272a5c0x1028dBase IV DBT, block length 4096, next free block index 40, next free block 0, next used block 0
                                                                                                                                                                                    RT_BITMAP0x273a840x428GLS_BINARY_LSB_FIRST
                                                                                                                                                                                    RT_BITMAP0x273eac0x428GLS_BINARY_LSB_FIRST
                                                                                                                                                                                    RT_BITMAP0x2742d40x428GLS_BINARY_LSB_FIRST
                                                                                                                                                                                    RT_BITMAP0x2746fc0x428GLS_BINARY_LSB_FIRST
                                                                                                                                                                                    RT_BITMAP0x274b240x1028dBase IV DBT, block length 4096, next free block index 40, next free block 0, next used block 0
                                                                                                                                                                                    RT_BITMAP0x275b4c0x428GLS_BINARY_LSB_FIRST
                                                                                                                                                                                    RT_BITMAP0x275f740xc0GLS_BINARY_LSB_FIRST
                                                                                                                                                                                    RT_BITMAP0x2760340xe0GLS_BINARY_LSB_FIRST
                                                                                                                                                                                    RT_BITMAP0x2761140xe8GLS_BINARY_LSB_FIRST
                                                                                                                                                                                    RT_BITMAP0x2761fc0xc0GLS_BINARY_LSB_FIRST
                                                                                                                                                                                    RT_BITMAP0x2762bc0xe0GLS_BINARY_LSB_FIRST
                                                                                                                                                                                    RT_ICON0x27639c0x10a8dBase III DBT, version number 0, next free block index 40RussianRussia
                                                                                                                                                                                    RT_DIALOG0x2774440x52data
                                                                                                                                                                                    RT_STRING0x2774980x1d8data
                                                                                                                                                                                    RT_STRING0x2776700x2cdata
                                                                                                                                                                                    RT_STRING0x27769c0xb0data
                                                                                                                                                                                    RT_STRING0x27774c0x1f0data
                                                                                                                                                                                    RT_STRING0x27793c0x24cdata
                                                                                                                                                                                    RT_STRING0x277b880x1acdata
                                                                                                                                                                                    RT_STRING0x277d340x380data
                                                                                                                                                                                    RT_STRING0x2780b40x410data
                                                                                                                                                                                    RT_STRING0x2784c40x794data
                                                                                                                                                                                    RT_STRING0x278c580xf8data
                                                                                                                                                                                    RT_STRING0x278d500x128data
                                                                                                                                                                                    RT_STRING0x278e780x318data
                                                                                                                                                                                    RT_STRING0x2791900x2a4data
                                                                                                                                                                                    RT_STRING0x2794340x178data
                                                                                                                                                                                    RT_STRING0x2795ac0x1f4data
                                                                                                                                                                                    RT_STRING0x2797a00x450data
                                                                                                                                                                                    RT_STRING0x279bf00x4e0data
                                                                                                                                                                                    RT_STRING0x27a0d00x380data
                                                                                                                                                                                    RT_STRING0x27a4500x528data
                                                                                                                                                                                    RT_STRING0x27a9780x58cdata
                                                                                                                                                                                    RT_STRING0x27af040x478data
                                                                                                                                                                                    RT_STRING0x27b37c0x23cdata
                                                                                                                                                                                    RT_STRING0x27b5b80xd4data
                                                                                                                                                                                    RT_STRING0x27b68c0x110data
                                                                                                                                                                                    RT_STRING0x27b79c0x24cdata
                                                                                                                                                                                    RT_STRING0x27b9e80x414data
                                                                                                                                                                                    RT_STRING0x27bdfc0x3b4data
                                                                                                                                                                                    RT_STRING0x27c1b00x3a0data
                                                                                                                                                                                    RT_STRING0x27c5500x388data
                                                                                                                                                                                    RT_STRING0x27c8d80x234data
                                                                                                                                                                                    RT_STRING0x27cb0c0xecdata
                                                                                                                                                                                    RT_STRING0x27cbf80x1f0data
                                                                                                                                                                                    RT_STRING0x27cde80x41cdata
                                                                                                                                                                                    RT_STRING0x27d2040x378data
                                                                                                                                                                                    RT_STRING0x27d57c0x308data
                                                                                                                                                                                    RT_STRING0x27d8840x370data
                                                                                                                                                                                    RT_RCDATA0x27dbf40x10data
                                                                                                                                                                                    RT_RCDATA0x27dc040xa84data
                                                                                                                                                                                    RT_RCDATA0x27e6880x6fdDelphi compiled form 'TcxFilterDialog'
                                                                                                                                                                                    RT_RCDATA0x27ed880x772Delphi compiled form 'TfmFilterControlDialog'
                                                                                                                                                                                    RT_RCDATA0x27f4fc0x5be3Delphi compiled form 'TForm1'
                                                                                                                                                                                    RT_RCDATA0x2850e00x45cDelphi compiled form 'TForm2'
                                                                                                                                                                                    RT_RCDATA0x28553c0x41fDelphi compiled form 'TForm3'
                                                                                                                                                                                    RT_RCDATA0x28595c0x494Delphi compiled form 'TLoginDialog'
                                                                                                                                                                                    RT_RCDATA0x285df00xa57Delphi compiled form 'TMadExcept'
                                                                                                                                                                                    RT_RCDATA0x2868480x34eDelphi compiled form 'TMEContactForm'
                                                                                                                                                                                    RT_RCDATA0x286b980x228Delphi compiled form 'TMEDetailsForm'
                                                                                                                                                                                    RT_RCDATA0x286dc00x2a3Delphi compiled form 'TMEScrShotForm'
                                                                                                                                                                                    RT_RCDATA0x2870640x3c4Delphi compiled form 'TPasswordDialog'
                                                                                                                                                                                    RT_GROUP_CURSOR0x2874280x14data
                                                                                                                                                                                    RT_GROUP_CURSOR0x28743c0x14data
                                                                                                                                                                                    RT_GROUP_CURSOR0x2874500x14data
                                                                                                                                                                                    RT_GROUP_CURSOR0x2874640x14data
                                                                                                                                                                                    RT_GROUP_CURSOR0x2874780x14data
                                                                                                                                                                                    RT_GROUP_CURSOR0x28748c0x14data
                                                                                                                                                                                    RT_GROUP_CURSOR0x2874a00x14data
                                                                                                                                                                                    RT_GROUP_CURSOR0x2874b40x14data
                                                                                                                                                                                    RT_GROUP_CURSOR0x2874c80x14data
                                                                                                                                                                                    RT_GROUP_CURSOR0x2874dc0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                                                                                                                    RT_GROUP_CURSOR0x2874f00x14data
                                                                                                                                                                                    RT_GROUP_CURSOR0x2875040x14data
                                                                                                                                                                                    RT_GROUP_CURSOR0x2875180x14data
                                                                                                                                                                                    RT_GROUP_CURSOR0x28752c0x14data
                                                                                                                                                                                    RT_GROUP_CURSOR0x2875400x14data
                                                                                                                                                                                    RT_GROUP_CURSOR0x2875540x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                                                                                                    RT_GROUP_CURSOR0x2875680x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                                                                                                    RT_GROUP_CURSOR0x28757c0x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                                                                                                    RT_GROUP_CURSOR0x2875900x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                                                                                                    RT_GROUP_CURSOR0x2875a40x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                                                                                                    RT_GROUP_CURSOR0x2875b80x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                                                                                                    RT_GROUP_CURSOR0x2875cc0x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                                                                                                    RT_GROUP_CURSOR0x2875e00x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                                                                                                    RT_GROUP_CURSOR0x2875f40x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                                                                                                    RT_GROUP_ICON0x2876080x14dataRussianRussia

                                                                                                                                                                                    Imports

                                                                                                                                                                                    DLLImport
                                                                                                                                                                                    KERNEL32.dllMapViewOfFile, CreateFileA, InitializeCriticalSection, GetProcAddress, GetCurrentProcess, LocalFree, RaiseException, LocalAlloc, GetVersionExA, TerminateProcess, Sleep, WaitForSingleObject, GetExitCodeProcess, LeaveCriticalSection, EnterCriticalSection, SetLastError, GetFullPathNameA, DeleteFileA, WriteFile, GetTempFileNameA, GetTempPathA, VirtualFree, VirtualProtect, SetFilePointer, VirtualAlloc, DuplicateHandle, ReadFile, CreateFileMappingA, GetFileSize, LoadLibraryA, FlushFileBuffers, FindNextFileA, GetModuleFileNameA, ResumeThread, WriteProcessMemory, GetCurrentProcessId, CreateProcessA, HeapAlloc, HeapCreate, HeapFree, FormatMessageA, GetLastError, SetUnhandledExceptionFilter, VirtualQuery, CreateFileW, WideCharToMultiByte, GetFileAttributesA, CreateFileMappingW, FreeLibrary, LoadLibraryW, GetModuleHandleW, ExitProcess, FindClose, UnmapViewOfFile, CloseHandle, GetModuleHandleA, GetFileTime, GetSystemTimeAsFileTime, FindFirstFileA, RtlUnwind
                                                                                                                                                                                    USER32.dllwvsprintfA, wsprintfA, ChangeDisplaySettingsA, MessageBoxA, CharUpperBuffA, LoadImageA
                                                                                                                                                                                    GDI32.dllAddFontResourceA, RemoveFontResourceA, DeleteDC, CreateDIBSection, CreateCompatibleDC

                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                    EnglishUnited States
                                                                                                                                                                                    RussianRussia

                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                    Snort IDS Alerts

                                                                                                                                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                    10/29/21-17:51:14.924932ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.48.8.8.8
                                                                                                                                                                                    10/29/21-17:51:15.851555TCP2925INFO web bug 0x0 gif attempt8049782193.109.247.229192.168.2.4
                                                                                                                                                                                    10/29/21-17:51:16.067758TCP2925INFO web bug 0x0 gif attempt8049782193.109.247.229192.168.2.4
                                                                                                                                                                                    10/29/21-17:51:16.429861TCP2925INFO web bug 0x0 gif attempt8049784142.250.203.110192.168.2.4
                                                                                                                                                                                    10/29/21-17:51:16.523030TCP2925INFO web bug 0x0 gif attempt8049784142.250.203.110192.168.2.4

                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                    Oct 29, 2021 17:51:14.912357092 CEST4978280192.168.2.4193.109.247.229
                                                                                                                                                                                    Oct 29, 2021 17:51:14.912494898 CEST4978380192.168.2.4193.109.247.229
                                                                                                                                                                                    Oct 29, 2021 17:51:14.978293896 CEST8049782193.109.247.229192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:14.979026079 CEST4978280192.168.2.4193.109.247.229
                                                                                                                                                                                    Oct 29, 2021 17:51:14.979448080 CEST4978280192.168.2.4193.109.247.229
                                                                                                                                                                                    Oct 29, 2021 17:51:14.979504108 CEST8049783193.109.247.229192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:14.979582071 CEST4978380192.168.2.4193.109.247.229
                                                                                                                                                                                    Oct 29, 2021 17:51:15.015364885 CEST4978380192.168.2.4193.109.247.229
                                                                                                                                                                                    Oct 29, 2021 17:51:15.045166969 CEST8049782193.109.247.229192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.045492887 CEST8049782193.109.247.229192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.045532942 CEST8049782193.109.247.229192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.045563936 CEST8049782193.109.247.229192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.045583963 CEST4978280192.168.2.4193.109.247.229
                                                                                                                                                                                    Oct 29, 2021 17:51:15.045619011 CEST4978280192.168.2.4193.109.247.229
                                                                                                                                                                                    Oct 29, 2021 17:51:15.045627117 CEST4978280192.168.2.4193.109.247.229
                                                                                                                                                                                    Oct 29, 2021 17:51:15.082608938 CEST8049783193.109.247.229192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.082951069 CEST8049783193.109.247.229192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.082993984 CEST8049783193.109.247.229192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.083020926 CEST8049783193.109.247.229192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.083029985 CEST4978380192.168.2.4193.109.247.229
                                                                                                                                                                                    Oct 29, 2021 17:51:15.083064079 CEST4978380192.168.2.4193.109.247.229
                                                                                                                                                                                    Oct 29, 2021 17:51:15.083074093 CEST4978380192.168.2.4193.109.247.229
                                                                                                                                                                                    Oct 29, 2021 17:51:15.365300894 CEST4978680192.168.2.488.212.201.198
                                                                                                                                                                                    Oct 29, 2021 17:51:15.365367889 CEST4978780192.168.2.488.212.201.198
                                                                                                                                                                                    Oct 29, 2021 17:51:15.383512020 CEST4978880192.168.2.487.250.251.119
                                                                                                                                                                                    Oct 29, 2021 17:51:15.384476900 CEST4978980192.168.2.487.250.251.119
                                                                                                                                                                                    Oct 29, 2021 17:51:15.422493935 CEST804978788.212.201.198192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.422600031 CEST4978780192.168.2.488.212.201.198
                                                                                                                                                                                    Oct 29, 2021 17:51:15.424932003 CEST804978887.250.251.119192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.425023079 CEST4978880192.168.2.487.250.251.119
                                                                                                                                                                                    Oct 29, 2021 17:51:15.425867081 CEST804978987.250.251.119192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.425956011 CEST4978980192.168.2.487.250.251.119
                                                                                                                                                                                    Oct 29, 2021 17:51:15.426867962 CEST804978688.212.201.198192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.426937103 CEST4978680192.168.2.488.212.201.198
                                                                                                                                                                                    Oct 29, 2021 17:51:15.440135956 CEST4978780192.168.2.488.212.201.198
                                                                                                                                                                                    Oct 29, 2021 17:51:15.440211058 CEST4978880192.168.2.487.250.251.119
                                                                                                                                                                                    Oct 29, 2021 17:51:15.440260887 CEST4978980192.168.2.487.250.251.119
                                                                                                                                                                                    Oct 29, 2021 17:51:15.440336943 CEST4978680192.168.2.488.212.201.198
                                                                                                                                                                                    Oct 29, 2021 17:51:15.481651068 CEST804978887.250.251.119192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.481686115 CEST804978987.250.251.119192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.481770992 CEST804978887.250.251.119192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.481829882 CEST4978880192.168.2.487.250.251.119
                                                                                                                                                                                    Oct 29, 2021 17:51:15.482186079 CEST804978987.250.251.119192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.482260942 CEST4978980192.168.2.487.250.251.119
                                                                                                                                                                                    Oct 29, 2021 17:51:15.496105909 CEST4978880192.168.2.487.250.251.119
                                                                                                                                                                                    Oct 29, 2021 17:51:15.497661114 CEST49790443192.168.2.487.250.251.119
                                                                                                                                                                                    Oct 29, 2021 17:51:15.497730017 CEST4434979087.250.251.119192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.497819901 CEST49790443192.168.2.487.250.251.119
                                                                                                                                                                                    Oct 29, 2021 17:51:15.499608040 CEST804978788.212.201.198192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.499747038 CEST4978780192.168.2.488.212.201.198
                                                                                                                                                                                    Oct 29, 2021 17:51:15.503304958 CEST804978688.212.201.198192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.503382921 CEST4978680192.168.2.488.212.201.198
                                                                                                                                                                                    Oct 29, 2021 17:51:15.522010088 CEST4978980192.168.2.487.250.251.119
                                                                                                                                                                                    Oct 29, 2021 17:51:15.523943901 CEST49791443192.168.2.487.250.251.119
                                                                                                                                                                                    Oct 29, 2021 17:51:15.524008989 CEST4434979187.250.251.119192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.524115086 CEST49791443192.168.2.487.250.251.119
                                                                                                                                                                                    Oct 29, 2021 17:51:15.540247917 CEST804978887.250.251.119192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.540335894 CEST4978880192.168.2.487.250.251.119
                                                                                                                                                                                    Oct 29, 2021 17:51:15.551465988 CEST4978680192.168.2.488.212.201.198
                                                                                                                                                                                    Oct 29, 2021 17:51:15.551891088 CEST4978780192.168.2.488.212.201.198
                                                                                                                                                                                    Oct 29, 2021 17:51:15.556516886 CEST49792443192.168.2.488.212.201.198
                                                                                                                                                                                    Oct 29, 2021 17:51:15.556557894 CEST4434979288.212.201.198192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.556633949 CEST49792443192.168.2.488.212.201.198
                                                                                                                                                                                    Oct 29, 2021 17:51:15.560092926 CEST49793443192.168.2.488.212.201.198
                                                                                                                                                                                    Oct 29, 2021 17:51:15.560134888 CEST4434979388.212.201.198192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.560204983 CEST49793443192.168.2.488.212.201.198
                                                                                                                                                                                    Oct 29, 2021 17:51:15.564116001 CEST804978987.250.251.119192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.564204931 CEST4978980192.168.2.487.250.251.119
                                                                                                                                                                                    Oct 29, 2021 17:51:15.567859888 CEST49790443192.168.2.487.250.251.119
                                                                                                                                                                                    Oct 29, 2021 17:51:15.567904949 CEST4434979087.250.251.119192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.568025112 CEST49791443192.168.2.487.250.251.119
                                                                                                                                                                                    Oct 29, 2021 17:51:15.568064928 CEST4434979187.250.251.119192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.568361998 CEST49792443192.168.2.488.212.201.198
                                                                                                                                                                                    Oct 29, 2021 17:51:15.568391085 CEST4434979288.212.201.198192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.568624973 CEST49793443192.168.2.488.212.201.198
                                                                                                                                                                                    Oct 29, 2021 17:51:15.568664074 CEST4434979388.212.201.198192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.609721899 CEST804978788.212.201.198192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.609771013 CEST804978788.212.201.198192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.609843016 CEST4978780192.168.2.488.212.201.198
                                                                                                                                                                                    Oct 29, 2021 17:51:15.612982988 CEST804978688.212.201.198192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.613230944 CEST804978688.212.201.198192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.613354921 CEST4978680192.168.2.488.212.201.198
                                                                                                                                                                                    Oct 29, 2021 17:51:15.666100025 CEST4434979187.250.251.119192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.666202068 CEST49791443192.168.2.487.250.251.119
                                                                                                                                                                                    Oct 29, 2021 17:51:15.667665958 CEST4434979087.250.251.119192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.667776108 CEST49790443192.168.2.487.250.251.119
                                                                                                                                                                                    Oct 29, 2021 17:51:15.759294987 CEST4434979288.212.201.198192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.759428024 CEST49792443192.168.2.488.212.201.198
                                                                                                                                                                                    Oct 29, 2021 17:51:15.769058943 CEST4434979388.212.201.198192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.769156933 CEST49793443192.168.2.488.212.201.198
                                                                                                                                                                                    Oct 29, 2021 17:51:15.785171032 CEST4978380192.168.2.4193.109.247.229
                                                                                                                                                                                    Oct 29, 2021 17:51:15.785819054 CEST4978280192.168.2.4193.109.247.229
                                                                                                                                                                                    Oct 29, 2021 17:51:15.851555109 CEST8049782193.109.247.229192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.851598978 CEST8049782193.109.247.229192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.851619005 CEST4978280192.168.2.4193.109.247.229
                                                                                                                                                                                    Oct 29, 2021 17:51:15.851660967 CEST4978280192.168.2.4193.109.247.229
                                                                                                                                                                                    Oct 29, 2021 17:51:15.852315903 CEST8049783193.109.247.229192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.852349997 CEST8049783193.109.247.229192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.852401018 CEST4978380192.168.2.4193.109.247.229
                                                                                                                                                                                    Oct 29, 2021 17:51:15.852443933 CEST4978380192.168.2.4193.109.247.229

                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                    Oct 29, 2021 17:51:13.816387892 CEST5585453192.168.2.48.8.8.8
                                                                                                                                                                                    Oct 29, 2021 17:51:14.822130919 CEST5585453192.168.2.48.8.8.8
                                                                                                                                                                                    Oct 29, 2021 17:51:14.890239954 CEST53558548.8.8.8192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:14.924814939 CEST53558548.8.8.8192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.343087912 CEST6315353192.168.2.48.8.8.8
                                                                                                                                                                                    Oct 29, 2021 17:51:15.362226963 CEST53631538.8.8.8192.168.2.4
                                                                                                                                                                                    Oct 29, 2021 17:51:15.362785101 CEST5299153192.168.2.48.8.8.8
                                                                                                                                                                                    Oct 29, 2021 17:51:15.381855965 CEST53529918.8.8.8192.168.2.4

                                                                                                                                                                                    ICMP Packets

                                                                                                                                                                                    TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                    Oct 29, 2021 17:51:14.924932003 CEST192.168.2.48.8.8.8d00d(Port unreachable)Destination Unreachable

                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                    Oct 29, 2021 17:51:13.816387892 CEST192.168.2.48.8.8.80xc22cStandard query (0)www.all-bearings.narod.ruA (IP address)IN (0x0001)
                                                                                                                                                                                    Oct 29, 2021 17:51:14.822130919 CEST192.168.2.48.8.8.80xc22cStandard query (0)www.all-bearings.narod.ruA (IP address)IN (0x0001)
                                                                                                                                                                                    Oct 29, 2021 17:51:15.343087912 CEST192.168.2.48.8.8.80x6b57Standard query (0)counter.yadro.ruA (IP address)IN (0x0001)
                                                                                                                                                                                    Oct 29, 2021 17:51:15.362785101 CEST192.168.2.48.8.8.80xe7f9Standard query (0)mc.yandex.ruA (IP address)IN (0x0001)

                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                    Oct 29, 2021 17:51:14.890239954 CEST8.8.8.8192.168.2.40xc22cNo error (0)www.all-bearings.narod.ru193.109.247.229A (IP address)IN (0x0001)
                                                                                                                                                                                    Oct 29, 2021 17:51:14.924814939 CEST8.8.8.8192.168.2.40xc22cNo error (0)www.all-bearings.narod.ru193.109.247.229A (IP address)IN (0x0001)
                                                                                                                                                                                    Oct 29, 2021 17:51:15.347728014 CEST8.8.8.8192.168.2.40x2fe6No error (0)www-google-analytics.l.google.com142.250.203.110A (IP address)IN (0x0001)
                                                                                                                                                                                    Oct 29, 2021 17:51:15.362226963 CEST8.8.8.8192.168.2.40x6b57No error (0)counter.yadro.ru88.212.201.198A (IP address)IN (0x0001)
                                                                                                                                                                                    Oct 29, 2021 17:51:15.362226963 CEST8.8.8.8192.168.2.40x6b57No error (0)counter.yadro.ru88.212.201.210A (IP address)IN (0x0001)
                                                                                                                                                                                    Oct 29, 2021 17:51:15.362226963 CEST8.8.8.8192.168.2.40x6b57No error (0)counter.yadro.ru88.212.201.216A (IP address)IN (0x0001)
                                                                                                                                                                                    Oct 29, 2021 17:51:15.362226963 CEST8.8.8.8192.168.2.40x6b57No error (0)counter.yadro.ru88.212.201.204A (IP address)IN (0x0001)
                                                                                                                                                                                    Oct 29, 2021 17:51:15.381855965 CEST8.8.8.8192.168.2.40xe7f9No error (0)mc.yandex.ru87.250.251.119A (IP address)IN (0x0001)
                                                                                                                                                                                    Oct 29, 2021 17:51:15.381855965 CEST8.8.8.8192.168.2.40xe7f9No error (0)mc.yandex.ru87.250.250.119A (IP address)IN (0x0001)
                                                                                                                                                                                    Oct 29, 2021 17:51:15.381855965 CEST8.8.8.8192.168.2.40xe7f9No error (0)mc.yandex.ru77.88.21.119A (IP address)IN (0x0001)
                                                                                                                                                                                    Oct 29, 2021 17:51:15.381855965 CEST8.8.8.8192.168.2.40xe7f9No error (0)mc.yandex.ru93.158.134.119A (IP address)IN (0x0001)

                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                    • www.all-bearings.narod.ru
                                                                                                                                                                                      • mc.yandex.ru
                                                                                                                                                                                      • counter.yadro.ru

                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    0192.168.2.44979087.250.251.119443C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    1192.168.2.44979288.212.201.198443C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    10192.168.2.44980087.250.251.119443C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    11192.168.2.44980187.250.251.119443C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    12192.168.2.449782193.109.247.22980C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    Oct 29, 2021 17:51:14.979448080 CEST1390OUTGET /secondpage.html HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Host: www.all-bearings.narod.ru
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Oct 29, 2021 17:51:15.045492887 CEST1391INHTTP/1.1 404 Not Found
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:16 GMT
                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                    Keep-Alive: timeout=15
                                                                                                                                                                                    ETag: W/"611e66ad-1ad5"
                                                                                                                                                                                    Content-Encoding: gzip
                                                                                                                                                                                    Data Raw: 61 30 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9d 59 fb 6f db 38 12 fe 3d 7f 05 ab e0 60 bb 89 25 bf 92 a6 7e 15 6d da c5 2e 90 6e 7b bb e9 1d 8a a2 28 68 89 b6 d8 48 a2 4a 52 71 bc d9 fc ef 37 43 ea 65 5b 4e ba 67 a1 91 c4 c7 70 e6 9b 99 8f 43 75 fa ec ed 87 cb eb cf 1f df 91 50 c7 d1 fc 68 5a dc 18 0d e6 47 04 7e d3 98 69 0a bd 3a ed b2 1f 19 bf 9d 39 be 48 34 4b 74 57 6f 52 e6 90 fc 6d e6 68 76 a7 3d 9c 3e 21 7e 48 a5 62 7a 96 e9 65 f7 c2 21 5e 2e 49 73 1d b1 f9 af d7 d7 1f c9 a8 37 22 7f 30 25 32 e9 33 92 08 4d 96 22 4b 82 a9 67 87 1c 4d 95 de 44 8c e0 0a b9 60 5f 29 67 7e b4 10 c1 86 dc c7 54 ae 78 32 26 bd 09 49 69 10 f0 64 65 9e 17 d4 bf 59 49 94 33 26 c7 cb e5 72 02 42 13 3d 26 fd 41 7a e7 0d e0 0f 69 fd 87 c9 80 26 b4 05 2a 8a 48 48 18 77 7e 81 d7 e4 c1 8a a6 e4 be e8 18 0e e8 c0 07 19 b8 7a 37 60 be 90 54 73 01 ab 82 7c 26 23 9e b0 72 d2 38 14 b7 4c 92 fb bd a1 89 30 a3 74 70 4a 78 92 66 fa 94 28 16 31 1f ee 38 94 4a 06 eb 55 3a 92 a7 95 74 fd 88 51 58 c9 dc c6 64 21 74 68 5a ad 0f c8 fd 9a 07 3a 1c 93 17 c3 b3 f4 6e 42 0a 9c 68 a6 05 0c f3 9e 77 f3 1f 7a 97 49 fb fc dc 3b 3a b6 ef e4 3e 64 7c 15 82 36 67 66 7a 1d cf 4c 46 6d cf 55 1e 8f 57 1e 93 d2 03 ff 15 52 10 0a 77 c5 97 1d 22 59 ca a8 ee de 91 1e f8 17 24 3c 1c 1d 47 62 25 c0 c6 48 50 10 1b b1 a5 ae b4 aa 7b 6f 70 9e e2 ac 1e 36 e6 36 8c 86 a8 43 a1 d1 e0 45 4d 1e a0 16 70 95 46 74 03 10 44 c2 bf a9 c7 01 79 89 f3 0e 0b 21 e8 2b 50 68 3d 26 21 0f 02 96 40 4b a6 d1 88 dc 5f d6 e3 1c bc 8c 8e e9 be 84 df 2e 1a 18 5d 8d 90 a0 7a 6e 9a ac 3a 20 aa 6b e1 20 3e c8 01 70 ed 0d bd a5 b8 66 5d 1f 9c af 59 09 8d 44 0d 2b 6c ea 78 3c 62 ea 99 19 d5 37 de ca e3 a8 8f b1 7e 7e 20 8c 5e f8 3d 36 f8 49 53 a8 94 62 bd 6b 0b 7a 90 f4 ad 6f ab 70 aa ff 20 9c aa 8e 98 f2 a4 d6 71 8c ef e4 be 34 e0 ac 67 f4 3f 33 66 20 32 66 bc 59 63 3b 64 72 6f f6 cf 71 65 eb 1f 1a f1 15 00 55 a1 0a 7a 0b 69 e8 a3 cc a9 0b c4 62 d4 8c c5 0b b6 18 05 83 72 a2 2f 02 56 11 4b df 2a 36 b0 8a 95 cb db b4 28 a2 e9 fc fc 27 92 64 07 40 5c 2f a5 2b 06 8c 67 08 af 54 75 84 aa f6 0e a9 8a d7 de 54 9a 13 8e 96 34 51 4b 21 63 50 20 4d 99 f4 a9 62 4d 76 1a 70 4d 9c 35 a3 3b 7a b9 45 1a 26 fa c8 85 f5 75 7d 72 38 dc 62 e0 1a c7 22 e0 4d 06 0c 86 78 95 62 4a b6 6a 62 82 fe b0 8c fc dd f1 59 54 4d 19 96 91 0f 19 8a 6a d7 37 82 88 2b dd 35 3b 48 49 c1 c7 0a 08 d3 0f c9 3d e6 9f 79 5c 0b 19 94 84 39 7c d1 db 16 42 b6 5c 3d 30 bd c8 11 dd ed a6 1d e6 58 80 4c 06 16 43 12 12 25 22 1e 90 63 7f 89 57 d1 d5 95 34 e0 99 1a 5b f1 40 44 9a fb 34 2a 82 39 06 3e 8a 8c a3 ad 8a 6a 11 3f 1a 20 a5 2e 03 94 56 a0 7d 36 a2 41 b9 71 a9 90 06 48 75 3d a3 13 fe b3 3b 63 cd 52 23 15 37 1e 6b 52 93 0d 43 bc c8 33 1e a7 90 62 34 d1 cd e6 6c d1 0a bb c0 6b 2f 25 16 99 d6 22 b1 59 51 6c 17 a0 7a 26 15 ea 9e 0a 6e d2 79 17 d7 03 40 d5 a8 fc 96 2b be 30 d8 3d 1f 2f b9 04 ff fb 21 8f 82 13 ac 47 48 1d ce c2 bc 5e dd 9c 9f 21 b3 a5 10 ba d8 33 0d 99 d9 86 1a 9d f5 cf 2a d2 ce f1 d1 22 dd 42 32 58 e0 85 1e ce c5 81 d3 9a b3 71 30 72 5f fe 6b 67 60 38 22 f7 5b f9 d9 cf 09 aa c6 fd fd 03 7c 77 76 8e d7 8e 40 cc a8 c6 fd b8 39 89 76 a6 46 1c 66 d7 97 3e 90 fe 17 14 af 9d f9 30 19 08 6c 77 cc 7e b5 d5 b0 34 4e 3d 58 72 d5 ab b3 83 4e 9d 7a c6 30 a8 33 3d 5b e8 4e b1 90 c3 b2 d3 97 3c d5 f5 ba f3 3b bd a5 b6 d5 c1 2a f6 16 aa af 6f 2b fa 83 cc ec
                                                                                                                                                                                    Data Ascii: a01Yo8=`%~m.n{(hHJRq7Ce[NgpCuPhZG~i:9H4KtWoRmhv=>!~Hbze!^.Is7"0%23M"KgMD`_)g~Tx2&IideYI3&rB=&Azi&*HHw~z7`Ts|&#r8L0tpJxf(18JU:tQXd!thZ:nBhwzI;:>d|6gfzLFmUWRw"Y$<Gb%HP{op66CEMpFtDy!+Ph=&!@K_.]zn: k >pf]YD+lx<b7~~ ^=6ISbkzop q4g?3f 2fYc;droqeUzibr/VK*6('d@\/+gTuT4QK!cP MbMvpM5;zE&u}r8b"MxbJjbYTMj7+5;HI=y\9|B\=0XLC%"cW4[@D4*9>j? .V}6AqHu=;cR#7kRC3b4lk/%"YQlz&ny@+0=/!GH^!3*"B2Xq0r_kg`8"[|wv@9vFf>0lw~4N=XrNz03=[N<;*o+
                                                                                                                                                                                    Oct 29, 2021 17:51:15.785819054 CEST1457OUTGET /.s/img/err/404-header-line.gif HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/secondpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Host: www.all-bearings.narod.ru
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Oct 29, 2021 17:51:15.851555109 CEST1458INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:17 GMT
                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                    Content-Length: 1161
                                                                                                                                                                                    Last-Modified: Mon, 31 Jul 2017 10:32:10 GMT
                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                    Keep-Alive: timeout=15
                                                                                                                                                                                    ETag: "597f072a-489"
                                                                                                                                                                                    Expires: Thu, 18 Nov 2021 15:51:17 GMT
                                                                                                                                                                                    Cache-Control: max-age=1728000
                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                    Oct 29, 2021 17:51:15.859746933 CEST1461OUTGET /.s/img/err/404-logo.png HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/secondpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Host: www.all-bearings.narod.ru
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Oct 29, 2021 17:51:15.925540924 CEST1462INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:17 GMT
                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                    Content-Length: 2152
                                                                                                                                                                                    Last-Modified: Mon, 31 Jul 2017 10:32:10 GMT
                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                    Keep-Alive: timeout=15
                                                                                                                                                                                    ETag: "597f072a-868"
                                                                                                                                                                                    Expires: Thu, 18 Nov 2021 15:51:17 GMT
                                                                                                                                                                                    Cache-Control: max-age=1728000
                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                    Oct 29, 2021 17:51:15.932754993 CEST1466OUTGET /.s/img/err/404.png HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/secondpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Host: www.all-bearings.narod.ru
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Oct 29, 2021 17:51:15.998469114 CEST1469INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:17 GMT
                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                    Content-Length: 4451
                                                                                                                                                                                    Last-Modified: Mon, 31 Jul 2017 10:32:10 GMT
                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                    Keep-Alive: timeout=15
                                                                                                                                                                                    ETag: "597f072a-1163"
                                                                                                                                                                                    Expires: Thu, 18 Nov 2021 15:51:17 GMT
                                                                                                                                                                                    Cache-Control: max-age=1728000
                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                    Oct 29, 2021 17:51:16.002221107 CEST1477OUTGET /.s/img/err/404-header-line.gif HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/firstpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Host: www.all-bearings.narod.ru
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Oct 29, 2021 17:51:16.067758083 CEST1493INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:17 GMT
                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                    Content-Length: 1161
                                                                                                                                                                                    Last-Modified: Mon, 31 Jul 2017 10:32:10 GMT
                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                    Keep-Alive: timeout=15
                                                                                                                                                                                    ETag: "597f072a-489"
                                                                                                                                                                                    Expires: Thu, 18 Nov 2021 15:51:17 GMT
                                                                                                                                                                                    Cache-Control: max-age=1728000
                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                    Oct 29, 2021 17:51:16.070837975 CEST1498OUTGET /.s/img/err/404-arrow.png HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/firstpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Host: www.all-bearings.narod.ru
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Oct 29, 2021 17:51:16.136607885 CEST1664INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:17 GMT
                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                    Content-Length: 1169
                                                                                                                                                                                    Last-Modified: Mon, 31 Jul 2017 10:32:10 GMT
                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                    Keep-Alive: timeout=15
                                                                                                                                                                                    ETag: "597f072a-491"
                                                                                                                                                                                    Expires: Thu, 18 Nov 2021 15:51:17 GMT
                                                                                                                                                                                    Cache-Control: max-age=1728000
                                                                                                                                                                                    Accept-Ranges: bytes


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    13192.168.2.449783193.109.247.22980C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    Oct 29, 2021 17:51:15.015364885 CEST1390OUTGET /firstpage.html HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Host: www.all-bearings.narod.ru
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Oct 29, 2021 17:51:15.082951069 CEST1395INHTTP/1.1 404 Not Found
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:16 GMT
                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                    Keep-Alive: timeout=15
                                                                                                                                                                                    ETag: W/"611e66ad-1ad5"
                                                                                                                                                                                    Content-Encoding: gzip
                                                                                                                                                                                    Data Raw: 61 30 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9d 59 fb 6f db 38 12 fe 3d 7f 05 ab e0 60 bb 89 25 bf 92 a6 7e 15 6d da c5 2e 90 6e 7b bb e9 1d 8a a2 28 68 89 b6 d8 48 a2 4a 52 71 bc d9 fc ef 37 43 ea 65 5b 4e ba 67 a1 91 c4 c7 70 e6 9b 99 8f 43 75 fa ec ed 87 cb eb cf 1f df 91 50 c7 d1 fc 68 5a dc 18 0d e6 47 04 7e d3 98 69 0a bd 3a ed b2 1f 19 bf 9d 39 be 48 34 4b 74 57 6f 52 e6 90 fc 6d e6 68 76 a7 3d 9c 3e 21 7e 48 a5 62 7a 96 e9 65 f7 c2 21 5e 2e 49 73 1d b1 f9 af d7 d7 1f c9 a8 37 22 7f 30 25 32 e9 33 92 08 4d 96 22 4b 82 a9 67 87 1c 4d 95 de 44 8c e0 0a b9 60 5f 29 67 7e b4 10 c1 86 dc c7 54 ae 78 32 26 bd 09 49 69 10 f0 64 65 9e 17 d4 bf 59 49 94 33 26 c7 cb e5 72 02 42 13 3d 26 fd 41 7a e7 0d e0 0f 69 fd 87 c9 80 26 b4 05 2a 8a 48 48 18 77 7e 81 d7 e4 c1 8a a6 e4 be e8 18 0e e8 c0 07 19 b8 7a 37 60 be 90 54 73 01 ab 82 7c 26 23 9e b0 72 d2 38 14 b7 4c 92 fb bd a1 89 30 a3 74 70 4a 78 92 66 fa 94 28 16 31 1f ee 38 94 4a 06 eb 55 3a 92 a7 95 74 fd 88 51 58 c9 dc c6 64 21 74 68 5a ad 0f c8 fd 9a 07 3a 1c 93 17 c3 b3 f4 6e 42 0a 9c 68 a6 05 0c f3 9e 77 f3 1f 7a 97 49 fb fc dc 3b 3a b6 ef e4 3e 64 7c 15 82 36 67 66 7a 1d cf 4c 46 6d cf 55 1e 8f 57 1e 93 d2 03 ff 15 52 10 0a 77 c5 97 1d 22 59 ca a8 ee de 91 1e f8 17 24 3c 1c 1d 47 62 25 c0 c6 48 50 10 1b b1 a5 ae b4 aa 7b 6f 70 9e e2 ac 1e 36 e6 36 8c 86 a8 43 a1 d1 e0 45 4d 1e a0 16 70 95 46 74 03 10 44 c2 bf a9 c7 01 79 89 f3 0e 0b 21 e8 2b 50 68 3d 26 21 0f 02 96 40 4b a6 d1 88 dc 5f d6 e3 1c bc 8c 8e e9 be 84 df 2e 1a 18 5d 8d 90 a0 7a 6e 9a ac 3a 20 aa 6b e1 20 3e c8 01 70 ed 0d bd a5 b8 66 5d 1f 9c af 59 09 8d 44 0d 2b 6c ea 78 3c 62 ea 99 19 d5 37 de ca e3 a8 8f b1 7e 7e 20 8c 5e f8 3d 36 f8 49 53 a8 94 62 bd 6b 0b 7a 90 f4 ad 6f ab 70 aa ff 20 9c aa 8e 98 f2 a4 d6 71 8c ef e4 be 34 e0 ac 67 f4 3f 33 66 20 32 66 bc 59 63 3b 64 72 6f f6 cf 71 65 eb 1f 1a f1 15 00 55 a1 0a 7a 0b 69 e8 a3 cc a9 0b c4 62 d4 8c c5 0b b6 18 05 83 72 a2 2f 02 56 11 4b df 2a 36 b0 8a 95 cb db b4 28 a2 e9 fc fc 27 92 64 07 40 5c 2f a5 2b 06 8c 67 08 af 54 75 84 aa f6 0e a9 8a d7 de 54 9a 13 8e 96 34 51 4b 21 63 50 20 4d 99 f4 a9 62 4d 76 1a 70 4d 9c 35 a3 3b 7a b9 45 1a 26 fa c8 85 f5 75 7d 72 38 dc 62 e0 1a c7 22 e0 4d 06 0c 86 78 95 62 4a b6 6a 62 82 fe b0 8c fc dd f1 59 54 4d 19 96 91 0f 19 8a 6a d7 37 82 88 2b dd 35 3b 48 49 c1 c7 0a 08 d3 0f c9 3d e6 9f 79 5c 0b 19 94 84 39 7c d1 db 16 42 b6 5c 3d 30 bd c8 11 dd ed a6 1d e6 58 80 4c 06 16 43 12 12 25 22 1e 90 63 7f 89 57 d1 d5 95 34 e0 99 1a 5b f1 40 44 9a fb 34 2a 82 39 06 3e 8a 8c a3 ad 8a 6a 11 3f 1a 20 a5 2e 03 94 56 a0 7d 36 a2 41 b9 71 a9 90 06 48 75 3d a3 13 fe b3 3b 63 cd 52 23 15 37 1e 6b 52 93 0d 43 bc c8 33 1e a7 90 62 34 d1 cd e6 6c d1 0a bb c0 6b 2f 25 16 99 d6 22 b1 59 51 6c 17 a0 7a 26 15 ea 9e 0a 6e d2 79 17 d7 03 40 d5 a8 fc 96 2b be 30 d8 3d 1f 2f b9 04 ff fb 21 8f 82 13 ac 47 48 1d ce c2 bc 5e dd 9c 9f 21 b3 a5 10 ba d8 33 0d 99 d9 86 1a 9d f5 cf 2a d2 ce f1 d1 22 dd 42 32 58 e0 85 1e ce c5 81 d3 9a b3 71 30 72 5f fe 6b 67 60 38 22 f7 5b f9 d9 cf 09 aa c6 fd fd 03 7c 77 76 8e d7 8e 40 cc a8 c6 fd b8 39 89 76 a6 46 1c 66 d7 97 3e 90 fe 17 14 af 9d f9 30 19 08 6c 77 cc 7e b5 d5 b0 34 4e 3d 58 72 d5 ab b3 83 4e 9d 7a c6 30 a8 33 3d 5b e8 4e b1 90 c3 b2 d3 97 3c d5 f5 ba f3 3b bd a5 b6 d5 c1 2a f6 16 aa af 6f 2b fa 83 cc ec
                                                                                                                                                                                    Data Ascii: a01Yo8=`%~m.n{(hHJRq7Ce[NgpCuPhZG~i:9H4KtWoRmhv=>!~Hbze!^.Is7"0%23M"KgMD`_)g~Tx2&IideYI3&rB=&Azi&*HHw~z7`Ts|&#r8L0tpJxf(18JU:tQXd!thZ:nBhwzI;:>d|6gfzLFmUWRw"Y$<Gb%HP{op66CEMpFtDy!+Ph=&!@K_.]zn: k >pf]YD+lx<b7~~ ^=6ISbkzop q4g?3f 2fYc;droqeUzibr/VK*6('d@\/+gTuT4QK!cP MbMvpM5;zE&u}r8b"MxbJjbYTMj7+5;HI=y\9|B\=0XLC%"cW4[@D4*9>j? .V}6AqHu=;cR#7kRC3b4lk/%"YQlz&ny@+0=/!GH^!3*"B2Xq0r_kg`8"[|wv@9vFf>0lw~4N=XrNz03=[N<;*o+
                                                                                                                                                                                    Oct 29, 2021 17:51:15.785171032 CEST1457OUTGET /.s/img/err/button.png HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/secondpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Host: www.all-bearings.narod.ru
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Oct 29, 2021 17:51:15.852315903 CEST1459INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:17 GMT
                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                    Content-Length: 1036
                                                                                                                                                                                    Last-Modified: Mon, 31 Jul 2017 10:32:10 GMT
                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                    Keep-Alive: timeout=15
                                                                                                                                                                                    ETag: "597f072a-40c"
                                                                                                                                                                                    Expires: Thu, 18 Nov 2021 15:51:17 GMT
                                                                                                                                                                                    Cache-Control: max-age=1728000
                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                    Oct 29, 2021 17:51:15.858786106 CEST1461OUTGET /.s/img/err/404-arrow.png HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/secondpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Host: www.all-bearings.narod.ru
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Oct 29, 2021 17:51:15.925990105 CEST1464INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:17 GMT
                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                    Content-Length: 1169
                                                                                                                                                                                    Last-Modified: Mon, 31 Jul 2017 10:32:10 GMT
                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                    Keep-Alive: timeout=15
                                                                                                                                                                                    ETag: "597f072a-491"
                                                                                                                                                                                    Expires: Thu, 18 Nov 2021 15:51:17 GMT
                                                                                                                                                                                    Cache-Control: max-age=1728000
                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                    Oct 29, 2021 17:51:15.933043003 CEST1467OUTGET /.s/img/err/button.png HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/firstpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Host: www.all-bearings.narod.ru
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Oct 29, 2021 17:51:16.000112057 CEST1474INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:17 GMT
                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                    Content-Length: 1036
                                                                                                                                                                                    Last-Modified: Mon, 31 Jul 2017 10:32:10 GMT
                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                    Keep-Alive: timeout=15
                                                                                                                                                                                    ETag: "597f072a-40c"
                                                                                                                                                                                    Expires: Thu, 18 Nov 2021 15:51:17 GMT
                                                                                                                                                                                    Cache-Control: max-age=1728000
                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                    Oct 29, 2021 17:51:16.003344059 CEST1478OUTGET /.s/img/err/404-logo.png HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/firstpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Host: www.all-bearings.narod.ru
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Oct 29, 2021 17:51:16.070466995 CEST1495INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:17 GMT
                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                    Content-Length: 2152
                                                                                                                                                                                    Last-Modified: Mon, 31 Jul 2017 10:32:10 GMT
                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                    Keep-Alive: timeout=15
                                                                                                                                                                                    ETag: "597f072a-868"
                                                                                                                                                                                    Expires: Thu, 18 Nov 2021 15:51:17 GMT
                                                                                                                                                                                    Cache-Control: max-age=1728000
                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                    Oct 29, 2021 17:51:16.074219942 CEST1499OUTGET /.s/img/err/404.png HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/firstpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Host: www.all-bearings.narod.ru
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Oct 29, 2021 17:51:16.141700029 CEST1666INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:17 GMT
                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                    Content-Length: 4451
                                                                                                                                                                                    Last-Modified: Mon, 31 Jul 2017 10:32:10 GMT
                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                    Keep-Alive: timeout=15
                                                                                                                                                                                    ETag: "597f072a-1163"
                                                                                                                                                                                    Expires: Thu, 18 Nov 2021 15:51:17 GMT
                                                                                                                                                                                    Cache-Control: max-age=1728000
                                                                                                                                                                                    Accept-Ranges: bytes


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    14192.168.2.44978788.212.201.19880C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    Oct 29, 2021 17:51:15.440135956 CEST1437OUTGET /hit;counter1?r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/firstpage.html;0.34476715437082456 HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/firstpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Host: counter.yadro.ru
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Oct 29, 2021 17:51:15.499608040 CEST1439INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:23 GMT
                                                                                                                                                                                    Server: 0W/0.8c
                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                    Location: https://counter.yadro.ru/hit;counter1?r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/firstpage.html;0.34476715437082456
                                                                                                                                                                                    Content-Length: 32
                                                                                                                                                                                    Expires: Wed, 28 Oct 2020 21:00:00 GMT
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Cache-control: no-cache
                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 4d 6f 76 65 64 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                    Data Ascii: <html><body>Moved</body></html>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    15192.168.2.44978887.250.251.11980C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    Oct 29, 2021 17:51:15.440211058 CEST1437OUTGET /metrika/watch.js HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/secondpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Host: mc.yandex.ru
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Oct 29, 2021 17:51:15.481770992 CEST1438INHTTP/1.1 302 Moved temporarily
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    Location: https://mc.yandex.ru/metrika/watch.js


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    16192.168.2.44978987.250.251.11980C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    Oct 29, 2021 17:51:15.440260887 CEST1438OUTGET /metrika/watch.js HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/firstpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Host: mc.yandex.ru
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Oct 29, 2021 17:51:15.482186079 CEST1439INHTTP/1.1 302 Moved temporarily
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    Location: https://mc.yandex.ru/metrika/watch.js


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    17192.168.2.44978688.212.201.19880C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    Oct 29, 2021 17:51:15.440336943 CEST1438OUTGET /hit;counter1?r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/secondpage.html;0.5443641556055339 HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/secondpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Host: counter.yadro.ru
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Oct 29, 2021 17:51:15.503304958 CEST1440INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:23 GMT
                                                                                                                                                                                    Server: 0W/0.8c
                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                    Location: https://counter.yadro.ru/hit;counter1?r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/secondpage.html;0.5443641556055339
                                                                                                                                                                                    Content-Length: 32
                                                                                                                                                                                    Expires: Wed, 28 Oct 2020 21:00:00 GMT
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Cache-control: no-cache
                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 4d 6f 76 65 64 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                    Data Ascii: <html><body>Moved</body></html>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    2192.168.2.44979187.250.251.119443C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    3192.168.2.44979388.212.201.198443C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    4192.168.2.44979588.212.201.198443C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    5192.168.2.44979488.212.201.198443C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    6192.168.2.44979687.250.251.119443C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    7192.168.2.44979787.250.251.119443C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    8192.168.2.44979887.250.251.119443C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    9192.168.2.44979987.250.251.119443C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    0192.168.2.44979087.250.251.119443C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2021-10-29 15:51:15 UTC0OUTGET /metrika/watch.js HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/secondpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Host: mc.yandex.ru
                                                                                                                                                                                    2021-10-29 15:51:16 UTC1INHTTP/1.1 200 OK
                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    Cache-Control: max-age=3600
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Length: 132911
                                                                                                                                                                                    Content-Type: application/javascript
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:16 GMT
                                                                                                                                                                                    ETag: "617677e6-2072f"
                                                                                                                                                                                    Expires: Fri, 29 Oct 2021 16:51:16 GMT
                                                                                                                                                                                    Last-Modified: Mon, 25 Oct 2021 12:24:54 GMT
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    2021-10-29 15:51:16 UTC1INData Raw: ef bb bf 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 28 66 75 6e 63 74 69 6f 6e 28 4a 63 29 7b 66 75 6e 63 74 69 6f 6e 20 48 69 28 61 29 7b 72 65 74 75 72 6e 20 61 2e 72 65 70 6c 61 63 65 28 49 69 2c 66 75 6e 63 74 69 6f 6e 28 62 2c 63 2c 64 2c 65 29 7b 72 65 74 75 72 6e 22 22 2b 63 2b 65 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 4b 63 28 61 2c 62 29 7b 69 66 28 21 62 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 63 3d 4d 28 61 29 3b 72 65 74 75 72 6e 28 6e 65 77 20 52 65 67 45 78 70 28 62 29 29 2e 74 65 73 74 28 22 22 2b 63 2e 70 61 74 68 6e 61 6d 65 2b 63 2e 68 61 73 68 2b 63 2e 73 65 61 72 63 68 29 7d 66 75 6e 63 74 69 6f 6e 20 4a 69 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 44 61 28 61 2c 62 2c 66 75 6e 63 74 69 6f 6e 28 63 29 7b 76 61 72 20 64 3d 6e 28 63 2c
                                                                                                                                                                                    Data Ascii: (function(){try{(function(Jc){function Hi(a){return a.replace(Ii,function(b,c,d,e){return""+c+e})}function Kc(a,b){if(!b)return!1;var c=M(a);return(new RegExp(b)).test(""+c.pathname+c.hash+c.search)}function Ji(a,b){return Da(a,b,function(c){var d=n(c,
                                                                                                                                                                                    2021-10-29 15:51:16 UTC14INData Raw: 74 61 26 26 28 64 3d 30 3c 61 2e 77 68 65 65 6c 44 65 6c 74 61 3f 32 3a 30 3e 61 2e 77 68 65 65 6c 44 65 6c 74 61 3f 31 3a 30 29 3b 69 66 28 64 29 7b 76 61 72 20 65 3d 4d 63 28 62 2c 61 29 3b 61 3d 64 62 28 62 2c 63 29 3b 62 3d 74 61 28 62 29 3b 65 3d 5b 65 2e 78 2c 65 2e 79 5d 3b 63 3d 63 5b 6d 61 5d 3b 69 66 28 21 63 7c 7c 30 3e 63 29 63 3d 5b 5d 3b 65 6c 73 65 7b 76 61 72 20 66 3d 5b 5d 3b 75 61 28 66 2c 33 31 29 3b 7a 28 66 2c 62 29 3b 7a 28 66 2c 63 29 3b 7a 28 66 2c 65 5b 30 5d 29 3b 7a 28 66 2c 65 5b 31 5d 29 3b 75 61 28 66 2c 30 29 3b 75 61 28 66 2c 30 29 3b 75 61 28 66 2c 64 29 3b 63 3d 66 7d 72 65 74 75 72 6e 20 50 28 61 2c 63 29 7d 7d 7d 66 75 6e 63 74 69 6f 6e 20 6d 66 28 61 29 7b 76 61 72 20 62 3d 61 2e 6f 3b 61 3d 4c 64 28 62 29 3b 76 61 72
                                                                                                                                                                                    Data Ascii: ta&&(d=0<a.wheelDelta?2:0>a.wheelDelta?1:0);if(d){var e=Mc(b,a);a=db(b,c);b=ta(b);e=[e.x,e.y];c=c[ma];if(!c||0>c)c=[];else{var f=[];ua(f,31);z(f,b);z(f,c);z(f,e[0]);z(f,e[1]);ua(f,0);ua(f,0);ua(f,d);c=f}return P(a,c)}}}function mf(a){var b=a.o;a=Ld(b);var
                                                                                                                                                                                    2021-10-29 15:51:16 UTC22INData Raw: 2b 63 2b 22 2e 22 29 3b 47 64 28 61 2c 62 2c 22 62 74 6e 22 2c 64 29 28 63 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 4b 6a 28 61 2c 62 29 7b 76 61 72 20 63 3d 41 61 28 61 29 3b 69 66 28 22 22 21 3d 3d 63 2e 62 28 22 63 63 22 29 29 72 65 74 75 72 6e 20 30 3b 76 61 72 20 64 3d 76 28 22 63 63 22 2c 63 2e 6c 29 3b 64 28 30 29 3b 76 61 72 20 65 3d 57 28 61 29 2c 66 3d 4c 28 61 29 3b 66 3d 71 28 54 28 57 61 28 7b 44 61 3a 31 7d 29 2b 22 2e 63 22 29 2c 4d 62 28 66 75 6e 63 74 69 6f 6e 28 67 29 7b 64 28 67 2b 22 26 22 2b 65 28 58 61 29 29 7d 29 2c 76 28 22 63 63 22 2c 66 2e 6c 29 29 3b 64 61 28 61 2c 22 36 22 2c 62 29 28 7b 7d 29 2e 74 68 65 6e 28 66 29 5b 22 63 61 74 63 68 22 5d 28 71 28 4d 62 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 67 3d 65 28 58 61 29 3b 63
                                                                                                                                                                                    Data Ascii: +c+".");Gd(a,b,"btn",d)(c)}}function Kj(a,b){var c=Aa(a);if(""!==c.b("cc"))return 0;var d=v("cc",c.l);d(0);var e=W(a),f=L(a);f=q(T(Wa({Da:1})+".c"),Mb(function(g){d(g+"&"+e(Xa))}),v("cc",f.l));da(a,"6",b)({}).then(f)["catch"](q(Mb(function(){var g=e(Xa);c
                                                                                                                                                                                    2021-10-29 15:51:16 UTC30INData Raw: 75 72 6e 20 53 28 66 75 6e 63 74 69 6f 6e 28 64 2c 65 29 7b 64 5b 65 5d 3d 63 28 22 28 22 2b 65 2b 22 29 22 29 3b 72 65 74 75 72 6e 20 64 7d 2c 7b 7d 2c 6e 6b 29 7d 66 75 6e 63 74 69 6f 6e 20 56 69 28 61 29 7b 61 3d 65 62 28 61 29 3b 69 66 28 21 61 29 72 65 74 75 72 6e 22 22 3b 61 3d 61 28 22 76 69 64 65 6f 22 29 3b 74 72 79 7b 76 61 72 20 62 3d 63 61 28 22 63 61 6e 50 6c 61 79 54 79 70 65 22 2c 61 29 2c 63 3d 76 62 28 66 75 6e 63 74 69 6f 6e 28 64 29 7b 72 65 74 75 72 6e 20 49 28 71 28 4b 2c 63 61 28 22 63 6f 6e 63 61 74 22 2c 64 2b 22 3b 20 63 6f 64 65 63 73 3d 22 29 29 2c 6f 6b 29 7d 2c 61 67 29 3b 72 65 74 75 72 6e 20 49 28 62 2c 5b 5d 2e 63 6f 6e 63 61 74 28 61 67 2c 63 29 29 7d 63 61 74 63 68 28 64 29 7b 72 65 74 75 72 6e 22 63 61 6e 50 6c 61 79 54
                                                                                                                                                                                    Data Ascii: urn S(function(d,e){d[e]=c("("+e+")");return d},{},nk)}function Vi(a){a=eb(a);if(!a)return"";a=a("video");try{var b=ca("canPlayType",a),c=vb(function(d){return I(q(K,ca("concat",d+"; codecs=")),ok)},ag);return I(b,[].concat(ag,c))}catch(d){return"canPlayT
                                                                                                                                                                                    2021-10-29 15:51:16 UTC38INData Raw: 74 75 72 6e 20 64 26 26 21 65 3f 66 3a 67 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 24 6b 28 61 2c 62 2c 63 2c 64 29 7b 62 3d 64 2e 62 28 22 63 63 22 29 3b 64 3d 47 28 5b 22 63 63 22 2c 22 22 5d 2c 64 2e 6c 29 3b 69 66 28 62 29 7b 76 61 72 20 65 3d 62 2e 73 70 6c 69 74 28 22 26 22 29 3b 62 3d 65 5b 30 5d 3b 69 66 28 28 65 3d 28 65 3d 65 5b 31 5d 29 26 26 70 61 72 73 65 49 6e 74 28 65 2c 31 30 29 29 26 26 31 34 34 30 3c 57 28 61 29 28 58 61 29 2d 65 29 72 65 74 75 72 6e 20 64 28 29 3b 63 2e 6c 28 22 63 63 22 2c 62 29 7d 65 6c 73 65 20 73 61 28 30 29 28 62 29 7c 7c 64 28 29 7d 66 75 6e 63 74 69 6f 6e 20 61 6c 28 61 2c 62 2c 63 2c 64 29 7b 72 65 74 75 72 6e 20 44 61 28 61 2c 62 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 22 30 22 3d 3d 3d 6e 28 65 2c 22 73 65
                                                                                                                                                                                    Data Ascii: turn d&&!e?f:g})}function $k(a,b,c,d){b=d.b("cc");d=G(["cc",""],d.l);if(b){var e=b.split("&");b=e[0];if((e=(e=e[1])&&parseInt(e,10))&&1440<W(a)(Xa)-e)return d();c.l("cc",b)}else sa(0)(b)||d()}function al(a,b,c,d){return Da(a,b,function(e){if("0"===n(e,"se
                                                                                                                                                                                    2021-10-29 15:51:16 UTC78INData Raw: 20 76 61 28 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 63 28 61 29 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 77 6b 28 61 29 7b 72 65 74 75 72 6e 20 76 61 28 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 61 2e 74 68 65 6e 28 63 2c 62 29 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 76 6b 28 61 29 7b 76 61 72 20 62 3d 5b 5d 2c 63 3d 21 31 3b 72 65 74 75 72 6e 20 76 61 28 66 75 6e 63 74 69 6f 6e 28 64 2c 65 29 7b 66 75 6e 63 74 69 6f 6e 20 66 28 67 29 7b 62 2e 70 75 73 68 28 67 29 3d 3d 3d 61 2e 6c 65 6e 67 74 68 26 26 64 28 62 29 7d 44 28 66 75 6e 63 74 69 6f 6e 28 67 29 7b 67 28 50 63 28 66 2c 66 75 6e 63 74 69 6f 6e 28 68 29 7b 69 66 28 21 63 29 74 72 79 7b 65 28 68 29 2c 63 3d 21 30 7d 63 61 74 63 68 28 6b 29 7b 66 28 6b 29 7d 7d 29 29 7d 2c 61 29 7d 29 7d 66 75 6e 63 74 69
                                                                                                                                                                                    Data Ascii: va(function(b,c){c(a)})}function wk(a){return va(function(b,c){a.then(c,b)})}function vk(a){var b=[],c=!1;return va(function(d,e){function f(g){b.push(g)===a.length&&d(b)}D(function(g){g(Pc(f,function(h){if(!c)try{e(h),c=!0}catch(k){f(k)}}))},a)})}functi
                                                                                                                                                                                    2021-10-29 15:51:16 UTC86INData Raw: 3b 29 64 2b 3d 65 5b 66 5d 7c 7c 22 2a 22 2c 64 2b 3d 6b 68 28 61 2c 62 2c 63 29 7c 7c 22 22 2c 62 3d 62 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 2c 66 3d 4c 61 28 62 29 7c 7c 22 2a 22 3b 72 65 74 75 72 6e 20 7a 62 28 64 2c 31 32 38 29 7d 66 75 6e 63 74 69 6f 6e 20 6b 68 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 64 64 28 61 2c 62 29 29 7b 61 3d 61 2e 63 68 69 6c 64 4e 6f 64 65 73 3b 66 6f 72 28 76 61 72 20 64 3d 62 26 26 62 2e 6e 6f 64 65 4e 61 6d 65 2c 65 3d 30 2c 66 3d 30 3b 66 3c 61 2e 6c 65 6e 67 74 68 3b 66 2b 3d 31 29 69 66 28 64 3d 3d 3d 28 61 5b 66 5d 26 26 61 5b 66 5d 2e 6e 6f 64 65 4e 61 6d 65 29 29 7b 69 66 28 62 3d 3d 3d 61 5b 66 5d 29 72 65 74 75 72 6e 20 65 3b 63 26 26 61 5b 66 5d 3d 3d 3d 63 7c 7c 28 65 2b 3d 31 29 7d 7d 72 65 74 75 72 6e 20
                                                                                                                                                                                    Data Ascii: ;)d+=e[f]||"*",d+=kh(a,b,c)||"",b=b.parentElement,f=La(b)||"*";return zb(d,128)}function kh(a,b,c){if(a=dd(a,b)){a=a.childNodes;for(var d=b&&b.nodeName,e=0,f=0;f<a.length;f+=1)if(d===(a[f]&&a[f].nodeName)){if(b===a[f])return e;c&&a[f]===c||(e+=1)}}return
                                                                                                                                                                                    2021-10-29 15:51:16 UTC94INData Raw: 20 78 68 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 7a 63 28 66 75 6e 63 74 69 6f 6e 28 63 2c 64 2c 65 29 7b 61 28 64 2c 65 29 26 26 63 2e 70 75 73 68 28 64 29 3b 72 65 74 75 72 6e 20 63 7d 2c 5b 5d 2c 62 29 7d 66 75 6e 63 74 69 6f 6e 20 6e 63 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 42 61 28 61 29 3f 21 31 3a 43 65 2e 63 61 6c 6c 28 61 2c 62 29 7d 66 75 6e 63 74 69 6f 6e 20 49 61 28 61 29 7b 69 66 28 41 63 29 72 65 74 75 72 6e 20 41 63 28 61 29 3b 28 41 63 3d 71 61 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 2c 22 69 73 41 72 72 61 79 22 29 29 7c 7c 28 41 63 3d 6d 6d 29 3b 72 65 74 75 72 6e 20 41 63 28 61 29 7d 66 75 6e 63 74 69 6f 6e 20 71 28 29 7b 76 61 72 20 61 3d 6e 61 28 61 72 67 75 6d 65 6e 74 73 29 2c 62 3d 61 2e 73 68 69 66 74 28 29 3b 72 65 74 75 72 6e
                                                                                                                                                                                    Data Ascii: xh(a,b){return zc(function(c,d,e){a(d,e)&&c.push(d);return c},[],b)}function nc(a,b){return Ba(a)?!1:Ce.call(a,b)}function Ia(a){if(Ac)return Ac(a);(Ac=qa(Array.isArray,"isArray"))||(Ac=mm);return Ac(a)}function q(){var a=na(arguments),b=a.shift();return
                                                                                                                                                                                    2021-10-29 15:51:16 UTC102INData Raw: 70 3d 59 28 70 2c 4d 61 28 5b 30 2c 63 2e 63 68 61 72 43 6f 64 65 41 74 28 6c 2b 31 30 29 5d 2c 31 36 29 29 3b 63 61 73 65 20 31 30 3a 70 3d 59 28 70 2c 4d 61 28 5b 30 2c 63 2e 63 68 61 72 43 6f 64 65 41 74 28 6c 2b 39 29 5d 2c 38 29 29 3b 63 61 73 65 20 39 3a 70 3d 59 28 70 2c 5b 30 2c 63 2e 63 68 61 72 43 6f 64 65 41 74 28 6c 2b 38 29 5d 29 2c 70 3d 50 61 28 70 2c 6b 29 2c 70 3d 58 62 28 70 2c 33 33 29 2c 70 3d 50 61 28 70 2c 68 29 2c 64 3d 59 28 64 2c 70 29 3b 63 61 73 65 20 38 3a 6d 3d 59 28 6d 2c 4d 61 28 5b 30 2c 63 2e 63 68 61 72 43 6f 64 65 41 74 28 6c 2b 37 29 5d 2c 35 36 29 29 3b 63 61 73 65 20 37 3a 6d 3d 59 28 6d 2c 4d 61 28 5b 30 2c 63 2e 63 68 61 72 43 6f 64 65 41 74 28 6c 2b 36 29 5d 2c 34 38 29 29 3b 63 61 73 65 20 36 3a 6d 3d 59 28 6d 2c
                                                                                                                                                                                    Data Ascii: p=Y(p,Ma([0,c.charCodeAt(l+10)],16));case 10:p=Y(p,Ma([0,c.charCodeAt(l+9)],8));case 9:p=Y(p,[0,c.charCodeAt(l+8)]),p=Pa(p,k),p=Xb(p,33),p=Pa(p,h),d=Y(d,p);case 8:m=Y(m,Ma([0,c.charCodeAt(l+7)],56));case 7:m=Y(m,Ma([0,c.charCodeAt(l+6)],48));case 6:m=Y(m,
                                                                                                                                                                                    2021-10-29 15:51:16 UTC110INData Raw: 3d 4c 61 28 61 29 26 26 62 28 29 7d 66 75 6e 63 74 69 6f 6e 20 70 64 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 64 3d 45 61 28 61 2c 62 29 2c 65 3d 6e 61 28 61 72 67 75 6d 65 6e 74 73 29 3b 69 66 28 64 29 72 65 74 75 72 6e 20 63 2e 61 70 70 6c 79 28 76 6f 69 64 20 30 2c 65 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 51 6d 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 64 3d 45 61 28 61 2c 62 29 2c 65 3d 6e 61 28 61 72 67 75 6d 65 6e 74 73 29 3b 63 2e 61 70 70 6c 79 28 76 6f 69 64 20 30 2c 65 29 3b 72 65 74 75 72 6e 20 64 7d 7d 66 75 6e 63 74 69 6f 6e 20 52 6d 28 61 2c 62 2c 63 2c 64 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 65 3d 5b
                                                                                                                                                                                    Data Ascii: =La(a)&&b()}function pd(a,b,c){return function(){var d=Ea(a,b),e=na(arguments);if(d)return c.apply(void 0,e)}}function Qm(a,b,c){return function(){var d=Ea(a,b),e=na(arguments);c.apply(void 0,e);return d}}function Rm(a,b,c,d){return function(){for(var e=[
                                                                                                                                                                                    2021-10-29 15:51:16 UTC118INData Raw: 73 6b 7c 2e 2a 5c 2e 79 61 6e 64 65 78 7c 74 75 72 62 6f 70 61 67 65 73 5c 2e 6f 72 67 7c 74 75 72 62 6f 5c 2e 73 69 74 65 29 24 2f 2c 0a 74 6b 3d 74 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 4d 28 61 29 2e 68 6f 73 74 6e 61 6d 65 3b 76 61 72 20 62 3d 21 31 3b 61 26 26 28 62 3d 2d 31 21 3d 3d 61 2e 73 65 61 72 63 68 28 68 6e 29 29 3b 72 65 74 75 72 6e 20 62 7d 29 2c 6a 6e 3d 2f 28 3f 3a 5e 7c 5c 2e 29 28 3f 3a 79 61 7c 79 61 6e 64 65 78 29 5c 2e 28 3f 3a 5c 77 2b 7c 63 6f 6d 3f 5c 2e 5c 77 2b 29 24 2f 2c 6b 6e 3d 74 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 4d 28 61 29 2e 68 6f 73 74 6e 61 6d 65 3b 76 61 72 20 62 3d 21 31 3b 61 26 26 28 62 3d 2d 31 21 3d 3d 61 2e 73 65 61 72 63 68 28 6a 6e 29 29 3b 72 65 74 75 72 6e 20 62 7d 29 2c 74 6d 3d 74 28 66
                                                                                                                                                                                    Data Ascii: sk|.*\.yandex|turbopages\.org|turbo\.site)$/,tk=t(function(a){a=M(a).hostname;var b=!1;a&&(b=-1!==a.search(hn));return b}),jn=/(?:^|\.)(?:ya|yandex)\.(?:\w+|com?\.\w+)$/,kn=t(function(a){a=M(a).hostname;var b=!1;a&&(b=-1!==a.search(jn));return b}),tm=t(f
                                                                                                                                                                                    2021-10-29 15:51:16 UTC174INData Raw: 22 3a 22 2a 22 2c 22 2f 22 3a 22 2d 22 2c 22 3d 22 3a 22 5f 22 7d 2c 45 63 3d 74 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 6e 28 61 2c 22 63 6f 6e 73 6f 6c 65 22 29 3b 76 61 72 20 62 3d 6e 28 61 2c 22 6c 6f 67 22 29 3b 62 3d 6e 64 28 22 6c 6f 67 22 2c 62 29 3f 45 28 62 2c 61 29 3a 43 3b 76 61 72 20 63 3d 6e 28 61 2c 22 77 61 72 6e 22 29 3b 63 3d 6e 64 28 22 77 61 72 6e 22 2c 63 29 3f 45 28 63 2c 61 29 3a 62 3b 76 61 72 20 64 3d 6e 28 61 2c 22 65 72 72 6f 72 22 29 3b 61 3d 6e 64 28 22 65 72 72 6f 72 22 2c 64 29 3f 45 28 64 2c 61 29 3a 62 3b 72 65 74 75 72 6e 7b 6c 6f 67 3a 62 2c 65 72 72 6f 72 3a 61 2c 77 61 72 6e 3a 63 7d 7d 29 2c 78 6e 3d 41 28 22 70 2e 63 64 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 68 64 28 61 29 7c 7c 0a 41 65 28 61 29 29
                                                                                                                                                                                    Data Ascii: ":"*","/":"-","=":"_"},Ec=t(function(a){a=n(a,"console");var b=n(a,"log");b=nd("log",b)?E(b,a):C;var c=n(a,"warn");c=nd("warn",c)?E(c,a):b;var d=n(a,"error");a=nd("error",d)?E(d,a):b;return{log:b,error:a,warn:c}}),xn=A("p.cd",function(a){if(hd(a)||Ae(a))
                                                                                                                                                                                    2021-10-29 15:51:16 UTC182INData Raw: 75 72 6e 20 6e 75 6c 6c 3b 64 3d 64 2e 63 61 6c 6c 28 61 2e 64 6f 63 75 6d 65 6e 74 2c 0a 22 69 66 72 61 6d 65 22 29 3b 66 3d 28 63 3d 7b 7d 2c 63 2e 63 6f 75 6e 74 65 72 49 64 3d 62 2e 69 64 2c 63 2e 68 69 64 3d 22 22 2b 51 62 28 61 29 2c 63 29 3b 6a 6c 28 61 2c 67 29 3b 63 3d 4c 6e 28 61 2c 66 29 3b 76 61 72 20 6b 3d 4e 6e 28 61 2c 63 28 5b 5d 29 29 3b 44 28 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 76 61 72 20 6d 3d 6e 75 6c 6c 3b 74 72 79 7b 6d 3d 6c 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 7d 63 61 74 63 68 28 70 29 7b 7d 6d 26 26 6b 28 6d 2c 7b 74 79 70 65 3a 22 69 6e 69 74 54 6f 43 68 69 6c 64 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 70 2c 75 29 7b 67 2e 4a 28 22 69 6e 69 74 54 6f 50 61 72 65 6e 74 22 2c 5b 70 2c 75 5d 29 7d 29 7d 2c 64 29 3b 48 62 28 61 29
                                                                                                                                                                                    Data Ascii: urn null;d=d.call(a.document,"iframe");f=(c={},c.counterId=b.id,c.hid=""+Qb(a),c);jl(a,g);c=Ln(a,f);var k=Nn(a,c([]));D(function(l){var m=null;try{m=l.contentWindow}catch(p){}m&&k(m,{type:"initToChild"},function(p,u){g.J("initToParent",[p,u])})},d);Hb(a)
                                                                                                                                                                                    2021-10-29 15:51:16 UTC190INData Raw: 3d 0a 64 7d 61 2e 70 72 6f 74 6f 74 79 70 65 2e 51 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 70 61 28 74 68 69 73 2e 6f 2c 71 28 45 28 74 68 69 73 2e 66 6c 75 73 68 2c 74 68 69 73 29 2c 45 28 74 68 69 73 2e 51 62 2c 74 68 69 73 29 29 2c 74 68 69 73 2e 6c 62 2c 22 62 2e 66 22 29 7d 3b 61 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 6e 64 3d 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 74 68 69 73 2e 55 63 28 62 2c 63 7c 7c 5b 5d 2c 74 68 69 73 2e 56 61 29 3b 74 68 69 73 2e 56 61 2b 3d 31 7d 3b 61 2e 70 72 6f 74 6f 74 79 70 65 2e 70 75 73 68 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 61 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6c 75 73 68 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 72 65 74 75 72 6e 20 61 7d 28 29 2c 67 67 3d 61 61 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b
                                                                                                                                                                                    Data Ascii: =d}a.prototype.Qb=function(){pa(this.o,q(E(this.flush,this),E(this.Qb,this)),this.lb,"b.f")};a.prototype.send=function(b,c){this.Uc(b,c||[],this.Va);this.Va+=1};a.prototype.push=function(){};a.prototype.flush=function(){};return a}(),gg=aa(function(a,b){
                                                                                                                                                                                    2021-10-29 15:51:16 UTC198INData Raw: 5b 5d 3b 63 2e 24 62 3d 37 35 30 30 3b 63 2e 6c 62 3d 33 45 34 3b 63 2e 51 62 28 29 3b 72 65 74 75 72 6e 20 63 7d 70 6d 28 62 2c 61 29 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 70 75 73 68 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 76 61 72 20 65 3d 74 68 69 73 2e 4f 62 2e 4e 62 28 63 2c 64 29 3b 4a 61 28 74 68 69 73 2e 62 75 66 66 65 72 2c 65 29 3b 74 68 69 73 2e 4f 62 2e 7a 63 28 74 68 69 73 2e 62 75 66 66 65 72 29 3e 74 68 69 73 2e 24 62 26 26 74 68 69 73 2e 66 6c 75 73 68 28 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6c 75 73 68 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 63 3d 74 68 69 73 2e 62 75 66 66 65 72 3b 63 2e 6c 65 6e 67 74 68 26 26 28 74 68 69 73 2e 73 65 6e 64 28 63 29 2c 74 68 69 73 2e 62 75 66 66 65 72 3d 5b 5d 29 7d 3b 72 65 74
                                                                                                                                                                                    Data Ascii: [];c.$b=7500;c.lb=3E4;c.Qb();return c}pm(b,a);b.prototype.push=function(c,d){var e=this.Ob.Nb(c,d);Ja(this.buffer,e);this.Ob.zc(this.buffer)>this.$b&&this.flush()};b.prototype.flush=function(){var c=this.buffer;c.length&&(this.send(c),this.buffer=[])};ret
                                                                                                                                                                                    2021-10-29 15:51:16 UTC206INData Raw: 6e 28 65 29 7b 65 2e 43 28 64 29 7d 29 7d 7d 29 2c 49 6f 3d 41 28 22 66 69 64 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 63 3d 43 3b 69 66 28 21 4f 28 61 2e 50 65 72 66 6f 72 6d 61 6e 63 65 4f 62 73 65 72 76 65 72 29 29 72 65 74 75 72 6e 20 63 3b 76 61 72 20 64 3d 4c 28 61 29 3b 69 66 28 64 2e 62 28 22 66 69 64 6f 22 29 29 72 65 74 75 72 6e 20 63 3b 64 2e 6c 28 22 66 69 64 6f 22 2c 21 30 29 3b 76 61 72 20 65 3d 6e 65 77 20 61 2e 50 65 72 66 6f 72 6d 61 6e 63 65 4f 62 73 65 72 76 65 72 28 78 28 61 2c 22 66 69 64 22 2c 66 75 6e 63 74 69 6f 6e 28 66 29 7b 66 3d 66 2e 67 65 74 45 6e 74 72 69 65 73 28 29 5b 30 5d 3b 64 2e 6c 28 22 66 69 64 22 2c 61 2e 4d 61 74 68 2e 72 6f 75 6e 64 28 31 30 30 2a 28 66 2e 70 72 6f 63 65 73 73 69 6e 67 53 74 61
                                                                                                                                                                                    Data Ascii: n(e){e.C(d)})}}),Io=A("fid",function(a){var b,c=C;if(!O(a.PerformanceObserver))return c;var d=L(a);if(d.b("fido"))return c;d.l("fido",!0);var e=new a.PerformanceObserver(x(a,"fid",function(f){f=f.getEntries()[0];d.l("fid",a.Math.round(100*(f.processingSta
                                                                                                                                                                                    2021-10-29 15:51:16 UTC214INData Raw: 63 5b 31 5d 2c 65 3d 63 5b 32 5d 2c 66 3d 63 2e 73 6c 69 63 65 28 33 29 3b 63 3d 70 61 72 73 65 49 6e 74 28 63 5b 30 5d 2c 32 29 3b 69 66 28 31 3d 3d 3d 63 29 63 3d 22 41 54 35 54 36 6b 75 30 36 6b 45 73 58 4b 33 69 79 42 52 67 6f 36 6c 6b 38 72 43 74 58 34 4b 6a 66 30 71 70 52 65 37 34 76 74 41 70 6c 4f 6b 6b 70 53 69 38 45 39 46 44 54 42 4a 6c 49 56 36 73 7a 47 75 57 61 77 79 49 4c 72 4c 6c 7a 74 77 6c 34 4b 45 71 73 31 70 4e 46 76 4e 64 74 49 72 59 74 52 4f 42 4e 31 67 53 47 53 31 61 64 70 2b 6d 79 72 7a 6d 5a 4b 6f 71 45 72 74 43 76 32 30 57 79 57 69 52 6c 45 71 5a 51 55 7a 76 56 33 73 52 61 31 6e 53 63 6d 6c 78 70 74 77 4c 4c 59 37 6f 22 3b 65 6c 73 65 20 69 66 28 32 3d 3d 3d 63 29 63 3d 22 43 79 32 46 63 72 65 4c 4a 4c 70 59 58 57 33 42 58 46 4a 71
                                                                                                                                                                                    Data Ascii: c[1],e=c[2],f=c.slice(3);c=parseInt(c[0],2);if(1===c)c="AT5T6ku06kEsXK3iyBRgo6lk8rCtX4Kjf0qpRe74vtAplOkkpSi8E9FDTBJlIV6szGuWawyILrLlztwl4KEqs1pNFvNdtIrYtROBN1gSGS1adp+myrzmZKoqErtCv20WyWiRlEqZQUzvV3sRa1nScmlxptwLLY7o";else if(2===c)c="Cy2FcreLJLpYXW3BXFJq


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    1192.168.2.44979288.212.201.198443C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2021-10-29 15:51:15 UTC0OUTGET /hit;counter1?r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/secondpage.html;0.5443641556055339 HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/secondpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Host: counter.yadro.ru
                                                                                                                                                                                    2021-10-29 15:51:16 UTC13INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                    Server: nginx/1.17.9
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:24 GMT
                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                    Content-Length: 32
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Location: https://counter.yadro.ru/hit;counter1?q;r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/secondpage.html;0.5443641556055339
                                                                                                                                                                                    Expires: Wed, 28 Oct 2020 21:00:00 GMT
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Cache-control: no-cache
                                                                                                                                                                                    P3P: policyref="/w3c/p3p.xml", CP="UNI"
                                                                                                                                                                                    Set-Cookie: FTID=1XV1Xy3Wb9uB1XV1Xy001Ei9; path=/; expires=Fri, 28 Oct 2022 21:00:00 GMT; HttpOnly; Secure; SameSite=None; domain=.yadro.ru
                                                                                                                                                                                    Strict-Transport-Security: max-age=86400
                                                                                                                                                                                    2021-10-29 15:51:16 UTC13INData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 4d 6f 76 65 64 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                    Data Ascii: <html><body>Moved</body></html>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    10192.168.2.44980087.250.251.119443C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2021-10-29 15:51:21 UTC272OUTGET /watch/14153041/1?callback=_ymjsp355627947&page-url=http%3A%2F%2Fwww.all-bearings.narod.ru%2Ffirstpage.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A9ezyymqkmijljhdjn%3Afp%3A1930%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A680%3Acn%3A1%3Adp%3A0%3Als%3A732524701665%3Ahid%3A87010386%3Az%3A120%3Ai%3A202101029175120%3Aet%3A1635522680%3Ac%3A1%3Arn%3A244404675%3Au%3A1635522678322622628%3Aw%3A148x47%3As%3A1280x1024x32%3Aifr%3A1%3Aj%3A1%3Ans%3A1635522674781%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C155%2C0%2C2520%2C2521%2C0%2C2520%3Aco%3A0%3Arqnl%3A1%3Ast%3A1635522681%3At%3AHTTP%20404%20Resource%20not%20found&t=gdpr%2814%29ti%283%29&wmode=5 HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/firstpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Host: mc.yandex.ru
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: yandexuid=3723159021635522681; i=yROKAQCkQEDp/MhTCtujtSWzFSx7PgG/2QZgPGeQuaYkCYGk4Lr5g33sdF0NzFWf3pPBk9Yj1OF7cHnVzZMM+SWO+Mc=; ymex=1667058681.yrts.1635522681#1667058681.yrtsi.1635522681; yabs-sid=702787781635522681
                                                                                                                                                                                    2021-10-29 15:51:21 UTC273INHTTP/1.1 200 Ok
                                                                                                                                                                                    Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Length: 343
                                                                                                                                                                                    Content-Type: application/javascript
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:21 GMT
                                                                                                                                                                                    Expires: Fri, 29-Oct-2021 15:51:21 GMT
                                                                                                                                                                                    Last-Modified: Fri, 29-Oct-2021 15:51:21 GMT
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                                                    2021-10-29 15:51:21 UTC274INData Raw: 2f 2a 2a 2f 74 72 79 7b 5f 79 6d 6a 73 70 33 35 35 36 32 37 39 34 37 28 7b 22 61 75 74 6f 5f 67 6f 61 6c 73 22 3a 30 2c 22 62 75 74 74 6f 6e 5f 67 6f 61 6c 73 22 3a 30 2c 22 63 5f 72 65 63 70 22 3a 22 31 2e 30 30 30 30 30 22 2c 22 66 6f 72 6d 5f 67 6f 61 6c 73 22 3a 30 2c 22 70 63 73 22 3a 22 31 22 2c 22 77 65 62 76 69 73 6f 72 22 3a 7b 22 61 72 63 68 5f 74 79 70 65 22 3a 22 6e 6f 6e 65 22 2c 22 64 61 74 65 22 3a 22 32 30 32 30 2d 30 39 2d 30 34 20 32 30 3a 33 32 3a 32 31 22 2c 22 66 6f 72 6d 73 22 3a 31 2c 22 72 65 63 70 22 3a 22 31 2e 30 30 30 30 30 22 7d 2c 22 73 62 70 22 3a 20 7b 22 61 22 3a 22 57 70 33 42 63 78 52 52 36 46 46 48 63 78 42 45 79 39 43 33 36 5a 7a 76 49 70 51 55 54 41 39 68 68 4f 68 75 44 70 42 46 30 6b 5a 37 45 2f 4e 73 6d 53 62 5a 54
                                                                                                                                                                                    Data Ascii: /**/try{_ymjsp355627947({"auto_goals":0,"button_goals":0,"c_recp":"1.00000","form_goals":0,"pcs":"1","webvisor":{"arch_type":"none","date":"2020-09-04 20:32:21","forms":1,"recp":"1.00000"},"sbp": {"a":"Wp3BcxRR6FFHcxBEy9C36ZzvIpQUTA9hhOhuDpBF0kZ7E/NsmSbZT


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    11192.168.2.44980187.250.251.119443C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2021-10-29 15:51:21 UTC274OUTGET /metrika/advert.gif?t=ti(4) HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/firstpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Host: mc.yandex.ru
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    2021-10-29 15:51:21 UTC275INHTTP/1.1 200 OK
                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    Cache-Control: max-age=3600
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Length: 43
                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:21 GMT
                                                                                                                                                                                    ETag: "617677e6-2b"
                                                                                                                                                                                    Expires: Fri, 29 Oct 2021 16:51:21 GMT
                                                                                                                                                                                    Last-Modified: Mon, 25 Oct 2021 12:24:54 GMT
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    2021-10-29 15:51:21 UTC275INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    2192.168.2.44979187.250.251.119443C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2021-10-29 15:51:15 UTC0OUTGET /metrika/watch.js HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/firstpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Host: mc.yandex.ru
                                                                                                                                                                                    2021-10-29 15:51:16 UTC8INHTTP/1.1 200 OK
                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    Cache-Control: max-age=3600
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Length: 132911
                                                                                                                                                                                    Content-Type: application/javascript
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:16 GMT
                                                                                                                                                                                    ETag: "617677e6-2072f"
                                                                                                                                                                                    Expires: Fri, 29 Oct 2021 16:51:16 GMT
                                                                                                                                                                                    Last-Modified: Mon, 25 Oct 2021 12:24:54 GMT
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    2021-10-29 15:51:16 UTC8INData Raw: ef bb bf 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 28 66 75 6e 63 74 69 6f 6e 28 4a 63 29 7b 66 75 6e 63 74 69 6f 6e 20 48 69 28 61 29 7b 72 65 74 75 72 6e 20 61 2e 72 65 70 6c 61 63 65 28 49 69 2c 66 75 6e 63 74 69 6f 6e 28 62 2c 63 2c 64 2c 65 29 7b 72 65 74 75 72 6e 22 22 2b 63 2b 65 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 4b 63 28 61 2c 62 29 7b 69 66 28 21 62 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 63 3d 4d 28 61 29 3b 72 65 74 75 72 6e 28 6e 65 77 20 52 65 67 45 78 70 28 62 29 29 2e 74 65 73 74 28 22 22 2b 63 2e 70 61 74 68 6e 61 6d 65 2b 63 2e 68 61 73 68 2b 63 2e 73 65 61 72 63 68 29 7d 66 75 6e 63 74 69 6f 6e 20 4a 69 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 44 61 28 61 2c 62 2c 66 75 6e 63 74 69 6f 6e 28 63 29 7b 76 61 72 20 64 3d 6e 28 63 2c
                                                                                                                                                                                    Data Ascii: (function(){try{(function(Jc){function Hi(a){return a.replace(Ii,function(b,c,d,e){return""+c+e})}function Kc(a,b){if(!b)return!1;var c=M(a);return(new RegExp(b)).test(""+c.pathname+c.hash+c.search)}function Ji(a,b){return Da(a,b,function(c){var d=n(c,
                                                                                                                                                                                    2021-10-29 15:51:16 UTC46INData Raw: 6b 20 61 7d 7d 63 61 74 63 68 28 48 29 7b 7d 79 3d 7b 7d 7d 49 64 28 64 2c 79 29 3b 69 66 28 21 63 2e 67 65 74 53 68 61 64 65 72 50 72 65 63 69 73 69 6f 6e 46 6f 72 6d 61 74 29 72 65 74 75 72 6e 20 42 28 22 7e 22 2c 64 29 3b 49 64 28 64 2c 66 6a 28 63 29 29 3b 72 65 74 75 72 6e 20 42 28 22 7e 22 2c 64 29 7d 66 75 6e 63 74 69 6f 6e 20 49 64 28 61 2c 62 2c 63 29 7b 76 6f 69 64 20 30 3d 3d 3d 63 26 26 28 63 3d 22 3a 22 29 3b 44 28 66 75 6e 63 74 69 6f 6e 28 64 29 7b 72 65 74 75 72 6e 20 61 2e 70 75 73 68 28 22 22 2b 0a 64 5b 30 5d 2b 63 2b 64 5b 31 5d 29 7d 2c 4e 61 28 62 29 29 7d 66 75 6e 63 74 69 6f 6e 20 67 6a 28 61 29 7b 76 61 72 20 62 3d 68 6a 28 61 29 3b 72 65 74 75 72 6e 20 62 3f 53 28 66 75 6e 63 74 69 6f 6e 28 63 2c 64 2c 65 29 7b 64 3d 22 22 2b 28
                                                                                                                                                                                    Data Ascii: k a}}catch(H){}y={}}Id(d,y);if(!c.getShaderPrecisionFormat)return B("~",d);Id(d,fj(c));return B("~",d)}function Id(a,b,c){void 0===c&&(c=":");D(function(d){return a.push(""+d[0]+c+d[1])},Na(b))}function gj(a){var b=hj(a);return b?S(function(c,d,e){d=""+(
                                                                                                                                                                                    2021-10-29 15:51:16 UTC54INData Raw: 65 74 75 72 6e 20 63 7d 2c 7b 7d 2c 61 29 3b 72 65 74 75 72 6e 20 79 61 28 61 29 2e 6c 65 6e 67 74 68 3f 61 3a 76 6f 69 64 20 30 7d 66 75 6e 63 74 69 6f 6e 20 47 6a 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3d 21 31 2c 65 3d 22 22 3b 69 66 28 21 69 63 28 62 29 29 72 65 74 75 72 6e 20 4c 62 28 63 2c 22 45 63 6f 6d 6d 65 72 63 65 20 64 61 74 61 20 73 68 6f 75 6c 64 20 62 65 20 61 6e 20 6f 62 6a 65 63 74 22 29 2c 64 3b 76 61 72 20 66 3d 62 2e 67 6f 6f 64 73 3b 0a 73 77 69 74 63 68 28 61 29 7b 63 61 73 65 20 22 64 65 74 61 69 6c 22 3a 63 61 73 65 20 22 61 64 64 22 3a 63 61 73 65 20 22 72 65 6d 6f 76 65 22 3a 49 61 28 66 29 26 26 66 2e 6c 65 6e 67 74 68 3f 28 64 3d 52 64 28 66 75 6e 63 74 69 6f 6e 28 67 29 7b 72 65 74 75 72 6e 20 69 63 28 67 29 26 26 28 56 61 28
                                                                                                                                                                                    Data Ascii: eturn c},{},a);return ya(a).length?a:void 0}function Gj(a,b,c){var d=!1,e="";if(!ic(b))return Lb(c,"Ecommerce data should be an object"),d;var f=b.goods;switch(a){case "detail":case "add":case "remove":Ia(f)&&f.length?(d=Rd(function(g){return ic(g)&&(Va(
                                                                                                                                                                                    2021-10-29 15:51:16 UTC62INData Raw: 52 41 59 5f 42 55 46 46 45 52 2c 64 2c 62 2e 53 54 41 54 49 43 5f 44 52 41 57 29 3b 63 2e 45 63 3d 33 3b 63 2e 4b 63 3d 33 3b 64 3d 62 2e 63 72 65 61 74 65 50 72 6f 67 72 61 6d 28 29 3b 76 61 72 20 65 3d 62 2e 63 72 65 61 74 65 53 68 61 64 65 72 28 62 2e 56 45 52 54 45 58 5f 53 48 41 44 45 52 29 3b 69 66 28 21 64 7c 7c 21 65 29 72 65 74 75 72 6e 22 22 3b 62 2e 73 68 61 64 65 72 53 6f 75 72 63 65 28 65 2c 22 61 74 74 72 69 62 75 74 65 20 76 65 63 32 20 61 74 74 72 56 65 72 74 65 78 3b 76 61 72 79 69 6e 67 20 76 65 63 32 20 76 61 72 79 69 6e 54 65 78 43 6f 6f 72 64 69 6e 61 74 65 3b 75 6e 69 66 6f 72 6d 20 76 65 63 32 20 75 6e 69 66 6f 72 6d 4f 66 66 73 65 74 3b 76 6f 69 64 20 6d 61 69 6e 28 29 7b 76 61 72 79 69 6e 54 65 78 43 6f 6f 72 64 69 6e 61 74 65 3d
                                                                                                                                                                                    Data Ascii: RAY_BUFFER,d,b.STATIC_DRAW);c.Ec=3;c.Kc=3;d=b.createProgram();var e=b.createShader(b.VERTEX_SHADER);if(!d||!e)return"";b.shaderSource(e,"attribute vec2 attrVertex;varying vec2 varyinTexCoordinate;uniform vec2 uniformOffset;void main(){varyinTexCoordinate=
                                                                                                                                                                                    2021-10-29 15:51:16 UTC70INData Raw: 20 4a 28 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 63 2e 5a 61 28 68 2c 6b 2c 66 75 6e 63 74 69 6f 6e 28 70 2c 75 29 7b 6c 28 5b 70 2c 75 5d 29 7d 29 3b 70 61 28 61 2c 76 28 6a 62 28 29 2c 6d 29 2c 35 31 30 30 2c 22 69 73 2e 6f 22 29 7d 29 7d 2c 4b 62 3a 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 6b 3d 7b 4d 62 3a 5b 5d 2c 68 62 3a 5b 5d 2c 64 61 74 61 3a 68 7d 3b 64 2e 70 75 73 68 28 6b 29 3b 72 65 74 75 72 6e 20 66 28 63 2e 66 61 2c 6b 2c 68 29 7d 2c 4c 62 3a 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 6b 3d 7b 4d 62 3a 5b 5d 2c 68 62 3a 5b 5d 2c 64 61 74 61 3a 68 7d 3b 65 2e 70 75 73 68 28 6b 29 3b 72 65 74 75 72 6e 20 66 28 63 2e 6a 61 2c 6b 2c 68 29 7d 7d 7d 66 75 6e 63 74 69 6f 6e 20 67 65 28 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f
                                                                                                                                                                                    Data Ascii: J(function(l,m){c.Za(h,k,function(p,u){l([p,u])});pa(a,v(jb(),m),5100,"is.o")})},Kb:function(h){var k={Mb:[],hb:[],data:h};d.push(k);return f(c.fa,k,h)},Lb:function(h){var k={Mb:[],hb:[],data:h};e.push(k);return f(c.ja,k,h)}}}function ge(){return functio
                                                                                                                                                                                    2021-10-29 15:51:16 UTC126INData Raw: 69 6f 6e 28 6b 29 7b 65 2e 53 63 3d 6b 2e 44 61 3b 72 65 74 75 72 6e 20 6e 65 28 61 2c 63 2c 65 29 2e 74 68 65 6e 28 76 28 6b 2e 44 61 2c 4b 29 29 7d 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 72 6c 28 61 29 7b 76 61 72 20 62 3d 22 6d 63 2e 79 61 6e 64 65 78 2e 72 75 22 2c 63 3d 6e 28 61 2c 22 64 6f 63 75 6d 65 6e 74 2e 72 65 66 65 72 72 65 72 22 29 3b 69 66 28 21 63 29 72 65 74 75 72 6e 20 62 3b 28 61 3d 59 64 28 61 2c 63 29 2e 68 6f 73 74 2e 6d 61 74 63 68 28 2f 28 3f 3a 5e 7c 5c 2e 29 28 3f 3a 79 61 7c 79 61 6e 64 65 78 29 5c 2e 28 3f 3a 5c 77 2b 7c 63 6f 6d 3f 5c 2e 5c 77 2b 29 24 2f 29 29 3f 28 61 3d 61 5b 30 5d 2e 73 70 6c 69 74 28 22 79 61 6e 64 65 78 22 29 2e 72 65 76 65 72 73 65 28 29 5b 30 5d 2e 73 75 62 73 74 72 69 6e 67 28 31 29 2c 61 3d 4e 28 61 2c
                                                                                                                                                                                    Data Ascii: ion(k){e.Sc=k.Da;return ne(a,c,e).then(v(k.Da,K))})}}function rl(a){var b="mc.yandex.ru",c=n(a,"document.referrer");if(!c)return b;(a=Yd(a,c).host.match(/(?:^|\.)(?:ya|yandex)\.(?:\w+|com?\.\w+)$/))?(a=a[0].split("yandex").reverse()[0].substring(1),a=N(a,
                                                                                                                                                                                    2021-10-29 15:51:16 UTC134INData Raw: 6c 3b 67 20 69 6e 20 65 68 3f 68 3d 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 26 26 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 65 68 5b 67 5d 29 3a 67 20 69 6e 20 55 62 26 26 28 68 3d 22 70 22 3d 3d 3d 67 3f 55 62 5b 67 5d 28 61 2c 62 2c 65 29 3a 22 63 22 3d 3d 3d 67 3f 55 62 5b 67 5d 28 61 2c 62 2c 64 29 3a 55 62 5b 67 5d 28 61 2c 62 29 29 3b 68 26 26 28 68 3d 68 2e 73 6c 69 63 65 28 30 2c 66 68 5b 67 5d 7c 7c 31 30 30 29 2c 66 5b 67 5d 3d 79 65 5b 67 5d 3f 22 22 2b 73 63 28 68 29 3a 68 29 3b 72 65 74 75 72 6e 20 66 7d 2c 7b 7d 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 50 66 28 61 2c 62 2c 63 29 7b 69 66 28 61 2e 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 26 26 0a 6b 61 28 22 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c
                                                                                                                                                                                    Data Ascii: l;g in eh?h=b.getAttribute&&b.getAttribute(eh[g]):g in Ub&&(h="p"===g?Ub[g](a,b,e):"c"===g?Ub[g](a,b,d):Ub[g](a,b));h&&(h=h.slice(0,fh[g]||100),f[g]=ye[g]?""+sc(h):h);return f},{},c)}function Pf(a,b,c){if(a.document.querySelectorAll&&ka("querySelectorAll
                                                                                                                                                                                    2021-10-29 15:51:16 UTC142INData Raw: 63 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 63 3d 6e 61 28 61 72 67 75 6d 65 6e 74 73 29 2c 64 3d 63 5b 30 5d 3b 63 3d 63 2e 73 6c 69 63 65 28 31 29 3b 76 61 72 20 65 3d 4c 28 64 29 2c 66 3d 65 2e 62 28 22 6d 36 38 30 22 2c 7b 7d 29 2c 67 3d 6e 28 66 2c 61 29 3b 67 7c 7c 28 67 3d 74 28 62 29 2c 66 5b 61 5d 3d 67 2c 65 2e 6c 28 22 6d 36 38 30 22 2c 66 29 29 3b 72 65 74 75 72 6e 20 67 2e 61 70 70 6c 79 28 76 6f 69 64 20 30 2c 50 28 5b 64 5d 2c 63 29 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 7a 61 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 62 3f 61 28 62 29 3a 61 28 29 7d 66 75 6e 63 74 69 6f 6e 20 74 28 61 2c 62 29 7b 76 61 72 20 63 3d 5b 5d 2c 64 3d 5b 5d 3b 76 61 72 20 65 3d 62 3f 62 3a 4b 3b 72 65 74 75 72 6e 20 66 75 6e
                                                                                                                                                                                    Data Ascii: c(a,b){return function(){var c=na(arguments),d=c[0];c=c.slice(1);var e=L(d),f=e.b("m680",{}),g=n(f,a);g||(g=t(b),f[a]=g,e.l("m680",f));return g.apply(void 0,P([d],c))}}function za(a,b){return b?a(b):a()}function t(a,b){var c=[],d=[];var e=b?b:K;return fun
                                                                                                                                                                                    2021-10-29 15:51:16 UTC150INData Raw: 2d 62 5d 3b 62 2d 3d 33 32 3b 72 65 74 75 72 6e 5b 61 5b 31 5d 3c 3c 62 7c 61 5b 30 5d 3e 3e 3e 33 32 2d 62 2c 61 5b 30 5d 3c 3c 62 7c 61 5b 31 5d 3e 3e 3e 33 32 2d 62 5d 7d 66 75 6e 63 74 69 6f 6e 20 4d 61 28 61 2c 62 29 7b 62 25 3d 36 34 3b 72 65 74 75 72 6e 20 30 3d 3d 3d 62 3f 61 3a 33 32 3e 62 3f 5b 61 5b 30 5d 3c 3c 62 7c 61 5b 31 5d 3e 3e 3e 33 32 2d 62 2c 61 5b 31 5d 3c 3c 62 5d 3a 5b 61 5b 31 5d 3c 3c 62 2d 33 32 2c 30 5d 7d 66 75 6e 63 74 69 6f 6e 20 59 28 61 2c 62 29 7b 72 65 74 75 72 6e 5b 61 5b 30 5d 5e 62 5b 30 5d 2c 61 5b 31 5d 5e 62 5b 31 5d 5d 7d 66 75 6e 63 74 69 6f 6e 20 44 68 28 61 29 7b 61 3d 59 28 61 2c 5b 30 2c 61 5b 30 5d 3e 3e 3e 31 5d 29 3b 61 3d 50 61 28 61 2c 5b 34 32 38 33 35 34 33 35 31 31 2c 33 39 38 31 38 30 36 37 39 37 5d
                                                                                                                                                                                    Data Ascii: -b];b-=32;return[a[1]<<b|a[0]>>>32-b,a[0]<<b|a[1]>>>32-b]}function Ma(a,b){b%=64;return 0===b?a:32>b?[a[0]<<b|a[1]>>>32-b,a[1]<<b]:[a[1]<<b-32,0]}function Y(a,b){return[a[0]^b[0],a[1]^b[1]]}function Dh(a){a=Y(a,[0,a[0]>>>1]);a=Pa(a,[4283543511,3981806797]
                                                                                                                                                                                    2021-10-29 15:51:16 UTC158INData Raw: 72 65 74 75 72 6e 20 50 28 65 63 28 61 29 2c 4c 6d 28 61 29 7c 7c 5b 5d 29 7d 66 75 6e 63 74 69 6f 6e 20 4e 68 28 61 29 7b 72 65 74 75 72 6e 28 61 2e 73 68 69 66 74 4b 65 79 3f 32 3a 30 29 7c 28 61 2e 63 74 72 6c 4b 65 79 3f 34 3a 30 29 7c 28 61 2e 61 6c 74 4b 65 79 3f 31 3a 30 29 7c 28 61 2e 6d 65 74 61 4b 65 79 3f 38 3a 30 29 7c 28 61 2e 63 74 72 6c 4b 65 79 7c 7c 61 2e 61 6c 74 4b 65 79 3f 31 36 3a 30 29 7d 66 75 6e 63 74 69 6f 6e 20 4f 68 28 61 29 7b 76 61 72 20 62 3d 5b 5d 3b 4d 65 7c 7c 28 4d 65 3d 21 30 2c 4c 65 26 26 62 2e 70 75 73 68 2e 61 70 70 6c 79 28 62 2c 44 6d 28 61 2e 6f 2c 74 61 28 61 2e 6f 29 29 29 2c 0a 49 62 28 61 2e 6f 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 4d 65 3d 21 31 7d 2c 22 66 76 2e 63 22 29 29 3b 72 65 74 75 72 6e 20 62 7d 66 75
                                                                                                                                                                                    Data Ascii: return P(ec(a),Lm(a)||[])}function Nh(a){return(a.shiftKey?2:0)|(a.ctrlKey?4:0)|(a.altKey?1:0)|(a.metaKey?8:0)|(a.ctrlKey||a.altKey?16:0)}function Oh(a){var b=[];Me||(Me=!0,Le&&b.push.apply(b,Dm(a.o,ta(a.o))),Ib(a.o,function(){Me=!1},"fv.c"));return b}fu
                                                                                                                                                                                    2021-10-29 15:51:16 UTC166INData Raw: 2e 65 78 70 3d 22 65 78 70 65 72 69 6d 65 6e 74 73 22 3b 77 61 2e 4f 61 3d 22 65 63 6f 6d 6d 65 72 63 65 22 3b 46 62 2e 4f 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 21 30 3d 3d 3d 61 3f 22 64 61 74 61 4c 61 79 65 72 22 3a 22 22 2b 61 7d 3b 77 61 2e 48 3d 22 70 61 72 61 6d 73 22 3b 77 61 2e 49 61 3d 22 75 73 65 72 50 61 72 61 6d 73 22 3b 77 61 2e 73 61 3d 22 61 63 63 75 72 61 74 65 54 72 61 63 6b 42 6f 75 6e 63 65 22 3b 77 61 2e 55 62 3d 22 74 72 69 67 67 65 72 45 76 65 6e 74 22 3b 46 62 2e 55 62 3d 42 6f 6f 6c 65 61 6e 3b 77 61 2e 4a 62 3d 22 73 65 6e 64 54 69 74 6c 65 22 3b 46 62 2e 4a 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 21 21 61 7c 7c 56 28 61 29 7d 3b 77 61 2e 67 62 3d 22 74 72 61 63 6b 48 61 73
                                                                                                                                                                                    Data Ascii: .exp="experiments";wa.Oa="ecommerce";Fb.Oa=function(a){if(a)return!0===a?"dataLayer":""+a};wa.H="params";wa.Ia="userParams";wa.sa="accurateTrackBounce";wa.Ub="triggerEvent";Fb.Ub=Boolean;wa.Jb="sendTitle";Fb.Jb=function(a){return!!a||V(a)};wa.gb="trackHas
                                                                                                                                                                                    2021-10-29 15:51:16 UTC218INData Raw: 28 63 2c 64 2c 65 29 7b 65 2b 3d 31 3b 32 3c 3d 65 26 26 21 63 26 26 28 65 3d 42 28 22 2e 22 2c 62 2e 73 6c 69 63 65 28 2d 65 29 29 2c 4e 66 28 61 2c 65 29 26 26 28 63 3d 0a 65 29 29 3b 72 65 74 75 72 6e 20 63 7d 2c 22 22 2c 62 29 7d 29 2c 78 62 3d 74 28 66 63 29 2c 43 6c 3d 74 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5a 67 28 61 2c 22 5f 79 6d 42 52 43 22 2c 22 31 22 29 3b 76 61 72 20 62 3d 22 31 22 21 3d 3d 59 67 28 61 2c 22 5f 79 6d 42 52 43 22 29 3b 62 7c 7c 24 67 28 61 2c 22 5f 79 6d 42 52 43 22 29 3b 72 65 74 75 72 6e 20 62 7d 29 2c 41 61 3d 74 28 58 67 29 2c 74 64 3d 74 28 58 67 2c 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 22 22 2b 62 2b 63 7d 29 2c 57 3d 74 28 44 67 29 2c 56 67 3d 79 63 28 22 72 22 2c 66 75 6e 63 74 69 6f 6e
                                                                                                                                                                                    Data Ascii: (c,d,e){e+=1;2<=e&&!c&&(e=B(".",b.slice(-e)),Nf(a,e)&&(c=e));return c},"",b)}),xb=t(fc),Cl=t(function(a){Zg(a,"_ymBRC","1");var b="1"!==Yg(a,"_ymBRC");b||$g(a,"_ymBRC");return b}),Aa=t(Xg),td=t(Xg,function(a,b,c){return""+b+c}),W=t(Dg),Vg=yc("r",function
                                                                                                                                                                                    2021-10-29 15:51:16 UTC225INData Raw: 74 69 6f 6e 22 2c 22 6d 6f 7a 52 54 43 50 65 65 72 43 6f 6e 6e 65 63 74 69 6f 6e 22 2c 22 77 65 62 6b 69 74 52 54 43 50 65 65 72 43 6f 6e 6e 65 63 74 69 6f 6e 22 5d 2c 59 63 3d 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 7b 6a 61 3a 7b 7d 2c 70 65 6e 64 69 6e 67 3a 7b 7d 2c 66 61 3a 7b 7d 7d 7d 29 2c 52 65 3d 54 28 22 70 6f 73 74 4d 65 73 73 61 67 65 22 29 2c 4c 6e 3d 61 61 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 76 61 72 20 65 2c 66 3d 7b 76 61 3a 57 28 61 29 28 55 29 2c 6b 65 79 3a 61 2e 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2c 64 69 72 3a 30 7d 3b 63 2e 6c 65 6e 67 74 68 26 26 28 66 2e 76 61 3d 70 61 72 73 65 49 6e 74 28 63 5b 30 5d 2c 31 30 29 2c 66 2e 6b 65 79 3d 70 61 72 73 65 46 6c 6f 61 74 28 63 5b 31 5d 29 2c 66 2e
                                                                                                                                                                                    Data Ascii: tion","mozRTCPeerConnection","webkitRTCPeerConnection"],Yc=t(function(){return{ja:{},pending:{},fa:{}}}),Re=T("postMessage"),Ln=aa(function(a,b,c,d){var e,f={va:W(a)(U),key:a.Math.random(),dir:0};c.length&&(f.va=parseInt(c[0],10),f.key=parseFloat(c[1]),f.
                                                                                                                                                                                    2021-10-29 15:51:16 UTC233INData Raw: 3b 63 3d 45 6b 28 61 2c 62 2c 63 29 3b 76 61 72 20 65 3d 62 61 5b 62 5d 2c 66 3d 65 3f 65 28 61 2c 64 2c 63 29 3a 43 61 28 61 2c 64 2c 63 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 67 3d 6e 61 28 61 72 67 75 6d 65 6e 74 73 29 2c 68 3d 67 2e 73 6c 69 63 65 28 31 29 3b 67 3d 46 28 67 5b 30 5d 2c 7b 57 3a 5b 62 5d 7d 29 3b 72 65 74 75 72 6e 20 66 2e 61 70 70 6c 79 28 76 6f 69 64 20 30 2c 50 28 5b 67 5d 2c 68 29 29 7d 7d 2c 75 69 29 2c 68 67 3d 74 28 71 28 54 28 22 69 64 22 29 2c 6d 62 28 5b 32 36 38 31 32 36 35 33 5d 29 29 2c 51 29 2c 57 6e 3d 41 28 22 64 63 2e 69 6e 69 74 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 4d 28 61 29 2c 63 3d 45 63 28 61 29 2c 64 3d 78 62 28 61 29 2c 65 3d 69 67 28 61 29 2c 66 3d 65 2e
                                                                                                                                                                                    Data Ascii: ;c=Ek(a,b,c);var e=ba[b],f=e?e(a,d,c):Ca(a,d,c);return function(){var g=na(arguments),h=g.slice(1);g=F(g[0],{W:[b]});return f.apply(void 0,P([g],h))}},ui),hg=t(q(T("id"),mb([26812653])),Q),Wn=A("dc.init",function(a){var b=M(a),c=Ec(a),d=xb(a),e=ig(a),f=e.
                                                                                                                                                                                    2021-10-29 15:51:16 UTC241INData Raw: 75 6c 6c 3b 64 3d 78 28 61 2c 22 63 6c 6d 2e 70 2e 63 22 2c 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 76 61 72 20 6d 3d 67 28 29 3b 69 66 28 6d 29 7b 76 61 72 20 70 3d 22 6f 62 6a 65 63 74 22 3d 3d 3d 74 79 70 65 6f 66 20 6d 3f 6d 3a 7b 7d 2c 75 3d 70 2e 66 69 6c 74 65 72 3b 0a 6d 3d 70 2e 69 73 54 72 61 63 6b 48 61 73 68 7c 7c 21 31 3b 76 61 72 20 72 3d 49 28 66 75 6e 63 74 69 6f 6e 28 79 29 7b 72 65 74 75 72 6e 28 22 22 2b 79 29 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 7d 2c 70 2e 69 67 6e 6f 72 65 54 61 67 73 7c 7c 5b 5d 29 3b 56 28 68 29 26 26 28 68 3d 70 2e 71 75 6f 74 61 7c 7c 6e 75 6c 6c 29 3b 76 61 72 20 77 3d 21 21 70 2e 71 75 6f 74 61 3b 6c 3d 7b 65 6c 65 6d 65 6e 74 3a 63 6b 28 61 2c 6c 29 2c 70 6f 73 69 74 69 6f 6e 3a 4d 63 28 61 2c 6c 29 2c 62 75
                                                                                                                                                                                    Data Ascii: ull;d=x(a,"clm.p.c",function(l){var m=g();if(m){var p="object"===typeof m?m:{},u=p.filter;m=p.isTrackHash||!1;var r=I(function(y){return(""+y).toUpperCase()},p.ignoreTags||[]);V(h)&&(h=p.quota||null);var w=!!p.quota;l={element:ck(a,l),position:Mc(a,l),bu
                                                                                                                                                                                    2021-10-29 15:51:16 UTC249INData Raw: 22 5f 5f 79 6d 22 2c 6d 29 26 26 6c 3b 6d 3d 21 68 67 28 62 29 3b 6c 3d 6c 62 28 61 2c 62 2c 75 3f 22 53 65 74 20 75 73 65 72 20 69 64 20 22 2b 6c 3a 28 70 3f 22 55 73 65 72 20 70 22 3a 22 50 22 29 2b 22 61 72 61 6d 73 2e 20 43 6f 75 6e 74 65 72 20 22 2b 62 2e 69 64 2c 75 3f 76 6f 69 64 20 30 3a 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 66 29 29 3b 68 28 7b 48 3a 66 2c 46 3a 68 61 28 28 63 3d 7b 7d 2c 63 2e 70 61 3d 31 2c 63 2e 61 72 3d 0a 31 2c 63 29 29 2c 44 3a 28 64 3d 7b 7d 2c 64 5b 22 70 61 67 65 2d 75 72 6c 22 5d 3d 6b 7c 7c 4d 28 61 29 2e 68 72 65 66 2c 64 29 7d 2c 62 29 2e 74 68 65 6e 28 6d 3f 6c 3a 43 29 5b 22 63 61 74 63 68 22 5d 28 78 28 61 2c 22 70 2e 73 22 29 29 2e 74 68 65 6e 28 45 28 6f 62 2c 6e 75 6c 6c 2c 61 2c 67 2c 65 29 29 7d 7d 29
                                                                                                                                                                                    Data Ascii: "__ym",m)&&l;m=!hg(b);l=lb(a,b,u?"Set user id "+l:(p?"User p":"P")+"arams. Counter "+b.id,u?void 0:JSON.stringify(f));h({H:f,F:ha((c={},c.pa=1,c.ar=1,c)),D:(d={},d["page-url"]=k||M(a).href,d)},b).then(m?l:C)["catch"](x(a,"p.s")).then(E(ob,null,a,g,e))}})
                                                                                                                                                                                    2021-10-29 15:51:16 UTC257INData Raw: 69 73 4e 61 4e 28 63 29 3f 63 3d 30 3a 28 63 3d 4d 61 74 68 2e 6d 69 6e 28 63 2c 64 29 2c 63 3d 4d 61 74 68 2e 6d 61 78 28 63 2c 30 29 29 3b 72 65 74 75 72 6e 20 63 7d 29 2c 6d 70 3d 5b 5b 5b 22 45 55 52 22 2c 22 5c 75 32 30 61 63 22 5d 2c 0a 22 39 37 38 22 5d 2c 5b 5b 22 55 53 44 22 2c 22 5c 75 30 34 32 33 5c 5c 2e 5c 75 30 34 31 35 5c 5c 2e 22 2c 22 5c 5c 24 22 5d 2c 22 38 34 30 22 5d 2c 5b 5b 22 55 41 48 22 2c 22 5c 75 30 34 31 33 5c 75 30 34 32 30 5c 75 30 34 31 64 22 2c 22 5c 75 32 30 62 34 22 5d 2c 22 39 38 30 22 5d 2c 5b 22 5c 75 30 34 32 32 5c 75 30 34 31 33 20 4b 5a 54 20 5c 75 32 30 62 38 20 5c 75 30 34 32 32 5c 75 30 34 61 32 5c 75 30 34 31 33 20 54 45 4e 47 45 20 5c 75 30 34 32 32 5c 75 30 34 31 35 5c 75 30 34 31 64 5c 75 30 34 31 33 5c 75 30
                                                                                                                                                                                    Data Ascii: isNaN(c)?c=0:(c=Math.min(c,d),c=Math.max(c,0));return c}),mp=[[["EUR","\u20ac"],"978"],[["USD","\u0423\\.\u0415\\.","\\$"],"840"],[["UAH","\u0413\u0420\u041d","\u20b4"],"980"],["\u0422\u0413 KZT \u20b8 \u0422\u04a2\u0413 TENGE \u0422\u0415\u041d\u0413\u0


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    3192.168.2.44979388.212.201.198443C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2021-10-29 15:51:15 UTC1OUTGET /hit;counter1?r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/firstpage.html;0.34476715437082456 HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/firstpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Host: counter.yadro.ru
                                                                                                                                                                                    2021-10-29 15:51:16 UTC14INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                    Server: nginx/1.17.9
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:24 GMT
                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                    Content-Length: 32
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Location: https://counter.yadro.ru/hit;counter1?q;r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/firstpage.html;0.34476715437082456
                                                                                                                                                                                    Expires: Wed, 28 Oct 2020 21:00:00 GMT
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Cache-control: no-cache
                                                                                                                                                                                    P3P: policyref="/w3c/p3p.xml", CP="UNI"
                                                                                                                                                                                    Set-Cookie: FTID=1XV1Xy3Wb9uB1XV1Xy001EiW; path=/; expires=Fri, 28 Oct 2022 21:00:00 GMT; HttpOnly; Secure; SameSite=None; domain=.yadro.ru
                                                                                                                                                                                    Strict-Transport-Security: max-age=86400
                                                                                                                                                                                    2021-10-29 15:51:16 UTC14INData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 4d 6f 76 65 64 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                    Data Ascii: <html><body>Moved</body></html>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    4192.168.2.44979588.212.201.198443C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2021-10-29 15:51:16 UTC263OUTGET /hit;counter1?q;r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/firstpage.html;0.34476715437082456 HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/firstpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Host: counter.yadro.ru
                                                                                                                                                                                    Cookie: FTID=1XV1Xy3Wb9uB1XV1Xy001EiW
                                                                                                                                                                                    2021-10-29 15:51:16 UTC264INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: nginx/1.17.9
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:24 GMT
                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                    Content-Length: 43
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Expires: Wed, 28 Oct 2020 21:00:00 GMT
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Cache-control: no-cache
                                                                                                                                                                                    P3P: policyref="/w3c/p3p.xml", CP="UNI"
                                                                                                                                                                                    Set-Cookie: VID=27k9Bf33T4OB1XV1Xy001PnT; path=/; expires=Fri, 28 Oct 2022 21:00:00 GMT; HttpOnly; Secure; SameSite=None; domain=.yadro.ru
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    Strict-Transport-Security: max-age=86400
                                                                                                                                                                                    2021-10-29 15:51:16 UTC265INData Raw: 47 49 46 38 39 61 01 00 01 00 80 ff 00 c0 c0 c0 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    5192.168.2.44979488.212.201.198443C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2021-10-29 15:51:16 UTC263OUTGET /hit;counter1?q;r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/secondpage.html;0.5443641556055339 HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/secondpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Host: counter.yadro.ru
                                                                                                                                                                                    Cookie: FTID=1XV1Xy3Wb9uB1XV1Xy001Ei9
                                                                                                                                                                                    2021-10-29 15:51:16 UTC264INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: nginx/1.17.9
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:24 GMT
                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                    Content-Length: 43
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Expires: Wed, 28 Oct 2020 21:00:00 GMT
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Cache-control: no-cache
                                                                                                                                                                                    P3P: policyref="/w3c/p3p.xml", CP="UNI"
                                                                                                                                                                                    Set-Cookie: VID=27k78t1mnSOB1XV1Xy001Exq; path=/; expires=Fri, 28 Oct 2022 21:00:00 GMT; HttpOnly; Secure; SameSite=None; domain=.yadro.ru
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    Strict-Transport-Security: max-age=86400
                                                                                                                                                                                    2021-10-29 15:51:16 UTC264INData Raw: 47 49 46 38 39 61 01 00 01 00 80 ff 00 c0 c0 c0 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    6192.168.2.44979687.250.251.119443C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2021-10-29 15:51:20 UTC265OUTGET /watch/14153041?callback=_ymjsp303195921&page-url=http%3A%2F%2Fwww.all-bearings.narod.ru%2Fsecondpage.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A9ezyymqkmijljhdjn%3Afp%3A1976%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A680%3Acn%3A1%3Adp%3A0%3Als%3A1156845228070%3Ahid%3A271984739%3Az%3A120%3Ai%3A202101029175118%3Aet%3A1635522678%3Ac%3A1%3Arn%3A1015963535%3Au%3A1635522678322622628%3Aw%3A148x55%3As%3A1280x1024x32%3Aifr%3A1%3Aj%3A1%3Ans%3A1635522674734%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C128%2C0%2C1973%2C1975%2C0%2C1973%3Aco%3A0%3Arqnl%3A1%3Ast%3A1635522680%3At%3AHTTP%20404%20Resource%20not%20found&t=gdpr(14)ti(3)&wmode=5 HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/secondpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Host: mc.yandex.ru
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    2021-10-29 15:51:21 UTC266INHTTP/1.1 302 Moved temporarily
                                                                                                                                                                                    Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:20 GMT
                                                                                                                                                                                    Expires: Fri, 29-Oct-2021 15:51:20 GMT
                                                                                                                                                                                    Last-Modified: Fri, 29-Oct-2021 15:51:20 GMT
                                                                                                                                                                                    Location: /watch/14153041/1?callback=_ymjsp303195921&page-url=http%3A%2F%2Fwww.all-bearings.narod.ru%2Fsecondpage.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A9ezyymqkmijljhdjn%3Afp%3A1976%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A680%3Acn%3A1%3Adp%3A0%3Als%3A1156845228070%3Ahid%3A271984739%3Az%3A120%3Ai%3A202101029175118%3Aet%3A1635522678%3Ac%3A1%3Arn%3A1015963535%3Au%3A1635522678322622628%3Aw%3A148x55%3As%3A1280x1024x32%3Aifr%3A1%3Aj%3A1%3Ans%3A1635522674734%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C128%2C0%2C1973%2C1975%2C0%2C1973%3Aco%3A0%3Arqnl%3A1%3Ast%3A1635522680%3At%3AHTTP%20404%20Resource%20not%20found&t=gdpr%2814%29ti%283%29&wmode=5
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Set-Cookie: yandexuid=847304281635522680; Expires=Sat, 29-Oct-2022 15:51:20 GMT; Domain=.yandex.ru; Path=/
                                                                                                                                                                                    Set-Cookie: yabs-sid=2327043721635522680; Path=/
                                                                                                                                                                                    Set-Cookie: i=vL1T7ICVuHRXpyNPzwMzlaKjl/D94ryPalEPO4xIx2pX5AZpVtBfDP0muIercdmDCjCbNqUK2tSOHbHUPiY/6ZY1euA=; Expires=Mon, 27-Oct-2031 15:51:20 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly
                                                                                                                                                                                    Set-Cookie: ymex=1667058680.yrts.1635522680#1667058680.yrtsi.1635522680; Expires=Sat, 29-Oct-2022 15:51:20 GMT; Domain=.yandex.ru; Path=/
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                                                    2021-10-29 15:51:21 UTC267INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    7192.168.2.44979787.250.251.119443C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2021-10-29 15:51:21 UTC267OUTGET /watch/14153041?callback=_ymjsp355627947&page-url=http%3A%2F%2Fwww.all-bearings.narod.ru%2Ffirstpage.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A9ezyymqkmijljhdjn%3Afp%3A1930%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A680%3Acn%3A1%3Adp%3A0%3Als%3A732524701665%3Ahid%3A87010386%3Az%3A120%3Ai%3A202101029175120%3Aet%3A1635522680%3Ac%3A1%3Arn%3A244404675%3Au%3A1635522678322622628%3Aw%3A148x47%3As%3A1280x1024x32%3Aifr%3A1%3Aj%3A1%3Ans%3A1635522674781%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C155%2C0%2C2520%2C2521%2C0%2C2520%3Aco%3A0%3Arqnl%3A1%3Ast%3A1635522681%3At%3AHTTP%20404%20Resource%20not%20found&t=gdpr(14)ti(3)&wmode=5 HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/firstpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Host: mc.yandex.ru
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    2021-10-29 15:51:21 UTC268INHTTP/1.1 302 Moved temporarily
                                                                                                                                                                                    Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:21 GMT
                                                                                                                                                                                    Expires: Fri, 29-Oct-2021 15:51:21 GMT
                                                                                                                                                                                    Last-Modified: Fri, 29-Oct-2021 15:51:21 GMT
                                                                                                                                                                                    Location: /watch/14153041/1?callback=_ymjsp355627947&page-url=http%3A%2F%2Fwww.all-bearings.narod.ru%2Ffirstpage.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A9ezyymqkmijljhdjn%3Afp%3A1930%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A680%3Acn%3A1%3Adp%3A0%3Als%3A732524701665%3Ahid%3A87010386%3Az%3A120%3Ai%3A202101029175120%3Aet%3A1635522680%3Ac%3A1%3Arn%3A244404675%3Au%3A1635522678322622628%3Aw%3A148x47%3As%3A1280x1024x32%3Aifr%3A1%3Aj%3A1%3Ans%3A1635522674781%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C155%2C0%2C2520%2C2521%2C0%2C2520%3Aco%3A0%3Arqnl%3A1%3Ast%3A1635522681%3At%3AHTTP%20404%20Resource%20not%20found&t=gdpr%2814%29ti%283%29&wmode=5
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Set-Cookie: yandexuid=3723159021635522681; Expires=Sat, 29-Oct-2022 15:51:21 GMT; Domain=.yandex.ru; Path=/
                                                                                                                                                                                    Set-Cookie: yabs-sid=702787781635522681; Path=/
                                                                                                                                                                                    Set-Cookie: i=yROKAQCkQEDp/MhTCtujtSWzFSx7PgG/2QZgPGeQuaYkCYGk4Lr5g33sdF0NzFWf3pPBk9Yj1OF7cHnVzZMM+SWO+Mc=; Expires=Mon, 27-Oct-2031 15:51:14 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly
                                                                                                                                                                                    Set-Cookie: ymex=1667058681.yrts.1635522681#1667058681.yrtsi.1635522681; Expires=Sat, 29-Oct-2022 15:51:21 GMT; Domain=.yandex.ru; Path=/
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                                                    2021-10-29 15:51:21 UTC270INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    8192.168.2.44979887.250.251.119443C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2021-10-29 15:51:21 UTC270OUTGET /metrika/advert.gif?t=ti(4) HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/secondpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Host: mc.yandex.ru
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    2021-10-29 15:51:21 UTC270INHTTP/1.1 200 OK
                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    Cache-Control: max-age=3600
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Length: 43
                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:21 GMT
                                                                                                                                                                                    ETag: "617677e6-2b"
                                                                                                                                                                                    Expires: Fri, 29 Oct 2021 16:51:21 GMT
                                                                                                                                                                                    Last-Modified: Mon, 25 Oct 2021 12:24:54 GMT
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    2021-10-29 15:51:21 UTC270INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    9192.168.2.44979987.250.251.119443C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2021-10-29 15:51:21 UTC270OUTGET /watch/14153041/1?callback=_ymjsp303195921&page-url=http%3A%2F%2Fwww.all-bearings.narod.ru%2Fsecondpage.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A9ezyymqkmijljhdjn%3Afp%3A1976%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A680%3Acn%3A1%3Adp%3A0%3Als%3A1156845228070%3Ahid%3A271984739%3Az%3A120%3Ai%3A202101029175118%3Aet%3A1635522678%3Ac%3A1%3Arn%3A1015963535%3Au%3A1635522678322622628%3Aw%3A148x55%3As%3A1280x1024x32%3Aifr%3A1%3Aj%3A1%3Ans%3A1635522674734%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C128%2C0%2C1973%2C1975%2C0%2C1973%3Aco%3A0%3Arqnl%3A1%3Ast%3A1635522680%3At%3AHTTP%20404%20Resource%20not%20found&t=gdpr%2814%29ti%283%29&wmode=5 HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Referer: http://www.all-bearings.narod.ru/secondpage.html
                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Host: mc.yandex.ru
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: yandexuid=847304281635522680; i=vL1T7ICVuHRXpyNPzwMzlaKjl/D94ryPalEPO4xIx2pX5AZpVtBfDP0muIercdmDCjCbNqUK2tSOHbHUPiY/6ZY1euA=; ymex=1667058680.yrts.1635522680#1667058680.yrtsi.1635522680; yabs-sid=2327043721635522680
                                                                                                                                                                                    2021-10-29 15:51:21 UTC273INHTTP/1.1 200 Ok
                                                                                                                                                                                    Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Length: 343
                                                                                                                                                                                    Content-Type: application/javascript
                                                                                                                                                                                    Date: Fri, 29 Oct 2021 15:51:21 GMT
                                                                                                                                                                                    Expires: Fri, 29-Oct-2021 15:51:21 GMT
                                                                                                                                                                                    Last-Modified: Fri, 29-Oct-2021 15:51:21 GMT
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                                                    2021-10-29 15:51:21 UTC273INData Raw: 2f 2a 2a 2f 74 72 79 7b 5f 79 6d 6a 73 70 33 30 33 31 39 35 39 32 31 28 7b 22 61 75 74 6f 5f 67 6f 61 6c 73 22 3a 30 2c 22 62 75 74 74 6f 6e 5f 67 6f 61 6c 73 22 3a 30 2c 22 63 5f 72 65 63 70 22 3a 22 31 2e 30 30 30 30 30 22 2c 22 66 6f 72 6d 5f 67 6f 61 6c 73 22 3a 30 2c 22 70 63 73 22 3a 22 31 22 2c 22 77 65 62 76 69 73 6f 72 22 3a 7b 22 61 72 63 68 5f 74 79 70 65 22 3a 22 6e 6f 6e 65 22 2c 22 64 61 74 65 22 3a 22 32 30 32 30 2d 30 39 2d 30 34 20 32 30 3a 33 32 3a 32 31 22 2c 22 66 6f 72 6d 73 22 3a 31 2c 22 72 65 63 70 22 3a 22 31 2e 30 30 30 30 30 22 7d 2c 22 73 62 70 22 3a 20 7b 22 61 22 3a 22 64 49 2f 53 48 47 41 4a 56 2b 51 46 38 2b 43 6a 73 68 70 4e 49 6a 41 73 64 6a 58 77 61 4e 53 70 32 70 32 45 74 59 6b 41 78 78 4b 4b 74 63 74 6a 4b 79 2b 69 75
                                                                                                                                                                                    Data Ascii: /**/try{_ymjsp303195921({"auto_goals":0,"button_goals":0,"c_recp":"1.00000","form_goals":0,"pcs":"1","webvisor":{"arch_type":"none","date":"2020-09-04 20:32:21","forms":1,"recp":"1.00000"},"sbp": {"a":"dI/SHGAJV+QF8+CjshpNIjAsdjXwaNSp2p2EtYkAxxKKtctjKy+iu


                                                                                                                                                                                    Code Manipulations

                                                                                                                                                                                    Statistics

                                                                                                                                                                                    System Behavior

                                                                                                                                                                                    Analysis Process: njw.exe PID: 7120 Parent PID: 6120

                                                                                                                                                                                    General

                                                                                                                                                                                    Start time:17:50:33
                                                                                                                                                                                    Start date:29/10/2021
                                                                                                                                                                                    Path:C:\Users\user\Desktop\njw.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:'C:\Users\user\Desktop\njw.exe'
                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                    File size:1694802 bytes
                                                                                                                                                                                    MD5 hash:3F91F84924D1DB7ACE9AD307FCAE35D1
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000002.931984957.0000000000401000.00000004.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                    Reputation:low

                                                                                                                                                                                    Disassembly

                                                                                                                                                                                    Code Analysis

                                                                                                                                                                                    Reset < >